In the short term, we don't need to worry about the threat of quantum computers to Bitcoin and other networks.

Written by: Jeffrey Hu

Will quantum computing destroy Bitcoin? This topic, which carries a certain amateur scientific vibe, often sparks widespread discussion/FUD every so often. Will Google's newly released Willow be any different this time? We conducted a small survey.

tldr:

• Willow has indeed made significant progress
• But Bitcoin users still don't need to worry for now

If we simplify the Bitcoin protocol, it can be divided into two parts: mining (based on hash) and transactions (based on elliptic curve signatures). These two parts could potentially be affected by quantum computing: Grover's algorithm and Shor's algorithm.

However, Willow's "computing power" is still far from being able to impact both of these parts. To attack Bitcoin's hash and signatures in a reasonable time frame, approximately several thousand logical qubits (quantum bits) are needed, and depending on the technology, several (possibly thousands) of physical qubits encode into one logical qubit.

This means that to attack Bitcoin, around several million physical qubits would be required. Willow currently has 105 physical qubits, so there is still a long way to go.

But what if one day the computing power is sufficient? For mining, the impact is actually relatively limited. Grover's algorithm only accelerates the process; it does not reverse-engineer the hash patterns, and a significant amount of computation is still needed to find the hash values required for mining. It can be simply understood as having a new powerful mining machine available on the market.

For address signatures, some addresses do need to be cautious! This includes the oldest P2PK and the latest P2TR, which are based on public keys. P2PKH, P2SH, P2WPKH, and P2WSH are relatively safe because they are in hash form. However, it is important to note that reusing these addresses can expose your public key, leading to risks.

Can developers do something? Of course! Bitcoin is continuously evolving, and in the future, hash-based Lamport signatures could be introduced. There has already been a lot of discussion in the community, such as at https://blog.blockstream.com/script-state-from-lamport-signatures/ (although it is used for state-related applications).

Quantum-resistant methods, such as lattice-based cryptography, can also be introduced. Moreover, these can be activated through soft forks.

In addition to developers, good usage habits can effectively defend against quantum threats. For example, changing the receiving address each time (one address per transaction) instead of reusing addresses (every time I mention this, I want to complain about many current "Bitcoin ecosystem" wallets). Additionally, before quantum computers pose a sufficient threat, transferring assets to relatively safer isolated witness addresses, etc.

Other networks, such as Ethereum, also have many discussions regarding post-quantum cryptography. These designs can also be introduced through hard forks.

But ultimately, the emergence of quantum computers will clearly affect more than just Bitcoin or other cryptocurrencies. Many important fields, including traditional financial systems, defense systems, and secure communication channels, will also be impacted.

For more content on quantum cryptography, I highly recommend listening to this episode of AICoin Philosophy.

So in summary:

• In the short term, we don't need to worry about the threat of quantum computers to Bitcoin and other networks
• But it is strongly recommended to develop good usage habits and keep an eye on quantum advancements.

免责声明：本文章仅代表作者个人观点，不代表本平台的立场和观点。本文章仅供信息分享，不构成对任何人的任何投资建议。用户与作者之间的任何争议，与本平台无关。如网页中刊载的文章或图片涉及侵权，请提供相关的权利证明和身份证明发送邮件到support@aicoin.com，本平台相关工作人员将会进行核查。