My main point though was that these keys will probably be found in the future.
That's not at all what you said at first. You didn't say the keys would probably be found, you said with quantum computing someone will break the encryption, which is based on nothing. Here it is verbatim:
Eventually with quantum computing or other advancements, someone will break the encryption and potentially swipe the part of Satoshi's coin.
You are basing this on modern tech. Making the same mistakes of people of the past.
You aren't getting this. This isn't a "what if computers are faster in the future" scenario. You aren't going to brute force a search space of this size with all the energy from all the stars in the universe.
You are making the same mistakes of time, you don't know what is to come and the past has shown previous algorithms actually last LESS time than they expected. It does play into it.
No, I actually understand the search space of large key lengths instead of hallucinating a fantasy future. Even when DES was created people debated it being too weak.
You can go back a generation and read articles about cars so big they have their own wood shop, future cities full of flying cars and robot servants. That stuff was all more practical than what you are talking about.
This would not be a conversation if you understood what you are saying.
Let's simplify this because you are lost in the weeds and resorting to ad hominems.
Pointing out that you have huge misunderstandings is not 'ad hominem'.
Do you think it is a good idea that a currency has keys out there, that can be found either directly or with time, that have heavy concentration?
Is concentrated unknown wealth of a currency, the root of all financial systems and power, a good idea?
This has nothing to do with what I'm trying to tell you.
You originally said that "quantum computers will be able to break satoshi's keys" and I'm trying to explain to you why that is naive and uninformed.
If you assume powerful quantum computers then Bitcoin is dead, that is a straightforward result.
The digital signatures that prevent others from spending your bitcoins are based on elliptic curve cryptography (ECC). The security of elliptic curve cryptography is based on the hardness of the discrete logarithm problem (DLP). A sufficiently powerful quantum computer can use a variant of Shor’s algorithm to solve the DLP in runtime polynomial in the key size (my research indicates O(n^3) in key size more or less), giving you the private key behind a bitcoin wallet in a very tractable amount of time.
Though everything else they are saying about backdoors or design issues are wild speculation, a powerful quantum computer absolutely would allow you to spend anybody’s, including Satoshi Nakamoto’s, bitcoins.
Single-use P2PKH addresses are quantum safe, since the public key is not revealed publicly until spending, just its hash. QC breaks ECDSA but not SHA256.
Even those are at risk if the key can be cracked in a matter of minutes, since it takes 10 mins on average from publishing your spending transaction to it getting mined, and the attacker can doublespend it with a much larger fee.
This is true. Leaving coins at rest is safe, but moving them before the threat is understood might be risky. Widespread opt-in RBF enforcement could mitigate the risk to some degree, if miners cooperate and shun full RBF after a quantum attack. In the worst case, one might need to submit their "exit" transactions directly to a non-evil miner in order to avoid revealing the pubkey before confirmation. Ideally, this will all be figured out ahead of time, and most non-"lost" coins will be moved over to post-quantum UTXOs before the risk is serious.
Having just read up on it, sure. But that is a very restricted use case as you could only use your wallet for a single send transaction and that has already happened for the specific case of Satoshi's wallet.
I believe you could scaffold up a system even with a 1-send limit that transparently functions the same as what currently exists since you can issue transactions to multiple parties within a single send, but that largely kills Bitcoin as normally used. All but the most sophisticated users would be required to hand over control of their wallet to actually manage the massive proliferation of addresses needed to act as if you have more than a 1-send limit. But sure, you are technically correct that there exists a very narrow use case which you can probably hijack aggressively enough to salvage the system if you tried hard enough.
You're right that Satoshi's coins are at risk (but because they're using the older P2PK, not due to key reuse), and I agree that this would lead to some amount of chaos and transformative disruption.
> users would be required to hand over control of their wallet to actually manage the massive proliferation of addresses needed
Ah, I did not previously know that there were a plural number of Satoshi wallets. I previously read that Hal Finney was the first recipient of a Bitcoin and which came from Satoshi Nakamoto and assumed that there was just a single Satoshi wallet which would mean there is key reuse.
