Bitcoin vs. The NSA's Quantum Computer - Bitcoin Not Bombs

ABCMint is a quantum resistant cryptocurrency with the Rainbow Multivariable Polynomial Signature Scheme.

Good day, the price is going up to 0.3USDT.

ABCMint Second Foundation

ABCMint has been a first third-party organization that focuses on post-quantum cryptography research and technology and aims to help improve the ecology of ABCMint technology since 2018.

What is ABCMint?

ABCMint is a quantum resistant cryptocurrency with the Rainbow Multivariable Polynomial Signature Scheme.

Cryptocurrencies and blockchain technology have attracted a significant amount of attention since 2009. While some cryptocurrencies, including Bitcoin, are used extensively in the world, these cryptocurrencies will eventually become obsolete and be replaced when the quantum computers avail. For instance, Bitcoin uses the elliptic curved signature (ECDSA). If a bitcoin user?s public key is exposed to the public chain, the quantum computers will be able to quickly reverse-engineer the private key in a short period of time. It means that should an attacker decide to use a quantum computer to decrypt ECDSA, he/she will be able to use the bitcoin in the wallet.

The ABCMint Foundation has improved the structure of the special coin core to resist quantum computers, using the Rainbow Multivariable Polynomial Signature Scheme, which is quantum resisitant, as the core. This is a fundamental solution to the major threat to digital money posed by future quantum computers. In addition, the ABCMint Foundation has implemented a new form of proof of arithmetic (mining) "ABCardO" which is different from Bitcoin?s arbitrary mining. This algorithm is believed to be beneficial to the development of the mathematical field of multivariate.

Rainbow Signature - the quantum resistant signature based on Multivariable Polynomial Signature Scheme

Unbalanced Oil and Vinegar (UOV) is a multi-disciplinary team of experts in the field of oil and vinegar. One of the oldest and most well researched signature schemes in the field of variable cryptography. It was designed by J. Patarin in 1997 and has withstood more than two decades of cryptanalysis. The UOV scheme is a very simple, smalls and fast signature. However, the main drawback of UOV is the large public key, which will not be conducive to the development of block practice technology.

The rainbow signature is an improvement on the oil and vinegar signature which increased the efficiency of unbalanced oil and vinegar. The basic concept is a multi-layered structure and generalization of oil and vinegar.

PQC - Post Quantum Cryptography

The public key cryptosystem was a breakthrough in modern cryptography in the late 1970s. It has become an increasingly important part of our cryptography communications network over The Internet and other communication systems rely heavily on the Diffie-Hellman key exchange, RSA encryption, and the use of the DSA, ECDSA or related algorithms for numerical signatures. The security of these cryptosystems depends on the difficulty level of number theory problems such as integer decomposition and discrete logarithm problems. In 1994, Peter Shor demonstrated that quantum computers can solve all these problems in polynomial time, which made this security issue related to the cryptosystems theory irrelevant. This development is known as the "post-quantum cryptography" (PQC)

In August 2015, the U.S. National Security Agency (NSA) released an announcement regarding its plans to transition to quantum-resistant algorithms. In December 2016, the National Institute of Standards and Technology (NIST) announced a call for proposals for quantum-resistant algorithms. The deadline was November 30, 2017, which also included the rainbow signatures used for ABCMint.
submitted by WrapBeautiful to ABCMint [link] [comments]

Does this scare anyone else (atleast as it relates to BTC)????

Does this scare anyone else (atleast as it relates to BTC)???? submitted by blockchainbrown to Bitcoin [link] [comments]

Is Crypto Currency truly at risk due to Quantum Computers, and what can you do about it?

Is Crypto Currency truly at risk due to Quantum Computers, and what can you do about it?

There is no denying that the Quantum revolution is coming. Security protocols for the internet, banking, telecommunications, etc... are all at risk, and your Bitcoins (and alt-cryptos) are next!
This article is not really about quantum computers[i], but, rather, how they will affect the future of cryptocurrency, and what steps a smart investor will take. Since this is a complicated subject, my intention is to provide just enough relevant information without being too “techy.”

The Quantum Evolution

In 1982, Nobel winning physicist, Richard Feynman, hypothesized how quantum computers[ii] would be used in modern life.
Just one year later, Apple released the “Apple Lisa”[iii] – a home computer with a 7.89MHz processor and a whopping 5MB hard drive, and, if you enjoy nostalgia, it used 5.25in floppy disks.
Today, we walk around with portable devices that are thousands of times more powerful, and, yet, our modern day computers still work in a simple manner, with simple math, and simple operators[iv]. They now just do it so fast and efficient that we forget what’s happening behind the scenes.
No doubt, the human race is accelerating at a remarkable speed, and we’ve become obsessed with quantifying everything - from the everyday details of life to the entire universe[v]. Not only do we know how to precisely measure elementary particles, we also know how to control their actions!
Yet, even with all this advancement, modern computers cannot “crack” cryptocurrencies without the use of a great deal more computing power, and since it’s more than the planet can currently supply, it could take millions, if not billions, of years.
However, what current computers can’t do, quantum computers can!
So, how can something that was conceptualized in the 1980’s, and, as of yet, has no practical application, compromise cryptocurrencies and take over Bitcoin?
To best answer this question, let’s begin by looking at a bitcoin address.

What exactly is a Bitcoin address?

Well, in layman terms, a Bitcoin address is used to send and receive Bitcoins, and looking a bit closer (excuse the pun), it has two parts:[vi]
A public key that is openly shared with the world to accept payments. A public key that is derived from the private key. The private key is made up of 256 bits of information in a (hopefully) random order. This 256 bit code is 64 characters long (in the range of 0-9/a-f) and further compressed into a 52 character code (using RIPEMD-160).
NOTE: Although many people talk about Bitcoin encryption, Bitcoin does not use Encryption. Instead, Bitcoin uses a hashing algorithm (for more info, please see endnote below[vii]).
Now, back to understanding the private key:
The Bitcoin address “1EHNa6Q4Jz2uvNExL497mE43ikXhwF6kZm” translates to a private key of “5HpHagT65TZzG1PH3CSu63k8DbpvD8s5ip4nEB3kEsreAnchuDf” which further translates to a 256 bit private key of “0000000000000000000000000000000000000000000000000000000000000001” (this should go without saying, but do not use this address/private key because it was compromised long ago.) Although there are a few more calculations that go behind the scenes, these are the most relevant details.
Now, to access a Bitcoin address, you first need the private key, and from this private key, the public key is derived. With current computers, it’s classically impractical to attempt to find a private key based on a public key. Simply put, you need the private key to know the public key.
However, it has already been theorized (and technically proven) that due to private key compression, multiple private keys can be used to access the same public key (aka address). This means that your Bitcoin address has multiple private keys associated with it, and, if someone accidentally discovers or “cracks” any one of those private keys, they have access to all the funds in that specific address.
There is even a pool of a few dedicated people hunting for these potential overlaps[viii], and they are, in fact, getting very efficient at it. The creator of the pool also has a website listing every possible Bitcoin private key/address in existence[ix], and, as of this writing, the pool averages 204 trillion keys per day!
But wait! Before you get scared and start panic selling, the probability of finding a Bitcoin address containing funds (or even being used) is highly unlikely – nevertheless, still possible!
However, the more Bitcoin users, the more likely a “collision” (finding overlapping private/public key pairs)! You see, the security of a Bitcoin address is simply based on large numbers! How large? Well, according to my math, 1.157920892373x1077 potential private keys exist (that number represents over 9,500 digits in length! For some perspective, this entire article contains just over 14,000 characters. Therefore, the total number of Bitcoin addresses is so great that the probability of finding an active address with funds is infinitesimal.

So, how do Quantum Computers present a threat?

At this point, you might be thinking, “How can a quantum computer defeat this overwhelming number of possibilities?” Well, to put it simple; Superposition and Entanglement[x].
Superposition allows a quantum bit (qbit) to be in multiple states at the same time. Entanglement allows an observer to know the measurement of a particle in any location in the universe. If you have ever heard Einstein’s quote, “Spooky Action at a Distance,” he was talking about Entanglement!
To give you an idea of how this works, imagine how efficient you would be if you could make your coffee, drive your car, and walk your dog all at the same time, while also knowing the temperature of your coffee before drinking, the current maintenance requirements for your car, and even what your dog is thinking! In a nutshell, quantum computers have the ability to process and analyze countless bits of information simultaneously – and so fast, and in such a different way, that no human mind can comprehend!
At this stage, it is estimated that the Bitcoin address hash algorithm will be defeated by quantum computers before 2028 (and quite possibly much sooner)! The NSA has even stated that the SHA256 hash algorithm (the same hash algorithm that Bitcoin uses) is no longer considered secure, and, as a result, the NSA has now moved to new hashing techniques, and that was in 2016! Prior to that, in 2014, the NSA also invested a large amount of money in a research program called “Penetrating Hard Targets project”[xi] which was used for further Quantum Computer study and how to break “strong encryption and hashing algorithms.” Does NSA know something they’re not saying or are they just preemptively preparing?
Nonetheless, before long, we will be in a post-quantum cryptography world where quantum computers can crack crypto addresses and take all the funds in any wallet.

What are Bitcoin core developers doing about this threat?

Well, as of now, absolutely nothing. Quantum computers are not considered a threat by Bitcoin developers nor by most of the crypto-community. I’m sure when the time comes, Bitcoin core developers will implement a new cryptographic algorithm that all future addresses/transactions will utilize. However, will this happen before post-quantum cryptography[xii]?
Moreover, even after new cryptographic implementation, what about all the old addresses? Well, if your address has been actively used on the network (sending funds), it will be in imminent danger of a quantum attack. Therefore, everyone who is holding funds in an old address will need to send their funds to a new address (using a quantum safe crypto-format). If you think network congestion is a problem now, just wait…
Additionally, there is the potential that the transition to a new hashing algorithm will require a hard fork (a soft fork may also suffice), and this could result in a serious problem because there should not be multiple copies of the same blockchain/ledger. If one fork gets attacked, the address on the other fork is also compromised. As a side-note, the blockchain Nebulas[xiii] will have the ability to modify the base blockchain software without any forks. This includes adding new and more secure hashing algorithms over time! Nebulas is due to be released in 2018.

Who would want to attack Bitcoin?

Bitcoin and cryptocurrency represent a threat to the controlling financial system of our modern economy. Entire countries have outright banned cryptocurrency[xiv] and even arrested people[xv], and while discrediting it, some countries are copying cryptocurrency to use (and control) in their economy[xvi]!
Furthermore, Visa[xvii], Mastercard[xviii], Discover[xix], and most banks act like they want nothing to do with cryptocurrency, all the while seeing the potential of blockchain technology and developing their own[xx]. Just like any disruptive technology, Bitcoin and cryptocurrencies have their fair share of enemies!
As of now, quantum computers are being developed by some of the largest companies in the world, as well as private government agencies.
No doubt, we will see a post-quantum cryptography world sooner than most realize. By that point, who knows how long “3 letter agencies” will have been using quantum technology - and what they’ll be capable of!

What can we do to protect ourselves today?

Of course, the best option is to start looking at how Bitcoin can implement new cryptographic features immediately, but it will take time, and we have seen how slow the process can be just for scaling[xxi].
The other thing we can do is use a Bitcoin address only once for outgoing transactions. When quantum computers attack Bitcoin (and other crypto currencies), their first target will be addresses that have outgoing transactions on the blockchain that contain funds.
This is due to the fact that when computers first attempt to crack a Bitcoin address, the starting point is when a transaction becomes public. In other words, when the transaction is first signed – a signed transaction is a digital signature derived from the private key, and it validates the transaction on the network. Compared to classical computers, quantum computers can exponentially extrapolate this information.
Initially, Bitcoin Core Software might provide some level of protection because it only uses an address once, and then sends the remaining balance (if any) to another address in your keypool. However, third party Bitcoin wallets can and do use an address multiple times for outgoing transactions. For instance, this could be a big problem for users that accept donations (if they don’t update their donation address every time they remove funds). The biggest downside to Bitcoin Core Software is the amount of hard-drive space required, as well as diligently retaining an up-to-date copy of the entire blockchain ledger.
Nonetheless, as quantum computers evolve, they will inevitably render SHA256 vulnerable, and although this will be one of the first hash algorithms cracked by quantum computers, it won’t be the last!

Are any cryptocurrencies planning for the post-quantum cryptography world?

Yes, indeed, there are! Here is a short list of ones you may want to know more about:

Full disclosure:

Although I am in no way associated with any project listed above, I do hold coins in all as well as Bitcoin, Litecoin and many others.
The thoughts above are based on my personal research, but I make no claims to being a quantum scientist or cryptographer. So, don’t take my word for anything. Instead, do your own research and draw your own conclusions. I’ve included many references below, but there are many more to explore.
In conclusion, the intention of this article is not to create fear or panic, nor any other negative effects. It is simply to educate. If you see an error in any of my statements, please, politely, let me know, and I will do my best to update the error.
Thanks for reading!


[i] – A great video explaining quantum computers.
[ii] - A brief history of quantum computing.
[iii] - More than you would ever want to know about the Apple Lisa.
[iv] - Want to learn more about computer science? Here is a great crash course for it!
[v] - What does quantify mean?
[vi] - More info about Bitcoin private keys.
[vii] - A good example of the deference between Hash and Encryption
[viii] - The Large Bitcoin Collider.
[ix] - A list of every possible Bitcoin private key. This website is a clever way of converting the 64 character uncompressed key to the private key 128 at a time. Since it is impossible to save all this data in a database and search, it is not considered a threat! It’s equated with looking for a single needle on the entire planet.
[x] – Brief overview of Superposition and Entanglement.
[xi] – A review of the Penetrating Hard Targets project.
[xii] - Explains post-quantum cryptography.
[xiii] - The nebulas project has some amazing technology planned in their roadmap. They are currently in testnet stage with initial launch expected taking place in a few weeks. If you don’t know about Nebulas, you should check them out. [xiv] - Country’s stance on crypto currencies.
[xv] - Don’t be a miner in Venezuela!
[xvi] - Russia’s plan for their own crypto currency.
[xvii] - Recent attack from visa against crypto currency.
[xviii] - Mastercards position about Bitcoin.
[xix] - Discovers position about Bitcoin.
[xx] - Mastercard is making their own blockchain.
[xxi] - News about Bitcoin capacity. Not a lot of news…
[xxii] - IOTA and quantum encryption.
[xxiii] - The whitepaper of Winternitz One-Time Signature Scheme
[xxiv] - The Cardano project roadmap.
[xxv] - More about the BLISS hash system.
[xxvi] - Home of the Ethereum project.
[xxvii] – SHA3 hash algorithm vs quantum computers.
[xxviii] - Lamport signature information.
[xxix] - Home of the Quantum Resistant Ledger project.
submitted by satoshibytes to CryptoCurrency [link] [comments]

Part 5. I'm writing a series about blockchain tech and possible future security risks. This is the fifth part of the series talking about an advanced vulnerability of BTC.

The previous parts will give you usefull basic blockchain knowledge and insights on quantum resistance vs blockchain that are not explained in this part.
Part 1, what makes blockchain reliable?
Part 2, The mathematical concepts Hashing and Public key cryptography.
Part 3, Quantum resistant blockchain vs Quantum computing.
Part 4A, The advantages of quantum resistance from genesis block, A
Part 4B, The advantages of quantum resistance from genesis block, A

Why BTC is vulnerable for quantum attacks sooner than you would think.
The BTC misconception: “Original public keys are not visible until you make a transaction, so BTC is quantum resistant.”
Already exposed public keys.
Hijacking transactions.
Hijacks during blocktime
Hijacks pre-blocktime.
MITM attacks

- Why BTC is vulnerable for quantum attacks sooner than you would think. -

Blockchain transactions are secured by public-private key cryptography. The keypairs used today will be at risk when quantum computers reach a certain critical level: Quantum computers can at a certain point of development, derive private keys from public keys. See for more sourced info on this subject in part 3. So if a public key can be obtained by an attacker, he can then use a quantum computer to find the private key. And as he has both the public key and the private key, he can control and send the funds to an address he owns.
Just to make sure there will be no misconceptions: When public-private key cryptography such as ECDSA and RSA can be broken by a quantum computer, this will be an issue for all blockchains who don't use quantum resistant cryptography. The reason this article is about BTC is because I take this paper as a reference point: Here they calculate an estimate when BTC will be at risk while taking the BTC blocktime as the window of opportunity.
The BTC misconception: “Original public keys are not visible until you make a transaction, so BTC is quantum resistant.”
In pretty much every discussion I've read and had on the subject, I notice that people are under the impression that BTC is quantum resistant as long as you use your address only once. BTC uses a hashed version of the public key as a send-to address. So in theory, all funds are registered on the chain on hashed public keys instead of to the full, original public keys, which means that the original public key is (again in theory) not public. Even a quantum computer can't derive the original public key from a hashed public key, therefore there is no risk that a quantum computer can derive the private key from the public key. If you make a transaction, however, the public key of the address you sent your funds from will be registered in full form in the blockchain. So if you were to only send part of your funds, leaving the rest on the old address, your remaining funds would be on a published public key, and therefore vulnerable to quantum attacks. So the workaround would be to transfer the remaining funds, within the same transaction, to a new address. In that way, your funds would be once again registered on the blockchain on a hashed public key instead of a full, original public key.
If you feel lost already because you are not very familiar with the tech behind blockchain, I will try to explain the above in a more familiar way:
You control your funds through your public- private key pair. Your funds are registered on your public key. And you can create transactions, which you need to sign to be valid. You can only create a signature if you have your private key. See it as your e-mail address (public key) and your password (Private key). Many people got your email address, but only you have your password. So the analogy is, that if you got your address and your password, then you can access your mail and send emails (Transactions). If the right quantum computer would be available, people could use that to calculate your password (private key), if they have your email address (public key).
Now, because BTC doesn’t show your full public key anywhere until you make a transaction. That sounds pretty safe. It means that your public key is private until you make a transaction. The only thing related to your public key that is public is the hash of your public key. Here is a short explanation of what a hash is: a hash is an outcome of an equation. Usually one-way hash functions are used, where you can not derive the original input from the output; but every time you use the same hash function on the same original input (For example IFUHE8392ISHF), you will always get the same output (For example G). That way you can have your coins on public key "IFUHE8392ISHF", while on the chain, they are registered on "G".
So your funds are registered on the blockchain on the "Hash" of the public key. The Hash of the public key is also your "email address" in this case. So you give "G" as your address to send BTC to.
As said before: since it is, even for a quantum computer, impossible to derive a public key from the Hash of a public key, your coins are safe for quantum computers as long as the public key is only registered in hashed form. The obvious safe method would be, never to reuse an address, and always make sure that when you make a payment, you send your remaining funds to a fresh new address. (There are wallets that can do this for you.) In theory, this would make BTC quantum resistant, if used correctly. This, however, is not as simple as it seems. Even though the above is correct, there is a way to get to your funds.
Already exposed public keys.
But before we get to that, there is another point that is often overlooked: Not only is the security of your personal BTC is important, but also the security of funds of other users. If others got hacked, the news of the hack itself and the reaction of the market to that news, would influence the marketprice. Or, if a big account like the Satoshi account were to be hacked and dumped, the dump itself, combined with the news of the hack, could be even worse. An individual does not have the control of other people’s actions. So even though one might make sure his public key is only registered in hashed form, others might not do so, or might no know their public key is exposed. There are several reasons why a substantial amount of addresses actually have exposed full public keys:
In total, about 36% of all BTC are on addresses with exposed public keys Of which about 20% is on lost addresses. and here
Hijacking transactions.
But even if you consider the above an acceptable risk, just because you yourself will make sure you never reuse an address, then still, the fact that only the hashed public key is published until you make a transaction is a false sense of security. It only works, if you never make a transaction. Why? Public keys are revealed while making a transaction, so transactions can be hijacked while being made.
Here it is important to understand two things:
1.) How is a transaction sent?
The owner has the private key and the public key and uses that to log into the secured environment, the wallet. This can be online or offline. Once he is in his wallet, he states how much he wants to send and to what address.
When he sends the transaction, it will be broadcasted to the blockchain network. But before the actual transaction will be sent, it is formed into a package, created by the wallet. This happens out of sight of the sender.
That package ends up carrying roughly the following info: the public key to point to the address where the funds will be coming from, the amount that will be transferred, the address the funds will be transferred to (depending on the blockchain this could be the hashed public key, or the original public key of the address the funds will be transferred to). This package also carries the most important thing: a signature, created by the wallet, derived from the private- public key combination. This signature proves to the miners that you are the rightful owner and you can send funds from that public key.
Then this package is sent out of the secure wallet environment to multiple nodes. The nodes don’t need to trust the sender or establish the sender’s "identity”, because the sender proofs he is the rightful owner by adding the signature that corresponds with the public key. And because the transaction is signed and contains no confidential information, private keys, or credentials, it can be publicly broadcast using any underlying network transport that is convenient. As long as the transaction can reach a node that will propagate it into the network, it doesn’t matter how it is transported to the first node.
2.) How is a transaction confirmed/ fulfilled and registered on the blockchain?
After the transaction is sent to the network, it is ready to be processed. The nodes have a bundle of transactions to verify and register on the next block. This is done during a period called the block time. In the case of BTC that is 10 minutes.
If we process the information written above, we will see that there are two moments where you can actually see the public key, while the transaction is not fulfilled and registered on the blockchain yet.
1: during the time the transaction is sent from the sender to the nodes
2: during the time the nodes verify the transaction. (The blocktime)
Hijacks during blocktime
This paper describes how you could hijack a transaction and make a new transaction of your own, using someone else’s address and send his coins to an address you own during moment 2: the time the nodes verify the transaction:
"(Unprocessed transactions) After a transaction has been broadcast to the network, but before it is placed on the blockchain it is at risk from a quantum attack. If the secret key can be derived from the broadcast public key before the transaction is placed on the blockchain, then an attacker could use this secret key to broadcast a new transaction from the same address to his own address. If the attacker then ensures that this new transaction is placed on the blockchain first, then he can effectively steal all the bitcoin behind the original address." (Page 8, point 3.)
So this means that BTC obviously is not a quantum secure blockchain. Because as soon as you will touch your funds and use them for payment, or send them to another address, you will have to make a transaction and you risk a quantum attack.
Hijacks pre-blocktime.
The story doesn't end here. The paper doesn't describe the posibility of a pre-blocktime hijack.
So back to the paper: as explained, while making a transaction your public key is exposed for at least the transaction time. This transaction time is 10 minutes where your transaction is being confirmed during the 10 minute block time. That is the period where your public key is visible and where, as described in the paper, a transaction can be hijacked, and by using quantum computers, a forged transaction can be made. So the critical point is determined to be the moment where quantum computers can derive private keys from public keys within 10 minutes. Based on that 10 minute period, they calculate (estimate) how long it will take before QC's start forming a threat to BTC. (“ By our most optimistic estimates, as early as 2027 a quantum computer could exist that can break the elliptic curve signature scheme in less than 10 minutes, the block time used in Bitcoin.“ This is also shown in figure 4 on page 10 and later more in depth calculated in appendix C, where the pessimistic estimate is around 2037.) But you could extend that 10 minutes through network based attacks like DDoS, BGP routing attacks, NSA Quantum Insert, Eclipse attacks, MITM attacks or anything like that. (And I don’t mean you extend the block time by using a network based attack, but you extend the time you have access to the public key before the transaction is confirmed.) Bitcoin would be earlier at risk than calculated in this paper.
Also other Blockchains with way shorter block times imagine themselves safe for a longer period than BTC, but with this extension of the timeframe within which you can derive the private key, they too will be vulnerable way sooner.
Not so long ago an eclipse attack demonstrated it could have done the trick. and here Causing the blockchain to work over max capacity, means the transactions will be waiting to be added to a block for a longer time. This time needs to be added on the blocktime, expanding the period one would have time to derive the private key from the public key.
That seems to be fixed now, but it shows there are always new attacks possible and when the incentive is right (Like a few billion $ kind of right) these could be specifically designed for certain blockchains.
MITM attacks
An MITM attack could find the public key in the first moment the public key is exposed. (During the time the transaction is sent from the sender to the nodes) So these transactions that are sent to the network, contain public keys that you could intercept. So that means that if you intercept transactions (and with that the private keys) and simultaneously delay their arrival to the blockchain network, you create extra time to derive the private key from the public key using a quantum computer. When you done that, you send a transaction of your own before the original transaction has arrived and is confirmed and send funds from that stolen address to an address of your choosing. The result would be that you have an extra 10, 20, 30 minutes (or however long you can delay the original transactions), to derive the public key. This can be done without ever needing to mess with a blockchain network, because the attack happens outside the network. Therefore, slower quantum computers form a threat. Meaning that earlier models of quantum computers can form a threat than they assume now.
When MITM attacks and hijacking transactions will form a threat to BTC, other blockchains will be vulnerable to the same attacks, especially MITM attacks. There are ways to prevent hijacking after arrival at the nodes. I will elaborate on that in the next article. At this point of time, the pub key would be useless to an attacker due to the fact there is no quantum computer available now. Once a quantum computer of the right size is available, it becomes a problem. For quantum resistant blockchains this is differetn. MITM attacks and hijacking is useless to quantum resistant blockchains like QRL and Mochimo because these projects use quantum resistant keys.
submitted by QRCollector to CryptoTechnology [link] [comments]

