What are the characteristics of quantum secure protocol, and does it always need to be information theoretic to be called as quantum secure? Are the current techniques used in bitcoins quantum secure?
Asked
Active
Viewed 479 times
1 Answers
12
Quantum computers don't attack the protocol, they attack the cryptographic primitives used in the protocol. You need to avoid primitives that can be broken by quantum computers.
Quantum computers don't break all computationally secure cryptography, so you don't have to resort to information theoretic algorithms (one-time-pad). Symmetric encryption is secure if the keys are big enough (256 bits). Hashes are secure if the output is big enough (256 bits might be enough). Popular asymmetric crypto including RSA, Diffie-Hellman and DSA (including elliptic curve equivalents) will become totally insecure, but there are replacements.
The biggest problem QCs pose for bitcoin is that it uses ECDSA to control ownership of coins. Since QCs can break DSA, everybody who learns your public-key can compute the corresponding private key and steal your coins. Keeping single-use public-keys secret until use can help somewhat, but it's still problematic.
Grover's algorithm might cause some additional issues, including faster mining, $2^{80}$ pre-image attacks against the 160-bit hashes used for bitcoin addresses and faster cracking of weak passphrases for password derived keys.
CodesInChaos
- 25,121
- 2
- 90
- 129