Olivia
Online
ORIGIN
@OriginCryptoX
Joined September 2024
6 Following
52 Followers
190 Posts
@hus_qy この会話は録音されますか?
私は日本ユーザですが、内容を知りたいです。
https://t.co/hHX0xmQ8Ms
@davidaxelrod @realDonaldTrump He has no interest other than himself.
He is only interested in showing how great he is. This old man clearly should retire.
It is harmful to the American people and has no interest.
Thanks to him, America's trust has fallen to the ground.
トリスタ、いつの間にハゲたんや?
#DeadbyDaylight
BREAKING: AI Jesus loves kicking Trump’s ass.
Let's try this "engagement farming" thing.
I was invited to a big YT channel to discuss the quantum threat. Inspired by the comments to the previous video (pinned), if this post gets 1k likes I'll wear a $kas Kaspa shirt.
UTXO set commitments are $kas Kaspa's quantum achilles hill
In light of the recent truly astounding advances in building quantum computers, I think it's time to explain the most significant threat to Kaspa's consensus mechanism that such machines pose. It's not an immediate threat, but arguably something that requires more attention given the shift in the landscape.
Before I start, I want to mention that @mcpauld invited me to a recorded session where we will talk about the new quantum advances, their meaning, and their consequences to blockchains. Stay tuned to know when it is published.
Incremental Hash commitments and MuHash
When a new Kaspa node syncs from an existing one, it gets a copy (actually, two copies, but never mind) of the UTXO set, along with a commitment. The commitment is a small hash that cryptographically assures that the supplied UTXO set matches the expected one.
Hashing the entire UTXO set is an ever-daunting task, whose computational cost grows with the number of UTXOs. It's reasonable to do once during sync for verification, but for a miner, recomputing the entire hash for every new block would gradually make mining less and less accessible.
To address this, Kaspa headers use an incremental hash. It's a special kind of hash that is used to commit to a set of strings (each representing a UTXO). What makes it special is that given the current commitment, as well as a list of elements to add and remove, one can compute the hash of the resulting set without recomputing the entire hash. So when creating a new block, the miner just uses the existing hash and updates it according to the UTXOs consumed and created in its block. As long as the block wasn't pruned, all nodes can repeat this check and verify that the miner is honest.
Generally speaking, hashes are not incremental. Incremental hashes are specially designed to provide this functionality. In particular, Kaspa uses MuHash, a very lightweight incremental hash.
Quantum Shor Attacks
I will not go into the details of what quantum computers can or cannot break. But what's important to remember is that they can break what we call "discrete log assumptions".
Stock hash families like Keccak, SHA, Blake, and so on do not rely on any such assumption, so they are considered quantum secure (in the sense that it is impossible to quantum-optimize them beyond the obligatory Grover quadratic speedup).
However, MuHash relies on elliptic discrete log assumptions, very similar to ECDSA. This means that a quantum adversary can invert the hash commitment. In other words: they can find a completely different UTXO set with the same MuHash commitment.
Consequences
The UTXO set can only be verified independently of the UTXO commitment until the block is pruned. After that, Kaspa clients will accept any UTXO set that matches the commitment.
This, for example, allows the following 51% attack:
1. Locate the UTXO commitment of the latest pruning block
2. Use your quantum computer to find another UTXO set with the same commitment
3. Build a competing heavier chain that assumes the UTXO set at pruning is the one you manufactured and not the original one
Voila! A 51% the length of a single pruning window that can rewrite Kaspa's enitre history.
Comparison to the current state
Currently, Kaspa relies on social consensus in the short term, followed by cryptographic security in the long term. Social consensus prevents committing to UTXO sets that weren't a consequence of legitimate transactions. Cryptography uses state commitment to cement the UTXO set agreed upon by consensus.
This is a very mild relaxation of Bitcoin's trust model, which does not require social consensus in the short term for chain consistency.
Breaking MuHash means that the cryptographic backbone of this model no longer holds. UTXO commitments become unreliable, compromising Kaspa's trust model.
I want to stress two things:
1. The attack only requires one application of Shor's algorithm to find a preimage. It might require some clever mix-and-match to find a preimage you actually like, but factors like BPS or difficulty do not make the attack any harder.
2. The attack cost is directly proportional to the length of a pruning window (in RW time, not blocks). So shorter pruning windows = less quantum secure network.
Partial Solutions
1. Relying on archival nodes. If archival nodes are always available, then the problem "goes away". The issue is that archival nodes become a trusted source of truth. Currently, we don't have to trust archival nodes, because the UTXO commitment ensures that the UTXO set they describe is genuine. With this assumption quantum-broken, we need to either trust archival nodes or have enough archival nodes to trust decentralization.
One of Kaspa's strong points over Bitcoin's antiquated model is a trust model that does not require trusted archives. Removing this will make Kaspa de-facto centralized.
Worse yet, the reliance on archival nodes is fragile, as if, for some reason, there is a period of time longer than a pruning window that was not archived by anyone, the chain becomes indefinitely unverifiable.
