Quantum Computers Pose Imminent Threat to Bitcoin Security.量子计算机对比特币的安全性构成紧迫威胁.

Bitcoin is taking the world by storm.The decentralized digital currency is a secure payment platform that anybody can use.It is free from government interference and operated by an open,peer-t0-peer network.

比特币正如风暴般席卷全球。这种去中心化的数字货币是一种能被任何人使用的安全支付平台。它不受政府干预，由一个开放的p2p网络运营。

This independence is one reason Bitcoin has become so popular,causing its value to rise steeply.At the beginning of 2017,a single bitcoin was worth around $1,100. By November 2017,this had risen to around $7,000. Indeed,the total value of the cryptocurrency market is some $150 billion.

这种独立性是比特币打手欢迎的原因之一，使其价值陡增。2017年初，一枚比特币的价值约为1000美元，到了2017年11月则涨到了7000美元。事实上，加密货币的总市值约为1500亿美元。

A crucial feature of Bitcoin is its security. Bitcoins have two important security features that prevent them from being stolen or copied. Both are based on cryptographic protocols that are hard to crack. In other words,they exploit mathematical functions,like factorization,that are easy in one direction but hard in the other--at least for an ordinary classical computer.

比特币的一个重要特征是它的安全性。比特币有两个重要的安全特性，可以防止它们被偷窃或抄袭。两个特性都建立在难以破解的密码协议的基础上。换言之，它们利用了一些很容易顺向推理却不可逆(至少对普通的传统计算机而言很难)的数学函数，如因式分解。

But there is a problem on the horizon.Quantum computers can solve these problems easily.And the first quantum computers are currently under development.

但是，眼前有一个问题。量子计算机能轻易地解决这些问题。而且第一批量子计算机正在研发中。

That raises an urgent question: how secure is Bitcoin to the kinds of quantum attack that will be possible in the next few years?

这就引出了一个紧迫的问题：在几年后可能出现的各种量子攻击下，比特币能有多安全？

Today,we get an answer thanks to the work of Divesh Aggarwal at the National University of Singapore and a few pals. These guys have studied the threat to Bitcoin posed by quantum computers and say that the danger is real and imminent.

现在，我们从新加坡国立大学的戴夫士.阿加沃尔(Divesh Aggarwal)和几个朋友的工作中得到了一个答案。这些人研究了量子计算机对比特币构成的威胁后表示，这一威胁真实而紧迫。

First some background.Bitcoin transactions are stored in a distributed ledger that collates all the deals carried out in a specific time period,usually about 10 minutes.This collection,called a block,also contains a cryptographic hash of the previous block,which contains a cryptographic hash of the one before that,and so on in a chain.Hence the term blockchain.

首先介绍一下背景。比特币交易被存储在一个分布式账簿中，它会核对特定时段(通常为10分钟)发生的所有交易。这种集合体叫一个区块，它还包含前一个区块的加密哈希，而前一个区块包含在它之前的那个区块的加密哈希，如此形成一条链。于是就有了区块链这个词。

(A hash is a mathematical function that turns a set of data of any length into a set of specific length.)

(哈希是一个数学函数，它可将一组任意长度的数据映射为固定长度。)

The new block must also contain a number called a nonce that has a special property. When this nonce is hashed,or combined mathematically,with the content of the block,the result must be less than some specific target value.

新的区块一定还包含一个具有特殊属性的随机数。当使用数学方法分解或组合这个随机数和该区块的内容，结果一定比某个特定目标值小。

Given the nonce and the block content,this is easy to show,which allows anybody to verify the block.But generating the nonce is time consuming,since the only way to do it is by brute force--to try numbers one after the other until a nonce is found.

如果有了随机数和区块内容，任何人都能验证区块，这点很容易证明。但是，生成随机数十分耗时，因为唯一的方法就是用蛮力——用一个又一个的数字去试，直到发现一个随机数。

This process of finding a nonce,called mining,is rewarded with Bitcoins.Mining is so computationally intensive that the task is usually divided among many computers that share the reward.

这个寻找随机数的过程叫挖矿，而比特币就是挖矿所得的酬劳。挖矿需要进行大量计算，因此这个任务通常被分配给很多计算机，由这些计算机共享酬劳。

The block is then placed on the distributed ledger and,once validated,incorporated into the blockchain.The miners then start work on the next block.

然后，区块被放到分布式账簿上，一经验证就被并入区块链。接下来，矿机开始处理下一个区块。

Occasionally,two mining groups find different nonces and declare two different blocks.The bitcoin protocol states that in this case,the block that has been worked on more will be incorporated into the chain and the other discarded.

偶尔，两个挖矿组会发现不同的随机数，宣布两个不同的区块。针对这种情况，比特币协议规定，工作量更大的那个区块将被并入区块两，而另一个区块作废。

This process has an Achilles' heel. If a group of miners controls more than 50 percent of the computational power on the network,it can always mine blocks faster than whoever has the other 49 percent. In that case,it effectively controls the ledger.

