Quantum hackers could break bitcoin in minutes, but don't panic just yet
The best quantum computers in the world are not powerful enough to hack bitcoin.
During the last decade, computational programming has evolved steadily and reached into the quantum domain, yielding mind-bending devices that promise unthinkable levels of power.
In 2020, for instance, Chinese scientists tapped a quantum computer to run a math problem that would've taken a typical supercomputer 2.5 billion years to solve. The quantum machine solved it in 200 seconds.
But the hype goes far beyond superhero calculations. Quantum computing holds the potential to transform how we interact with nature.
It could hyperfast-track drug discovery by rapidly sifting through molecular structures, a feat IBM has partnered with Cleveland Clinic to explore. It could boost internet security toward near-unhackability, earning attention from the US Department of Energy. Even manufacturing companies, such as automobile giant BMW, have entered the quantum game because it could perfect materials science and rewrite the framework for artificial intelligence.
We could be on the verge of a quantum revolution where scientists can develop medication at record speeds, predict weather with incredible certainty and uncover new angles on physics.
There's a catch, though.
Prototype quantum computers still work on relatively small scales. Qubits, the basic units in the quantum version of computer language, are the driving force behind a quantum PC's power. Most current quantum processors top out at a few dozen qubits, and the largest processor, built by IBM, presently stands at 127 qubits. These numbers aren't nearly enough for quantum breakthroughs.
But what would be? In an attempt to judge how far along the quantum timeline we currently are, Mark Webber, a quantum architect at English startup Universal Quantum, and his team calculated the amount of qubits one would theoretically need to hack the formidable security system employed by bitcoin, the decentralized digital currency that's been a volatile investment, captured the attention of Elon Musk and become the symbol of a looming revolution in finance.
Short answer? Several millions more than IBM's mere 127-qubit processor lighting the way.
Bitcoin's quantum weakness
Bitcoin's security system is considered ultra-secure against classical computers, which is why it offers a terrific way to gauge quantum computing power. It's very complex, but here's what you need to know for our purposes.
Every time a transaction is made, two important things happen.
A public key, available to everyone, and a secure private key, visible only to the spender, are generated. This key combo is then digitally "written" onto a ledger of monetary transactions within the system, aka a blockchain.
After that, the transaction sort of "locks," thereby preventing anyone from doing anything with the associated funds. But there's a blindside: "When someone makes a transaction in bitcoin, it's announced to the world, but it's not completely secure until it has been integrated into the blockchain," Webber said.
In other words, between the public declaration of a transaction and the integration, there's a vulnerability window. Within that window, the funds can, technically, be manipulated. I say technically because that'd require algorithms so utterly complex even the strongest supercomputers don't have enough computing power to perform them -- and you can forget about humans manually attempting to. Quantum computers may, eventually.
"If you did have a quantum computer and it could function quickly enough, you could theoretically apply it to transactions routinely to re-divert [them] to a different address, for example," Webber said.
Though the window's general ballpark ranges from 10 minutes to a day, Webber says its finiteness makes it a particularly good test for "We've got a desired runtime, how many qubits do we need?"
But before we go any further, let's discuss where all this qubit power originates. It's thanks to two dazzling quantum features you won't believe aren't science fiction: superposition and entanglement.
Quick trip to qubit-land
Suppose I spin a coin on a table and ask, "Is it heads or tails?" You'd probably say, "What?" because my question doesn't make much sense. Before the coin settles on a side, it essentially exists as both options simultaneously. Think of this dizzying coin as being in a "superposition."
If you interrupt its superposition to examine its fate -- that is, make the coin stop spinning -- you can't bring back the exact state of limbo. Once you break superposition, it's broken forever.
Now let's modify the case to include two coins spinning next to each other. This time, I have a condition: If coin A lands on heads, so will coin B. These coins are now interdependent, so to speak. Each coin's superposition is "entangled" in the other's.
Adjustments to coin A's superposition instantaneously affect coin B's. Even if only coin A stops spinning, for instance, you gain knowledge about coin B – thus breaking its superposition, too. This would ring true even if the coins are on opposite ends of the universe.
OK, you're probably thinking: These analogies sort of depend on the mind of the observer. You're right. But that's because we're talking about coins. With quantum particles like electrons and photons, these things really, physically happen.
Traveling back to the quantum computing-verse, superposition determines the state of a bit. Classical bits exist as either 0 or 1, but qubits, made of quantum particles, can be in superposition -- 0 and 1 at the same time. Most importantly, they retrieve data while still in that state.
As you can imagine, qubits zip through calculations at unfathomable speeds, testing several iterations simultaneously and entangling with other qubits to transmit information instantaneously. That's the general gist.
For context, Google and IBM quantum computers evenly distribute qubits on a grid, using what's called superconducting quantum hardware. Adjacent qubits can entangle to communicate information. Webber's company zeroes in on trapped ion hardware, which allows qubits to move freely and collaborate anywhere on a grid. Either way, though, more qubits equals exponentially more computing power.
IBM's quantum computer.
But how many of these qubits must sync up to take advantage of bitcoin's vulnerability window?
Challenge accepted: Hack bitcoin
Here's what we know so far: Bitcoin transactions have a window during which they're vulnerable to quantum computers -- but not classical computers and definitely not people. That's because quantum systems are filled with qubits, firing away and performing calculations at speeds the human brain can barely comprehend.
Using external research, Webber laid out how many qubits are needed to penetrate that window, uncovering some solid estimations. But recall the delicacy of qubits. If anything goes wrong in a quantum computer, superposition is interrupted and all the precious quantum data can be lost forever. And things go wrong.
To prevent that disaster, quantum programmers do something rather intuitive. They just use more qubits. It's called quantum error correction.
A conceptual illustration of quantum particles operating and entangling with each other.
Saving for simplification, they throw an army of qubits at every computation to increase the chances of correct data. For example, if 9/10 qubits offered the same solution, it'd be safe to say that's correct.
"To have one pretty high-quality, logical qubit -- it's not perfect, but it's good -- it's something like 1,000 physical qubits for one," Webber said. Thus, he multiplied his initial estimation by 1,000 to get a final answer.
Bingo, it'd take about 317 million qubits to hack bitcoin in one hour. If you're looking at a 10-minute window, "it would just be a larger number," he said. "Probably six times more." That would put the number of qubits into the billions. We're not even close to that point just yet.
"If you want to break it more slowly," Webber added, "it requires less qubits overall -- so something like 13 million to break it in one day."
Webber isn't the only one thinking about how quantum computing could bypass cryptocurrency security. The US National Institute of Standards and Technology, for instance, is on the hunt for quantum-proof cryptography algorithms to keep cryptocurrency secure, while the Ethereum Foundation is investigating notions of quantum resistance.
Though we've still got a ways to go before we arrive at a bitcoin quantum hack, Webber urges thinking about advances now: "Look at the transition of classical computing from vacuum tubes of 10 bits, or however many they had early on, to the extremes that we have now.
"Surely, quantum computing will go through a similar transition."