Evidence Points to Bitcoin being an NSA-engineered Psyop to roll out One-World Digital Currency

I'm going to assume the readers who make it to this article are well informed enough that I don't have to go into the history of the global money changers and their desire for a one world currency.
(If you don't yet understand the goal of the globalist banking empire and the coming engineered collapse of the fiat currency system, you're already about 5,000 posts behind the curve.)
With that as a starting point, it's now becoming increasingly evident that Bitcoin may be a creation of the NSA and was rolled out as a "normalization" experiment to get the public familiar with digital currency.
Once this is established, the world's fiat currencies will be obliterated in an engineered debt collapse (see below for the sequence of events), then replaced with a government approved cryptocurrency with tracking of all transactions and digital wallets by the world's western governments.
NSA mathematicians detailed "digital cash" two decades ago
What evidence supports this notion?
First, take a look at this document entitled, "How to Make a Mint - The Cryptography of Anonymous Electronic Cash." This document, released in 1997 - yes, twenty years ago - detailed the overall structure and function of Bitcoin cryptocurrency.
Who authored the document?
Try not to be shocked when you learn it was authored by,
"mathematical cryptographers at the National Security Agency's Office of Information Security Research and Technology." 
The NSA, in other words, detailed key elements of Bitcoin long before Bitcoin ever came into existence.
Much of the Bitcoin protocol is detailed in this document, including signature authentication techniques, eliminating cryptocoin counterfeits through transaction authentication and several features that support anonymity and untraceability of transactions.
The document even outlines the heightened risk of money laundering that's easily accomplished with cryptocurrencies. It also describes "secure hashing" to be "both one-way and collision-free."
Although Bitcoin adds mining and a shared, peer-to-peer blockchain transaction authentication system to this structure, it's clear that the NSA was researching cryptocurrencies long before everyday users had ever heard of the term.
Note, too, that the name of the person credited with founding Bitcoin is Satoshi Nakamoto, who is reputed to have reserved one million Bitcoins for himself.
Millions of posts and online threads discuss the possible identity of Satishi Nakamoto, and some posts even claim the NSA has identified Satoshi.
However, another likely explanation is that Satoshi Nakamoto is the NSA, which means he is either working for the NSA or is a sock puppet character created by the NSA for the purpose of this whole grand experiment.
The NSA also wrote the crypto hash used by Bitcoin to secure all transactions
On top of the fact that the NSA authored a technical paper on cryptocurrency long before the arrival of Bitcoin, the agency is also the creator of the SHA-256 hash upon which every Bitcoin transaction in the world depends.
As The Hacker News (THN) explains.
"The integrity of Bitcoin depends on a hash function called **SHA-256**, which was designed by the NSA and published by the *National Institute for Standards and Technology* ([NIST](" 
THN also adds:
"If you assume that the NSA did something to SHA-256, which no outside researcher has detected, what you get is the ability, with credible and detectable action, they would be able to forge transactions. The really scary thing is somebody finds a way to find collisions in SHA-256 really fast without brute-forcing it or using lots of hardware and then they take control of the network." 
Cryptography researcher Matthew D. Green of Johns Hopkins University said.
In other words, if the SHA-256 hash, which was created by the NSA, actually has a backdoor method for cracking the encryption, it would mean the NSA could steal everybody's Bitcoins whenever it wants (call it "Zero Day.")
That same article, written by Mohit Kumar, mysteriously concludes,
"Even today it's too early to come to conclusions about Bitcoin. Possibly it was designed from day one as a tool to help maintain control of the money supplies of the world." 
And with that statement, Kumar has indeed stumbled upon the bigger goal in all this:
To seize control over the world money supply as the fiat currency system crumbles and is replaced with a one-world *digital currency controlled by globalists*. 
Think cryptography is bulletproof? Think again…
Lest you think that the cryptography of cryptocurrency is secure and bulletproof, consider this article from The Hacker News, 'Researchers Crack 1024-bit RSA Encryption in GnuPG Crypto Library,' which states,
"The attack allows an attacker to extract the secret crypto key from a system by analyzing the pattern of memory utilization or the electromagnetic outputs of the device that are emitted during the decryption process." 
Note, importantly, that this is a 1024-bit encryption system.
The same technique is also said to be able to crack 2048-bit encryption. In fact, encryption layers are cracked on a daily basis by clever hackers.
Some of those encryption layers are powering various cryptocurrencies right now. Unless you are an extremely high-level mathematician, there's no way you can know for sure whether any crypto currency is truly non-hackable.
In fact, every cryptocurrency becomes obsolete with the invention of large-scale quantum computing.
Once China manages to build a working 256-bit quantum computer, it can effectively steal all the Bitcoins in the world (plus steal most national secrets and commit other global mayhem at will).
Ten steps to crypto-tyranny - The "big plan" by the globalists (and how it involves Bitcoin)
In summary, here's one possible plan by the globalists to seize total control over the world's money supply, savings, taxation and financial transactions while enslaving humanity.
And it all starts with Bitcoin...
  1.  Roll out the NSA-created Bitcoin to get the public excited about a digital currency. 
  2.  Quietly prepare a globalist-controlled cryptocurrency to take its place. (JP Morgan, anyone...?) 
  3.  Initiate a massive, global-scale [false flag operation]( that crashes the global debt markets and sends fiat currencies down in flames (hoax alien invasion, hoax North Korean EMP attack, mass distributed power grid terrorism network, etc.) 
  4.  Blame whatever convenient enemy is politically acceptable (North Korea, "the Russians," Little Green Men or whatever it takes…) 
  5.  Allow the fiat currency debt pyramid to collapse and smolder until the sheeple get desperate. 
  6.  With great fanfare, announce a government-backed cryptocurrency replacement for all fiat currencies, and position world governments as the SAVIOR of humanity. Allow the desperate public to trade in their fiat currencies for official crypto currencies. 
  7.  [Outlaw cash]( and *criminalize gold and silver ownership by private citizens*. All in the name of "security," of course. 
  8.  Criminalize all non-official cryptocurrencies such as Bitcoin, crashing their value virtually overnight and funneling everyone into the one world government crypto, where the NSA controls the blockchain. This can easily be achieved by blaming the false flag event (see above) on some nation or group that is said to have been "funded by Bitcoin, the cryptocurrency used by terrorists." 
  9.  Require [embedded RFID]( or biometric identifiers for all transactions in order to "authenticate" the one-world digital crypto currency activities. *Mark of the Beast* becomes reality. No one is allowed to eat, travel or earn a wage without being marked. 
  10.  Once absolute control over the new one-world digital currency is achieved, weaponize the government-tracked blockchain to track all transactions, investments and commercial activities. Confiscate a portion of all crypto under the guise of "automated taxation." In an emergency, the government can even announce *negative interest rates* where your holdings automatically decrease each day. 
With all this accomplished, globalists can now roll out absolute totalitarian control over every aspect of private lives by enforcing financial "blackouts" for those individuals who criticize the government.
They can put in place automatic deductions for traffic violations, vehicle license plate taxes, internet taxes and a thousand other oppressive taxes invented by the bureaucracy.
With automatic deductions run by the government, citizens have no means to halt the endless confiscation of their "money" by totalitarian bureaucrats and their deep state lackeys.
How do you feel about your Bitcoin now...?
by Mike Adams December 10, 2017 from NaturalNews Website
submitted by Metaliano to conspiracy [link] [comments]

Quantum Computing Vs. Blockchain

Quantum Computing Vs. Blockchain

The cryptocurrency community has long been discussing one technical feature of the blockchain, which directly affects its future. We are talking about the threat to the blockchain from the so-called quantum computing. The fact is that if these threats are implemented, crypto assets will not be able to function technically and all problems with their regulation will disappear by themselves.
Indeed, what is the point of creating a serious regulatory system for an instrument that will soon become simply inoperable?
Most modern cryptocurrencies are built on a particular cryptographic algorithm that ensures its security. The level of protection is determined by the amount of work required by the key, the password that determines the final result of the cryptographic conversion. It is known that when solving cryptography problems, the classical computer performs total testing of possible keys, in turn, one after another. A quantum computer can instantly test a set of keys and establish a combination that has the maximum probability of being true and thereby compromise the cryptosystem.
The threat to bitcoin is that high-speed quantum computers, as a result, will be able to “create problems” to the encryption processes and digital signatures used in the technology of blockchain and virtual currencies. Ultra-fast calculations would in principle allow to forge smart contracts and steal “coins”.
Most cryptocurrencies use public-key encryption algorithms for communications and, in particular, digital signatures. Public key cryptography is based on one-way mathematical functions-operations that are simple in one direction and difficult in the other. If we use quantum computers rather than classical ones to solve the factorization problem, it is solved much faster. Quantum computer allows for a couple of minutes to determine the secret key on the public, and the knowledge of the secret key allows you to access the address of the bitcoin network. It turns out that the owner of the quantum computer will be able to break the encryption system with a public key and write off (steal) “coins” from the appropriate address. This feature of quantum computing is the main danger for bitcoin.
According to some estimates, the quantum computer will be able to determine the secret key on the open in 2027.
Some commentators believe that with the advent of full-fledged quantum computers, the era of cryptocurrencies and blockchain will come to its logical end — the cryptography systems on which cryptocurrencies are based will be compromised, and the cryptocurrencies themselves will become worthless. Allegedly, the first thing that the owner of a quantum computer will do is quickly mine the remaining bitcoins, ethers and other popular crypto-coins. Experts have estimated that bitcoin hacking will require a quantum computer with a capacity of 10 thousand qubits, and it is not so long to wait for it — perhaps ten years, or even less.
IBM 50Q System: An IBM cryostat wired for a 50 qubit system. Photo from the
However, not everyone shares this opinion.
According to new forecasts, a commercially acceptable version of the quantum computer will not appear until 2040. Many cryptocurrency experts are sure that by this moment developers will be able to prepare and adapt the blockchain to new realities. They will be able to modify the cryptocurrency code and protect the technologies used in it from hacking.
Analysts, however, emphasize that although an attacker with a powerful quantum computer will be able to get the secret key from the public, it is impossible to get the public key from the bitcoin address of the recipient of the transaction. The public key is converted to a bitcoin address by several unidirectional hash functions that are resistant to quantum computation. However, in fact, the public key still gets into the network one day. This occurs when the transaction is signed by the sender of the “coin”. Otherwise, the network will not be able to confirm the transaction, because there is no other way to verify the authenticity of the sender’s signature.
The widespread fear of a direct threat to bitcoin by quantum computing is exaggerated and comes from ignorance. In fact, using crowdsourcing, blockchain technology solves many problems, including reducing threats to its security from quantum computers. That is why the network based on the blockchain for superior protection network and platform of centralized architecture. Dr. Brennan has analyzed the threat of blockchain technologies by modern systems of quantum computing. He investigated the potential of a quantum computer in terms of the possibility of its use “for manipulating the blockchain in the centralization of hashing power” and assessed the probability of disclosure of the key of the encryption system that underlies the mechanism of protecting users of the blockchain. The results of the study show that the existing developments in the field of quantum computing are very far from the “imaginary possibilities” of quantum technologies — the modern quantum infrastructure is characterized by speed, absolutely insufficient to solve extremely complex problems such as the search for an acceptable time encryption key.
At least on the horizon of the next 10 years, the speed of quantum computers will be insufficient compared to the capabilities of modern mining machines.

