Summary

We’ve shown the different attacking strategies on the Bitcoin system and the consequences if a cryptographic primitive is broken. We conclude that a weakness of the signature scheme has a bigger impact on Bitcoin’s security than any weakening of the security requirements of the hash functions. However, combining both yields a powerful attack against the protocol, which allows the stealing of foreign coins. Another danger is caused by improperly implemented signature schemes, which have already enabled practical attacks against Bitcoin with money being stolen. Consequently, we have to live with a residual risk if we invest in cryptocurrencies.

Another risk for Bitcoin is posed by future quantum computers, which would affect Bitcoin’s current signature scheme and Bitcoin’s consensus mechanism as well. Since a quantum miner could gain advantages in the PoW process, they could more likely launch double-spending attacks against the network. The financial incentive system of the Nakamoto consensus may encourage the quantum miner to invest their larger mining power in creating new blocks rather than in launching attacks. We note that current estimations don’t suggest that quantum mining will be more efficient than conventional mining hardware in the foreseeable future. A much bigger danger is the fact that a quantum attacker can break Bitcoin’s signatures. Although the window of opportunity is very limited, the stealing of foreign coins could be feasible. Consequently, the current signature scheme should be replaced in the long term by a quantum-proof scheme. We give an introduction to such quantum-safe signature schemes in the following chapter.