Depending on who you listen to, the "quantum threat" to bitcoin is either (a) purely FUD to be ignored, or (b) an inevitable truth that's coming with the when? as the only question, such as in five-ish or ten-ish years out (2030-2040).
I'm making my call right now. Here's how I see this playing out.
- Bitcoiners will bicker and nothing will get done. This is the most certain thing in this post (because we're already doing it).
- Quantum computing, and I dislike the name because it connotes the mysterious and conjures multiverse nonsense, will in fact come to fruition.
- My guess is that quantum first appears in a lab, either a government agency or, my best guess, in a private company's lab. There might be rumors that ripple through the bitcoinverse when word leaks out, but nothing will be done. The bickering might get ramped up.
- Then, the quantum breakthrough will be announced publicly. They might even say that, as an experiment, they were able to crack a bitcoin private key. The bickering will amplify for sure and the we-need-to-do-something crowd (the fix-it crowd) will gain momentum. But, the ossify-forever crowd will hold their ground as well and nothing will change.
- Eventually, the secrets of the how-to and the hardware itself will leak out and there will be a real "hack". That is, a quantum computer will decipher a bitcoin private key somewhere beyond a lab and shuffle funds. It might be a small, unimportant bitcoin hack, but it will happen in the open.
- The fix-it crowd will scramble to get their plan all but finalized and ready to roll out.
- Meanwhile, there will be a big hack, maybe of an exchange. Maybe of some of Satoshi's coins.
- This will be the breaking point -- certainly if Satoshi's coins, or just some of them, are compromised. Bitcoiners will call for an immediate "freeze" of the blockchain. (How that would work, I'm not sure! But, aligned incentives would be to halt the chain.)
- Then, bitcoiners will call for a "rollback". Even if the hacked chain continued (which it likely would), a rollback would be called for. A "fix" of some sort will be worked out and the chain will be rolled back to a pre-hack block.
In short, (1) quantum computing will come, (2) the community will bicker, (3) quantum will hack bitcoin, (4) a fix will be developed, (5) then the chain will be rolled back and restarted.
I hope I'm wrong. I'd rather a plan get made prior and implemented, not just discussed. However, I'm doubtful that that will happen.
We'll see how this ages.
So what do you think about BIP-360?
Definitely way above my technical level, but...
It's not a discussion, though. It's a proposal. You or I can build and release an activation client for it today. Maybe, if we all think that there is not enough action, we should do exactly that? Be the change.
Why? Not your keys, not your coin. Honeybadger dgaf who is spending coins? If you are afraid of fiat NgD, hedge that shit. Mr. Hayes made you a nice platform.
Discussion, proposal...semantics. You can discuss a proposal verbally, through writing, or discuss by action or inaction, by "voting with your feet" as they say.
I like what you write about taking action, be the change, etc. And that's kind of what worries me. Although this BIP is there, is there any action? Any traction to the proposal? At least it's there. Seems like bullet point #1 to me.
I'm not sure I exactly understand what you're getting at here. Satoshi supposedly has over 1M coins. If those keys were hacked: (a) that's about 5.5% of the supply of bitcoin that'd suddenly be out there, conceivably to flood the market. I agree with what, I think, you're saying and that things would eventually bounce back. (b) I think that would be a huge, huge, hit to the trust in bitcoin. I could see how "bitcoin's own inventor got hacked!" would be a hurdle that normies might never get over. Maybe it would happen, but it would take years, I would think decades.
These coins are spendable today. So the key doesn't need to be hacked to be spendable. That Satoshi is some benevolent entity that will not spend their coin is just imagination, mass delusion maybe, in this case.
These attributes are 100% fabricated and have nothing to do with Bitcoin. The Bitcoin protocol says that if an utxo is spendable, it can be spent. Everything else is wishful thinking and imagination. Let's not make decisions based on delusions, that's a dangerous road all by itself.
Awesome! It would mean the enslaving banksters, politicians and scammers will be instantly out of business (in Bitcoin)! Best. Outcome. Ever.
We apparently are thinking differently because I understand very little about what you just wrote. I'll try though...
Of course they are. Satoshi can spend them.
This confuses me. The attributes of Satoshi with 1M coins is fabricated? If I understand correctly, you're saying the Satoshi coins are already out there, live, spendable, etc. What I'm saying is that they are not on a market. Yes, Satoshi could put them on Coinbase today. I think I get what you're saying now, we shouldn't assume Satoshi will never do this. Fair enough.
I don't understand this at all. If Satoshi's coins were hacked, I don't see how that hurts the old ways.
Exactly. Worse: if they move today, did satoshi do it, or did some quantum nerd in Google's basement do it? If ECDSA is broken with Shor's then RSA is broken too. So it's not like you can use a 2008 PGP key to prove your identity; this is the first thing an attacker will break. Thus, there is no difference. And no one will advertise that they are stealing coin, this is theft. We'll never know!
Therefore: if those utxos move, they move. Period. It would be dumb to dump them all on an exchange because no exchange has liquidity for that; so it'll be OTC and that means someone is going to ask questions, or be literally guilty of laundering.
Simple, if all the normies leave and no one will join, then there will be only a small pool of complete idiots to scam/influence/milk. Not worth it. All the bad actors will become shitcoin maxis because there will be no reason to hang with a bunch of people that won't bring you any gainz.
I respect that you put your prediction down in public.
I'm more optimistic than you that there will be some sort of mitigation for quantum that gets adopted. Perhaps it will only be an opt-in commit-reveal scheme, or perhaps we will even soft fork in a new quantum resistant address type in the next 5 years.
But this doesn't mean that a quantum hack won't happen. I think that much will most certainly happen if a cryptographically relevant quantum computer is produced. But I'm thinking this happens when some portion of bitcoin holders have already taken some step to move to quantum resistant addresses.