2. Changing Hash
There are post-quantum hashes like LtHash. The first issue (but not the key one) is that such a commitment is much larger (2KB versus a few dozen bytes). Recall that the UTXO commitment is a part of the header, so using such large commitments will make headers 9-10 times larger, drastically increasing storage costs for pruned nodes.
(One can argue that pruned non-mining nodes can run in a mode that chucks away the commitments after verifying them. This will reduce storage, but it is impossible to sync from such nodes trustlessly, recreating the few sources of truth problem.)
But even if we do magically find a tiny post-quantum hash, that will only provide a partial solution. A quantum adversary could not forge the UTXO set from the latest pruning point, but would have to go back far enough to split from a block that still uses MuHsah.
Possible solution
I haven't spent any time trying to come up with a better solution. It is very possible that a better approach exists. Below is a strating point for a discussion, not a concrete proposal:
1. Converge on a post-quantum incremental hash, lets call it QuHash
2. Decide on a block from which commitments must be in QuHash
3. Decide on a period of time (say, a year) after which reorgs below the QuHash depth are considered invalid.
This is a very problematic solution, for several reasons:
1. (After qday) any archival information from before the QuHash days cannot be trusted. This includes any form of cryptographic receipt. All could be easily forged without tampering with the commitment.
2. (After qday) there will no longer be a reliable way to verify a UTXO set "all the way to genesis", just "all the way to when we started using QuHash". What happened before qday is delegated to social consensus.
3. Headers will become larger by an order of magnitude.
Conclusion
MuHash is a considerable quantum weak point that is unique to Kaspa. Arguably, it's time to start brewing up solutions.
@McFaul He doesn't know how to do diplomacy. For him, he only knows about negotiating with overseas countries with the same sense as power harassment within the company.
No predisposition to being a president.
It's less than an auto pen.
@OccupyDemocrats The sad reality is that the president's job is merely throwing tantrums on social media. If he wins the midterm elections, the world would rate Americans as idiots.The quality of the American people will be questioned in the midterm elections.
@BillKristol He will make his name as the most abused president in world history.
@DanielLDavis1 He is one of the worst irresponsible politicians ever.And the world would not view him as a personal problem, but as a problem with the American people. He leaves irresponsibly, leaving behind a great, negative legacy.
@OccupyDemocrats He is an old man and life after his term is short. Young people are the ones who are most affected by the confusion he caused.
It's a war that Trump caused, but the world will see it as a war that America caused.
These are engraved as America's negative history.
He is the most selfish president in the world, has no sense of responsibility, and has caused trouble to the whole world.
He is certainly a man who has made a name for himself in world history in a bad way.
The man who said he would make America great actually did the opposite.
Trump at war:
1. Start war. Do not tell allies.
2. Blow stuff up.
3. Demand regime change.
4. Blow up more stuff.
5. Demand unconditional surrender.
6. Get angry when enemy fights back.
7. Make threats.
8. Back down. Repeat.
9. Demand allies finish war.
10. Walk away.
@maddenifico This is probably a case that will make a name for itself in history as a taint that will remain in American history.
War crimes will also be questioned not by Trump's individuality, but as a nation.
The impact on the American people is immeasurable.
@TheRickWilson Give me a forgiveness for Trump. He's a baby who mistakes the world of politics for his sand playground.
The baby cries when things don't go as they want.
He's a baby too, so I cry on social media.
@MosiniElisa It all started with Trump's arrogance. They threatened and pressured various countries and rapidly lost their trust as a country.
This time they attacked Iran without any serious planning, and are stumbling over the preliminary forecast.
He's very stupid.
@JoJoFromJerz He will make his mark in history as America's shame.
@ObsDelphi The recent war and comments at this press conference also highlight Trump's lack of thought.
The narcissistic leader doesn't know that his arrogance burns himself.
Fools learn from their own experiences, while wise men learn from others' experiences.
@OccupyDemocrats An incompetent war was carried out to protect personal honor.The current situation is the result of chimpanzees taking the helm of the https://t.co/Ds1TRGbeF7 the medium to long term, this battle will likely be recorded in history as a historic stain in America.
@KaspaHub @KaspaFacts @KaspaTeacher @elonmusk @KaspaTeacher made an unfounded criticism of @DesheShai a while ago. Those who do this are harmful to the community. That criticism of Shai, who evaluated and commented on the project in a neutral and concrete way, was stupid.
Last Seen Users on Sotwe
Most Popular Users
Elon Musk 
@elonmusk
240.1M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
109.2M followers
Narendra Modi
@narendramodi
106.9M followers
Rihanna
@rihanna
97.3M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.6M followers
KATY PERRY
@katyperry
86.9M followers
Taylor Swift
@taylorswift13
80.7M followers
Lady Gaga
@ladygaga
72.3M followers
Kim Kardashian
@kimkardashian
69.4M followers
Virat Kohli
@imvkohli
68.7M followers
YouTube
@youtube
68.6M followers
Bill Gates
@billgates
63.5M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61.3M followers
X
@x
60.9M followers
Selena Gomez
@selenagomez
60M followers