D-Wave is in the hundreds of qubits currently (thousands if you count some of their chips, but those ones don't really count because they're parallel sets of lower numbered qubits.)
I've mentioned the potential lattice-based solution. The word "potential" there is critical: lattice-based cryptographic algorithms of any kind (not just the blind signature kind) are not proven secure even against existing computers. That's the big issue with lattice-based algorithms at the moment (and why we haven't already switched everything over to them.) They have potentially usable key and signature sizes to replace RSA and ECDSA and such without too much additional overhead, but they are entirely unproven (not just as in "these haven't been implemented in the wild" but as in "there is no mathematical proof that they are even secure.") At this point lattice-based algorithms are all similar to "this is a touch problem, I bet nobody can solve it" without showing that it is actually unsolvable (as all production-level cryptographic problems have been able to demonstrate.)
If you knew how to read what is written there you'd see that the lattice based option which I've discussed in this thread is the only potentially viable one. The issue there is it still isn't proven to be secure even against non-quantum computers. Constructing a cryptocurrency around something like that is something only a scammer would do.
Some prognosticators believe there will be a usable quantum computer that is more economical than simulating the same process on a conventional system, but there is no telling how close to the mark they will be.
That happened earlier this year, actually.
It is quite possible quantum computers will never be useful. So not really a hard deadline, not even a soft one, just an estimate based off people's hopes.
It's not a hope, it's an extrapolation over the last decade+ of a linear trend for another 4 years. This isn't even some Moore's Law tier exponential growth, this is LINEAR growth, we're already into the hundreds of qubits, once we hit 1,100 we are in the post-quantum era as far as all of cryptography is concerned. There is enough data at this point to safely estimate 4 years (though the other end of that error bracket is 2 years, so 2-4 years is more accurate an estimate, but I was throwing out the far-off date so as to avoid pulling a chicken little and screaming "the end is nigh, it's already too late to save cryptocoins" given it will take at least a couple of years to switch to a post-quantum set of algorithms, if it happens at all.)
I just realized what you're describing. It's not anonymity, you're describing the probability of the signature itself being solvable (e.g. whether or not a signature matching the public key can be forged.) That problem is easily mitigated (but again, leads to the 4-8TB/year data bloat with Bitcoin transaction rates assuming no additional users beyond the present.) There are lots of ways around that specific issue, SPHINCS+-256-256 is the best one (at ~31KB/signature, others typically come in around 60-150KB/signature.) That is however incapable of blind signing (which is a totally different thing, and means "signing something in a verifiable way but without knowing who signed it outside of some subset of potential people" - you can't get "anonymous" without "blind signing," you can get "secure but not anonymous" without blind signing.)
Again, literally a mathematical impossibility to do blind signing with symmetric algorithms. This has been proven, it cannot be refuted no matter how much obfuscation is added to the specific implementation.
Ah, yeah, ya do. Crypto is all-or-nothing. "Good enough" only qualifies up to a given window of time, when you're talking about securing a currency a 1/1000 chance is a 100% chance.
There are other alternatives for centralized coins, including the ones that use symmetric crypto only.
That's what post-quantum algorithms are. That's also why there's no such thing as blind signing in the post-quantum world. It's not mathematically possible to construct a symmetric blind signing algorithm, this has been proven.
me thinks you are highly optimistic over quantum computers.
Not even remotely, but the target to run Shor's algorithm isn't that high and the trend in qubit count is precisely linear. It's not like I'm basing these statements on some anticipated breakthrough or exponential growth, just extrapolating a decade-old linear trend for another less-than-half-a-decade, that's an extraordinarily safe estimate.
Projects before Bitcoin were shut down; The 'Trustless' feature of Bitcoin is mandatory; A central server is only a 'single point of failure' and must be avoided at all price.
That's exactly why Bitcoin is doomed.
Following a linear projection of the last 10 years of qubit count we are looking at 2023 before quantum computers can run Shor's algorithm (and the variations thereof required for existing algorithms.) At that point the signature algorithms used to sign transactions have to be switched over to post-quantum algorithms. The issue there is that the BEST (smallest) post-quantum signature algorithms are ~31KB each, equating to 4-8TB of data accruing per year added to the blockchain over what it already has (based on existing yearly transaction rates and assuming zero new users, it only goes up from there.) Worse still, this can't just be patched into the algorithm, it has to be initiated at the level of every wallet individually. This means another 2-3 years to get everyone to switch over. So we're looking at 2020-2021 before the algorithms need to be in place and people need to start the cutover. It's basically 2019 now, that's 1 year remaining to not only get the community to decide on WHAT post-quantum algorithms to switch to, but get them written, get the code debugged, and have the code deployed so the cutover can begin. Meanwhile, nobody is even taking this issue seriously.
But wait, it gets worse. That 4-8TB/year of signatures means everyone won't have a copy of the blockchain locally. That means centralization, which gets back to why the community is ignoring the issue with their heads in the sand: they know damn well that post-quantum algorithms mean the end of Bitcoin, because they mean that from every practical standpoint there will need to be centralization. Decentralization is the only real selling point of a cryptocurrency (it's not backed by governments like fiat currencies, it's not backed by materials like gold, it's just backed by the notion that nobody can take it away or control it: but at least 1 of those cease to be true in a post-quantum world, the way the community is keeping their heads in the sand over this issue ensures both will be eventually.)
