Source: Liu Jiaolian
BTC retreated sharply overnight, breaking the 30-day moving average of 98.7k and temporarily reaching around 96k. For the reasons of the macro situation, friends who pay attention to Jiaolian's recent articles and internal references should be clear. One is the panic caused by Google Willow quantum computer some time ago. The second is the negative expectations of future interest rate cuts given by the Federal Reserve in the early hours of yesterday.
Regarding the threat of quantum computing, Jiaolian has repeatedly talked about it in the past few years. Recently, Google Willow came out, and Jiaolian also disassembled it as soon as possible.
In a word: there is no need to panic. The progress of quantum computers is still far from practical use. Even if it is practical, it will not threaten BTC first and immediately. We will have plenty of time to deal with it.
However, the above conclusion of Jiaolian is a scientific conclusion, not a spiritual belief. Therefore, while rejecting blind panic and worrying about the future, we must also reject blind optimism and mending the fold after the sheep have been sheep.
Just like humans respond to natural disasters, such as floods. We should neither be afraid of floods like the ancients and do ridiculous things like offering young boys and girls to the river gods, nor should we take chances and build shoddy projects.
Quantum computing is to BTC, and interstellar mining is to gold, just like a flood and a beast to the residents. Don't be afraid, don't hide, but face it scientifically and take active precautions.
Every time there is a quantum panic, some people will jump out to advocate gold. In fact, the potential threat to gold brought by future technological progress is much greater than that of quantum panic to BTC. After all, gold is dead, while BTC is alive-BTC can upgrade the code.
What technology will destroy the value of gold? Interstellar mining. In our solar system, about 340-540 million kilometers away from the earth, in the asteroid belt between Mars and Jupiter, there is an asteroid with a diameter of about 226 kilometers. Its name is 16 Psyche. There are a lot of precious metals on this Psyche. Among them, the gold reserves alone are conservatively estimated to be hundreds of billions of tons.
How much gold has mankind mined from the earth in the past thousands of years? As of 2024, the current global gold reserves are only about 208,000 tons.
Today, we can send Zhurong to Mars. How many years do you think it will take for us to mine gold on asteroids between Mars and Jupiter?
Imagine that hundreds of billions of tons of gold are continuously transported back to Earth. Wouldn't it be a devastating blow to the scarcity of the current pitiful 200,000 tons of reserves?
Scientific and technological progress is nonlinear. It will accelerate.
Although we estimate that even if the level of quantum computing can advance exponentially, it may take 10-20 years to become practical, thus posing a substantial threat to existing encryption algorithms, we cannot pretend that it does not exist and waste 20 years by basking in the sun and sleeping.
Born in adversity, die in comfort.
I heard that some Bitcoin core developers have been discussing the reality of quantum threats, as well as possible evolution routes and technical responses.
So today, Jiaolian will take some time to talk to you about what specific things you can do as an individual BTC holder to prevent the possible quantum computing threats in the future. The following content may be a little technical. If there are any terms that you don’t understand, please search and learn on the Internet.
Anti-quantum point 1: Only use P2PKH addresses or P2WPKH addresses to store BTC, not P2PK addresses or P2TR addresses.
Formally, the P2PKH address is a BTC address starting with 1, and the P2WPKH address is a BTC address starting with bc1q. The P2PK address is an address starting with 04, and the P2TR address is an address starting with bc1p.
Conceptually, the P2PKH address is the standard address named by the authentic Satoshi Nakamoto, and the P2WPKH address is a native segwit address. P2PK is paid to the public key, while P2TR is the taproot address.
In terms of time, the p2pk address was used for a period of time when Satoshi Nakamoto just launched the BTC network in 2009. Later, around the second half of 2009, Satoshi Nakamoto wrote the code for p2pkh and switched to the standard address. The p2wpkh was launched on August 24, 2017 after the BTC network completed the segwit, or isolated witness upgrade. The p2tr address was introduced after the taproot upgrade in November 2021.
Technically, the p2pkh address is an ECDSA public key with two layers of hash, one SHA256 and one ripemd160; the p2wpkH address is an ECDSA public key with SHA256 and ripemd160 encapsulated as an isolated witness script and then generated with bech32 encoding. The p2pk address is the bare ECDSA public key, and the p2tr address is the derived public key of the Schnorr public key, which is encapsulated as a taproot script and then generated with bech32m encoding.
In principle, the chain has said that when quantum computing becomes practical in the future, there are two ways to attack the ownership of BTC holders: the first way is to attack the electronic signature algorithm, such as the ECDSA public key or the Schnorr public key, and reverse your private key to steal your BTC; the second way is to attack the hash algorithm, such as SHA256 or ripemd160, and reverse the original image to steal your BTC.
The quantum algorithm that attacks electronic signatures is called the Shor algorithm. The quantum algorithm that attacks hashes is called the Grover algorithm.
If the Shor algorithm reaches a practical level, it may be possible to break ECDSA or Schnorr signatures in seconds.
If the Grover algorithm reaches a practical level, it can only increase the computing power of the original attack hash by a square order of magnitude, that is, reduce the difficulty of the attack to the square root difficulty. For example, the difficulty of attacking a good enough SHA256 hash is 2^256, which can be reduced to 2^128 using the Grover algorithm, which is much smaller, but still very large.
In other words, cryptographic hash algorithms have a certain degree of quantum resistance.
This is the technical reason for the first point of the teaching chain's quantum resistance, ensuring that you only use p2pkh or p2wpkh addresses that do not expose the public key, and do not expose the p2pk or p2tr addresses of the public key.
The fourth chapter of "The History of Bitcoin" "Quantum Supremacy" Episode 13 "Bitcoin Address" wrote, "On July 25, 2010, someone discussed the problem of if the encryption algorithm used by Bitcoin was broken in the Bitcoin community forum. Satoshi Nakamoto replied, "In order to make the Bitcoin address shorter, they use the hash of the public key instead of the public key", so that "the security of transactions paid to the Bitcoin address is only the same as the security of the hash", "the attacker only needs to break the hash function, not the elliptic curve digital signature algorithm."
Anti-quantum point 2: Avoid address reuse and ensure that each address is used (spent) at most once.
Please note that BTC addresses are different from bank accounts and account addresses of many mainstream public chains (including Ethereum). Account-centric design is centered around an account (reflected in bank card number or account address, etc.), recording incoming and outgoing payments. BTC is a "coin"-centric design that records the flow of "coins" between addresses.
The specific concepts of UTXO are too long to be discussed at the beginning, so I will not expand on them here.
Under the design of BTC, "receiving payment" means using your own address to receive BTC transferred by others. This is not called "using" the address. In this case, you are passive and do nothing. If you use a p2pkh or p2wpkh address, no matter how many times you receive payment, your public key will not be exposed.
And if you want to use this address to "pay" others, that is, transfer the BTC in the address to others, then you have to take out your private key, sign the transaction, and broadcast it on the chain. At this time, you are "spending" the BTC in the address, that is, you are really "using" the address. At this time, you have to take the initiative and use your private key.
Once you spend the BTC in an address, the public key is exposed to the world, and the protection effect of the hash shell originally wrapped around the public key is lost.
According to the knowledge introduced in the first point of the anti-quantum teaching chain, in the face of quantum computing that may be practical in the future, the vulnerability of the public key is far greater than that of the hash. Therefore, once the public key is exposed, it means that the quantum risk exposure of your BTC assets in the address is greatly increased.
This is what the second point of the anti-quantum teaching chain is about. A hoarding address should either never be moved, or all BTC should be transferred at once, the address should be completely cleared, and never used again.
In this way, the risk of your BTC facing the threat of future quantum computing can be greatly reduced, and the probability of survival can be increased.
There is a humorous saying that when a bear is chasing you, you don’t have to run faster than the bear, as long as you run faster than your companions.
When one day in the future, quantum computing has really threatened those more vulnerable addresses, you still have plenty of time to safely migrate your BTC assets to a new quantum-safe address. I believe that by that day, BTC should have developed a new version of the anti-quantum address!
"In order to obtain better privacy, a Bitcoin address is best used only once."--Satoshi Nakamoto, November 25, 2009. "The History of Bitcoin" Chapter 19, Episode 95.
Anti-quantum Point 3: Don't wait until the last day to act.
Although quantum computing is still far away, we can start taking action today. According to the first and second points of the anti-quantum teaching chain, check our storage addresses. If there are unsafe address types or reuse problems, then hurry up and migrate BTC out and abandon the addresses that are already at risk.
Some people estimate based on the current address scale that if everyone migrates their BTC to a safe address, with the current BTC block throughput, it may take at least 6 months to do nothing else. The full processing of these migration needs can be completed.
I believe you don't want to wait until everyone is scrambling to migrate BTC before starting.
Thousands of troops cross the single-plank bridge. The on-chain transaction fee will definitely go up to the sky, which will make you feel so sour.
While the chain is not congested, it is wise to prepare for a rainy day and prevent it before it happens.
Anti-quantum point 4: Pay attention to the progress of BTC's anti-quantum and migrate assets to safer addresses when appropriate.
This is an action for the future.
That's it.
As for other chains and other assets, there is nothing much to say. Address reuse and account reuse are daily basic operations. Public key exposure is flying all over the sky, and contract loopholes are emerging in an endless stream... Forget it. In the long-term value storage (SoV) track, they are nothing comparable to BTC. For them, instead of worrying about the quantum threat in 10 or 20 years, it is more realistic to worry about the rug pull or fishing in front of them.
Catherine
Alex
Miyuki
Anais
Kikyo