> You originally said that "quantum computers will be able to break satoshi's keys"
I said "Eventually with quantum computing or other advancements, someone will break the encryption and potentially swipe the part of Satoshi's coin."
As one part of my message. Now read the second, longer part.
Summary: "Whoever has control of the early issued coins, holds a leverage that is dangerous and has extortion properties." Not just for Bitcoin either.
What I was getting as we the concentration part and because of the amount, the desire to find Satoshi's (and other early crypto) keys will be immense whether that comes from technology or physically located.
Those keys are locked in earlier encryption algorithms and will be easier over time, maybe a long time, but still.
The longer the time actually the more concentration it may have depending on many factors but still.
The other concentration problems have also been seen in other areas like hosted wallets and shared mining sites/services. Situations for control of large amounts would be some hosted wallet sites being compromised and collecting keys or even using exploits/holes without the keys then issuing a broad push of many accounts at once, or even slowly.
Concentration in wealth, currently and banking is always a problem. In newer financial markets with less regulation there are always more gaps from many facets to technology to processes and tools.
Most of the time when someone says 'we don't know' they really are talking about themselves.
People do know. There has been 100 years of cryptography and there are billions at stake. Hand waving and saying 'anything can happen in the future' with no plan, no details, no facts and no evidence is basically tech astrology.
Here's a challenge - find a cryptography expert that agrees with you.
Do you think they'd be biased to answer in a certain way?
Additionally every cryptography expert know the system is only as good as the keys not being found, and that can come from other means not just breaking the algorithm or brute force... it can be how the key was created and what tool was used.
With time all encryption will be broken, we may be gone by then but maybe something comes along that changes the game. History is filled with leaps that were not expected. The early keys will get weaker and weaker over time, that is fact.
In any case, you are focusing on the wrong thing. I was talking about this concerned about the contentration in currency as the problem, not necessarily the encryption/key.
Do you think they'd be biased to answer in a certain way?
What are you even talking about? You are already accusing a theoretical cryptography expert of being "biased" against you? Do you think that might mean what you're saying isn't rooted in reality?
Additionally every cryptography expert know the system is only as good as the keys not being found,
That isn't what is being talked about here, isn't what I replied to and isn't what your claims were. Now you keep trying to shift the goal posts to something else instead of confronting that what you said before was absurd.
With time all encryption will be broken,
Prove it. Actual experts do not say this. Why do you keep repeating this with zero evidence? Repeating your claims over and over doesn't make them any less ridiculous.
In any case, you are focusing on the wrong thing
No, I'm responding to things you said and you keep trying to distract from them instead of admitting there is no evidence for what you said.
More than anything, I'm fascinated when someone makes an outrageous claim, someone gives them evidence that it is completely false, they give zero evidence that backs it up, yet they dig in, repeat their claim, distract from it and try everything to not just admit they don't actually know what they're saying.
This was my main point "Bitcoin, and other crypto in general even more with higher concentration of early owners, will always be precarious because of this concentration. Whoever has control of the early issued coins, holds a leverage that is dangerous and has extortion properties."
> You are already accusing a theoretical cryptography expert of being "biased" against you?
What are you talking about? Cryptographers would be biased to their field, like yourself, about their system being incapable of being broken. It isn't just about breaking algorithms...
However some are even talking we have to start worrying about advancements by 2030-2040
"One of the most important quantum computing algorithms, known as Shor's algorithm, would allow a large-scale quantum computer to quickly break essentially all of the encryption systems that are currently used to secure internet traffic against interception"
"Large universal quantum computers could break several popular public-key cryptography (PKC) systems, such as RSA and Diffie-Hellman, but that will not end encryption and privacy as we know it."
"The most widely used PKC systems, including RSA, Diffie-Hellman, and ECDSA, rely on the intractability of integer factorization and discrete log problems. These problems are hard for classical computers to solve, but easy for quantum computers."
"This means that as soon as a large-scale universal quantum computer is built, you will not be able to rely on the security of any scheme based on these problems."
