1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
|
Delivery-date: Tue, 12 Aug 2025 02:04:39 -0700
Received: from mail-oa1-f60.google.com ([209.85.160.60])
by mail.fairlystable.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
(Exim 4.94.2)
(envelope-from <bitcoindev+bncBAABBHEH5TCAMGQEOK7V4SA@googlegroups.com>)
id 1ulkvu-0008DZ-JV
for bitcoindev@gnusha.org; Tue, 12 Aug 2025 02:04:39 -0700
Received: by mail-oa1-f60.google.com with SMTP id 586e51a60fabf-30bb6a8dce4sf7206043fac.2
for <bitcoindev@gnusha.org>; Tue, 12 Aug 2025 02:04:38 -0700 (PDT)
ARC-Seal: i=2; a=rsa-sha256; t=1754989472; cv=pass;
d=google.com; s=arc-20240605;
b=W8X8pwEKvhEKa+kAry8yq1E4ImT2qFPTo/AJ+sIls6Hoe9iggmkukOFPqeP8/+TZ1Y
Hl8eYHqo5j0Bs11vzDto1rdub+o05lIPPnr5FPRocVOW4X/5jHDr2N63+9sRk8M22b0J
xVDDIYQ8ya0DhcS7B9F15rdiyBhO+UeUAoxwR0IR+Q6DsjIgSPW0uzHjKrUtaewwjzH/
hyEQ2smvAhUgb6eSIlqJBpl+/QuGbt3D/R+3/pwihTfGNL22RmMal4tMX5Q1PGLhUKn+
lKcPRyZgu77pNp6g5v1Zk/4JcVeSmNVnUjsf8jpeBzZAtVdezlWCbmewIn5aK5IZBJrI
6b/g==
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605;
h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post
:list-id:mailing-list:precedence:reply-to:mime-version:feedback-id
:references:in-reply-to:message-id:subject:from:to:date
:dkim-signature;
bh=I5lV5t62sEE2hz+OpPbPD2dFCLwsEPWNzx5uUorvLy8=;
fh=AgQS9boTS5EqeXAS40g7hl6t2RCiNcihONjOhh+Hutg=;
b=PgO4QydDITPm4LL47hQpuw0sq4tJ4MvSt7ks5oN3Xz7+kv4Cn9e7gi9cIdxmm92Oya
gdMF2bAoF44QaUmsV2XA/6CljYrQcnXjB/tY6O8mhlhrhoWQvKWZBPij0ozm/uDaJfrf
Dliq5O74K45IqFdevv0unqKmfllJfdK2JzWOzsjcapN+e4BeI29dUc/Sj/SOmTiUh7Nb
1agzhRfG6xJ5n4oyGCao1sxgIdJMC/4YhejqkldUtO1+rORjpguBG6OlhRvAUh7nM3mf
cWnKagnmXgOswwSvrzZCRtLX3qemn8SghSjjHZgQIvTUeDDwAr6YI+C/ku/HqXlFbdG8
im9g==;
darn=gnusha.org
ARC-Authentication-Results: i=2; gmr-mx.google.com;
dkim=pass header.i=@protonmail.com header.s=protonmail3 header.b="f/zWytAk";
spf=pass (google.com: domain of armchaircryptologist@protonmail.com designates 79.135.106.30 as permitted sender) smtp.mailfrom=ArmchairCryptologist@protonmail.com;
dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=protonmail.com
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=googlegroups.com; s=20230601; t=1754989472; x=1755594272; darn=gnusha.org;
h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post
:list-id:mailing-list:precedence:reply-to
:x-original-authentication-results:x-original-sender:mime-version
:feedback-id:references:in-reply-to:message-id:subject:from:to:date
:from:to:cc:subject:date:message-id:reply-to;
bh=I5lV5t62sEE2hz+OpPbPD2dFCLwsEPWNzx5uUorvLy8=;
b=IcPa+1XNvQQdj77LJIYrflZJlhUDS7bey72kr8cIc2brClFLnGaKSTdF81iezB6oh5
RTA4HPDf5MGWm+ayN5dQRwjfJQdvuE41KC6NzC/TYQSFzKeE50aQdGF6MKn83cpMinA4
dTGiUF9LEgE42/mrRKHugOzzXolEt97oGQ5xI265wI9RPKjf0wK5vosFUKgoKpyUCjA8
B2M8o1k/XcoAleBNRre9YnEBMArIy9u0nfx5YsBGvQLVUIQ4Efr1NNnMqY3enOFNfQep
CwN0dXwW0wWeH45yU3TFRPnx6b3QQKM7ZKA3KSHTKC9bsHWcLX7jP6UymcY41lSGcnIb
mrAQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20230601; t=1754989472; x=1755594272;
h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post
:list-id:mailing-list:precedence:reply-to
:x-original-authentication-results:x-original-sender:mime-version
:feedback-id:references:in-reply-to:message-id:subject:from:to:date
:x-beenthere:x-gm-message-state:from:to:cc:subject:date:message-id
:reply-to;
bh=I5lV5t62sEE2hz+OpPbPD2dFCLwsEPWNzx5uUorvLy8=;
b=JGo5QGx7b3Y5ii4rRlGQp9pRv/51SsJv2BbXzhgJjwnuhz7p/et9XnZcZA8wSOn749
ZEP3dWL4vz44NKaFjrJ3BZ5ObOFIGIUMzlzbg4gs0xuHeQY1OMai7zGD0IIQNm8tbe1K
z9Wr9Q4xdrh6Fhqbz2sdw5phWELhmLCFEZpqw/T/4+JyhAMc+yxrgkbvfK3tK8UUt2Cx
UZtftKowSsPzP3SM9uI/+QOCgVwCvVY9iVobNMBpPXjHD9EwR+MhvJsUbNUfqrniniRF
HV1pv8/3zj7N9zDw2OJ81jCLln2eIrJqDB279p3T1C+Ri3yjlBK1WVjo3CjhpojMRyVu
Fr+Q==
X-Forwarded-Encrypted: i=2; AJvYcCV1zSc8Vpl8Bi+RaVv422JfDT9ys9GyX1gRfpDT6kfmx843Lm8THmxtWxYeo0L/N08vc8BPz11AI0pc@gnusha.org
X-Gm-Message-State: AOJu0Yxlfu+lk01lrYvc3ehP4+1yZaU949dV++P7A4qkdOy5rwe+33Q/
vnHAqIMhFggv3FsA5uAur6tRKpGHynlLVN5T6Uym8BlZdpsTYDoYCKjE
X-Google-Smtp-Source: AGHT+IHfF6lL6UrbKqVAaFyD7gNfG8j+OdO9kUnp4SIiSIqHy5HCVCkm9JwGQ334GC4hAWEnkUzeWg==
X-Received: by 2002:a05:6870:d293:b0:30b:aa71:3ea9 with SMTP id 586e51a60fabf-30c20ec6f6emr10013201fac.8.1754989472006;
Tue, 12 Aug 2025 02:04:32 -0700 (PDT)
X-BeenThere: bitcoindev@googlegroups.com; h=AZMbMZcbi6mD7V4LnbQntPW1Ll96EZHW3F2GCf/7v0SPl4f18A==
Received: by 2002:a05:6871:6a17:b0:30b:b8a1:c8d0 with SMTP id
586e51a60fabf-30bfe7bf176ls1664542fac.1.-pod-prod-07-us; Tue, 12 Aug 2025
02:04:28 -0700 (PDT)
X-Received: by 2002:a05:6808:398f:b0:434:12a9:db07 with SMTP id 5614622812f47-43597ee1f4bmr9205967b6e.38.1754989468735;
Tue, 12 Aug 2025 02:04:28 -0700 (PDT)
Received: by 2002:a05:600c:8b71:b0:456:ce4:c44e with SMTP id 5b1f17b1804b1-459f521d826ms5e9;
Sat, 9 Aug 2025 12:38:32 -0700 (PDT)
X-Received: by 2002:a05:600c:1d01:b0:459:d821:a45b with SMTP id 5b1f17b1804b1-459faf4756dmr41210135e9.9.1754768310062;
Sat, 09 Aug 2025 12:38:30 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1754768310; cv=none;
d=google.com; s=arc-20240605;
b=Euz7MLfXZFE1ZETmMWane8qsPnbmKoiCbPd5/T5vbh2daFxpwbydC2ZmQta8m5BJTa
ZI+ourCbjfDWYqPR99gymbUgHb4HjFQ24dOajmf1B3bBi3EoauGKPshXGG+sqCb6EJfx
/rUx3BBw9xqvdf19DVoiRmYI14iq+rhv7/n1ZgeY3TNsYtJy+mY1tcCLhTRdnsYTJeEm
tj2H1Pt7buQyCy/IE44cu8BQrLwEyAhySOknmBxd3UUFrDfdNH8qeVv+qZyiVEEOE1QR
gQ83EfXQ40OLPba5YccKO0OWsWYKYv007IvY38xkL+63pZwG+SzWbMZT7HzgF0txi6RJ
gitw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605;
h=mime-version:feedback-id:references:in-reply-to:message-id:subject
:from:to:date:dkim-signature;
bh=E1a4p0g+Xk4JcJUxUbHTmioSogVDuvs/Dq/jAY6rXzw=;
fh=9OrcpW+kx6pireHH2MAH3InOKB1fu0KXcYqSlUZpNzk=;
b=YE8MuW5NvwmkiLz70X2PrKkKm16zNU3eIpfLFSxGC8yYP9+FAFcNymisGnQ/zLH9PV
3YwT2XoZxWkCnqKi0/jyzy/+qSPuvndLmgKWxUXQjBjXMN5s2QXYoqPszsZzlIzbIocS
7EVpUXTLYVPnkpkQkkoUEjNy9r9MEK2NUdrDlLr+rXCiYxXtKBXIJgZXMMF+l+HgYvjg
