Let's be clear:
1. The introduction of quantum resistant Bitcoin addresses does not require you to change your seeds.
2. If quantum computing does break some cryptography, then people may need to start creating and moving funds to new wallets.
The key word _may_ is because there are multiple layers of protection here.
Quantum computing is not magic, it has limitations and we don't yet know any theoretical way to break the different protections in Bitcoin.
Between a private key and a taproot address there is:
- RIPEMD-160 (A hashing function)
- SHA256 (Another hashing function)
- Secp256k1 (an Elliptic Curve Cryptography ECC function)
Possibly other functions too that are non reversible.
There is hashing: I've heard that sufficiently powerful quantum computers could potentially find collisions and "break" the hashing used in Bitcoin.
However, this does not mean you can REVERSE a hash. You might find the word "hello£+*" is a collision for your bitcoin address, that doesn't mean that "hello£+*" is your public key... Being able to find hash collisions doesn't mean being able to find collisions that are also valid public keys. Not only that, but if quantum broke one of the hashes (e.g. SHA256) doesn't mean it will break the other.
Now if these were broken completely, then an attacker could find your addresses public key, but not the private key behind that. You also always reveal the public key each time you spend anyway. This is one of the reasons why you should never reuse addresses.
Then we have the ECC algorithm. Again, I don't believe there is a theoretical way to break our specific algorithm, but there are theoretical ways to break many ECC algorithms so I think most people are talking about this when they say Bitcoin is not quantum resistant.
It is also mixed in between the hashes anyway so breaking just this doesn't allow a quantum computer to go from your public key to your master private key.
MAYBE it could reveal a specific address's private key, but not your other addresses.
Bitcoin is pretty quantum resistant and it's used of hashing is one of the main reasons. But if we had to overhaul everything because all of the functions were found to be completely broken and then we built a powerful enough quantum computer, then yes: you'd need to create a new wallet and move all your funds.
Big Barry Bitcoin
npub1pk…tpxa6
2024-12-10 00:50:16
in reply to nevent1q…xyul
Author Public Key
npub1pktmatjk0l8vn3jhfuwxaasjd65kn4ye9sce3egup7k993f8fg2q5tpxa6Published at
2024-12-10 00:50:16Event JSON
{
"id": "e0327f7ca55a803d28aebc3f78ba75590ba72112ec853d98e2417e1732183538",
"pubkey": "0d97beae567fcec9c6574f1c6ef6126ea969d4992c3198e51c0fac52c5274a14",
"created_at": 1733791816,
"kind": 1,
"tags": [
[
"e",
"ec7cc100e58a68e050eaef7830e870e386352ac89f465f859de8a3948b660f4d",
"",
"root"
],
[
"e",
"cb712ce42a3d5ecfbc794a24e546b5742ec1eaac50a8452efbcfedceb9bc101e"
],
[
"e",
"fc54b4e3eb2a6c4ca309ca1385196d42d3201915ba608f85e8d21b45d64c48a8",
"",
"reply"
],
[
"p",
"18f54af1e10c5bb7a35468b0f62b295d12347903c9f95738d065c84bef1402ef"
],
[
"p",
"0d97beae567fcec9c6574f1c6ef6126ea969d4992c3198e51c0fac52c5274a14"
],
[
"p",
"e0cfb5549d3cf7db4e2736f8e1bc84f62486af7a41295d867c6a313459042528"
]
],
"content": "Let's be clear:\n\n1. The introduction of quantum resistant Bitcoin addresses does not require you to change your seeds.\n\n2. If quantum computing does break some cryptography, then people may need to start creating and moving funds to new wallets.\n\nThe key word _may_ is because there are multiple layers of protection here.\n\nQuantum computing is not magic, it has limitations and we don't yet know any theoretical way to break the different protections in Bitcoin.\n\nBetween a private key and a taproot address there is:\n- RIPEMD-160 (A hashing function)\n- SHA256 (Another hashing function)\n- Secp256k1 (an Elliptic Curve Cryptography ECC function)\n\nPossibly other functions too that are non reversible.\n\nThere is hashing: I've heard that sufficiently powerful quantum computers could potentially find collisions and \"break\" the hashing used in Bitcoin.\n\nHowever, this does not mean you can REVERSE a hash. You might find the word \"hello£+*\" is a collision for your bitcoin address, that doesn't mean that \"hello£+*\" is your public key... Being able to find hash collisions doesn't mean being able to find collisions that are also valid public keys. Not only that, but if quantum broke one of the hashes (e.g. SHA256) doesn't mean it will break the other.\n\nNow if these were broken completely, then an attacker could find your addresses public key, but not the private key behind that. You also always reveal the public key each time you spend anyway. This is one of the reasons why you should never reuse addresses.\n\nThen we have the ECC algorithm. Again, I don't believe there is a theoretical way to break our specific algorithm, but there are theoretical ways to break many ECC algorithms so I think most people are talking about this when they say Bitcoin is not quantum resistant. \n\nIt is also mixed in between the hashes anyway so breaking just this doesn't allow a quantum computer to go from your public key to your master private key.\n\nMAYBE it could reveal a specific address's private key, but not your other addresses.\n\nBitcoin is pretty quantum resistant and it's used of hashing is one of the main reasons. But if we had to overhaul everything because all of the functions were found to be completely broken and then we built a powerful enough quantum computer, then yes: you'd need to create a new wallet and move all your funds.",
"sig": "3e7d21a44710c13a54d9bd699b1e36ca6acc3730de43dd82683ab02c62c94766b78d8b93bbb4282fb8101202085836bc67cad6c983fcab743998c739b3db5b15"
}