The funny thing about them, is they're even WORSE than existing crypto algorithms. We have a hard deadline of 2023 before quantum computers can break pre-quantum algorithms with vary slightly modified versions of Shor's algorithm based on a decade-old linear trend in qubit count. That means we are looking at just a few years to get everyone switched over to post-quantum algorithms. Post quantum algorithms are largely shit because they have at absolute best (smallest) signature sizes of 31KB, which has it's own set of issues (specifically, about 4-8TB/year of signatures on transactions which you can never delete without voiding the integrity of the blockchain, which from a logistical standpoint will lead to centralization.) Post quantum algorithms have another MAJOR failing: there is no such thing as a post-quantum algorithm which supports blind signing. It can't be done in a provably secure manner, there is some (very sketchy) research suggesting lattice based cryptographic algorithms MIGHT get there, but there is no proof those are even secure against traditional computers at the current level of development.
TL;DR: This is FUD, there are no post-quantum blind signature algorithms known at this time, at least systems not relying upon blind signing have some (terrible) methods available to them to patch the system and make it post-quantum safe, something based on blind signatures doesn't even have a roadmap beyond the next 4 years.
You're contrasting a simple mechanism with something that is actively powered. Lifters have existed since basically the dawn of electrodynamics, they aren't new just because someone slapped some wings on them and materials got light enough for them to be usable. This is kind of neat, but it's just another case of MIT taking old technology, repackaging it with their name slapped on, and pretending to be leaders in technology development. They (sadly) stopped being that years ago.
Funny the date on those videos do not say 1918. So are you lying again?
I actually can't tell if you're a troll or mentally challenged. The lifter concept was done initially about a hundred years back, it's been well known to basically anyone who's paid attention in a physics class since.
Slashdot Mirror
Sure, when you're expecting to deliver something, not when you're expecting the risks to an extant project.
D-Wave is in the hundreds of qubits currently (thousands if you count some of their chips, but those ones don't really count because they're parallel sets of lower numbered qubits.)
https://ieeexplore.ieee.org/document/8354854
I've mentioned the potential lattice-based solution. The word "potential" there is critical: lattice-based cryptographic algorithms of any kind (not just the blind signature kind) are not proven secure even against existing computers. That's the big issue with lattice-based algorithms at the moment (and why we haven't already switched everything over to them.) They have potentially usable key and signature sizes to replace RSA and ECDSA and such without too much additional overhead, but they are entirely unproven (not just as in "these haven't been implemented in the wild" but as in "there is no mathematical proof that they are even secure.") At this point lattice-based algorithms are all similar to "this is a touch problem, I bet nobody can solve it" without showing that it is actually unsolvable (as all production-level cryptographic problems have been able to demonstrate.)
If you knew how to read what is written there you'd see that the lattice based option which I've discussed in this thread is the only potentially viable one. The issue there is it still isn't proven to be secure even against non-quantum computers. Constructing a cryptocurrency around something like that is something only a scammer would do.
Ahm, that is not really a 'hard deadline'.
Yeah, it is.
Some prognosticators believe there will be a usable quantum computer that is more economical than simulating the same process on a conventional system, but there is no telling how close to the mark they will be.
That happened earlier this year, actually.
It is quite possible quantum computers will never be useful. So not really a hard deadline, not even a soft one, just an estimate based off people's hopes.
It's not a hope, it's an extrapolation over the last decade+ of a linear trend for another 4 years. This isn't even some Moore's Law tier exponential growth, this is LINEAR growth, we're already into the hundreds of qubits, once we hit 1,100 we are in the post-quantum era as far as all of cryptography is concerned. There is enough data at this point to safely estimate 4 years (though the other end of that error bracket is 2 years, so 2-4 years is more accurate an estimate, but I was throwing out the far-off date so as to avoid pulling a chicken little and screaming "the end is nigh, it's already too late to save cryptocoins" given it will take at least a couple of years to switch to a post-quantum set of algorithms, if it happens at all.)
It has been for the last 10 years, 4 isn't a huge extrapolation.
I just realized what you're describing. It's not anonymity, you're describing the probability of the signature itself being solvable (e.g. whether or not a signature matching the public key can be forged.) That problem is easily mitigated (but again, leads to the 4-8TB/year data bloat with Bitcoin transaction rates assuming no additional users beyond the present.) There are lots of ways around that specific issue, SPHINCS+-256-256 is the best one (at ~31KB/signature, others typically come in around 60-150KB/signature.) That is however incapable of blind signing (which is a totally different thing, and means "signing something in a verifiable way but without knowing who signed it outside of some subset of potential people" - you can't get "anonymous" without "blind signing," you can get "secure but not anonymous" without blind signing.)
Again, literally a mathematical impossibility to do blind signing with symmetric algorithms. This has been proven, it cannot be refuted no matter how much obfuscation is added to the specific implementation.