5hsgWhN775vQ78uiMII6eRJZUejmD9DSqdWhkkbWWAABlf7puJwaCipaGaqgUyRhL6eU
g5vWFSibUENG1tSZuxCufRN855bQ4tDvG/7LOosMD19UrqXWuWrJtaGpumxs6dlsp+yy
ZCGQ==;
dara=google.com
ARC-Authentication-Results: i=1; gmr-mx.google.com;
dkim=pass header.i=@protonmail.com header.s=protonmail3 header.b="f/zWytAk";
spf=pass (google.com: domain of armchaircryptologist@protonmail.com designates 79.135.106.30 as permitted sender) smtp.mailfrom=ArmchairCryptologist@protonmail.com;
dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=protonmail.com
Received: from mail-10630.protonmail.ch (mail-10630.protonmail.ch. [79.135.106.30])
by gmr-mx.google.com with ESMTPS id 5b1f17b1804b1-459e1d0a218si3793635e9.0.2025.08.09.12.38.29
for <bitcoindev@googlegroups.com>
(version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
Sat, 09 Aug 2025 12:38:30 -0700 (PDT)
Received-SPF: pass (google.com: domain of armchaircryptologist@protonmail.com designates 79.135.106.30 as permitted sender) client-ip=79.135.106.30;
Date: Sat, 09 Aug 2025 19:38:23 +0000
To: Bitcoin Development Mailing List <bitcoindev@googlegroups.com>, Bitcoin Foundation <contact@bitcoin.foundation>
From: "'ArmchairCryptologist' via Bitcoin Development Mailing List" <bitcoindev@googlegroups.com>
Subject: Re: [bitcoindev] Re: [Draft BIP] Quantum-Resistant Transition
Framework for Bitcoin
Message-ID: <1LDO_bQOdcKkNoKyyjfqLXAPUBVXSL667nAKDCNUfN2D7HEpDAkuFQrMubklIi1QdDI6BXdgB674g4uWYRlyQ5f-dlztDtnoEbIAlmrCg5M=@protonmail.com>
In-Reply-To: <6532d72c-fc2b-485a-9984-a9ade31e1760n@googlegroups.com>
References: <4d6ecde7-e959-4e6c-a0aa-867af8577151n@googlegroups.com> <fff86606-d6ce-4319-a341-90e9c4eba49dn@googlegroups.com> <6532d72c-fc2b-485a-9984-a9ade31e1760n@googlegroups.com>
Feedback-ID: 24244585:user:proton
X-Pm-Message-ID: 87f7dcb467db4db1c81e24f379d5ad11ebea5322
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="b1=_jIV8gSTRTH1oX4cmlQHE7IeEpcNQwtMmL63SNtWgu8"
X-Original-Sender: armchaircryptologist@protonmail.com
X-Original-Authentication-Results: gmr-mx.google.com; dkim=pass
header.i=@protonmail.com header.s=protonmail3 header.b="f/zWytAk";
spf=pass (google.com: domain of armchaircryptologist@protonmail.com
designates 79.135.106.30 as permitted sender) smtp.mailfrom=ArmchairCryptologist@protonmail.com;
dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=protonmail.com
X-Original-From: ArmchairCryptologist <ArmchairCryptologist@protonmail.com>
Reply-To: ArmchairCryptologist <ArmchairCryptologist@protonmail.com>
Precedence: list
Mailing-list: list bitcoindev@googlegroups.com; contact bitcoindev+owners@googlegroups.com
List-ID: <bitcoindev.googlegroups.com>
X-Google-Group-Id: 786775582512
List-Post: <https://groups.google.com/group/bitcoindev/post>, <mailto:bitcoindev@googlegroups.com>
List-Help: <https://groups.google.com/support/>, <mailto:bitcoindev+help@googlegroups.com>
List-Archive: <https://groups.google.com/group/bitcoindev
