weev's avatar
weev 1 month ago
The number of qubits necessary for a Shor’s attack against key size n is well known. There will be a runway for changes when it starts getting close. Changes can be accommodated years in advance. You think there won’t be some sort of mechanism to mitigate this? It will be like adding Bech32 support. There will just be a new address format and people can move their Bitcoins into it before it becomes an issue, most likely using one of the NIST competition signing scheme winners. All this doom and gloom is pointless.
↑ Parent

Replies (1)

Garbage nsec's avatar
Garbage nsec garbagensec@NostrAddress.com 1 month ago
This is very wishful. There is absolutely no guarantee of "years in advance" notice, no assurance of a comfy migration to NIST keys on bitcion's own time (whenever one of those keys is agreed upon.) The number of qubits is not known, there is a fairly broad range with a lower bound. Much (potentially most) quantum research is happening in China, so the idea that there would be little breakthroughs announced one by one, year by year, is not always applicable. Same goes for parts the US research machine. This can essentially be seen as weapons research, people don't get that part. As far as for what we do know, Quantinuum has demonstrated 48 error-corrected logical qubits. We may need, say, 2,000 of those. We don't know. And as mentioned, we really have no idea how AI will software-supercharge error correction, or if there are other undiscovered algos that can reduce the qubit need, all of a sudden we wake and need half the qubits we thought we did. Even if you see this as an outlier threat, you have to take it very seriously.