"To quantify the security of cryptosystems, "bits of security" are used. You can think of this as a function of the number of steps needed to crack a system by the most efficient attack. A system with 112 bits of security would take 2112 steps to crack, which would take the best computers available today billions of years. Algorithms approved by NIST provide at least 112 bits of security."
"AES-128 and RSA-2048 both provide adequate security against classical attacks, but not against quantum attacks. Doubling the AES key length to 256 results in an acceptable 128 bits of security, while increasing the RSA key by more than a factor of 7.5 has little effect against quantum attacks."
"When large-scale universal quantum computers are built, you will still be able to securely use symmetric encryption algorithms, but not the systems like RSA and Diffie-Hellman. These PKC systems are widely used today to create digital signatures or to securely transmit symmetric encryption keys."
"Fortunately, there are several families of quantum-resistant PKC systems: Lattice-based, code-based, hash-based, isogeny-based, and multivariate systems. NIST's Report on Post-Quantum Cryptography describes each of these families."
Encryption will still exist with more compute and new systems but it will evolve. That doesn't mean keys of the past will that aren't updated.
> Additionally every cryptography expert know the system is only as good as the keys not being found,
I like how you cut out that sentence to disregard the context...
The rest is "and that can come from other means not just breaking the algorithm or brute force... it can be how the key was created and what tool was used."
> Actual experts do not say this. Why do you keep repeating this with zero evidence?
Again let's get the full quote not the biased selective clip you made for you context "With time all encryption will be broken, we may be gone by then but maybe something comes along that changes the game. History is filled with leaps that were not expected. The early keys will get weaker and weaker over time, that is fact."
If you have a problem with that statement you have a problem.
I gave examples you brushed off. You can agree to disagree but historically most crypto either is broken or has trapdoors for export even, so you don't need to break the algorithms, you might just need info on the tools. Try using any non approved encryption algorithm for communicating with defense/military, you'll get a visit from the FBI.
> More than anything, I'm fascinated when someone makes an outrageous claim, someone gives them evidence that it is completely false, they give zero evidence that backs it up, yet they dig in, repeat their claim, distract from it and try everything to not just admit they don't actually know what they're saying.
I am fascinated as well when someone entirely disregards the point of the post and tries to tell others they know everything. I even said it might take longer than lifetimes or the universe even to break the algorithms, yet you still can't get past that point. Quite fascinating indeed.
> No, I'm responding to things you said and you keep trying to distract from them instead of admitting there is no evidence for what you said.
No I already alluded to the time situation, it doesn't matter much in the main point of my comment.
The concentration of currency in digital currencies is a problem and makes people that own that leveragable or too powerful.
The longer it takes to find/break the keys the more the value will be worth potentially...
Yes that is my entire point. You just laser focused in on cryptographic algorithms and not all the things around it. The first sentence of my first comment was a bit salacious but a lead in to the dangers of concentration in currency, and the power people have, or want to take, of the early owners.
Yes I do believe cryptographers know that not all tools and keys will stand the test of time, especially keys made in 2008... just as cyber security people know even with the best security there is always dependency holes, social engineering, and tools that can be trojan horses.
The point was, of my comment, not shifting goal posts, the concentration in digital currency is a problem and is an even bigger problem with large swaths of it in keys out there floating around, either found physically or other means.
You seem a bit combative, you are starting in with the selective context clipping so let's just agree to disagree on the rest. You have been successful in completely derailing the main point... if that was your goal, Good job!
Think about what you're saying for a second. You made specific claims that I copied and pasted and keep repeating them with zero evidence. You have admitted and demonstrated you don't know anything about cryptography.
Instead of deferring to experts who spend huge amounts of time researching how to weaken cryptography you claim they all must be biased and ignore your conclusion (based on nothing) that all cryptography will be broken in the future by computers that don't exist (that you also don't know anything about).
This is conspiracy level thinking.
Bitcoin's encryption is elliptical curve. It was chosen specifically because of all the stuff you copied and pasted. That has been known for multiple decades. Researchers have entire academic careers based around writing papers and going to conferences trying to find the smallest theoretical weaknesses in any algorithm out there.