List-Subscribe: <https://groups.google.com/group/bitcoindev/subscribe>, <mailto:bitcoindev+subscribe@googlegroups.com>
List-Unsubscribe: <mailto:googlegroups-manage+786775582512+unsubscribe@googlegroups.com>,
<https://groups.google.com/group/bitcoindev/subscribe>
X-Spam-Score: -1.0 (-)
--b1=_jIV8gSTRTH1oX4cmlQHE7IeEpcNQwtMmL63SNtWgu8
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
> An astute observation. To clarify the quantum computing landscape: Google=
's current quantum processors do not possess 50 logical qubits, and even if=
they did, this would be insufficient to compromise ECDSA - let alone RSA-2=
048, which would require approximately 20 million noisy physical qubits for=
successful cryptanalysis [0].
That paper is pretty old. There is a recent paper from a couple of months a=
go by the same author (Craig Gidney from Google Quantum AI) claiming that y=
ou could break RSA-2048 with around a million noisy qubits in about a week.
Paper: https://arxiv.org/pdf/2505.15917
Blog post: https://security.googleblog.com/2025/05/tracking-cost-of-quantum=
-factori.html
I can't say for sure whether this approach can be applied to ECDSA; I have =
seen claims before that it has less quantum resistance than RSA-2048, but I=
'm unsure if this is still considered to be the case. And while these paper=
s are of course largely theoretical in nature since nothing close to the re=
quired amount of qubits exists at this point, I haven't seen anyone refute =
these claim at this point. These is still no hard evidence I'm aware of tha=
t a quantum computer capable of breaking ECDSA is inevitable, but given the=
rate of development, there could be some cause of concern.
Getting post-quantum addresses designed, implemented and activated by 2030 =
in accordance with the recommendations in this paper seems prudent to me, i=
f this is at all possible. Deactivating inactive pre-quantum UTXOs with exp=
osed public keys by 2035 should certainly be considered. But I still don't =
feel like deactivating pre-quantum UTXOs without exposed public keys in gen=
eral is warranted, at least until a quantum computer capable of breaking pu=
blic keys in the short time between they are broadcast and included in a bl=
ock is known to exist - and even then, only if some scheme could be devised=
that still allows spending them using some additional cryptographic proof =
of ownership, ZKP or otherwise.
--
Best,
ArmchairCryptologist
--=20
You received this message because you are subscribed to the Google Groups "=
Bitcoin Development Mailing List" group.
To unsubscribe from this group and stop receiving emails from it, send an e=
mail to bitcoindev+unsubscribe@googlegroups.com.
To view this discussion visit https://groups.google.com/d/msgid/bitcoindev/=
1LDO_bQOdcKkNoKyyjfqLXAPUBVXSL667nAKDCNUfN2D7HEpDAkuFQrMubklIi1QdDI6BXdgB67=
4g4uWYRlyQ5f-dlztDtnoEbIAlmrCg5M%3D%40protonmail.com.
