Bitcoin will adapt to quantum computing

Google’s news about technological advances in quantum computing has sparked a lot of debate about its impact on Bitcoin. While Google’s new Willow chip is still years, if not decades, away from impacting Bitcoin, it does raise a legitimate question: What will quantum computing do to Bitcoin?

Short answer: Bitcoin will adapt.

Quantum computing won’t arrive tomorrow. It will take time. Research is already looking at ways to address quantum computing in Bitcoin.

Signatures

Remember that security in Bitcoin occurs at two levels: within transactions and between transactions. Internal transactions, digital signatures protect the locking and unlocking of coins. They are the first line of defense within Bitcoin. Bitcoin’s digital signature algorithm requires a signature for any user to spend their bitcoins. All nodes on the network can verify that the user has this signature, without knowing what this signature is. Historically, Bitcoin has used ECDSA, but since Taproot (Bitcoin’s last major upgrade in 2021), Bitcoin has used Schnorr signatures, which use hash functions and are conceptually simpler and more private than ECDSA.

Schnorr’s signatures are not punch-proof, but their introduction showed a path forward to modernize the signature. Taproot was a soft fork, so it was a backwards compatible upgrade. Any Bitcoin user can choose to use the Pay to Taproot (p2tr) address instead of older public key hashes or SegWit addresses. If a quantum computer can one day crack these Schnorr signatures, I believe Core developers will adopt a quantum-resistant signature system and deploy it as a soft fork within Bitcoin Core.

Such quantum-resistant schemes are indeed possible. Juan Garay, a cryptographer at Texas A&M University and a colleague of mine, is currently researching the use of Lamport signatures within Bitcoin. Once this new quantum-resistant signature becomes part of a soft fork, all existing Bitcoin users will simply transfer their bitcoins from their current address to a new quantum-resistant address.

The only drawback to this plan is addresses that are no longer active. The largest such address belongs to Satoshi Nakamoto, whose 1 million Bitcoins have not been transferred since they were mined in the early years of Bitcoin’s emergence. Bitcoin Core developers will have a choice on how to handle Satoshi coins. One option would be to disallow them from the blockchain, although that might cause a hard fork. Hard forks are generally unpalatable, but there are probably a few instances in Bitcoin history when they were necessary. This would be one of them, along with the timestamp issue (which I’ll discuss at a different point).

Retail jobs

Another opportunity for a quantum computer is to crack SHA-256, the hashing algorithm widely used in Bitcoin. Not only is this used in some Bitcoin addresses, such as the public payment key (p2pkh) hash, and even within Schnorr signatures, but it also lies at the foundation of the security of the blockchain itself. Breaking SHA-256 means finding hash collisions and, at best, making the hash function reversible. The quantum computer could then perform a 51% attack on the blockchain, which, at best, would allow double spending of coins. Accessing those funds inside Bitcoin addresses would still require a quantum computer to crack the signature algorithm.

Bitcoin Core developers can then use the quantum-resistant hash function instead of SHA-256 via Bitcoin Core. All new blocks will be mined using a quantum-resistant hash function.

If a quantum computer could, in fact, crack SHA-256, the highest and best use of this technology would be to mine Bitcoin, not perform a double-spending attack. A double spending attack will be easy to detect and will disrupt the value of double spent bitcoins. Instead, the quantum miner must use this new quantum computer to mine all remaining bitcoins, which he will be able to do if he can design the transactions and blocks in a way that will generate a number small enough to win the mining lottery every 10 days. minutes. This would be possible if a quantum computer could reverse the SHA-256 hash process.

Mining will cease to be a globally competitive industry and will simply become an oligopoly benefiting those with access to a quantum computer. Provided that more than one entity can access this computer, it is possible for Bitcoin mining to continue as an industry, even if it is a duopoly, for example, between Nvidia and Google. To avoid this scenario, the easiest solution would be to install a quantum-resistant hash function instead of SHA-256. This is not unlikely, since Schnorr signatures themselves use hash functions. Therefore, a quantum-resistant signature system must be immune to hash functions.

This problem is still far-fetched, and as the economic value of Bitcoin grows, the incentives will grow year after year for researchers and developers to address it.