An Addition To The Bitcoin Wiki Page On Quantum Computing, And Mosca’s Theorem Of Risk Determination Applied To Blockchain. (Part 4)

An Addition To The Bitcoin Wiki Page On Quantum Computing, And Mosca’s Theorem Of Risk Determination Applied To Blockchain. (Part 4)


You can read part 1 here and part 2 here and part 3 here

The bitcoin wiki page makes the following statement: “Bitcoin already has some built-in quantum resistance.”

This is not correct. Hashed public keys are no protection: It is often said that not reusing addresses would make BTC quantum resistant, which is not true, fully explained in part six of this series.

Tl;dr:

As soon as a transaction is made, its public key is revealed. Once a transaction is made, it isn’t instantly confirmed and added to the blockchain. This means that in the timeframe and route between the transaction is sent from your device and the confirmation on the blockchain, the transaction can be hijacked. BitcoinWiki acknowledges this, but at the same time claims it still is some sort of quantum resistance due to the fact it would take a very fast quantum computer to hijack the transaction in the ten minutes block time timeframe.

That’s fine but obviously doesn’t give you any form of protection if that speed happens to be reached.

But more importantly, the window of opportunity is bigger than the mentioned ten minutes. Some attacks vectors are not mentioned:

When a transaction is sent to the nodes it can be MITM-ed. Close enough to the source transactions can be prevented to reach any node altogether and work with the obtained public key from there. Also when it waits in the pool the pubkey can be obtained before the tx is confirmed and a forged tx can be prioritized using high fees. At rush hours, this means that this can be an extensive prolongation of the window of opportunity. And the third window of opportunity: as also mentioned in the BitcoinWiki page, transactions can be hijacked during block time as explained in this paper see page 7, point 3.

But one of the things that are most overlooked, is that even if it was any form of protection, there is a huge percentage of BTC that is on published public keys. Which means those can be hacked anyway, which means, as Andrew Poelstra mentions “you have retained all these tokens that are worthless.” So no, it’s an absolute smokescreen to say that bitcoin has any form of built-in quantum resistance.

Lately, Pieter Wuille, BTC dev, acknowledged this on twitter, here and here.

This is also acknowledged by Andrew Poelstra in this interview. (40:00 and further) He even goes as far as explaining how public keys are exposed in several other ways besides sending transactions to such an extent that “basically all the public keys are exposed.” “If everybody else bitcoins are lost, then […] you have retained all these tokens that are worthless.” Which is an acknowledgment of the risk of value decline due to hacks of the percentage of BTC that is not on addresses with hashed public keys?

44:00 “It was never intended as quantum protection. It doesn’t function as quantum protection. There’s sort of this idea out there that it does, but it doesn’t. And even if it did, by the way, it’s very unclear how you would spend your coins again, because you have to reveal the public key to spend the coins.”

“Revealing your public key inside a zero-knowledge proof, we know how to do that but these are over a 100Kb, so then you would need to attach a 100Kb to each tx. Try to fit that in the blockchain. It’s not realistic.”

So that should be the end of that misconception.

How do you rate this article?

0


Allen Walters
Allen Walters

Fascinated by blockchain and future proofing cryptocurrency. Discover the tech before it gets relevant. Twitter: @IgnoranceIt


Quantum resistant blockchain in 7 parts
Quantum resistant blockchain in 7 parts

Quantum resistant blockchain and cryptocurrency, the full analysis in seven parts.

Publish0x

Send a $0.01 microtip in crypto to the author, and earn yourself as you read!

20% to author / 80% to me.
We pay the tips from our rewards pool.