A brief review of Google Willow: Will it crack Bitcoin?

HashKey Capital ｜2024-12-11 14:00

In the short term, we don’t have to worry about the threat posed by quantum computers to networks like Bitcoin.

Written by Jeffrey Hu

Will quantum computing destroy Bitcoin? This topic, which has a folk-scientific flavor, always causes widespread discussion/FUD every once in a while. Will Google's newly released Willow be different this time? We did a small survey.

tldr:

Willow has indeed made great progress
But for now, Bitcoin users still don’t have to worry

If we simplify the Bitcoin protocol, it can be divided into two parts: mining (hash-based) and transactions (elliptic curve-based signatures). These two parts are indeed potentially affected by quantum computing: Grover's algorithm and Shor's algorithm.

But Willow's "computing power" is far from enough to affect both parts. To attack Bitcoin hash and signature in a reasonable time, about thousands of logical qubits are needed, and depending on the process, several (possibly thousands) physical qubits are encoded into 1 logical qubit.

This means that to attack Bitcoin, you need about several million physical qubits. Willow's physical qubit is 105, so there is still a long way to go.

But what if one day the computing power is sufficient? For mining, the impact is relatively limited. Because the Grover algorithm is only accelerated, it does not reverse the hash law, and it still requires a lot of calculations to find the hash value required for mining. It can be simply understood that there is a new powerful mining machine on the market.

For address signatures, there are some addresses that really need to be cautious! These include the oldest P2PK and the latest P2TR, which are based on public keys. P2PKH, P2SH, P2WPKH, P2WSH, etc. are all in the form of hashes, so they are relatively safe. But it should be noted that reusing these addresses will also expose your public key, resulting in risks.

Can devs do sth? Of course! Bitcoin is constantly evolving, and in the future, it will be possible to introduce, for example, hash-based Lamport signatures. There have been many discussions in the community, such as https://blog.blockstream.com/script-state-from-lamport-signatures/ (although it is used in state applications)

It is also possible to introduce quantum-resistant cryptography such as lattice-based cryptography, and these can all be activated via soft forks.

In addition to developers, good usage habits can also effectively defend against quantum threats. For example, change the receiving address each time (one password at a time) instead of reusing the address (every time I talk about this, I want to complain about many "Bitcoin ecosystem" wallets now). Another example is to transfer assets to a relatively safer isolated witness address before quantum computers can pose enough threats.

Other networks, such as Ethereum, have also discussed post-quantum cryptography. These designs can also be introduced through hard forks.

But in the final analysis, the emergence of quantum computers will obviously affect more than just Bitcoin or other cryptocurrencies. Many important areas such as traditional financial systems, national defense systems, and confidential channels will be affected.

For more information about quantum cryptography, it is highly recommended to listen to this episode of Yicongzheshi.

So in summary:

In the short term, we don’t have to worry about the threat of quantum computers to Bitcoin and other networks.
However, it is strongly recommended to develop good usage habits and keep an eye on quantum progress.

Author ：HashKey Capital
This article reflects the opinions of PANews's columnist and does not represent the stance of PANews. PANews does not assume legal responsibility. The article and opinions do not constitute investment advice.
Image Source ： HashKey Capital If there is any infringement, please contact the author to remove it.