[bhaak]

> They weirdly[1] frame it around cryptocurrencies and mempools and salvaged goods or something [...]

> [1] The whole paper is a bit goofy: it has a zero-knowledge proof for a quantum circuit that will certainly be rederived and improved upon before the actual hardware to run it on will exist. They seem to believe this is about responsible disclosure, so I assume this is just physicists not being experts in our field in the same way we are not experts in theirs.

The zero-knowledge proof may come across as something of a gimmick, but two of the authors (Justin Drake and Dan Boneh) have strong ties to cryptocurrency communities, where this sort of thing is not unusual.

I also don’t think it’s particularly strange to focus on cryptocurrencies. This is one of the few domains where having access to a quantum computer ahead of others could translate directly into financial gain, so the incentive to target cryptocurrencies is quite big.

Changing the cryptographic infrastructure we rely on daily is difficult, but still easier than, for example in Bitcoin, where users would need to migrate their coins to a quantum-resistant scheme (whenever such a scheme will be implemented). Given the limited transaction throughput, migrating all vulnerable coins would take years, and even then, there would remain all those coins whose keys have been lost.

Satoshi is likely dead, incapacitated, or has lost or destroyed his keys, and thus will not be able to move his coins to safety. Even if he has still access, the movement of an estimated one million BTC, which are currently priced in by the market as to be permanently lost, would itself be a disruptive price event, regardless if done with good or bad intentions.

If you know which way the price will go (obviously way down in this case), you can always profit from such a price move, even if Satoshi's coins were blacklisted and couldn't be sold directly.

[TacticalCoder]

> Given the limited transaction throughput, migrating all vulnerable coins would take years ...

How? I just googled: about 55 million addresses with bitcoin in them, about 144 blocks per day, about 3000 to 5000 tx per block.

In something like 100 days all the coins would be moved to other addresses.

I gotta say it'd be hilarious if to speed up that migration-to-quantum-resistant-addresses process, the Bitcoin community were to finally allow bigger blocks.

EDIT: I take it if the network had to have full blocks for 100 days, then "shit would happens". Maybe they should force an orderly move: e.g. only addresses ending with "3a" are eligible to be moved in a block whose hash ends with an "3a", etc. to prevent congestion?

[bhaak]

The signatures would be larger than they are today. The article touches on it but doesn't give any estimates. What I read online were claims from 10 to 100 times larger than currently.

This paper claims 60-70% throughput loss with 59 times(!) larger storage space requirements.

https://jbba.scholasticahq.com/article/154321.pdf

[brohee]

"This is one of the few domains where having access to a quantum computer ahead of others could translate directly into financial gain"

Doubt, the moment people get vocal about their fund being stolen that will be it for crypto, it will crash the bank run. The only way it could work is that if you steal too little to be noticed, which will also be too little to finance your venture...

[bhaak]

May I introduce you to a concept called "shorting"? You can make money from falling prices without selling the stolen coins. As I said just moving Satoshi's coins would lead to lots of panic selling.

The snarky reply would be that having their funds stolen is not something that seems to discourage people from having cryptocurrencies as it happens all the time:

https://www.web3isgoinggreat.com/

[xorcist]

> Bitcoin, where users would need to migrate their coins to a quantum-resistant scheme

Is that so? I always thought that the design choice that only hashes of the public keys were public was a pretty clever way to make the whole scheme quantum-proof. What did I miss?