Bitcoin will not give way before quantum computing.

Can Quantum Computing Take Over Blockchain?

Practice crosses out any theoretical constructions that claim that quantum computing is able to “master” the blockchain. This is due to the limited capabilities of existing technical means and the ongoing development of the blockchain protection system. The technology that can compromise the work of the blockchain is becoming obsolete by the time of its appearance, it is constantly about ten years behind the development of blockchain technology.
The head of the laboratory of quantum computing John Martinis from Google also rejected the assumption that quantum computing could pose a direct threat to blockchain systems and cryptocurrencies in the near future. Martinis believes that the process of creating quantum computers will take at least a decade, and the practical implementation of effective quantum computing will require even more time. He believes that the creation of quantum devices “is really problematic and much more difficult than the creation of a classical computer”.
From another angle, one of the world’s leading experts in the field of bitcoin and blockchain Andreas Antonopoulos also looked at the problem under consideration. Andreas Antonopoulos official Twitter page.
He is convinced that the US NSA and other intelligence agencies will not use a quantum computer against bitcoin, even if they have such weapons.
Andreas Antonopoulos said:
“I’m not at all worried that the NSA might have a quantum computer, because the basic security law says: if you have a powerful secret weapon, you do not use it. You need a very significant excuse to use it”.
He cited as an example the decryption by the British cryptographer Alan Turing of the German military machine encryption Telegraph messages “Enigma” during the Second World War. The Germans used this machine, in particular, for secret communication in the Navy. The British government then decided to keep this success in the strictest confidence, and by any means to hide the source of information (it was removed from the communication channels). The British had even deliberately not to prevent the sinking of their ships by the Germans, because as soon as the enemy realizes the compromise of the codes used by him, he immediately takes measures to Refine its technology.
The question of the threat of quantum computing is not the existence of a quantum computer, but its power — the number of quantum bits (qubits). Special services at this stage of development can not have enough power to attack the Bitcoin blockchain. However, a really real problem will arise when quantum computers become commercially available, but not so much that everyone can use them in their bitcoin wallet. During this transition period, bitcoin will need to switch to new algorithms. It is not yet clear how this transition will take place.
Researchers estimate the exploitability of the ideas of quantum-secured blockchain, the essence of which is that the Central element in the protection technology of the blockchain to make the quantum technology of quantum communication. Quantum communications (or, more precisely, quantum key distribution) guarantee security based on the laws of physics, not on the complexity of solving mathematical problems, as in the case of public-key cryptography. As a result, the quantum blockchain (it can be defined as a set of methods of using quantum technologies for calculations; the work of the quantum blockchain is based on the use of quantum communications to authenticate the participants of operations) will be invulnerable to attacks using a quantum computer.
Brennen and Tucker agree that quantum computing, at least on paper, definitely poses a threat to the security of blockchain networks. Feed her fears caused by the injection of panic sensational articles in the media. Tucker believes that the talk that quantum computing poses an immediate threat to the blockchain is distracting from the really important topics for discussion. The quantum threat to bitcoin cannot be completely excluded, but the level of this threat is estimated as minimal, especially if we take into account the high reliability of the network of this cryptocurrency and powerful incentives to ensure the highest level of its security.
Perhaps, from all this, it is possible to draw two conclusions. First, bitcoin in the current modification is really vulnerable to quantum computing. Secondly, it is equally obvious that there are and there will be many opportunities in the future to improve it. On the one hand, it is, in particular, alternative systems of cryptographic protection of transactions, and including on the basis of public-key ciphers, on the other — quantum communication systems that guarantee the security of communication without the use of mathematics.
So quantum systems promise new means of protection of virtual currency blockchains. If we turn to ordinary money, it can be noted that as technological development is constantly evolving and their means of protection. Remember how to protect against counterfeiting of conventional paper money is constantly coming up with new and unusual technologies. From all this, it follows that from a technical point of view, crypto assets are for a long time, which makes their regulation useful.
Material developed by the Legal Department of EdJoWa Holding
submitted by IMBA-Exchange to u/IMBA-Exchange [link] [comments]

I'm writing a series about blockchain tech and possible future security risks. This is the third part of the series introducing Quantum resistant blockchains.

Part 1 and part 2 will give you usefull basic blockchain knowledge that is not explained in this part.
Part 1 here
Part 2 here
Quantum resistant blockchains explained.
- How would quantum computers pose a threat to blockchain?
- Expectations in the field of quantum computer development.
- Quantum resistant blockchains
- Why is it easier to change cryptography for centralized systems such as banks and websites than for blockchain?
- Conclusion
The fact that whatever is registered on a blockchain can’t be tampered with is one of the great reasons for the success of blockchain. Looking ahead, awareness is growing in the blockchain ecosystem that quantum computers might cause the need for some changes in the cryptography that is used by blockchains to prevent hackers from forging transactions.
How would quantum computers pose a threat to blockchain?
First, let’s get a misconception out of the way. When talking about the risk quantum computers could pose for blockchain, some people think about the risk of quantum computers out-hashing classical computers. This, however, is not expected to pose a real threat when the time comes.
This paper explains why: "In this section, we investigate the advantage a quantum computer would have in performing the hashcash PoW used by Bitcoin. Our findings can be summarized as follows: Using Grover search, a quantum computer can perform the hashcash PoW by performing quadratically fewer hashes than is needed by a classical computer. However, the extreme speed of current specialized ASIC hardware for performing the hashcash PoW, coupled with much slower projected gate speeds for current quantum architectures, essentially negates this quadratic speedup, at the current difficulty level, giving quantum computers no advantage. Future improvements to quantum technology allowing gate speeds up to 100GHz could allow quantum computers to solve the PoW about 100 times faster than current technology.
However, such a development is unlikely in the next decade, at which point classical hardware may be much faster, and quantum technology might be so widespread that no single quantum enabled agent could dominate the PoW problem."
The real point of vulnerability is this: attacks on signatures wherein the private key is derived from the public key. That means that if someone has your public key, they can also calculate your private key, which is unthinkable using even today’s most powerful classical computers. So in the days of quantum computers, the public-private keypair will be the weak link. Quantum computers have the potential to perform specific kinds of calculations significantly faster than any normal computer. Besides that, quantum computers can run algorithms that take fewer steps to get to an outcome, taking advantage of quantum phenomena like quantum entanglement and quantum superposition. So quantum computers can run these certain algorithms that could be used to make calculations that can crack cryptography used today. and
Most blockchains use Elliptic Curve Digital Signature Algorithm (ECDSA) cryptography. Using a quantum computer, Shor's algorithm can be used to break ECDSA. (See for reference: and pdf: ) Meaning: they can derive the private key from the public key. So if they got your public key (and a quantum computer), then they got your private key and they can create a transaction and empty your wallet.
RSA has the same vulnerability while RSA will need a stronger quantum computer to be broken than ECDSA.
At this point in time, it is already possible to run Shor’s algorithm on a quantum computer. However, the amount of qubits available right now makes its application limited. But it has been proven to work, we have exited the era of pure theory and entered the era of practical applications:
So far Shor's algorithm has the most potential, but new algorithms might appear which are more efficient. Algorithms are another area of development that makes progress and pushes quantum computer progress forward. A new algorithm called Variational Quantum Factoring is being developed and it looks quite promising. " The advantage of this new approach is that it is much less sensitive to error, does not require massive error correction, and consumes far fewer resources than would be needed with Shor’s algorithm. As such, it may be more amenable for use with the current NISQ (Noisy Intermediate Scale Quantum) computers that will be available in the near and medium term."
It is however still in development, and only works for 18 binary bits at the time of this writing, but it shows new developments that could mean that, rather than a speedup in quantum computing development posing the most imminent threat to RSA and ECDSA, a speedup in the mathematical developments could be even more consequential. More info on VQF here:
It all comes down to this: when your public key is visible, which is always necessary to make transactions, you are at some point in the future vulnerable for quantum attacks. (This also goes for BTC, which uses the hash of the public key as an address, but more on that in the following articles.) If you would have keypairs based on post quantum cryptography, you would not have to worry about that since in that case not even a quantum computer could derive your private key from your public key.
The conclusion is that future blockchains should be quantum resistant, using post-quantum cryptography. It’s very important to realize that post quantum cryptography is not just adding some extra characters to standard signature schemes. It’s the mathematical concept that makes it quantum resistant. to become quantm resistant, the algorithm needs to be changed. “The problem with currently popular algorithms is that their security relies on one of three hard mathematical problems: the integer factorization problem, the discrete logarithm problem or the elliptic-curve discrete logarithm problem. All of these problems can be easily solved on a sufficiently powerful quantum computer running Shor's algorithm. Even though current, publicly known, experimental quantum computers lack processing power to break any real cryptographic algorithm, many cryptographers are designing new algorithms to prepare for a time when quantum computing becomes a threat.”
Expectations in the field of quantum computer development.
To give you an idea what the expectations of quantum computer development are in the field (Take note of the fact that the type and error rate of the qubits is not specified in the article. It is not said these will be enough to break ECDSA or RSA, neither is it said these will not be enough. What these articles do show, is that a huge speed up in development is expected.):
When will ECDSA be at risk? Estimates are only estimates, there are several to be found so it's hard to really tell.
The National Academy of Sciences (NAS) has made a very thourough report on the development of quantum computing. The report came out in the end of 2018. They brought together a group of scientists of over 70 people from different interconnecting fields in quantum computing who, as a group, have come up with a close to 200 pages report on the development, funding, implications and upcoming challenges for quantum computing development. But, even though this report is one of the most thourough up to date, it doesn't make an estimate on when the risk for ECDSA or RSA would occur. They acknowledge this is quite impossible due to the fact there are a lot of unknowns and due to the fact that they have to base any findings only on publicly available information, obviously excluding any non available advancements from commercial companies and national efforts. So if this group of specialized scientists can’t make an estimate, who can make that assessment? Is there any credible source to make an accurate prediction?
The conclusion at this point of time can only be that we do not know the answer to the big question "when".
Now if we don't have an answer to the question "when", then why act? The answer is simple. If we’re talking about security, most take certainty over uncertainty. To answer the question when the threat materializes, we need to guess. Whether you guess soon, or you guess not for the next three decades, both are guesses. Going for certain means you'd have to plan for the worst, hope for the best. No matter how sceptical you are, having some sort of a plan ready is a responsible thing to do. Obviously not if you're just running a blog about knitting. But for systems that carry a lot of important, private and valuable information, planning starts today. The NAS describes it quite well. What they lack in guessing, they make up in advice. They have a very clear advice:
"Even if a quantum computer that can decrypt current cryptographic ciphers is more than a decade off, the hazard of such a machine is high enough—and the time frame for transitioning to a new security protocol is sufficiently long and uncertain—that prioritization of the development, standardization, and deployment of post-quantum cryptography is critical for minimizing the chance of a potential security and privacy disaster."
Another organization that looks ahead is the National Security Agency (NSA) They have made a threat assessment in 2015. In August 2015, NSA announced that it is planning to transition "in the not too distant future" (statement of 2015) to a new cipher suite that is resistant to quantum attacks. "Unfortunately, the growth of elliptic curve use has bumped up against the fact of continued progress in the research on quantum computing, necessitating a re-evaluation of our cryptographic strategy." NSA advised: "For those partners and vendors that have not yet made the transition to Suite B algorithms, we recommend not making a significant expenditure to do so at this point but instead to prepare for the upcoming quantum resistant algorithm transition.”
What these organizations both advice is to start taking action. They don't say "implement this type of quantum resistant cryptography now". They don't say when at all. As said before, the "when" question is one that is a hard one to specify. It depends on the system you have, the value of the data, the consequences of postponing a security upgrade. Like I said before: you just run a blog, or a bank or a cryptocurrency? It's an individual risk assesment that's different for every organization and system. Assesments do need to be made now though. What time frame should organisationds think about when changing cryptography? How long would it take to go from the current level of security to fully quantum resistant security? What changes does it require to handle bigger signatures and is it possible to use certain types of cryptography that require to keep state? Do your users need to act, or can al work be done behind the user interface? These are important questions that one should start asking. I will elaborate on these challenges in the next articles.
Besides the unsnswered question on "when", the question on what type of quantum resistant cryptography to use is unanswered too. This also depends on the type of system you use. The NSA and NAS both point to NIST as the authority on developments and standardization of quantum resistant cryptography. NIST is running a competition right now that should end up in one or more standards for quantum resistant cryptography. The NIST competition handles criteria that should filter out a type of quantum resistant cryptography that is feasable for a wide range of systems. This takes time though. There are some new algorithms submitted and assessing the new and the more well known ones must be done thouroughly. They intend to wrap things up around 2022 - 2024. From a blockchain perspective it is important to notice that a specific type of quantum resistant cryptography is excluded from the NIST competition: Stateful Hash-Based Signatures. (LMS and XMSS) This is not because these are no good. In fact they are excelent and XMSS is accepted to be provable quantum resistant. It's due to the fact that implementations will need to be able to securely deal with the requirement to keep state. And this is not a given for most systems.
At this moment NIST intends to approve both LMS and XMSS for a specific group of applications that can deal with the statefull properties. The only loose end at this point is an advice for which applications LMS and XMSS will be adviced and for what applications it is discouraged. These questions will be answered in the beginning of april this year: This means that quite likely LMS and XMSS will be the first type of standardized quantum resistant cryptography ever. To give a small hint: keeping state, is pretty much a naturally added property of blockchain.
Quantum resistant blockchains
“Quantum resistant” is only used to describe networks and cryptography that are secure against any attack by a quantum computer of any size in the sense that there is no algorithm known that makes it possible for a quantum computer to break the applied cryptography and thus that system.
Also, to determine if a project is fully quantum resistant, you would need to take in account not only how a separate element that is implemented in that blockchain is quantum resistant, but also the way it is implemented. As with any type of security check, there should be no backdoors, in which case your blockchain would be just a cardboard box with bulletproof glass windows. Sounds obvious, but since this is kind of new territory, there are still some misconceptions. What is considered safe now, might not be safe in the age of quantum computers. I will address some of these in the following chapters, but first I will elaborate a bit about the special vulnerability of blockchain compared to centralized systems.
Why is it easier to change cryptography for centralized systems such as banks and websites than for blockchain?
Developers of a centralized system can decide from one day to the other that they make changes and update the system without the need for consensus from the nodes. They are in charge, and they can dictate the future of the system. But a decentralized blockchain will need to reach consensus amongst the nodes to update. Meaning that the majority of the nodes will need to upgrade and thus force the blockchain to only have the new signatures to be valid. We can’t have the old signature scheme to be valid besides the new quantum resistant signature scheme. Because that would mean that the blockchain would still allow the use of vulnerable, old public- and private keys and thus the old vulnerable signatures for transactions. So at least the majority of the nodes need to upgrade to make sure that blocks which are constructed using the old rules and thus the old vulnerable signature scheme, are rejected by the network. This will eventually result in a fully upgraded network which only accepts the new post quantum signature scheme in transactions. So, consensus is needed. The most well-known example of how that can be a slow process is Bitcoin’s need to scale. Even though everybody agrees on the need for a certain result, reaching consensus amongst the community on how to get to that result is a slow and political process. Going quantum resistant will be no different, and since it will cause lesser performance due to bigger signatures and it will need hardware upgrades quite likely it will be postponed rather than be done fast and smooth due to lack of consensus. And because there are several quantum resistant signature schemes to choose from, agreement an automatic given. The discussion will be which one to use, and how and when to implement it. The need for consensus is exclusively a problem decentralized systems like blockchain will face.
Another issue for decentralized systems that change their signature scheme, is that users of decentralized blockchains will have to manually transfe migrate their coins/ tokens to a quantum safe address and that way decouple their old private key and activate a new quantum resistant private key that is part of an upgraded quantum resistant network. Users of centralized networks, on the other hand, do not need to do much, since it would be taken care of by their centralized managed system. As you know, for example, if you forget your password of your online bank account, or some website, they can always send you a link, or secret question, or in the worst case they can send you mail by post to your house address and you would be back in business. With the decentralized systems, there is no centralized entity who has your data. It is you who has this data, and only you. So in the centralized system there is a central entity who has access to all the data including all the private accessing data, and therefore this entity can pull all the strings. It can all be done behind your user interface, and you probably wouldn’t notice a thing.
And a third issue will be the lost addresses. Since no one but you has access to your funds, your funds will become inaccessible once you lose your private key. From that point, an address is lost, and the funds on that address can never be moved. So after an upgrade, those funds will never be moved to a quantum resistant address, and thus will always be vulnerable to a quantum hack.
To summarize: banks and websites are centralized systems, they will face challenges, but decentralized systems like blockchain will face some extra challenges that won't apply for centralized systems.
All issues specific for blockchain and not for banks or websites or any other centralized system.
Bitcoin and all currently running traditional cryptocurrencies are not excluded from this problem. In fact, it will be central to ensuring their continued existence over the coming decades. All cryptocurrencies will need to change their signature schemes in the future. When is the big guess here. I want to leave that for another discussion. There are enough certain specifics we can discuss right now on the subject of quantum resistant blockchains and the challenges that existing blockchains will face when they need to transfer. This won’t be an easy transfer. There are some huge challenges to overcome and this will not be done overnight. I will get to this in the next few articles.
Part 1, what makes blockchain reliable?
Part 2, The two most important mathematical concepts in blockchain.
Part 4A, The advantages of quantum resistance from genesis block, A
Part 4B, The advantages of quantum resistance from genesis block, B
Part 5, Why BTC will be vulnerable sooner than expected.
submitted by QRCollector to CryptoTechnology [link] [comments]