Stop trying to deflect and let go of the conspiracy theories of trying to make your conclusion first and then hallucinate rationalizations.
Now you are into ad hominems. You are completely lost. You can't acknowledge the topic nor the point of concentration in currency, which was 80% percent of my entire point. You are shadowboxing and really have that strawman on the ropes.
Nice job distracting from the OP even about concentration and early owners of Bitcoin.
> Bitcoin's encryption is elliptical curve.
Did you just learn this? The point is processing power at quantum level already starts to threaten some of the encryption methods and early keys are definitely at risk over time. Additionally there is motive to find holes in early tools that someone could unlock all that lost bitcoin... over time.
Did you ignore everything like this?
"AES-128 and RSA-2048 both provide adequate security against classical attacks, but not against quantum attacks. Doubling the AES key length to 256 results in an acceptable 128 bits of security, while increasing the RSA key by more than a factor of 7.5 has little effect against quantum attacks."
Since you are so singular focused, combative, and black and white on this. Since you don't adhere to future probabilities over time and unknowns, you seem like you fully think today's encryption will never be broken by advancements in decades or longer, as cryptographers fear could happen which I just shared with you, even programs at NIST regarding research on this.
Let's get you on record...
Do you think encryption methods today will hold up over time 100%?
Do you think early bitcoin keys from 2008 will never be broken (disregarding tools and being found which is more likely)?
See if you can contain yourself to what topic you wanted to talk about and double down on your take, answer the questions.
That wasn't even the point but let's get this for future generations to giggle at.
This is a classic playbook of people who keep claiming something with no evidence. They try to divert to something else and they try the "I don't like how you're saying it" move.
Pointing out that you have no idea what you're talking about is not ad hominem. Ad hominem would be something irrelevant to the topic like "you're fat so you don't know about cryptography".
The point is processing power at quantum level already starts to threaten some of the encryption methods and early keys are definitely at risk over time
You have grossly misunderstood (again). Quantum computers haven't threatened anything new.
AES was first proposed 26 years ago and has never been broken. Quantum computers only reduce the theoretical key lengths. This has been known for multiple decades and is why key lengths have been increased. Again, it has never been cracked, 256 bit keys have been used just for a theoretical time decades or centuries in the future with no clear path to get there.
There is zero evidence to back up what you are saying. There are no cryptography experts that agree with what you're saying. It is just you making something up.
If you have any evidence at all, go ahead and link it.
I completely disagree with your limited focus take on this, aside from the main point of the comment, and you still are not taking into account what others are saying which I shared.
You are very focused on "winning" rather than the topic of concentration in currencies in the digital space, whether those keys are found, solved or some future system or hole is able to break them.
Good debate but I feel you were debating and shadowboxing yourself mostly, some side point that I guess you "won". I answered all your questions and provided sources on them to back them up. You still refuse to acknowledge.
Can the keys be broken now? No. Will they? According to you... NEVER!
Since you still won't answer these questions for our future observers, I take it you think they will never be broken.
Let's get you on record...
Do you think encryption methods today will hold up over time 100%? According to you YES!
Do you think early bitcoin keys from 2008 will never be broken (disregarding tools and being found which is more likely)? According to you YES!
Ok, glad to get you on record. I work on probabilities and that we don't know all parts, is there a probability that these keys will one day be broken, YES. A high probability, with lots of time, YES. Even higher if the values of these early coins/keys are multiples of what they are today, YES.
We can agree to disagree on this point without you going into ad hominems again on some side point. Where there is loot and prizes, some will be very motivated to find a way to get at those keys, either finding them, finding holes in tools used to make the keys or with lots of time, break the algorithms or brute force them.
I work in games and no matter how well you hide things, players will find the holes. It is actually quite amazing when you see it. Never underestimate the human with tools and intel/tracks. I am sure you will misinterpret this but it is true.
is there a probability that these keys will one day be broken, YES. A high probability, with lots of time, YES. Even higher if the values of these early coins/keys are multiples of what they are today, YES.
