public inbox for bitcoindev@googlegroups.com
 help / color / mirror / Atom feed
* [bitcoindev] 51% Attack via Difficulty Increase with a Small Quantum Miner
@ 2024-03-18 13:19 Or Sattath
  2024-03-20 20:42 ` [bitcoindev] " Antoine Riard
  0 siblings, 1 reply; 2+ messages in thread
From: Or Sattath @ 2024-03-18 13:19 UTC (permalink / raw)
  To: Bitcoin Development Mailing List


[-- Attachment #1.1: Type: text/plain, Size: 1591 bytes --]

Hi,
In a recent work <https://arxiv.org/abs/2403.08023> with Bolton Bailey 
(still not peer-reviewed) , we showed how a single quantum miner, with 
relatively little hashing power, can execute a 51% attack. *The attack 
isn't relevant for the forthcoming years, requiring an extremely fast, 
noise-tolerant quantum computer.*
The attack is surprisingly simple. The attacker creates a private fork, 
increasing the difficulty by a factor c. Due to the properties of Grover's 
algorithm, it is only \sqrt c harder for the quantum miner to mine at the 
new difficulty level, but these blocks count as $c$ times more for the PoW. 
Therefore, by mining even a single epoch for a large enough $c$, the 
quantum miner can generate more proof-of-work than the competing 
(classical) chain. The complexity of the attack is ~1/r^2 epochs, where r 
is the fraction of the block rewards that the quantum miner would have 
received if they mined honestly. This attack (or variants thereof) provides 
essentially the same benefits as classical 51% attacks, including double 
spending, and all the revenue from the block rewards. 

This attack might be relevant when considering future protocol 
modifications.

Or



-- 
You received this message because you are subscribed to the Google Groups "Bitcoin Development Mailing List" group.
To unsubscribe from this group and stop receiving emails from it, send an email to bitcoindev+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/bitcoindev/573ba0d7-522c-424e-898f-caa780c6ecf0n%40googlegroups.com.

[-- Attachment #1.2: Type: text/html, Size: 2115 bytes --]

^ permalink raw reply	[flat|nested] 2+ messages in thread

* [bitcoindev] Re: 51% Attack via Difficulty Increase with a Small Quantum Miner
  2024-03-18 13:19 [bitcoindev] 51% Attack via Difficulty Increase with a Small Quantum Miner Or Sattath
@ 2024-03-20 20:42 ` Antoine Riard
  0 siblings, 0 replies; 2+ messages in thread
From: Antoine Riard @ 2024-03-20 20:42 UTC (permalink / raw)
  To: Bitcoin Development Mailing List


[-- Attachment #1.1: Type: text/plain, Size: 3345 bytes --]

Hi Or,

Thanks for the research.

> The complexity of the attack is ~1/r^2 epochs, where r is the fraction of 
the block rewards that the quantum miner would have received if they mined 
honestly. This attack (or variants thereof) provides essentially the same 
benefits as classical 51% attacks, including double spending, and all the 
revenue from the block rewards. 

Quantum algorithm like Grover's algorithm are well-adapted to solve 
problems with a hidden structure, e.g where the answer can be easily 
verified.
This is the case any randomly yielded state from a qubit vector can be fast 
verified as a PoW on a classical computer architecture.
However, I'm not sure Grover's algorithm works well for dynamic block 
template construction and corresponding PoW calculations.
Any last-minute high-fee transaction might be selected in the block 
template, invalidating all the oracle calls performed so far by the run of 
the Grover's algorithm.
Classical computers do not have this issue that you cannot observe the 
state until the computation ends, contrary to quantum computers.
Inability to adapt to a fast-dynamic fee market might render this 51% 
attack unsustainable, in a post-subsidy world.

> *The attack isn't relevant for the forthcoming years, requiring an 
extremely fast, noise-tolerant quantum computer.*

Information on what is the qubit format and associated solid-state 
technology used for the estimation can be valuable. Especially to estimate 
the real-world energy cost compared to hydro pure ASIC-based mining 
infrastructure.

Best,
Antoine


Le lundi 18 mars 2024 à 13:31:37 UTC, Or Sattath a écrit :

> Hi,
> In a recent work <https://arxiv.org/abs/2403.08023> with Bolton Bailey 
> (still not peer-reviewed) , we showed how a single quantum miner, with 
> relatively little hashing power, can execute a 51% attack. *The attack 
> isn't relevant for the forthcoming years, requiring an extremely fast, 
> noise-tolerant quantum computer.*
> The attack is surprisingly simple. The attacker creates a private fork, 
> increasing the difficulty by a factor c. Due to the properties of Grover's 
> algorithm, it is only \sqrt c harder for the quantum miner to mine at the 
> new difficulty level, but these blocks count as $c$ times more for the PoW. 
> Therefore, by mining even a single epoch for a large enough $c$, the 
> quantum miner can generate more proof-of-work than the competing 
> (classical) chain. The complexity of the attack is ~1/r^2 epochs, where r 
> is the fraction of the block rewards that the quantum miner would have 
> received if they mined honestly. This attack (or variants thereof) provides 
> essentially the same benefits as classical 51% attacks, including double 
> spending, and all the revenue from the block rewards. 
>
> This attack might be relevant when considering future protocol 
> modifications.
>
> Or
>
>
>
>

-- 
You received this message because you are subscribed to the Google Groups "Bitcoin Development Mailing List" group.
To unsubscribe from this group and stop receiving emails from it, send an email to bitcoindev+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/bitcoindev/ee24a4e6-52fe-4e9a-93bb-f37a24f87a89n%40googlegroups.com.

[-- Attachment #1.2: Type: text/html, Size: 4522 bytes --]

^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2024-03-20 20:53 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2024-03-18 13:19 [bitcoindev] 51% Attack via Difficulty Increase with a Small Quantum Miner Or Sattath
2024-03-20 20:42 ` [bitcoindev] " Antoine Riard

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox