Mark_Friedenbach comments on A proposed inefficiency in the Bitcoin markets - Less Wrong

3 Post author: Liron 27 December 2013 03:48AM

You are viewing a comment permalink. View the original post to see all comments and the full post content.

Article Navigation

Comments (138)
Tags: reasoning markets bayesian rationality bitcoin efficient applied

Comments (138)

You are viewing a single comment's thread. Show more comments above.

Comment author: [deleted] 02 January 2014 01:48:07AM 0 points [-]

But you can't attack the ECDSA by Shor's algorithm if you don't know the public key, as is the case with a pubkey-hash address that has never been used. If you avoid key reuse, the only moment when coins are vulnerable is that ~10 minute interval after you've broadcast a transaction spending the coins but it hasn't yet made it into a block.

Comment author: ChristianKl 02 January 2014 01:53:50AM 0 points [-]

Yes, but as I said above that 10 minutes interval is irrelevant when you can just change your target key every minute.

As a attacker it's quite okay to capture random transactions instead of attacking specific transactions.

Comment author: [deleted] 02 January 2014 02:40:50AM 0 points [-]

No, first of all they are qualitatively different. Not all targets are the same. At best you could attack whatever the largest input in your current mempool is, perhaps a few dozen bitcoins at most. Whereas if you could choose your targets, something like this is better:

http://blockchain.info/address/1933phfhK3ZgFQNLGSDXvqCn32k2buXY8a

Second, it doesn't change the fact that you'd still have this insanely powerful quantum supercomputer running for millions of years before you have a chance at double-spending a single coin. Not economically viable as I said before.

Comment author: ChristianKl 02 January 2014 06:23:04PM 1 point [-]

Second, it doesn't change the fact that you'd still have this insanely powerful quantum supercomputer running for millions of years before you have a chance at double-spending a single coin. Not economically viable as I said before.

Various people do consider ECDSA to be effectively broken with quantum computers. It's hard to estimate what a quantum computer of a certain power is going to cost in 20 years.

That said, I don't need to capture enough coins to pay for the attack. I can buy options on failing bitcoin price and attack. If it's known that there's an attacker who randomly hijacks transactions the bitcoin price takes a blow.

Powered by Reddit Powered by Reddit