#
**katiecharm**
t1_j22l1hv wrote

If it’s 1000 true qubits, won’t that be strong enough to break bitcoin?

#
**red75prime**
t1_j23f2k2 wrote

Number of qubits is not the only parameter of a quantum computer. Other are qubit lifetime, gate fidelity, gate operation time, connectivity.

And, no. Even 1000 perfect qubits aren't anywhere near enough to break SHA-256 (which underlies bitcoin security).

With 1000 perfect qubits you can crack RSA-256, which could be cracked classically since 1990s.

#
**NeutrinosFTW**
t1_j23gprb wrote

Great answer! Just one note: you wouldn't necessarily need to break SHA-256 in order to break bitcoin, you could also just break ECDSA, which would allow you to spend any bitcoin in any wallet. This is possible with a large enough quantum computer, though you would need significantly more than 1000 qubits (in the hundreds of millions).

#
**Ribak145**
t1_j23651f wrote

to my knowledge encryption standards like AES are not yet broken by any computing, only via bruteforece i.e. the math is still holding up

but the crowd within IT-Sec yelling 'quantum computing is killing encryption' is getting louder every day

#
**NeutrinosFTW**
t1_j23f66o wrote

You're right that symmetric cryptography (like AES) is still safe against quantum attacks, but the Internet relies heavily on asymmetric cryptography protocols, as well. The latter are based almost exclusively on the (elliptic curve) discrete logarithm problem and the integer factorization problem, which are easily solvable on quantum computers, so they wouldn't be secure in a post-quantum world.

The problem is that symmetric protocols need encryption keys, which can't securely be exchanged over insecure channels (like the Internet), so you either need to exchange them out-of-band (infeasible in most cases) or in ways that rely on the difficulty of solving hard mathematical problems. Additionally, things like digital signatures (which are vital in systems like Bitcoin) always use asymmetric cryptography, so it being broken would make it impossible to check the identity of the author of a digital message.

Luckily we've been working on post-quantum asymmetric protocols that use new mathematical problems for which we don't yet have efficient quantum algorithms. The hope is that by the time large-scale quantum computers become widely available, we'll have minted new secure standards.

Viewing a single comment thread. View all comments