I decided to post this here as I saw some questions on the QRL discord.

Is elliptic curve cryptography quantum resistant?
No. Using a quantum computer, Shor's algorithm can be used to break Elliptic Curve Digital Signature Algorithm (ECDSA). Meaning: they can derive the private key from the public key. So if they got your public key, they got your private key, and they can empty your funds.
Why do people say that BTC is quantum resistant, while they use elliptic curve cryptography? (Here comes the idea from that never reusing a private key from elliptic curve cryptography (and public key since they form a pair) would be quantum resistant.)
Ok, just gonna start with the basics here. Your address, where you have your coins stalled, is locked by your public- private key pair. See it as your e-mail address (public key) and your password (Private key). Many people got your email address, but only you have your password. If you got your address and your password, then you can access your mail and send emails (Transactions). Now if there would be a quantum computer, people could use that to calculate your password/ private key, if they have your email address/ public key.
What is the case with BTC: they don't show your public key anywhere, untill you make a transaction. So your public key is private untill you make a transaction. How do they do that while your funds must be registered on the ledger? Wel, they only show the Hash of your public key (A hash is an outcome of an equation. Usually one-way hash functions are used, where you can not derive the original input from the output. But everytime you use the same hash function on the same original input (For example IFUHE8392ISHF), you will always get the same output (For example G). That way you can have your coins on public key IFUHE8392ISHF, while on the chain, they are on G.) So your funds are registered on the blockchain on the "Hash" of the public key. The Hash of the public key is also your "email address" in this case. So you give "G" as your address to send BTC to.
By the way, in the early days you could use your actual public key as your address. And miners would receive coins on their public key, not on the hashed public key. That is why all the Satoshi funds are vulnerable to quantum attacks even though these addresses have never been used to make transactions from. These public keys are already public instead of hashed. Also certain hard forks have exposed the public keys of unused addresses. So it's really a false sense of security that most people hang on to in the first place.
But it's actually a false sense of security over all.
Since it is impossible to derive a public key from the Hash of a public key, your coins are safe for quantum computers as long as you don't make any transaction. Now here follows the biggest misconseption: Pretty much everyone will think, great, so BTC is quantum secure! It's not that simple. Here it is important to understand two things:
1 How is a transaction sent? The owner has the private key and the public key and uses that to log into the secured environment, the wallet. This can be online or offline. Once he is in his wallet, he states how much he wants to send and to what address.
When he sends the transaction, it will be broadcasted to the blockchain network. But before the actual transaction that will be sent, it is formed into a package, created by the wallet. This happens out of sight of the sender.
That package ends up carrying roughly the following info: The public key to point to the address where the funds will be coming from, the amount that will be transferred, the public key of the address the funds will be transferred to.
Then this package caries the most important thing: a signature, created by the wallet, derived from the private- public key combination. This signature proves to the miners that you are the rightfull owner and you can send funds from that public key.
So this package is then sent out of the secure wallet environment to multiple nodes. The nodes don’t need to trust the sender or establish the sender’s "identity." And because the transaction is signed and contains no confidential information, private keys, or credentials, it can be publicly broadcast using any underlying network transport that is convenient. As long as the transaction can reach a node that will propagate it into the network, it doesn’t matter how it is transported to the first node.
2 How is a transaction confirmed/ fullfilled and registered on the blockchain?
After the transaction is sent to the network, it is ready to be processed. The nodes have a bundle of transactions to verify and register on the next block. This is done during a period called the block time. In the case of BTC that is 10 minutes.
If you comprehend the information written above, you can see that there are two moments where you can actually see the public key, while the transaction is not fullfilled and registered on the blockchain yet.
1: during the time the transaction is sent from the sender to the nodes
2: during the time the nodes verify the transaction.
This paper describes how you could hijack a transaction and make a new transaction of your own, using someone elses address to send his coins to an address you own during moment 2: the time the nodes verify the transaction:
"(Unprocessed transactions) After a transaction has been broadcast to the network, but before it is placed on the blockchain it is at risk from a quantum attack. If the secret key can be derived from the broadcast public key before the transaction is placed on the blockchain, then an attacker could use this secret key to broadcast a new transaction from the same address to his own address. If the attacker then ensures that this new transaction is placed on the blockchain first, then he can effectively steal all the bitcoin behind the original address."
So this means that practically, you can't call BTC a quantum secure blockchain. Because as soon as you will touch your coins and use them for payment, or send them to another address, you will have to make a transaction and you risk a quantum attack.
Why would Nexus be any differtent?
If you ask the wrong person they will tell you "Nexus uses a combination of the Skein and Keccak algorithms which are the 2 recognized quantum resistant algorithms (keccal is used by the NSA) so instead of sha-256, Nexus has SK-1024 making it much harder to break." Which would be the same as saying BTC is quantum resistant because they use a Hashing function to hash the private key as long as no transaction is made.
No, this is their sollid try to be quantum resistant: Nexus states it's different because they have instant transactions (So there wouldn't be a period during which time the nodes verify the transaction. This period would be instant.) Also they use a particular order in which the miners verify transactions: First-In-First-Out (FIFO) (So even if instant is not instant after all, and you would be able to catch a public key and derive the private key, you would n't be able to have your transaction signed before the original one. The original one is first in line, and will therefore be confirmed first. Also for some reason Nexus has standardized fees which are burned after a transaction. So if FIFO wouldn't do the trick you would not be able to use a higher fee to get prioritized and get an earlyer confirmation.
So, during during the time the nodes verify the transaction, you would not be able to hijack a transaction. GREAT, you say? Yes, great-ish. Because there is still moment # 1: during the time the transaction is sent from the sender to the nodes. This is where network based attacks could do the trick:
There are network based attacks that can be used to delay or prevent transactions to reach nodes. In the mean time the transactions can be hijacked before they reach the nodes. And thus one could hijack the non quantum secure public keys (they are openly included in sent signed transactions) who then can be used to derive privatekeys before the original transaction is made. So this means that even if Nexus has instant transactions in FIFO order, it is totally useless, because the public key would be obtained by the attacker before they reach the nodes. Conclusion: Nexus is Nnot quantum resistant. You simply can't be without using a post quantum signature scheme.
Performing a DDoS attack or BGP routing attacks or NSA Quantum Insert attacks on a peer to peer newtork would be hard. But when provided with an opportunitiy to steal billions, hackers would find a way. For example:
For BTC:
"An eclipse attack is a network-level attack on a blockchain, where an attacker essentially takes control of the peer-to-peer network, obscuring a node’s view of the blockchain."
That is exactly the receipe for what you would need to create extra time to find public keys and derive private keys from them. Then you could sign transactions of your own and confirm them before the originals do.
By the way, yes this seems to be fixed now, but it most definately shows it's possible. And there are other creative options. Either you stop tranasctions from the base to get out, while the sender thinks they're sent, or you blind the network and catch transactions there. There are always options, and they will be exploited when billions are at stake. The keys can also be hijacked when a transaction is sent from the users device to the blockchain network using a MITM attack. The result is the same as for network based attacks, only now you don't mess with the network itself. These attacks make it possible to 1) retrieve the original public key that is included in the transaction message. 2) Stop or delay the transaction message to arrive at the blockchain network. So, using a quantum computer, you could hijack transactions and create forged transactions, which you then send to the nodes to be confirmed before the nodes even receive the original transaction. There is nothing you could change to the Nexus network to prevent this. The only thing they can do is implement a quantum resistant signature scheme. They plan to do this in the future, like any other serious blockchain project. Yet Nexus is the only of these future quantum resistant projects to prematurely claim to be quantum resistant. There is only one way to get quantum resistancy: POST QUANTUM SIGNATURE SCHEMES. All the rest is just a shitty shortcut that won't work in the end.
(If you use this info on BTC, you will find that the 10 minutes blocktime that is used to estimate when BTC will be vulnerable for quantum attacks, can actually be more then 10 minutes if you catch the public key before the nodes receive them. This makes BTC vulnerable sooner thatn the 10 min blocktime would make you think.)
By the way, Nexus using FIFO and standadrized fees which are burned after the transaction comes with some huge downsides:
Why are WOTS+ signatures (and by extension XMSS) more quantum resistant?
First of all, this is where the top notch mathematicians work their magic. Cryptography is mostly maths. As Jackalyst puts it talking about post quantum signature schemes: "Having papers written and cryptographers review and discuss it to nauseating levels might not be important for butler, but it's really important with signature schemes and other cryptocraphic methods, as they're highly technical in nature."
If you don't believe in math, think about Einstein using math predicting things most coudldn't even emagine, let alone measure back then.
Then there is implementing it the right way into your blockchain without leaving any backdoors open.
So why is WOTS+ and by extension XMSS quantum resistant? Because math papers say so. With WOTS it would even take a quantum computer too much time to derive a private key from a public key.
What is WOTS+?
It's basiclally an optimized version of Lamport-signatures. WOTS+ (Winternitz one-time signature) is a hash-based, post-quantum signature scheme. So it's a post quantum signature scheme meant to be used once.
What are the risks of WOTS+?
Because each WOTS publishes some part of the private key, they rapidly become less secure as more signatures created by the same public/private key are published. The first signature won't have enough info to work with, but after two or three signatures you will be in trouble.
IOTA uses WOTS. Here's what the people over at the cryptography subreddit have to say about that:
With the article:
Mochimo uses WOTS+. They kinda solved the problem: A transaction consists of a "Source Address", a "Destination Address" and a "Change Address". When you transact to a Destination Address, any remaining funds in your Source Address will move to the Change Address. To transact again, your Change Address then becomes your Source Address.
But what if someone already has your first address and is unaware of the fact you already send funds from that address? He might just send funds there. (I mean in a business environment this would make Mochimo highly impractical.) They need to solve that. Who knows, it's still a young project. But then again, for some reason they also use FIFO and fixed fees, so there I have the same objections as for Nexus.
How is XMSS different?
XMSS uses WOTS in a way that you can actually reuse your address. WOTS creates a quantum resistant one time signature and XMSS creates a tree of those signatures attached to one address so that the address can be reused for sending an asset.
submitted by QRCollector to QRL [link] [comments]

