[m-chrzan]

Note that this is not about quantum speedup, but, rather conversely, making the classical part of the computation more efficient. Still important to get these quantum-adjacent things correct, but not as groundbreaking as one could hope for just reading the headline.

[silexia]

I am pretty impressed. Also, this makes digital currencies even more suspect.

[Covzire]

AS I understand it, Quantum computers as of yet are only useful for a relatively small set of obscure operations. They're extremely fast of course, but they're not a drop in replacement for basic gate operations that classical computers and their crypto algorithms use. A cryptocoin like bitcoin uses multiple algorithms making them an exceptionally difficult problem to program a quantum computer to handle. If you ask me, we'll hear about Quantum computers breaking a lot of other things before they get to crypto coins.

[ashtonkem]

If quantum computers break regular encryption, then the sudden collapse of Bitcoin would be the literal last of our worries. The inability to buy things using computers securely would be a much bigger problem, especially given how computerized banking is.

Good luck getting cash when your local bank is trying to figure out procedures that haven’t been used in a literal generation.

[gonzo41]

Bitcoin collapsing would be funny, in hindsight. Probably a pretty emotional event for some in the moment.

But banking is already not that secure. Credit cards suffer from massive ongoing fraud. Especially in places like the USA where chip systems are less common.

[ashtonkem]

There is still a pretty sizable difference between “a patchwork system that fails a lot in small ways” and “you can’t use a computer for anything financial, ever”.

[vmception]

I get the impression that the community would have enough consensus for a snapshot at a certain block number, and continue the chain with new quantum resistant keys

I think for the attacker with a quantum computer, they will need to steal low amounts for a long time so that people brush other user’s missing funds off as user error

But these investigations often do quickly give users the benefit of the doubt so I would see the network being at high alert really quickly

[cocoa19]

Chip is fairly common nowadays in the USA.

Fraud liability was shifted from card brands to retailers if they don't support chip. That was a big deal to start supporting it.

[anchpop]

Would it be any more complicated for banks than enabling this [0] (or whatever comes after it) in their webservers and asking visitors to use Chrome?

[0]: https://security.googleblog.com/2016/07/experimenting-with-p...

[ashtonkem]

Yes, by several orders of magnitude. The problem isn’t just browsers, it’s the massive pile of code that runs all these systems on the backend, many of which run on honest to god mainframes. You’re not going to flip a switch and get decades worth of software to run quantum proof encryption.

[jazzyjackson]

Wouldn't it just need to be the network transport that needs to be updated? I don't imagine the mainframe databases are encrypted-at-rest as it is, so how would quantum change anything there?

[ashtonkem]

Yes, it’s mostly network transit that’s the problem. The issue is that there is a lot of network transit behind the scenes that’s not going through nginx and a client browser.

[m-chrzan]

This is specifically what you shouldn't be worried about just based on the speedup that the article focuses on. This is about a constant-factor speedup from a better-engineered classical component, not the exponential speedup you get from being able to handle additional qubits.

[medion]

Engineers are already working on quantum-proof blockchain technology.

[Boxxed]

I love it...I think that's got to be peak vaporware

[adhoc32]

It needs lighting speed factorization to break Bitcoin. The public key of a bitcoin address is exposed only when the transaction is broadcasted on the network. The attacker would have about 10 minutes to factorize the public key before the transaction is validated and the original address's balance is cleared.

[nayuki]

Factorization applies to RSA. Bitcoin uses ECDSA, so you'd need to solve the elliptic curve discrete logarithm problem.

[adhoc32]

You're right.

[xiphias2]

This is not true: most value is stored on hardware wallets, and the public keys are exposed to the computers whenever the balance is checked. It’s dangerous to treat public keys as private information, as most software is not designed to protect it.

[adhoc32]

A bitcoin address is the double hash with two different algorithms of the public key. Hardware wallets do not expose the public key to check the balance, they use the address. The public key is broadcasted when a transaction is signed so the network can verify the signature. This is the reason why bitcoin addresses should never be reused. It gives the attacker the information and the time to break the encryption (theoretically).

[xiphias2]

The address is the double hash of the hierarchically derived public key using BIP32 key derivation. To be able to compute multiple addresses the master public key is used in the computer's memory that may contain malicious code.