Hi,
In a recent work with Bolton Bailey
(still not peer-reviewed) , we showed how a single quantum miner, with
relatively little hashing power, can execute a 51% attack. *The attack
isn't relevant for the forthcoming years, requiring an extremely fast,
noise-tolerant quantum computer.*
The attack is surprisingly simple. The attacker creates a private fork,
increasing the difficulty by a factor c. Due to the properties of Grover's
algorithm, it is only \sqrt c harder for the quantum miner to mine at the
new difficulty level, but these blocks count as $c$ times more for the PoW.
Therefore, by mining even a single epoch for a large enough $c$, the
quantum miner can generate more proof-of-work than the competing
(classical) chain. The complexity of the attack is ~1/r^2 epochs, where r
is the fraction of the block rewards that the quantum miner would have
received if they mined honestly. This attack (or variants thereof) provides
essentially the same benefits as classical 51% attacks, including double
spending, and all the revenue from the block rewards.
This attack might be relevant when considering future protocol
modifications.
Or
--
You received this message because you are subscribed to the Google Groups "Bitcoin Development Mailing List" group.
To unsubscribe from this group and stop receiving emails from it, send an email to bitcoindev+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/bitcoindev/573ba0d7-522c-424e-898f-caa780c6ecf0n%40googlegroups.com.