“Will Quantum computers be the end of cryptocurrencies?”

As a physics enthusiast I’ve been telling anyone who will listen that cryptos will be long dead before soon... Why? Basically because of quantum computers.
Quantum computers can easily perform tasks that would take normal computers much longer, while doing plenty of other tasks at the same time!
When I got thinking about it, cryptos were f’d. Why? Cryptographic algorithms that blockchains use to store and verify the correct history of transactions as well as secure the network are not resistant to quantum computers. At least in theory anyway - because we are still 10, maybe 15 years away from a fully functional quantum machine that would be capable of compromising the security of a cryptographically secured ledger such as Bitcoin say.
But things in this sector are moving very quickly as a little light research will show:
So while we maybe a bit away from this point the hype is real. Even the NSA are worried about quantum computers, saying that it will transition to quantum resistant algorithms in the near future:
While doing a little digging into all things crypto and quants I found a little gem: AToken Wallet. Its security features for its digital wallets are made by IVN quantum encryption technology. IVN has managed to develop a quantum resistant encryption and is so confident about its security features it has even offered up a $300 000 bounty to anyone that can crack their IVN encryption. So far no one has claimed the prize. If you’re up to the challenge or you’d like to find out more visit:
submitted by vici_whisely to CryptoCurrency [link] [comments]

A way to solve Monero's quantum, scaling, and slight-trust problems

Put your tin foil hats on for a second.
In 2014, scientists used 4 qubits and Shor's algorithm to factor the number 56,153. In 2016, the Pentagon got audited and could not account for 6.5 trillion fucking dollars lol. What if they used that money to develop a quantum computer, capable of breaking all modern encryption! :O It would give the U.S. (if successfully kept a secret) one of the biggest advantages over every single country that the world has ever seen, and this advantage would justify almost any expense.. What if they have one right now?!
OK you can take your hats off. Let me start off by saying that I do not think the U.S. has such a quantum computer. In fact, I would argue that it is super, super, super unlikely, at least at this very second. However, I would also argue that it does not === 0% either. Maybe it is .0000001%, or maybe its .000000000001%. Regardless of what it actually is, we can all agree that it is a positive, finite number. And with every second that ticks by, that number increases ever so slightly.
This finiteness should disturb you. We are all Siths here, we all like to deal in cryptographic absolutes. And as of right now, there is no way to know, with 100% cryptographic certainty, whether or not there are fake Monero in circulation.
If the NSA had a quantum computer today, it would be able to print a kajillion Monero out of thin air without anyone knowing. In my previous post, olark_0x00D8D8E5 referred me to a paper about switch commitments, which could be implemented to prevent this from happening. However, I think that this will only make sure that current confidential transactions are balanced, not previous transactions. If a quantum computer prints out a bunch of fake coins before this algorithm is implemented, then I think this evil deed will go undetected forever. If this is the case, then it is essentially a race to implement quantum-proof output types/algorithms before the evil gummit actually comes up with a such a device.
The problem is that once we implement all the cool quantum-proof stuff, someone could just fork Monero, completely restart the blockchain, and market this new chain as having === 0% chance of having fake 'quantum' coins in circulation, unlike that pesky Monero with its .00000001%. They could argue that Monero was just too ahead of its time, and cannot be considered 'sound money' with that finite number hanging over its head.
Is there a way that we can know, with 100% cryptographic certainty, whether or not there are fake coins in circulation? I think there is, and I'm going to call this technique a “MoneroNoob12345 Audit”, named after a great and humble man. To do such an audit, we would just need to follow 3 simple rules:
  1. Old output types can only ring with old output types, and new output types can only ring with new output types. In between these two output types is a one-way audit border.
  2. When converting from old output types to new output types (crossing the one-way audit border), you must publicly reveal the transaction amount being sent.
  3. After a specified Block X, no transactions are allowed to cross the audit border ever again.
Doing this would allow us to convert to quantum-proof algorithms/output types, while at the same time auditing the entire blockchain. If more coins cross the audit border than were ever mined, Monero's price would immediately drop to 0, and Monero would die the absolute quickest of deaths. She wouldn't even know what hit her :(
However, if we get to Block X, and the amount that has crossed the border is less than or equal to the amount that had been mined, then Monero lives to see another day, and we all become rich little heathens. Everyone could know with 100% certainty that there were 0 fake coins in circulation before the audit.
The most likely outcome of such an audit would be that less coins cross the audit border than were mined, due to lost coins and the like. This difference in coins can either be burned (increasing the scarcity of everyone's Monero), or redistributed to miners as a bonus over so many blocks (increasing the security of Monero while also maintaining the emission schedule). This, however, is a whole nother debate. I personally kind of like the latter, because with it you can get more of the benefits of inflation without the inflation (less dependence on fee market, dynamic blocksize, etc). These benefits would come at the expense of coins that are already screwed to begin with.
Regardless of which path we take, simply being able to numerically quantify the amount of screwed coins is pretty sweet.
Now how exactly does this help scaling? Well, after Block X, all of the old outputs are now utterly and completely useless! Throw that shit away! Out with the old, in with the new! Unbounded, exponential growth of the TXO set can officially suck our dicks!
Every audit would essentially create a brand new, fresh, 0MB blockchain that everyone peacefully transitions to. Every user would be able to verify that nothing funky has happened: they still have the same amount of Monero, and the supply of Monero is still the same (if not less) on this 'new' blockchain. The 'genesis outputs' on this new chain have their transaction amounts revealed, so anybody can add up these outputs as well as the chain's coinbases to calculate the total supply.
An occasional audit would actually solve one of Monero's tiny but inevitable trust issues too. With any opaque blockchain, there is always a small-but-finite chance that a genius 8 year old kid finds a bug in the code, and secretly exploits it, printing a kajillion coins in his mom's basement without anyone knowing. With Bitcoin, the second this happens, alarm bells start ringing, thanks to their blockchain being transparent. Monero has no such alarm bells, by design. The reason we don't have alarm bells is the reason why we all love Monero.
Audits could be a replacement for alarm bells. It could prove that the fears of fake coins are unwarranted again and again and again, while at the same time completely slashing the TXO set again and again and again. It is a win-win.
A downside to this idea is that some people want to send Monero to a paper wallet, and then forget about it for 20 years. To this I reply: tough shit. Again, someone could easily fork Monero after the quantum transition, restart the blockchain, and advertise a 0% chance of fake coins in their new chain. I am pretty sure that a lot of people would buy into this too, especially Siths. This has a chance of ultimately killing Monero, and consequently killing the complainer's stash. Participating in an occasional blockchain audit would be a small price to pay in order to use a beautiful, opaque blockchain.
Furthermore, everyday users of Monero are already having to update their software once every 6 months. so occasional audits won't be much of a drastic change. (Sidenote: I love the 6 month hardfork schedule, and I hope it never gets phased out.)
As decades pass, and the code becomes more and more set in stone, and technology progresses, these audits can occur way less and less frequently, if at all after a certain time. But during these primitive years, and especially when converting to quantum proof algorithms, I think it might be important to do this.
There is also the downside of having to publicly reveal the transaction amount when converting to new output types. However, because of Monero's anonymity features, like not knowing if these newly converted outputs have been spent, I do not think that this is a problem in the slightest. In fact, Monero publicly showed transaction amounts for much of its life; here, we are only doing it for just one single transaction.
This could open the door for a temporary 'rich list', where you rank these transaction amounts from highest to lowest. I personally don't see this as much of a problem either, but if it is, then we could just cap the max conversion amount. This would force whales to convert their stash in large chunks, in order to not spook the market or whatever.
Now this whole thing assumes that it is possible to publicly reveal the amount you are sending when converting from an old CT output to a new quantum proof one. I think this can be done if you publicly reveal the private view key of the address that you are sending to when crossing the audit border. This is possible if you are sending Monero to yourself, which is what I think should be happening when converting. Miners would have to verify that the private view key in the transaction lines up with the transaction's destination, and reject any that do not.
In summary: Audit the Monero! Slash the TXO! Profit!
Let me know what you think, and thanks for reading this far!
TLDR: Users send their Monero to a new output type by a certain deadline, and reveal the transaction amount when doing this (and only this). This would allow us to make sure that there are 0 fake coins in circulation, and at the same time slash the TXO set down to 0MB.
submitted by moneronoob12345 to Monero [link] [comments]

