Quantum hackers could break bitcoin in minutes, but don't panic just yet
The best quantum computers in the world are not powerful enough to hack bitcoin.
Monisha RavisettiFormer Science Writer
Monisha Ravisetti was a science writer at CNET. She covered climate change, space rockets, mathematical puzzles, dinosaur bones, black holes, supernovas, and sometimes, the drama of philosophical thought experiments.
Previously, she was a science reporter with a startup publication called The Academic Times, and before that, was an immunology researcher at Weill Cornell Medical Center in New York. She graduated from New York University in 2018 with a B.A. in philosophy, physics and chemistry.
When she's not at her desk, she's trying (and failing) to raise her online chess rating. Her favorite movies are Dunkirk and Marcel the Shell with Shoes On.
We could be on the verge of a quantum revolution where scientists can develop medication at record speeds, predict weather with incredible certainty and uncover new angles on physics.
There's a catch, though.
Prototype quantum computers still work on relatively small scales. Qubits, the basic units in the quantum version of computer language, are the driving force behind a quantum PC's power. Most current quantum processors top out at a few dozen qubits, and the largest processor, built by IBM, presently stands at 127 qubits. These numbers aren't nearly enough for quantum breakthroughs.
Short answer? Several millions more than IBM's mere 127-qubit processor lighting the way.
Bitcoin's quantum weakness
Bitcoin's security system is considered ultra-secure against classical computers, which is why it offers a terrific way to gauge quantum computing power. It's very complex, but here's what you need to know for our purposes.
Every time a transaction is made, two important things happen.
A public key, available to everyone, and a secure private key, visible only to the spender, are generated. This key combo is then digitally "written" onto a ledger of monetary transactions within the system, aka a blockchain.
After that, the transaction sort of "locks," thereby preventing anyone from doing anything with the associated funds. But there's a blindside: "When someone makes a transaction in bitcoin, it's announced to the world, but it's not completely secure until it has been integrated into the blockchain," Webber said.
In other words, between the public declaration of a transaction and the integration, there's a vulnerability window. Within that window, the funds can, technically, be manipulated. I say technically because that'd require algorithms so utterly complex even the strongest supercomputers don't have enough computing power to perform them -- and you can forget about humans manually attempting to. Quantum computers may, eventually.
"If you did have a quantum computer and it could function quickly enough, you could theoretically apply it to transactions routinely to re-divert [them] to a different address, for example," Webber said.
Though the window's general ballpark ranges from 10 minutes to a day, Webber says its finiteness makes it a particularly good test for "We've got a desired runtime, how many qubits do we need?"
But before we go any further, let's discuss where all this qubit power originates. It's thanks to two dazzling quantum features you won't believe aren't science fiction: superposition and entanglement.
Quick trip to qubit-land
Suppose I spin a coin on a table and ask, "Is it heads or tails?" You'd probably say, "What?" because my question doesn't make much sense. Before the coin settles on a side, it essentially exists as both options simultaneously. Think of this dizzying coin as being in a "superposition."
If you interrupt its superposition to examine its fate -- that is, make the coin stop spinning -- you can't bring back the exact state of limbo. Once you break superposition, it's broken forever.
Now let's modify the case to include two coins spinning next to each other. This time, I have a condition: If coin A lands on heads, so will coin B. These coins are now interdependent, so to speak. Each coin's superposition is "entangled" in the other's.
Adjustments to coin A's superposition instantaneously affect coin B's. Even if only coin A stops spinning, for instance, you gain knowledge about coin B – thus breaking its superposition, too. This would ring true even if the coins are on opposite ends of the universe.
OK, you're probably thinking: These analogies sort of depend on the mind of the observer. You're right. But that's because we're talking about coins. With quantum particles like electrons and photons, these things really, physically happen.
Traveling back to the quantum computing-verse, superposition determines the state of a bit. Classical bits exist as either 0 or 1, but qubits, made of quantum particles, can be in superposition -- 0 and 1 at the same time. Most importantly, they retrieve data while still in that state.
As you can imagine, qubits zip through calculations at unfathomable speeds, testing several iterations simultaneously and entangling with other qubits to transmit information instantaneously. That's the general gist.
For context, Google and IBM quantum computers evenly distribute qubits on a grid, using what's called superconducting quantum hardware. Adjacent qubits can entangle to communicate information. Webber's company zeroes in on trapped ion hardware, which allows qubits to move freely and collaborate anywhere on a grid. Either way, though, more qubits equals exponentially more computing power.
But how many of these qubits must sync up to take advantage of bitcoin's vulnerability window?
Challenge accepted: Hack bitcoin
Here's what we know so far: Bitcoin transactions have a window during which they're vulnerable to quantum computers -- but not classical computers and definitely not people. That's because quantum systems are filled with qubits, firing away and performing calculations at speeds the human brain can barely comprehend.
Using external research, Webber laid out how many qubits are needed to penetrate that window, uncovering some solid estimations. But recall the delicacy of qubits. If anything goes wrong in a quantum computer, superposition is interrupted and all the precious quantum data can be lost forever. And things go wrong.
To prevent that disaster, quantum programmers do something rather intuitive. They just use more qubits. It's called quantum error correction.
Saving for simplification, they throw an army of qubits at every computation to increase the chances of correct data. For example, if 9/10 qubits offered the same solution, it'd be safe to say that's correct.
"To have one pretty high-quality, logical qubit -- it's not perfect, but it's good -- it's something like 1,000 physical qubits for one," Webber said. Thus, he multiplied his initial estimation by 1,000 to get a final answer.
Bingo, it'd take about 317 million qubits to hack bitcoin in one hour. If you're looking at a 10-minute window, "it would just be a larger number," he said. "Probably six times more." That would put the number of qubits into the billions. We're not even close to that point just yet.
"If you want to break it more slowly," Webber added, "it requires less qubits overall -- so something like 13 million to break it in one day."
Webber isn't the only one thinking about how quantum computing could bypass cryptocurrency security. The US National Institute of Standards and Technology, for instance, is on the hunt for quantum-proof cryptography algorithms to keep cryptocurrency secure, while the Ethereum Foundation is investigating notions of quantum resistance.
Though we've still got a ways to go before we arrive at a bitcoin quantum hack, Webber urges thinking about advances now: "Look at the transition of classical computing from vacuum tubes of 10 bits, or however many they had early on, to the extremes that we have now.
"Surely, quantum computing will go through a similar transition."