In the short term, we don't need to worry about quantum computers threatening networks like Bitcoin.
Written by: Jeffrey Hu
Will quantum computing destroy Bitcoin? This topic, which has a somewhat pseudoscientific flavor, always sparks widespread discussion/FUD every now and then. Will Google’s newly released Willow be different this time? We conducted a small survey.
tldr:
Willow has made significant progress.
But currently, Bitcoin users still do not need to worry.
If we simplify the Bitcoin protocol, it can be divided into two parts: mining (based on hash) and transactions (based on elliptic curve signatures). These two parts could indeed potentially be affected by quantum computing: Grover's algorithm and Shor's algorithm.
However, Willow's 'computing power' is still far from being able to affect both parts. To be able to attack Bitcoin's hash and signatures in a reasonable timeframe, it would require about a few thousand logical qubits (quantum bits), and depending on the technology, several (possibly thousands) of physical qubits encode into one logical qubit.
This means that to attack Bitcoin, approximately a few million physical qubits would be needed. Willow has 105 physical qubits, so there is still a long way to go.
But what if one day the computing power is sufficient? For mining, the impact is actually relatively limited. Because Grover's algorithm only accelerates the process, it does not reverse-engineer the hash patterns; a large amount of computation is still needed to find the hash value required for mining. It can be simply understood as a new powerful mining machine becoming available on the market.
For address signatures, there are indeed some addresses that need to be careful! This includes the oldest P2PK and the newest P2TR, which are both based on public keys. P2PKH, P2SH, P2WPKH, and P2WSH are relatively safe because they are in the form of hashes. However, it’s important to note that reusing these addresses can expose your public key, leading to risks.
Can developers do something? Of course! Bitcoin is continuously evolving, and in the future, hash-based Lamport signatures can be introduced. There has already been a lot of discussion in the community, for example, https://blog.blockstream.com/script-state-from-lamport-signatures/ (although it is applied in state aspects).
Quantum-resistant methods, such as lattice-based cryptography, can also be introduced. Moreover, these can be activated through soft forks.
In addition to developers, good usage habits can effectively defend against quantum threats. For example, changing the receiving address each time (one time one secret) instead of reusing addresses (every time I mention this, I want to complain about many current 'Bitcoin ecosystem' wallets). Also, transferring assets to relatively safer isolated witness addresses before quantum computers pose a sufficient threat, etc.
Other networks, such as Ethereum, also have a lot of discussions about post-quantum cryptography. These designs can also be introduced through hard forks.
But ultimately, the emergence of quantum computers clearly affects not just Bitcoin or other cryptocurrencies. Many important areas, such as traditional financial systems, defense systems, and secure channels, will also be impacted.
For more content on quantum cryptography, I highly recommend listening to this episode of Yicong Zheshi.
So in summary:
In the short term, we don't need to worry about quantum computers threatening networks like Bitcoin.
But it is strongly recommended to develop good usage habits and keep an eye on quantum advancements.