But an estimate is not a hard deadline.
The bound of the estimate is a hard deadline for all practical purposes.
You don't need to do _perfect_ blind signing.
Ah, yeah, ya do. Crypto is all-or-nothing. "Good enough" only qualifies up to a given window of time, when you're talking about securing a currency a 1/1000 chance is a 100% chance.
Sure, everything you own (inclusive of castrating your ballsack off) vs $5.
There are other alternatives for centralized coins, including the ones that use symmetric crypto only.
That's what post-quantum algorithms are. That's also why there's no such thing as blind signing in the post-quantum world. It's not mathematically possible to construct a symmetric blind signing algorithm, this has been proven.
me thinks you are highly optimistic over quantum computers.
Not even remotely, but the target to run Shor's algorithm isn't that high and the trend in qubit count is precisely linear. It's not like I'm basing these statements on some anticipated breakthrough or exponential growth, just extrapolating a decade-old linear trend for another less-than-half-a-decade, that's an extraordinarily safe estimate.
Projects before Bitcoin were shut down; The 'Trustless' feature of Bitcoin is mandatory; A central server is only a 'single point of failure' and must be avoided at all price.
That's exactly why Bitcoin is doomed.
Following a linear projection of the last 10 years of qubit count we are looking at 2023 before quantum computers can run Shor's algorithm (and the variations thereof required for existing algorithms.) At that point the signature algorithms used to sign transactions have to be switched over to post-quantum algorithms. The issue there is that the BEST (smallest) post-quantum signature algorithms are ~31KB each, equating to 4-8TB of data accruing per year added to the blockchain over what it already has (based on existing yearly transaction rates and assuming zero new users, it only goes up from there.) Worse still, this can't just be patched into the algorithm, it has to be initiated at the level of every wallet individually. This means another 2-3 years to get everyone to switch over. So we're looking at 2020-2021 before the algorithms need to be in place and people need to start the cutover. It's basically 2019 now, that's 1 year remaining to not only get the community to decide on WHAT post-quantum algorithms to switch to, but get them written, get the code debugged, and have the code deployed so the cutover can begin. Meanwhile, nobody is even taking this issue seriously.
But wait, it gets worse. That 4-8TB/year of signatures means everyone won't have a copy of the blockchain locally. That means centralization, which gets back to why the community is ignoring the issue with their heads in the sand: they know damn well that post-quantum algorithms mean the end of Bitcoin, because they mean that from every practical standpoint there will need to be centralization. Decentralization is the only real selling point of a cryptocurrency (it's not backed by governments like fiat currencies, it's not backed by materials like gold, it's just backed by the notion that nobody can take it away or control it: but at least 1 of those cease to be true in a post-quantum world, the way the community is keeping their heads in the sand over this issue ensures both will be eventually.)
The funny thing about them, is they're even WORSE than existing crypto algorithms. We have a hard deadline of 2023 before quantum computers can break pre-quantum algorithms with vary slightly modified versions of Shor's algorithm based on a decade-old linear trend in qubit count. That means we are looking at just a few years to get everyone switched over to post-quantum algorithms. Post quantum algorithms are largely shit because they have at absolute best (smallest) signature sizes of 31KB, which has it's own set of issues (specifically, about 4-8TB/year of signatures on transactions which you can never delete without voiding the integrity of the blockchain, which from a logistical standpoint will lead to centralization.) Post quantum algorithms have another MAJOR failing: there is no such thing as a post-quantum algorithm which supports blind signing. It can't be done in a provably secure manner, there is some (very sketchy) research suggesting lattice based cryptographic algorithms MIGHT get there, but there is no proof those are even secure against traditional computers at the current level of development.
TL;DR: This is FUD, there are no post-quantum blind signature algorithms known at this time, at least systems not relying upon blind signing have some (terrible) methods available to them to patch the system and make it post-quantum safe, something based on blind signatures doesn't even have a roadmap beyond the next 4 years.
You're contrasting a simple mechanism with something that is actively powered. Lifters have existed since basically the dawn of electrodynamics, they aren't new just because someone slapped some wings on them and materials got light enough for them to be usable. This is kind of neat, but it's just another case of MIT taking old technology, repackaging it with their name slapped on, and pretending to be leaders in technology development. They (sadly) stopped being that years ago.
If they recommend Windows 10 find someone different.
Remove the red menace.
Serious question: why do people impersonate APK?
Can we get a rule which auto-bans anyone who submits an article behind a paywall?
Funny the date on those videos do not say 1918. So are you lying again?
I actually can't tell if you're a troll or mentally challenged. The lifter concept was done initially about a hundred years back, it's been well known to basically anyone who's paid attention in a physics class since.
Is that supposed to be in favor of your point? What they're doing now is proof he was right, nothing you can say will change that.
How many planes in the last 100 years have been propelled with no propeller or jet engine? Did you fail to read the summary?
Are you literally retarded?
https://www.youtube.com/results?search_query=lifter
How is this even news? These things have been around for like 100 years.
How can you patent parking a car in the sun and leaving the windows open?