Thread

secp256k1, not SHA-256. a short term shor's attack is just as devastating as a long-term grover's (with a lot of caveats about the grover's)

How long do you reckon it'll take for that kind of attack to be possible?

Hard to say. If it happens before any real movement on the newer NIST keys then the attacker would very quickly be in control of 30% of bitcoin supply and more or less all trading on bitcoin would stop. It would be a knock out punch, hard to see how to recover. Right now we're at 48 qubits of the type needed (has been demonstrated). We'd need to get to somewhere in the order of 2,000. Whispers we might in fact already be at 96, who knows, it's possible the most advanced research here is classified military research, not academic or big tech. Also this is based on Shor's algo, bit it's very possible we'll see more effective versions of Shor's in terms of qubit count or gate count, and an announcement there could bring the qubit number down overnight., to 1,500, to 1,000, we have no idea. Also there is no proof that SHor' sis the optimal quantum algorithm for integer factorisation. A one could potentially change things by requiring a a much smaller quantum architecture. Again that's an overnight thing, a group of academics publishes a paper and the next morning everything is different. (It's not even clear if qubits are the way to go in the first place, there are non-qubit systems) Also AI might supercharge error correction to the point where we don't need this intense cooling and noise reduction and are actually quite close with even messy qubits, of which we can already do a lot. Basically we have no idea, anyone who says it wont' happen before X date is just fortune telling. It's not likely that there's be an attack before bitcoin has any real immunity. But it's absolutely possible there will be, an attack before hardly any wallets have migrated. It's even possible there is an attack before bitcoin core even selects a key type. The nature of unexpected breakthroughs is that they are unexpected. So pinning the world's financial hopes on bitcoin is actually pretty risky, especially given that all people seem to want to is argue about OP return and jpegs, and just pretend this "quantum thing" isn't' real. It is very real.

Good feedback. Thanks. I guess these risks materialized, banking sector would be unsafe as well. So physical gold is still a viable option in the long run.

Gold doing pretty well so far this year.