Steemit is probably control grid. The litmus tests are it's bitcoin basis, avaricious virality, people like WAC supporting it, and that they suppress 'conspiracy'

Steemit is based on bitcoin, they claim. That makes it censorship resistant, they say. We honestly don't know their backend, we have to trust that they aren't casting an illusion on us by publishing technical details of steemit's working that don't actually match reality. It would be trivial to spoof the alleged activity and mechanisms of bitcoin on steemit. If you don't get to see the backend, you just have to believe them. They use their own steemit currency also.
It does seem, however, to be legit if people are getting paid. But there are ways to spoof that could have an internal currency and 'curators' who decide what something is worth (see the 'bernie sanders scam dollarvigilante' post below).
For example, the US government has unlimited money ('QE') to spend on a successful propaganda campaign to destroy reddit. After all, knowledge is power and the total fucking distrust of the american people towards the government is priceless.
Secondly, if Bitcoin itself is a scam, then steemit is a scam too.
Bitcoin involves cracking a code. Who has the most / best equipment to crack codes? The NSA. They have a few trillion dollars invested in a whole building that is a computer. Because of US Military Intelligence's (USMI's) NSA PRISM, bitcoin is an Elitist system you no longer have access to. I'll expand.
You can no longer make money on it if you didn't get in on it from the get-go. It's a ponzi scheme. In order to mine for bitcoin, you have to have expensive equipment. You can't buy enough equipment now to make enough bitcoin to pay for it and make a narrow margin, because of the way the system has worked. In the beginning, mining was easy, but now it's all mined out and more computer power + time is needed to unlock harder puzzles. That's just how it works.
So to start now, you'd need an astronomical investment in computer equipment and lots of spare, discounted energy, like for example a solar farm. No one has that. It's inherently more elitist as time goes on. If you started now, with your computer, it would take over 20 yrs on average to get a bitcoin block, if you ever did get one--which you might not.
My point is that bitcoin has always been elitists, never democratic. It was never based on anything other than who has the most energy and technology. People who got started early have the equipment, so does the USMI. USMI also has unlimited power: they have excess coal reserves, some hydro, some solar and wind, and lots of natural gas and fracking petrol; they also have nukes, which means 'cheaper oil than everywhere else in the world....or else'.
Therefore, the people who will have the most bitcoin at the end of the day is the US military and the 1%, period.
It's also pretty clear the NSA are developing quantum computers. People have speculated that bitcoin at present does not use quantum safe algorithms, and therefore at some point the US Mil can steal all the bitcoin that hasn't been transferred into a paper wallet. That paper does no good either because the moment that bitcoin is put into a usable electronic wallet and a firewall opened, bam, it could be taken by an omnipresent AI agent that's running as several autonomous micro instances in your dishwasher, nest AC controller, your amazon dash button, your iphone, etc.
First they fight you, then they win
Only Governments engage in activities that involve inhibiting or threatening cryptocurrencies (and it's useful to mention they fight crypto tools generally...they fought pgp, they fought phpphone, they fought tor, they fought i2p, freenet, torrent, VPNs, they totally undermined SSL with heartbleed, etc).
Then the Silkroad busts. Other darknet sites. Hacks on bitcoin exchanges and banks. Threats of TOR being undermined, heartbleed SSL bug making everyone question everything's security.
Who ended up with that money? The 1%.. The NSA? <-- coin telegraph or cointel-egraph
You will notice the US Government fought bitcoin at first, trying to rope in the IRS, the SEC and trying to lawyer up on bitcoin, threatening everyone who was playing, and dissuading everyone from getting in on bitcoin. (interesting, eh?)
Until the moment they seized the 20M or so in bitcoin from silkroad. And that happened around the same time the exchanges were starting to be compromised and bitcoin stolen. Then suddenly, the US changed its tune and bitcoin is no longer a threat. Why is that? Think!
It's that now that bitcoin has value (ie: bitcoin now has the potential to be exchanged for goods and services because of the public's trust of the currency to have said value), and that if the US has the lion's share of bitcoin, well they wouldn't to go fighting against a currency because that would only destroy its value. They aren't going to destroy their own wealth, or act against it, in other words.
Avarice and SCAM
When I first went to Steemit, this article was prominent. Now you can't find it unless you search. Everyone should read, esp. about how Sanders is abusing the system.
Yet, it's now back up to 2k+ Which is good.
Also this user 'knows the CEO' and made 12k in one month, isn't that something. Too bad I don't know the CEO
and yet
Conspiracy tag suppression
WAC supports it, so it's control grid
Fluke, you are my faaather
But! Corbett supports it
I trust James Corbett, but I don't know why he's so quick to jump on steemit. Seems premature, especially since they clearly suppress the conspiracy tag.
And knowing the relationship of bitcoin to power (it's a petrol-backed currency!!!!!!!!!!!!!!), and given he's made a documentary based on the history of petrol, he should know better than to back a dubious cryptocurrency based on oil. Period.
Trust but verify
I'm ok with something new. In fact I tried Steemit and I like it. However, very few saw my post, nor will many. Because it was tagged conspiracy as primary, and conspiracy will not show up in lists. You have to get to conspiracy by gaming the url manually. That's lame.
No Response from Support I've told steemit about this, but I've not even gotten an email response to say, we'll respond when we can. It's literally gone into a black hole. Steemit also did not respond to another unrelated support question I sent days before the 'glitch' support email.
If you think I'm 'throwing shade' on steemit, I'm not. I'm asking valid questions and pointing out things you might have missed. Shill away if you must, but I'm pretty much convinced that Steemit is just control grid, designed to fragment the /conspiracy and other communities on reddit primarily (since it's an alternative to reddit). They tried this with voat and they are trying again by monetizing it. You see that's the killer app. Trying to tempt you with money. Only problem is, it's based on bitcoin and it pays out ... what if bitcoin falls it was designed to do....all along.
submitted by 911bodysnatchers322 to conspiracy [link] [comments]

A modest proposal (radical pruning for long-term scaling)

I hesitate to post stuff like this, because I'm really not close enough to the project, may not know about past discussions of the same idea, and am not volunteering to do the significant work involved. But still, maybe the suggestion, or the reinforcement of the ideas, is valuable...


I think the unlimited growth of "permanent" data gets too little attention in blockchain currencies, including Monero.
People obviously do pay attention to scaling. In the case of Monero, the roadmap talks about using sidechains to take stuff off of the main chain. In the end, though, the main chain grows without bound. If Monero really succeeds, that chain could in fact get very, very big, regardless of optimization. Wikipedia says there are 7.4 billion people on this planet. What if each of them makes one transaction a week? One a day?
The problem seems worse for Monero than for, say, Bitcoin, because Monero can't even identify (and therefore merge or selectively prune) spent outputs.
You could, however, bound the chain size by simply throwing away everything older than some particular age; not partial pruning, but complete elimination of the blocks. Obviously you could still end up with a huge chain, but there'd be a finite limit on its size. The biggest cost would that outputs ended up with an expiration date.
If Monero is lucky, something like that may eventually be a technical necessity. For political and governance reasons, if there's any real chance it will ever have to be done, I think it should be done soon. It may not be possible to do it later.

Permanence considered harmful

The phrase "without bound" is intrinsically scary, but permanent retention has other bad effects.
  1. Raw cost and node incentives: Cryptocurrencies generally compensate miners, but not nodes. Once something is on the chain, the network has to store it for free.
    In the limit, permanent storage (and bandwidth for starting up new nodes) will always become the biggest actual cost, exceeding mining or anything else. Even if "the limit" is never reached, it's still a big cost.
    It's hard to imagine many people carrying that cost out of love, so you could get weird disruptions caused by the node operators using ad-hoc tactics to get some kind of compensation. Those could be economic disruptors or they could be privacy disruptors. On the other hand, if the network finds a way to build in node incentives, high storage costs may simply mean those incentives have to be more than anybody actually wants to pay.
  2. Centralization: The bigger the chain, the more centralization you have, and the fewer nodes you have. You may be able spread out the storage, but in the end there are only going to be N replicas of any given part of the chain.
  3. Freeloading: The only critical reason to keep old blocks forever seems to be to guarantee that an output you got however long ago will be spendable forever, without you doing anything to maintain it. But that's not necessarily a good thing.
    Blockchain permanence encourages "store of value freeloading". People who just want to hold the currency pay no fees (and generate no cover traffic), even though they create a real cost to the network at large. Holders are subsidized by the people who actually do transactions. So are people who just want to use the chain as a notary for non-currency purposes, although I don't know if that can happen in Monero the way it can in Bitcoin.
  4. Lost-money waste: If some outside event prevents money from ever being spendable, the blockchain still has to track that money. If somebody totally loses all her private keys, the chain still holds onto her outputs forever, even though they'll never be spendable. If a multisig escrow runs into an unresolvable dispute, the chain is left holding the bag.
  5. Unreliability: Something could unavoidably invalidate old data (Hello, quantum...). At that point permanence has no value, and anything that requires permanence breaks.
  6. Complexity: If you have to split or spread a large data set, you're going to have to do something relatively complicated. Even tiered storage is complicated compared to non-tiered storage. Distributed storage is worse. Spreading things out looks especially tricky for a currency where any given transaction may mix in any given set of outputs. Complexity is bad for reliability, bad for security, and bad for being able to understand your privacy guarantees.
  7. Performance: Bigger data sets are just slower; there's a cost to getting data from the next tier or from another shard or whatever. That's especially true if the data set may not have very good locality properties... and large anonymity sets don't usually like locality.
  8. Privacy: I suspect, but have no actual knowledge, that it's harder to pick a plausible set of mixins if the chain has a huge range of transaction ages.

Why do it now?

Unless the expectation of permanence is quashed early, I'm afraid various factors will lock it in. And the best way to quash that expectation is to decide early, then actually remove permanence ASAP.
Obviously there's no certainty that permanence will ever have to be removed, or that conditions will change to make that difficult. But that's the safe way to bet. Removing permanence now is relatively inexpensive.


Remember how Bitcoin sudden couldn't agree on even slightly contentious changes?
In a few years, I think changing permanence will be very hard politically. I'd expect it to be about as hard as changing the proof of work, and almost as hard as changing the emission curve. And those will be very hard changes to make if adoption keeps growing.

Don't touch my money!

Cryptocurrency seems to attract people who want money that can never go away. Many want it to be as durable as gold, and think of it mainly as an untouchable "nest egg". If you suddenly tell them it can evaporate unless they do some new thing like renewing outputs, then surely many of them will see that as a takeaway and a betrayal. They'll have that reflex even if the reasons are obvious and the actual cost and effort are tiny.
You might say that'd be silly, and I'd agree with you... but I think it'll happen nonetheless. I think it may happen even if permanence goes away now, and I'm sure it'll happen if permanence goes away later.
Wouldn't it be better to try to keep such expectations from building up? What happens to the currency if people go around claiming it's a ripoff?

