So I was wondering, if say a quantum computer is ever made could it be used to break the privacy of past transactions?
Would that mean at that someone could just work though the blockchain and De-anonymize everyone who's used monero?
Asked
Active
Viewed 319 times
3
-
Ah I just noticed this is a duplicate -- original here – bekah Dec 02 '16 at 22:41
1 Answers
4
Yep, using Shor's algorithm for finding the discrete log would allow the person in possession of a quantum computer to find every x used in a key image x.H(R) (not immediately, but in a feasible amount of time), and hence know exactly which accounts are linked by transactions.
There's actually a bigger issue than deanonymising all the transactions if quantum computers become a reality in the near future though -- Schnorr signatures and EdDSA are both based on the hardness of the discrete logarithm problem, which means an adversarial actor with a quantum computer will be able to compute your private key from any signature you produce, and attempt to spend your funds before your transaction is accepted into a block, or some other similar attack :(
bekah
- 455
- 2
- 7