Bitcoin’s Elliptic Curve Signature Could be Broken by 2027
“One particular area at risk are cryptocurrencies,” the abstract notes. “We investigate the risk of Bitcoin, and other cryptocurrencies, to attacks by quantum computers. We find that the proof-of-work used by Bitcoin is relatively resistant to substantial speedup by quantum computers in the next 10 years,” the paper declares. This, they claim, is “mainly because specialized ASIC miners are extremely fast compared to the estimated clock speed of near-term quantum computers.”
The good news turns quickly bad, as “the elliptic curve signature scheme used by Bitcoin is much more at risk, and could be completely broken by a quantum computer as early as 2027, by the most optimistic estimates,” state authors Divesh Aggarwal, Gavin K. Brennen, Troy Lee, Miklos Santha, and Marco Tomamichel (emphasis added).
Hash per second of BTC network in blue; one quantum computer in red. The model is described in detail in Appendices B and C. For comparison, the black dotted line shows the hash rate of a single ASIC device today.
In twenty-one math-laden, chart-heavy pages, which include detailed notes, Quantumis a bear of a read. Authors begin with a basic background to Bitcoin, roll through a nice summation of the distributed ledger, and then begin to propose a series of questions. What “advantage [would a] quantum computer [have] in performing the hashcash [proof of work] , and [could it] unilaterally ‘come from behind’ to manipulate the blockchain?” are among the first questions guiding the rest of the paper.
Bitcoin is math, like factorization. Regular computers find it easy enough to exploit, but difficult to ultimately break. Quantum computers, however, are theoretically able to crack such mathematics, and their ubiquity is not far off.
Transaction blocks are basically mathematical functions taming data sets into a specific length, linking in a back-to-front chain. Miners are rewarded by brute-force solving math problems, essentially finding the next right number.
Quantum dwells on the implications here.
The Cabal Theory
It is possible for a group of miners to control the ledger, double-spending to their heart’s content, the worry. The cabal need “only” gain and maintain half the network’s computational power.
Quantum computing differs from its contemporary variety, which is largely based on transistors (the ones and zeros so popularly cited). Quantum efforts hope to make use of real quantum bits, superpositions. And as recently as this summer, Harvard’s Mikhail Lukin presented a quantum simulator to solve equations. So, it wouldn’t be crazy to suggest such computing power will be available in a relatively short amount of time.
Acting as a miner, the “black quantum” could give the Bitcoin network fits. Or more juice.
Quantum thankfully acknowledges the most common objection: computers of the type in use now will also grow in power, and miners have a vested interested in staying ahead of the game as well. And what’s to stop miners using those quantum computers to secure the network?
However, encryption schemes are a different matter for Quantum researchers. They believe black quantums could foil the private key by exploiting what is known, the public key. The point of the paper isn’t to give up on Bitcoin and things encrypted. It is, rather, to understand such threats are basically around the corner. Forewarned is forearmed.