Garbage nsec's avatar
Garbage nsec garbagensec@NostrAddress.com 1 month ago
The attacker could work out the private key from the public key of any Bitcoin address whose public key has been revealed on the chain. Think about that. (Again this is nothing to do with SHA256). Dormant whale wallets, especially from early years, all immediately drained. Following that (and assuming this all happens before any post-quantum resistance has had the chance to propagate) the % of total Bitcoin supply that would be drained by the attackers would likely be around 30%. (The attack team can drain the exposed wallets before the community can even migrate a small fraction, this is all very well prepared. The theft of this pool is almost guaranteed once a capable quantum computer is revealed.) You now have some random team, in some lab somewhere in Asia, in control of 30% of the supply of Bitcoin. Exchanges, wallets, and institutions would likely halt all Bitcoin transactions and withdrawals to assess the damage and prevent further theft, effectively paralysing the network. Short-range attacks (funds being moved exposing their wallets) means nobody who's wallet is not exposed moves anything either. The list goes on. GHash.io this absolutely is not.
↑ Parent

Replies (1)

weev's avatar
weev 1 month ago
The number of qubits necessary for a Shor’s attack against key size n is well known. There will be a runway for changes when it starts getting close. Changes can be accommodated years in advance. You think there won’t be some sort of mechanism to mitigate this? It will be like adding Bech32 support. There will just be a new address format and people can move their Bitcoins into it before it becomes an issue, most likely using one of the NIST competition signing scheme winners. All this doom and gloom is pointless.
1 replies ↓