-
garthDidn’t do 64?
-
monerobull[m]Anyone know if a hardware wallet becomes quantum attackable when you send from a wallet that uses passphrase
-
monerobull[m]Like, have 2 wallets on ledger, one with and one without passphrase
-
monerobull[m]Does the one with the passphrase become "compromised" when you send from the one without?
-
monerobull[m]I know that a wallet that only ever received and never sent is more resistant to quantum cracking
-
wernervasquez[m]AFAIK only addresses which are hashes have additional quantum resistance, like bitcoin. Monero does not have this property.
-
wernervasquez[m]Also, if there were a viable quantum computer capable of cracking ECC, the attacker would just solve for the scalar h, such that H = h G
-
wernervasquez[m]This would create a limitless supply of XMR for the attacker, and the attack would be undetactable.
-
monerobull[m]At least they can't steal my coin :P
-
wernervasquez[m]monerobull: without know what you are getting at, my summary would be - xmr addresses are not quantum resistant, and one could counterfeit xmr with a quantum computer.
-
JohnSmith[m]1Z
-
monerobull[m]Yes but you can't solve the private key for a wallet from it's public key if it never signed anything with it's Private key
-
wernervasquez[m]monerobull[m]: They could, but wouldnt want to as that would reveal the existance of a strong enough quantum computer to crack modern cryptography.
-
wernervasquez[m]monerobull[m]: If you publish your xmr address, a quantum computer could determine your private key. Crypto which makes the address from a hash has addtional security, but I have not seen a breakdown of whether that is practical or if other weaknesses woild render that protection worthless at that point.
-
monerobull[m]Alright, thanks :)
-
w[m]<wernervasquez[m]> "AFAIK only addresses which are..." <- Does jamtis change this?
-
UkoeHBno
-
wernervasquez[m]w: UkoeHB is the expert. I believe the issue with hashes as used in bitcoin addresses, is that you must provide the public key at the time of signing. Xmr cannot do this as it would reveal the real signer from the ring.
-
wernervasquez[m]Perhaps there is some fancy solution out there, but I have always presumed monero will have to switch to a quantum resistant algo at some point. In other words, swap out ECC with something else.
-
wernervasquez[m]Are there any roadmaps on how to migrate/update xmr for post quantum?
-
UkoeHBwernervasquez[m]: repo.getmonero.org/monero-project/ccs-proposals/-/merge_requests/142