My uninformed opinion is that quantum is real... But distant. Yes there will be quantum 'hacks' and/or exploits but they are long, long ways off.
Will humans visit mars one day? Yes. Will humans have permanent colonies on mars? Yes they will... Eventually.
But neither of these things will happen anytime soon because the engineering challenges of doing these things safely and actually bringing the astronauts back are immense. Extremely difficult on any short to medium time scale.
Fair enough and valid points about Mars for sure. Talk about human settlements on Mars, or on the moon even seem to me to many, many steps down the road. But, this "anytime soon" is what concerns me. 10 to 15 years falls into the "soon" category in my definition. Years come and go quickly. I remember 9/11 and the overall conclusion of "failure of imagination". Things, technology things in general, seem to be accelerating far faster than we can keep up. I'd hate to get caught napping because anytime soon won't come.
yeah, kudos. Precisely well specified too
I'm happy to read this and I hope my prediction is totally wrong and laughable one day.
That said, I'm actually more optimistic about things than pessimistic. I compare it to a stubborn person who will not go to the doctor for medical treatment, even though it's needed. Eventually, the pain will be enough to get them into the office for treatment.
There are very smart people in bitcoin who I think will figure this out. To me, it's a case of aligned incentives...they'll realize that we all have a lot to gain with a solution and a lot to lose if bitcoin "goes to zero", and therefore it'll get remedied when we reach that break point.
Cool story but what is this hunched based on?
The facts on the ground bear out that Quantum computing is no more likely to happen than someone inventing a time machine, and wrench attacking your mother before you're even born.
Fair question. What is this or any hunch based on, who knows? But I'd say a hunch is the spilling out of the brew and ferment of whatever you've picked up or observed or felt, even subconsciously. It's definitely not science. Ideally the reality is more in line with your probabilities.
I'm as pro-technology as it gets, an asymmetric advance in computing would have overwhelming positives despite the short-term negatives (gotta break some eggs and all that) but the facts on the ground bear out that there's nothing to QC... at all. Time machines would be cool too, but reality seems to have other plans.
Why is it always Bitcoin specific with the quantum talk? Why is it that everyone thinks Bitcoin is the one and only target? If a quantum computer reaches the scale and fidelity required to crack Bitcoin’s 256-bit elliptic curve cryptography (secp256k1), it would mean the machine has successfully implemented Shor’s algorithm on a fault-tolerant scale. A quantum computer possessing this level of power would instantly compromise almost every major digital security architecture on earth. Here is a list of other targets that aren't Bitcoin.
HTTPS/TLS Web Traffic: Decryption of banking portals, e-commerce, and secure web browsing.
End-to-End Encrypted Messaging: Decryption of Signal, WhatsApp, and iMessage communications.
Secure Shell (SSH) Access: Remote server administrative keys and infrastructure access controls.
Virtual Private Networks (VPNs): Corporate and government secure network gateways.
Passkeys & FIDO2 Authentication: Hardware keys and passwordless login credentials.
Operating System Updates: Digital signatures for Windows, Apple, and Linux software updates.
Smart Contract Blockchains: Compromise of Ethereum, EVM networks, and layer-2 protocols.
Decentralized Social Media: Identity takeover on Nostr and AT Protocol (Bluesky).
Interbank Settlement Systems: SWIFT and Fedwire transaction signing mechanisms.
Credit Card Tokenization: Digital wallet payment authorization handshakes (Apple Pay).
Corporate Code Signing: Certificates used to verify software authenticity and prevent malware.
Cloud Infrastructure Access: Identity and Access Management (IAM) keys for AWS, Google Cloud, and Azure.
Encrypted Email Protocols: PGP and S/MIME signatures and content encryption.
Almost none of these are laggards... going over the first few in your list:
Valid one: Wireguard has renewed interest, meaning this needs work. It does have a PSK option though, but that's like claiming your protocol is secure because you have 2FA.
All these examples can be very quickly uodated to quantum resistant cryptography. Most of them quite easily.
Bitcoin will first need to develop quantium resistant addresses and then all the people need to move their coins to the new addresses. This may take years and should be completed before quantium computers are powerful enough to break bitcoin cryptography.
Work on post quantium addresses in bitcoin should be now, not after quantium computers are strong enough.
So that's the reason, because Bitcoin is a decentralized network that must come to consensus and roll out any necessary changes in an orderly and agreed upon fashion whereas these other technologies and entities have more centralized control and can react more quickly. That makes sense.
Yes, exactly. The point here is not "bitcoin sucks becaus quantum will break it". The point is "Take this seriously and start working on post quantum addresses now".
Because some people are bitter they didn't buy bitcoin 'earlier' and they won't buy it now... Despite not knowing what a Sat is.
Because this is the bitcoin territory. :)
Still, you have a valid point. There are other areas to could or would be affected as you lay out.
This seems unlikely to me. If quantum develops sufficiently to be a significant risk there will be a massive amount of pressure from institutions holding bitcoin to upgrade to quantum resistant cryptography. I highly doubt there will be a large enough cohort of "do nothing" supporters to stop it.
I hope you're right. However, bitcoiners aren't the type that typically like being told what to do. This especially from institutions. Seems to me that bitcoiners are often more likely to do the opposite of whatever the institutions mandate. I could be totally wrong on this one though. It comes back to the "aligned incentives" and if everyone feels they're truly aligned. Appreciate your thoughts.
I think bitcoiners have a lot of incentive to protect their interests but I agree it will be contentious.
If I thought SN would be around in ten years, I'd do a @remindme in 10 years. But I don't, so whatevs
you ever heard of this guy?
NO, but what a chad
Come on, have faith, do it. :)