--b1=_jIV8gSTRTH1oX4cmlQHE7IeEpcNQwtMmL63SNtWgu8
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
<div style=3D"font-family: Arial, sans-serif; font-size: 14px;"><div class=
=3D"protonmail_quote"><br>
<blockquote class=3D"protonmail_quote" type=3D"cite">
=20
An astute observation. To clarify the quantum computing landscape:
Google's current quantum processors do not possess 50 logical qubits,
and even if they did, this would be insufficient to compromise ECDSA -
let alone RSA-2048, which would require approximately 20 million noisy
physical qubits for successful cryptanalysis [0].<br></blockquote><div><br>=
</div><div><span>That paper is pretty old. There is a recent paper from a c=
ouple of months ago by the same author (<span>Craig Gidney</span> from=
<span>Google Quantum AI</span>) claiming that you could break RSA-204=
8 with around a million noisy qubits in about a week. <span><br></span=
></span><div><span><br></span></div><div><span>Paper: <a target=3D"_bl=
ank" rel=3D"noreferrer nofollow noopener" href=3D"https://arxiv.org/pdf/250=
5.15917">https://arxiv.org/pdf/2505.15917</a><br></span></div><div>Blog pos=
t: <span><a target=3D"_blank" rel=3D"noreferrer nofollow noopener" hre=
f=3D"https://security.googleblog.com/2025/05/tracking-cost-of-quantum-facto=
ri.html">https://security.googleblog.com/2025/05/tracking-cost-of-quantum-f=
actori.html</a></span></div><div><br></div><div>I
can't say for sure whether this approach can be applied to=20
ECDSA; I have seen claims before that it has less quantum resistance than R=
SA-2048, but I'm unsure if this is still considered to be the case. And whi=
le these papers are of course largely theoretical in nature=20
since nothing close to the required amount of qubits exists at this=20
point, I haven't seen anyone refute these claim at this point. These is sti=
ll no hard evidence I'm aware of that a quantum computer capable of breakin=
g ECDSA is inevitable, but given the rate of development, there could be so=
me cause of concern.</div><div><br></div><div><span>Getting post-quantum ad=
dresses designed, implemented and activated by 2030 in accordance with the =
recommendations in this paper seems prudent to me, if this is at all possib=
le. Deactivating inactive <span>pre-quantum </span>UTXOs with exposed =
public keys by 2035 should certainly be considered. But I still don't feel =
like deactivating pre-quantum UTXOs without exposed public keys in general =
is warranted, at least until a quantum computer capable of breaking public =
keys in the short time between they are broadcast and included in a block&n=
bsp;<span>is known to exist</span> - and even then, only if some schem=
e could be devised that still allows spending them using some additional cr=
yptographic proof of ownership, ZKP or otherwise.</span></div><div><span><b=
r></span></div><div><span>--</span></div><div><span>Best,</span></div><div>=
<span>ArmchairCryptologist</span></div></div></div></div>
<p></p>
-- <br />
You received this message because you are subscribed to the Google Groups &=
quot;Bitcoin Development Mailing List" group.<br />
To unsubscribe from this group and stop receiving emails from it, send an e=
mail to <a href=3D"mailto:bitcoindev+unsubscribe@googlegroups.com">bitcoind=
ev+unsubscribe@googlegroups.com</a>.<br />
To view this discussion visit <a href=3D"https://groups.google.com/d/msgid/=
bitcoindev/1LDO_bQOdcKkNoKyyjfqLXAPUBVXSL667nAKDCNUfN2D7HEpDAkuFQrMubklIi1Q=
dDI6BXdgB674g4uWYRlyQ5f-dlztDtnoEbIAlmrCg5M%3D%40protonmail.com?utm_medium=
=3Demail&utm_source=3Dfooter">https://groups.google.com/d/msgid/bitcoindev/=
1LDO_bQOdcKkNoKyyjfqLXAPUBVXSL667nAKDCNUfN2D7HEpDAkuFQrMubklIi1QdDI6BXdgB67=
4g4uWYRlyQ5f-dlztDtnoEbIAlmrCg5M%3D%40protonmail.com</a>.<br />
--b1=_jIV8gSTRTH1oX4cmlQHE7IeEpcNQwtMmL63SNtWgu8--
|
