Seven Questions And Answers To Bitcoin
The bitcoin forum will be held in Dublin, on July 3rd and 4th at the Royal Dublin society. These are your public key, and will be needed by the network to later verify your signature. A Lamport signature is a one-time signature that gets around the lockbox problem in the following way: there are multiple locks, and it is the content of the message (or rather, the hash of the message) that determines which locks need to be opened. Rather, it simply provides a modest reduction from O(2k) to O(2k/2). Shor's algorithm reduces the runtime of cracking elliptic curve cryptography from O(2k/2) to O(k3) - that is to say, since Bitcoin private keys are 256 bits long, the number of computational steps needed to crack them goes down from 340 trillion trillion trillion to a few hundred million at most. Thus, safe transactions are essentially impossible. The only limit to the maximum number of transactions per address is basically a question of limiting blockchain bloat.
For example, business owners incur a small fee when they accept credit card payments because banks and payment-processing companies have to process those transactions. If the whole process is done within weeks, then by the time quantum computers become a threat the bulk of people's bitcoins will be in new-style Lamport addresses and will be safe. Even then, however, you are vulnerable to a Finney attack - a dishonest miner can forge your signature, create a valid block containing his forged transaction continuing the blockchain from one before the most recent block (the one containing your transaction), and, since the lengths of the old and new blockchains would then be equal, the attacker would have a 50 chance of his block taking precedence. Both numbers are in the trillions of trillions of computations. Grover's algorithm is far more generic - given a list of numbers and a mathematical property, it can figure out which one of those numbers satisfies the property. If you send a transaction spending all 100 BTC in address 13ign, with 10 BTC going to 1v1tal to pay for goods and 90 BTC change going back to your new address at 1mcqmmnx, the first node that you send the transaction to can replace the change address with whatever they want, recover the private key from your public key, and forge your signature.
In a Bitcoin user's wallet, each of that user's own Bitcoin addresses is represented by three distinct numbers: a private key, a public key and the address itself. A transaction will include the public key and the signature, just like today, and, once again just like today, verifiers will check that the public key matches the address and the signature matches the message and the public key. The public key is derived from the private key by elliptic curve multiplication, and, given only classical computers like those that exist today, recovering the private key from a public key is essentially impossible. When your Bitcoin client sends a transaction to the network, what it is really doing is sending a mathematical proof of the following fact: this transaction, which states that I am sending this amount of money to this address, youtu.be was constructed by someone in possession of the private key behind the Bitcoin address I'm sending from. The address is derived from the public key by a series of three steps: applying the SHA256 hash function to the public key, applying the RIPEMD-160 hash function to that and finally adding a value called a checksum for error correction purposes (so that if you accidentally mistype a single character when sending to a Bitcoin address your money does not disappear into a black hole).
RIPEMD-160), and publish all 160 pairs of hashes. In the case of RIPEMD-160, the weaker of the two hashes used to create a Bitcoin address, this means that the number of steps needed to recover a public key from an address goes down from 1.4 trillion trillion trillion trillion to 1.2 trillion trillion. RIPEMD-160 hash of the public key; the only difference is that the public key will consist of 320 hashes rather than an elliptic curve point. 80 steps to simply crack all the hashes. A modified version of Shor's algorithm can crack elliptic curve cryptography as well, and Grover's algorithm attacks basically anything, including SHA256 and RIPEMD-160. The only change in behavior that will be needed is for people to start using addresses only once; after two uses, the security of the Lamport scheme drops to 240, a value which might still be safe against quantum computers at first, but only barely, and after three uses it's as weak as elliptic curve cryptography. The solution is this: as soon as a quantum pre-emergency is declared, everyone should move their wealth into a 1-of-2 multisignature transaction between an unused, old-style, Bitcoin address, and an address generated with the new Lamport scheme.