When Google unveiled WIllow, a quantum
When Google unveiled WIllow, a quantum computer, in early December, there seems to be a lot of talk about whether quantum computers can really beat Bitcoin. I'd like to talk about this once within my knowledge.
Basically, Bitcoin encryption consists of an elliptic curve cryptography (ECC) system called ECDSA. The elliptic curve is the curve produced by real numbers x and y with the following relationship.
y^2 = x^3 + ax + b
If you look closely at the equation, y has a square, so substituting -y for +y does not change the equation. Therefore, the elliptic curve is x-axis symmetric. For use in cryptographic systems, elliptic curves must not have any singularity, such as sharp points or intersecting points. The condition to satisfy this condition is that 4a^3 + 27b^2 ≠ 0. A unique feature of these elliptic curves is that they allow for a kind of 'operation' on them. For example, consider the point -R that occurs when a straight line is connected between any two points P and Q on the elliptic curve, the line intersects at different points on the elliptic curve. Let R denote the point where the -R is finally x-axis symmetrical. Why did the new point where we connected two points and then met the elliptic curve not R but -R? And why did we design x-axis symmetry again? This is because it is a necessary process to define a new 'operation' system on the elliptic curve. Let's express the operation '*' above, which produces points P and Q to R.
R = P*Q
This defines the process by which the objects P and Q meet on the elliptic curve to form R.
So why bother to define such a 'operation' in a confined space like an elliptic curve? In fact, the purpose of this operation is to properly hide the information. If you want to hide the information, you'll have to trace the encrypted information back and make it difficult to recognize the original information. In other words, the values (i.e., ciphers) generated by the operation are rearranged to make it difficult to figure out. The operation on the elliptic curve is characterized by the difficulty of reverse operation.
For any operation, you need to check the existence of a simple law in order to define it. Let's start with the law of exchange. Will P*Q and Q*P produce the same result? The result (that is, the new point where a straight line intersects with an elliptic curve) will not change even if the order of P and Q is changed, so the law of exchange for the operation '*' naturally holds. What about repeating the operation? For example, let's consider the result of calculating T again to R, which is the result of P*Q. This can be written as (P*Q)*T. To see if the law of coupling works, you can compare the result of this operation with the result of P*(Q*T). When we draw a picture on an elliptic curve, it is easy to see that the two results are the same. In other words, since (P*Q)*T = P*(Q*T) holds, the operation '*' also satisfies the law of coupling. Then, does this exist an inverse circle or an identity circle? For example, let's take a point on an elliptic curve with one being P and the other being -P, which is the symmetry of the x-axis of P. The process of (P*-P) will produce a straight line that is perpendicular to the x-axis. But this vertical line never meets the other part of the elliptic curve. (Because elliptic curves are symmetrical to the x-axis in the first place.) So for operations on elliptic curves using this feature, the identity circle can be written as O, and the inverse of P for the operation '*' can be defined as -P. That is, we can write P*-P = O, P*O = P. There is another interesting feature of this operation. You can think of a tangent line at any given point in an elliptic curve as well. A tangent line can be seen as a straight line formed by superimposing a point on a calculator. Thus, the operation on any contact point on an elliptic curve can be defined as (P*P) = 2P. You could say that the operation on an elliptic curve is 'closed'. This means that the point R that results from the operation must exist on the elliptic curve. This means that the straight line connecting the point P and Q is bound to meet the elliptic curve (except when Q is -P). You might not think much of it as a general curve, even if it is not an elliptic curve. However, not all curves meet these requirements. For example, let's consider a curve like a quadratic function. A tangent line at any point on this curve never meets this curve.
Let's see how these interesting features of elliptic curves can be used for encryption. Let the coordinates of points P, Q, and R be (x1,y1), (x2,y2), and (x3,y3), respectively. From a simple calculation, we can see that these coordinates in the operational relationship on the elliptic curve follow the relational expression.
1) For P ≠ Q: λ = (y2-y1)/(x2-x1), x3 = λ^2-x2, y3 = λ(x1-x3) -y1
2) If P = Q (i.e. contact point): λ = (3x1^2 + a)/(2y1), x3 = λ^2 - 2x1, y3 = λ(x1 - x3) - y1
Let's suppose that we are given a starting point P (which is also called a generator) and we are given a final destination point R. And let's suppose that we are also given elliptic curve parameters a and b. Then we can write nP = P*P*...*P = R. Can we reversely guess how many times this operation has been repeated just by knowing the coordinates of P and R? In other words, would it be easy to find n? What if this operation was repeated hundreds of millions and thousands of times, not tens or hundreds of times? Or more unimaginably, incredibly, incredibly, even more