Source: Liu Jiaolian

BTC retraced sharply overnight, breaking the 30-day moving average of 98.7k, and temporarily reached around 96k. Due to the macro situation, friends who pay attention to the recent articles and internal reference of Jiaolian should have a clear mind. One is the panic caused by Google’s Willow quantum computer some time ago. Second, yesterday morning the Federal Reserve gave negative expectations for future interest rate cuts.

Jiaolian has repeatedly talked about the threat of quantum computing in the past few years. Recently, Google Willow came out, and the teaching chain was dismantled as soon as possible.

In a word: don’t panic. The progress of quantum computers is still far away from practicality. Even if it is practical, it will not threaten BTC first and immediately. We will have enough time to deal with it.

However, the above conclusion of the teaching chain is a scientific conclusion, not a spiritual belief. Therefore, while rejecting blind panic and unfounded worries, we must also reject blind optimism and making amends after a missed opportunity.

Just like humans responding to natural disasters, such as floods. We can neither be afraid of floods like the ancient people and do ridiculous things like boys and girls offering sacrifices to the river god, nor can we take chances and carry out shoddy projects.

Quantum computing is to BTC, and interstellar mining is to gold, just like scourges are to residents. Don't be afraid or hide, but face it scientifically and take active precautions.

Every time there is a quantum panic, some people will jump out to advocate gold. In fact, future technological progress will pose a much greater potential threat to gold than quantum panic does to BTC. After all, gold is dead and BTC is alive - BTC can upgrade the code.

What technology will destroy the value of gold? Interstellar Mining. In our solar system, in the asteroid belt of Mars and Jupiter, about 340-540 million kilometers away from the Earth, there is an asteroid with a diameter of about 226 kilometers, and its name is 16 Psyche. There is a large amount of precious metals on this spiritual planet. Among them, gold reserves alone are conservatively estimated to be hundreds of billions of tons.

How much gold have humans mined from the earth in total over the past few thousand years? As of 2024, the current global gold stock is only about 208,000 tons.

Today, we can send the Zhurong to Mars. How many years do you think it will be before we can mine gold on an asteroid between fire and wood?

Imagine that hundreds of billions of tons of gold are continuously transported back to the earth. Will it be a devastating blow to the scarcity of the current pitiful stock of more than 200,000 tons?

Technological progress is non-linear. It will accelerate forward.

Although we estimate that even if the level of quantum computing can advance exponentially, it may take 10-20 years to become practical and thus pose a substantial threat to existing encryption algorithms, but we cannot Pretend it doesn't exist and waste 20 years sleeping in the sun.

Be born in sorrow and die in happiness.

I heard BiSome developers of tcoin core are already discussing the reality of quantum threats, as well as possible evolution routes and technical responses.

So today I will take some time to talk to you about the specific things you can do as an individual BTC holder to prevent possible quantum computing threats in the future. The following content may be a little technical. If there are nouns and terms you don’t understand, please search and learn on your own online.

Quantum prevention point 1: Only use P2PKH address or P2WPKH address to store BTC, not P2PK address or P2TR address.

Formally, the P2PKH address is a BTC address starting with 1, and the P2WPKH address is a BTC address starting with bc1q. The P2PK address is an address starting with 04, and the P2TR address is an address starting with bc1p.

Conceptually, the P2PKH address is the standard address named by the authentic Satoshi Nakamoto, and the P2WPKH address is the native segregated witness address (native segwit address). P2PK is paid to the public key, and P2TR is the taproot address.

In terms of time, the p2pk address was used for a period of time in 2009 when Satoshi Nakamoto just launched the BTC network. Later, probably in the second half of 2009, Satoshi Nakamoto wrote the code for p2pkh and then fully switched to standard addresses. p2wpkh was launched after the BTC network completed the segwit (Segregated Witness) upgrade on August 24, 2017. The p2tr address was introduced after the taproot upgrade in November 2021.

Technically, the p2pkh address is the ECDSA public key covered with two layers of hashes, one layer SHA256 and one layer ripemd160; the p2wpkH address is the ECDSA public key covered with SHA256 and ripemd160, then encapsulated into a segregated witness script and then used bech32 Code generation. The p2pk address is the bare ECDSA public key, and the p2tr address is the derived public key of the Schnorr public key, which is encapsulated into a taproot script and then generated using bech32m encoding.

In principle, Jiaolian has said that when quantum computing becomes practical in the future, there are two ways to attack the ownership of BTC holders: The first way is to attack electronic signature algorithms, such as ECDSA public key or Schnorr public key, deducing your private key, thereby stealing your BTC; the second method is to attack the hash algorithm, such as SHA256 or ripemd160, deriving the original image, thereby stealing your BTC.

The quantum algorithm used to attack electronic signatures is called Shor's algorithm. The quantum algorithm that attacks hashing is called Grover's algorithm.