Fear for the uninvolved

Perhaps a more justifiable concern: suppose somebody buys Monero next year. They assume it's permanent because nobody told them otherwise and that's how blockchains work today. They pay no attention for 10 years, and then discover their money's gone away.
Sure, that person should have paid more attention, but that doesn't mean anybody should want them to get screwed. Changing now minimizes the number of people who might be in that postion later.
And even if you, the reader, don't care about oblivious people, others will. There will be those who really want to protect them, and some of those protectors will have influence. They won't necessarily all be in the community, either; what happens if regulators tell major exchanges that they are on the hook if any unprepared person loses money because of this "unannounced change"?
Imagine the outcry if a government decided to expire cash in circulation. Actually, you don't have to imagine it; it happens from time to time. Look how much work those governments put into warning everybody, and how much heat they get if they don't. The Monero community can't warn people that way. So it pays to avoid it being a big issue.

Conspiracy theories

"Monero's been infiltrated! They want you to renew your money so the NSA can trace the transactions! Wake up, sheeple! (obXKCD)". The more relatively casual users Monero accumulates, the worse this will get. And mass adoption is all about the casual users.

Not invented here

Don't forget the political and technical issues you get with trying to do a protocol change once there are a lot of implementations. Today, Monero has one node implementation and a handful of wallets. In the future, a lot more people will have to coordinate on any change. I really like Monero's periodic hardfork system, but it doesn't solve everything.

Technical lock-in

On the technical project management side, there's also the risk of "technical debt" making it really hard to actually remove permanence. Permanence assumptions could get baked into Monero itself, or into critically important related technology. They might not even always be obvious assumptions. Undoing that could be hard.

Get ready now

There's a chance that non-permanence could be forced on the community, if not by sheer chain size, then by something like quantum computing making old signatures fundamentally meaningless. It should be fairly easy to move new transactions to a new signature scheme, but you would still lose the old ones. It would be good to be prepared in advance if that happened, and the best way to prepare for something is to make it the normal and expected thing.

Straw man

Here's a crude outline.
I'd suggest announcing something like this as The Plan immediately, and building it into the software as soon as reasonably possible.
I've written it to talk about times in years, because real time is easier for users to deal with than block counts. If the time accounting has to be done in blocks instead, that's not the end of the world.

Immediately fix wallets

Starting as soon as possible, wallets prepare for impermanence:
  1. Wallets automatically renew old outputs by sweeping those outputs back to themselves.
    By default, each output is renewed when it's about a year old. The exact timing is randomized, mostly to improve renewals' value as cover traffic. An output is eligible to be put in a renewal transaction when it reaches an age drawn from a uniform distribution between 9 and 15 months. Such renewals are batched up in some sane way. Anything older than 15 months is always renewed immediately.
    Users can change those parameters, and can manually renew their balances if they know they'll be offline for a while.
  2. A wallet will warn you if you try to make the renewal time more than about 2 years
  3. It will also warn you if you seem to be using it very infrequently.

2020 hard fork

As of about the beginning of 2020, outputs more than three years old cannot be spent, full stop. After that same time, nothing is expected to keep any chain data more than three years old.
If you haven't run your wallet for very long time, it may not have been able to renew older outputs, and may show a lower balance when you do run it. If you haven't run your wallet for three years, your balance will be zero.

"Concept" changes

There's no traceability to the genesis block. The main evidence that any given three-year collection of blocks is "the" chain is the hashpower that's gone into creating that collection, although you could of course "pin" some old blocks in the software itself.
I think this implies that there can never be proof of stake mining, but I could be wrong.
Money is conceptually only traceable to the oldest retained block, not necessarily to the one where it was mined.


Sidechains and whatnot, when implemented, are expected to "check in" and confirm their relationships with the main chain at least annually (I assume they would anyway, but this would be a hard requirement).
submitted by Hizonner to Monero [link] [comments]

Why Dash is better

Dash has some very cool things going for it:
submitted by JuicyGrabs to dashpay [link] [comments]

New and improved way to audit the Monero blockchain and fix scaling problems

In a previous post, I discussed how there is a tiny-but-finite chance that the evil gummit has created a powerful quantum computer, and has created millions of Monero out of thin air. Lets say there is a .00000001% chance that this has happened.
I thought I had come up with a genius way to audit the Monero blockchain, and know with 100% certainty whether or not there are fake coins out there in circulation. The idea was that you create a new quantum-proof output type, and have every user convert their Monero to the new output type by a certain deadline. You also have them reveal the transaction amount when doing this (and only this). If more Monero publicly convert to new outputs than had been mined, then the price would drop to 0 and Monero would die a very quick death.
But if less convert than had been mined, then after the deadline we can delete all of the old output types since they are now useless. If there were a million fake coins, and the NSA chose not to convert them in order to not reveal their capabilities, then these fake coins would get deleted forever. This would slash the entire TXO set back down to 0MB. Any coins that weren’t converted by the deadline are screwed, and could potentially be used to feed the miners better. You could get the benefits of inflation without the inflation, having your cake and eating it too.
This idea was pooped on for good reason. As _avnr so elegantly put it
So if I was hospitalized, in jail, serving my country with no internet access, whatever, then gone is my money. If I left my keys in my will but my heirs were found only after the deadline, bad for them - they lost their inheritance.
This is a great point, and completely kills the idea. In order for a currency to be truly valuable, you need to be able to store it for long periods of time without having to touch it.
We could get rid of the deadline all together, but if the NSA has a million fake coins, then they would always have the ability to kill Monero at any second they like, simply by converting their huge stash. This would reveal that there are more coins in circulation than there should be, and the alarm would trip, insta-killing Monero.
After pondering this problem for some time, I think I have found a nice middle ground, and am curious to see as to what you all think.
The idea is kind of like having a checking and a savings account. If you get thrown in jail, or you die, or whatever, and you miss the next scheduled deadline, then the money in your checking gets screwed. If it helps you sleep at night, those screwed coins will help feed the miners and secure the network.
Money in you savings account will be OK though, and will be for all eternity. How do you move coins into your savings?
In August, RingCT will be required, which is badass. However, to put your Monero into your savings account, you would have to convert it to a non-CT output. There would have to be a protocol rule that states that these non-CT outputs cannot be ringed with, and are never to be deleted until converted to a CT output type.
We need to be able to know if a non-CT output has been converted or not, and the only way to do this is to prevent people from ringing with non-CT outputs. Requiring non-CT outputs to be converted to the most recent CT type in order to be spent would allow Monero to keep its enforced/required anonymity feature.
Because non-CT outputs would not be able to be ringed with, I think it would be super easy to implement multisig for them. It is my understanding the problem with multisig in Monero is figuring out a way to do it with ring signatures without revealing who the actual signer is. If we don’t allow anyone to ring with non-CT output, then there wont be this problem with multisig, at least just with these new multisig savings accounts.
If putting away money for years, you would ring with many outputs to secure your anonymity when converting to non-CT. And when you are ready to spend it, you can convert it to the most recent CT output type without ringing with any other outputs. When doing this, all that is happening is your output address is just changing from one to another; this shouldn't affect anonymity at all.
So any non-CT output will be saved forever and ever and ever, whereas CT outputs would get deleted after scheduled deadlines. To calculate the total supply, you count the amount of CT coins that have been converted to the most recent CT type, the amount of non-CT outputs that have never been converted, and the amount of all of the new chain’s coinbases.
Deleting just old CT outputs wont slash the entire TXO to 0MB like deleting all old outputs would, but it would slash the entire CT TXO set to 0MB. This is still just as good because it is the CT TXO that needs help getting under control, and prevented from becoming too big. This might allow us to forever be able to run a full node on a dad gum smart phone like we currently can. We might also never have to use sharding, an idea the LMDB master has said is inevitable. Monero, with its tail emission and screwed coins feeding the miners, could potentially scale better than Bitcoin. We would be limited only by bandwidth.
Deleting old CT TXO sets would allow us to implement quantum-proof algorithms earlier too, since these algorithms take up more memory. We would not have to wait as long for technology to catch up.
The biggest downside of this is that there might be people in jail, or have died, or whatever, and have put their CT outputs into a cold wallet. If these coins don’t get moved by the first deadline, then these people would get screwed.
However, RingCT has only been a thing since January of this year. I think we should start telling everyone that at a minimum of 5 years from now, only non-CT outputs and a new, to-be-determined CT output type will be safe. If storing in CT (your checking account) you should at least keep track of Monero news like once a year to make sure there isn't anything you need to do currently.
I doubt there are very many cases of people who are in jail or died and wont be able to convert sometime between now and 5 years from now. The sooner we start to warn people, the lower the number of these screwed people there will be. This path is a lot better than a contentious/dangerous hard fork way down the road, between pro-auditors and anti-auditors.
A weird quirk about this idea is that you would be able to see how much Monero in circulation is in savings vs checking. Not sure if this is a problem or not.
Also, for the record, I do NOT think you should get interest on your ‘savings’ account. I just used the savings/checking analogy when it comes to security of funds, and how you have to move your money from savings to checking in order to spend it, not interest. Fuck proof of stake!!!
In summary
Have opaque blockchain (unlike Bitcoin)
Maintain required anonymity (unlike Bitcoin), by keeping things like minimum ring size, and forcing people to convert to CT in order to spend
Be 100% auditable (like Bitcoin)
Have multisig (like Bitcoin)
Be quantum proof (like Bitcoin)
Be able to secure coins forever without ever having to touch it (like Bitcoin)
Better solve on-chain scaling problems by deleting old CT TXO set and feeding miners screwed coins (unlike Bitcoin’s inevitable fee-market solution)
Let me know what you think, and thanks!
submitted by moneronoob12345 to Monero [link] [comments]

Bitcoin Wallet gehackt?! An NSA Quantum-Resistant Cryptocurrency, and Pomp Doesn’t Own BTC??? Quantum Computing  The Biggest Threat to Bitcoin?? (Must Watch) Will Quantum Computers BREAK Bitcoin Someday? (Explained For Beginners) Quantum Computers Are A Threat To Ripple XRP

Originally published in the NOWPayments blogA close in-depth look at the effects of quantum computing on cryptography, blockchains, and cryptocurrencies.Over the past few years, top computing companies including Google and IBM have been working on quantum computers — the most advanced and most powerful computers. These computers are built using the science of quantum physics allowing them to ... The United States National Security Agency (NSA) is developing a cryptocurrency that will be quantum-resistant. William Turton, a Bloomberg technology reporter made the claim in a tweet on 4 th September. William Turton was in attendance at the Billington Cyber Security 10 th annual summit held in Washington DC in which the director of NSA outlined the agency’s plan for the development of ... The statement that is narrated by author “The elliptic curve signature scheme used by Bitcoin is much more at risk and could be completely broken by a quantum computer as early as 2027,” Pointing away towards conclusions that quantum technologies are getting expanded at a faster rate, as compared to the late crisis. A new report has come forth today with some potentially startling news in the world of zeroes and ones. The Washington Post notes that the National Ripple’s CTO, David Schwartz, believes that quantum computer systems shall be a risk to the safety of Bitcoin, XRP and different cryptocurrencies. Schwartz predicts that quantum computer systems will begin to develop into an issue inside the subsequent 10 years.

[index] [30311] [38126] [17488] [18355] [39868] [11804] [15176] [24766] [27113] [17694]

Bitcoin Wallet gehackt?!

Bitcoin Broke the descending triangle and dropped below $8,000, the main reason why this happened is when came out regarding google quantum computer. In this video I will explain what is quantum ... Sources: Brainwallet, Wikipedia 78 Crypto-Currency Market Capitalizations NSA building a 'quantum ... Bitcoin schon 245x gestorben 🚀 Staaten wollen eigene Kryptowährung 🚀 News 30.01 BTC, Ripple, Tron... - Duration: 15:42. Investment Academy Bitcoin, Aktien und ETFs 10,661 views DOES This New QUANTUM COMPUTER Mean the END FOR BITCOIN & Crypto? 430 MILLION Ethereum Mass Adoption - Duration: 22:38. Digital Asset News Recommended for you 22:38 An NSA Quantum-Resistant Cryptocurrency, and Pomp Doesn’t Own BTC??? The Crypto Ginger. Loading... Unsubscribe from The Crypto Ginger? Cancel Unsubscribe. Working... Subscribe Subscribed ...