这歌过程有一个致命弱点。如果一个矿机组控制了网络上超过50%的计算能力，它总是能比控制剩余49%的矿机组更快地处理区块。在这种情况下，这个矿机组能有效地控制账簿。

If it is malicious, it can spend bitcoins twice,by deleting transactions so they are never incorporated into the blockchain. The other 49 percent of miners are none the wiser because the have no oversight of the mining process.

如果这个矿机组是恶意的，它能删除交易记录，这些记录就永远不会被并入区块链，相关比特币就可以进行二次支付。另外49%的矿机对此一无所知，因为他们无法监督挖矿过程。

That creates an opportunity for a malicious owner of a quantum computer put to work as a Bitcoin miner.If this computational power break the 50 percent threshold, it can do what it likes.

这给量子计算机的恶意拥有者创造了一个作为比特币矿机来工作的机会。如果它的计算能能力超出了50%这个临界值，它就能为所欲为了。

So Aggarwal and co specifically examine the likelihood of a quantum computer becoming that powerful on the network. They look at the projected clock speeds of quantum computers in the next 10 years and compare that to the likely power of conventional hardware.

因此，阿加沃尔和他的同事专门研究了量子计算机在网络上变得如此强大的可能性。他们分析了量子计算机在10年后的预计时钟频率，并把它和传统硬件可能具备的能力进行了比较。

Their conclusion will be a relief to Bitcoin miners the world over. Aggarwal and co say that most mining is done by application-specific integrated circuits(ASICs) made by companies such as Nvidia. This hardware is likely to maintain a speed advantage over quantum computers over the next 10 years or so.

他们的结论会让全世界的比特币矿工如释重负。阿加沃尔和他的同事表示，Nvidia等公司制造的专用集成电路(ASIC)是挖矿最多的硬件，它在未来10年左右可能还能够保持速度优势，胜过量子计算机。

"We find that the proof-of-word used by Bitcoin is relatively resistant to substantial speedup by quantum computers in the next 10 years,mainly because specialized ASIC miners are extremely fast compared to the estimated clock speed of near-term quantum computers,"they say.

他们说：“我们发现，比特币采用的工作量证明在未来10年能相对抵御量子计算的大幅提速，主要是因为比起近期的量子计算机的预估时钟频率，专用集成电路矿机的速度极快。”

But there is a different threat that is much more worrying. Bitcoin has another cryptographic security feature to ensure that only the owner of a Bitcoin can spend it. This is based on the same mathematics used for public-key encryption schemes.

但是，另一个威胁更让人担忧。比特币还有一个安全特性，确保只有比特币的持有人才能用它进行支付。这个特性的基础就是公钥加密方案所有的数学运算。

The idea is that the owner generates two numbers--a private key that is secret and a public key that is published. The public key can be easily generated from the private key,but not vice versa. A signature can be used to verify that the owner holds the private key, without revealing the private key,using a technique known as an alliptic curve signature scheme.

整个概念是这样的：持有人生成两个数字——一个秘密的个人密钥和一个公开的公共密钥。个人密钥能轻易地生成公共密钥，但是反向操作不可行。用一个签名就能在不透露个人密钥的情况下，用一个叫做椭圆曲线签名方案的技术来验证该持有人持有个人密钥。

In this way,the receiver can verify that the owner possesses the private key and therefore has the right to spend the Bitcoin.

用这种方法，接收人就能验证持有人拥有个人密钥，因此也有权使用该比特币支付。

The only way to cheat this system is to calculate the private key using the public key,which is extremely hard with conventional computers.But with a quantum computer,it is easy.

要想欺骗这个系统，唯一的方法就是用公共密钥算出个人密钥，这种方法用传统计算机很难实现。但是，量子计算机能轻易做到。

And that's how quantum computers pose a significant risk to Bitcoin."The elliptic curve signature scheme used by Bitcoin is much more at risk,and could be completely broken by a quantum computer as early as 2027," say Aggarwal and co.

这就是量子计算机可能会对比特币构成的重大威胁。“比特币用的椭圆曲线签名方案面临更大的风险，可能到2027年就会被量子计算机完全攻破。”阿加沃尔和他的同事表示道。

Indeed,quantum computers pose a similar risk to all encryption schemes that use a similar technology,which includes many common forms of encryption.

事实上，量子计算机对所有使用同类技术的加密方案构成类似的风险，其中包括很多普通加密形式。

There are public-key schemes that are resistant to attack by quantum computers. So it is conceivable that the Bitcoin protocols could be revised to make the system safer.But there are no plans to do that now.

有些公共密钥方案能够抵御量子计算机的攻击。因此我们可以推测，比特币协议可以修订，让系统更安全。但是目前还没有这样的计划。

Bitcoin is no stranger to controversy. It has weathered various storms over over its security. But that is no guarantee that it will cope well in the future.One thing is sure: the pressure to change will increase as the first powerful quantum computers  come online in the next few years.

比特币一直颇受争议。在安全性这个问题上，它经受住了各种风波。但是，谁都不能保证它将来也能安然无恙。有一件事是可以肯定的：随着第一批强大的量子计算机在未来几年内上线，改变的压力会更大。