If the Shor algorithm reaches a practical level, it will be possible to break ECDSA or Schnorr signatures in seconds.

If the Grover algorithm reaches a practical level, it can only attack the hash algorithm.The force is increased by a square magnitude, that is to say, the attack difficulty is reduced to the square root difficulty. For example, the difficulty of attacking a good enough SHA256 hash is 2^256. Using Grover's algorithm can be reduced to 2^128. Although it is much smaller, it is still very large.

In other words, cryptographic hashing algorithms have a certain degree of quantum resistance.

This is the technical reason for the first key point of teaching chain quantum prevention. Make sure that you only use p2pkh or p2wpkh addresses that do not expose the public key, and do not use p2pk or p2tr addresses that do not expose the public key.

"Bitcoin History" Chapter 4 "Quantum Supremacy" Chapter 13 "Bitcoin Address" writes, "On July 25, 2010 On the same day, someone discussed on the Bitcoin community forum the problem if the encryption algorithm used by Bitcoin was broken. Satoshi Nakamoto replied, "In order to make Bitcoin addresses shorter, they use the hash of the public key instead of the public key." In this way, “transactions paid to Bitcoin addresses are secure "The security is only as secure as the hash", "The attacker only needs to break the hash function, not the elliptic curve digital signature algorithm."

Quantum prevention point two: avoid Address reuse ensures that each address is only used (spent) at most once.

Please note that the BTC address is different from the bank account, and is different from the account address of many mainstream public chains (including Ethereum). The account-centered design is centered around an account (reflected as a bank card number or account address, etc.) to record the incoming and outgoing accounts. BTC is designed with "coins" as the center, and records the flow of "coins" between addresses.

The specific concept of UTXO is too long to start with, so I won’t expand on it here.

Under this design of BTC, "receiving payment" means using your own address to receive BTC transferred in from others. This is not called "using" the address. In this case, you are passive and do nothing. If you use a p2pkh or p2wpkh address, no matter how many times you receive money, your public key will not be exposed.

And if you want to use this address to "pay" externally, that is, transfer the BTC in the address to others, then you have to take out the private key, sign the transaction, and broadcast to the chain. , you are "spending" the BTC in the address, which means you are actually "using" the address. At this time, you need to take the initiative and use the private key.

Once you spend the BTC in an address, the public key is exposed to the world, and the protective effect of the hash shell originally placed outside the public key is lost.

According to the knowledge introduced in Key Points to Prevent Quantum on the Chain, in the face of quantum computing that may be practical in the future, the vulnerability of public keys is far greater than hashing. Therefore, once the public key is exposed, it means that the quantum risk exposure of your BTC assets in that address is greatly increased.

This is what I want to say about the second key point of teaching chain anti-quantum. A cake hoarding address will either never move, or it will move once.Transfer all BTC at once, completely clear the address, and never use it again.

This can greatly reduce the risk of your BTC facing future quantum computing threats and increase the probability of survival.

There is a humorous saying that when a bear is chasing you, you don’t have to run faster than the bear, just run faster than your companions.

When one day in the future, quantum computing really threatens those more vulnerable addresses, you still have enough time to safely migrate your BTC assets to a new quantum-safe address. I believe that by that day, BTC will have developed a new version of quantum-resistant addresses!

"For better privacy, it is best to use a Bitcoin address only once." - Satoshi Nakamoto, November 25, 2009. "Bitcoin History" Chapter 19 Chapter 95.

Quantum prevention point three: Don’t wait until the last day to act.

Although quantum computing is still far away, we can start taking action today. Follow the key points 1 and 2 of teaching chain anti-quantum and check our cake storage addresses. If there are unsafe address types or reuse issues , then hurry up, migrate BTC out, and abandon the addresses that are already at risk.

Some people estimate based on the current address size that if everyone migrates their BTC to a safe address, with the current BTC block throughput, it may take at least 6 months without any other transactions. Only by working hard to solve these migration needs can the solution be completed.

I believe you don’t want to wait until the day when everyone is rushing to migrate BTC before you start.

Thousands of troops and horses crossed the single-plank bridge. The on-chain handling fees will definitely rise to the sky, which will make you feel so happy.

When there is no congestion on the chain, it is wise to take precautions and take precautions before they happen.

Quantum-proof Point 4: Pay attention to BTC’s quantum-proof progress and migrate assets to a safer address when appropriate.

This is action for the future.

That’s it.

As for other chains and other assets, there is nothing to talk about. Address reuse and account reuse are all daily operations. Public keys are exposed all over the sky, and contract loopholes emerge in endlessly... Let’s forget it. . In the long-term storage of value (SoV) track, they have nothing to compare with BTC. For them, instead of worrying about the quantum threat in 10 or 20 years, it is more realistic to worry about rug pull or fishing in front of them.