Again, this is you repeating your claim. Repeating your claim isn't evidence. You haven't given any numbers, explanations, information from expert cryptographers or any external links at all.
No evidence doesn't mean it didn't or won't happen. There is a very large canyon between something happening and evidence. There you have to go off of history, timeline, motive (large piles of money get things to happen) and more.
Glad you could go on record and show you are an absolutist not a probabilist. Even cryptography itself is probabilistic. There are no absolutes in time except change.
You also skipped these two questions:
- Do you understand what diversion from the point is?
- Do you think Satoshi is Nick Szabo?
We are so far deep in this distraction that we have run out of room to reply without it being a line of vertical text.
Let's agree to disagree. I'll let you have the last word on this diversion.
No evidence doesn't mean it didn't or won't happen. There is a very large canyon between something happening and evidence.
We're at the heart of it now. You don't understand evidence and don't care. This is the same type of thinking that flat earth people have. There is no evidence of that either.
When what you believe is not based on any evidence at all and only emotions, that's called religion, not anything that exists in reality.
Here are people that understand trying to explain it.
What else do you believe that has no evidence for it and huge evidence against it? Big foot? Lockness monster? Aliens? Santa Clause? If you don't care about evidence anything is on the table, just make up what you want to be true.
Again with the ad hominems and strawman arguments in your shadowboxing diversion...
I knew you wouldn't answer. You fail to even acknowledge evidence, what do you know about it? Nothing. How do you think evidence comes about? Just shows up one day? It takes people researching it and events to happen. Your hypothesis is not even attempting to start to see evidence, never be an investigator with that vibe.
Our discussion on your diversion is done, I know where you stand.
- You like crypto consolidation, you won't even attempt to answer that one.
- You are diverting from the point so far it is laughable now.
- Nick Szabo thanks you.
Admit you are an absolutist not a probabalist. Absolutism to no change is more religious than probability. You sure do preach absolutism.
You never gave any and you admitted that. That's why it's flat earth level thinking. When flat earthers gain understanding they are no longer flat earthers.
How do you think evidence comes about?
I linked you multiple discussions of people explaining why what you said is wrong, why don't you address those?
It's the same thing again:
Link any evidence that modern 256 bit encryption will be broken. Explain yourself. You haven't done anything except for repeating yourself and getting upset. You haven't given a single link.
Do you think people show up to court and just say that someone is guilty over and over or do you think they show information to explain why something is likely to be true.
All these replies and you haven't given a shred of evidence, do you realize this? Yes or no?
That's not at all what you said at first. You didn't say the keys would probably be found, you said with quantum computing someone will break the encryption, which is based on nothing. Here it is verbatim:
Eventually with quantum computing or other advancements, someone will break the encryption and potentially swipe the part of Satoshi's coin.
You are basing this on modern tech. Making the same mistakes of people of the past.
You aren't getting this. This isn't a "what if computers are faster in the future" scenario. You aren't going to brute force a search space of this size with all the energy from all the stars in the universe.
You are making the same mistakes of time, you don't know what is to come and the past has shown previous algorithms actually last LESS time than they expected. It does play into it.
No, I actually understand the search space of large key lengths instead of hallucinating a fantasy future. Even when DES was created people debated it being too weak.
You can go back a generation and read articles about cars so big they have their own wood shop, future cities full of flying cars and robot servants. That stuff was all more practical than what you are talking about.
This would not be a conversation if you understood what you are saying.
Let's simplify this because you are lost in the weeds and resorting to ad hominems.
Pointing out that you have huge misunderstandings is not 'ad hominem'.
Do you think it is a good idea that a currency has keys out there, that can be found either directly or with time, that have heavy concentration?
Is concentrated unknown wealth of a currency, the root of all financial systems and power, a good idea?
This has nothing to do with what I'm trying to tell you.
You originally said that "quantum computers will be able to break satoshi's keys" and I'm trying to explain to you why that is naive and uninformed.