lukechampine
commented
5 years ago There are three crypto operations that Sia uses: symmetric encryption, asymmetric encryption, and hashing. We use symmetric encryption for file encryption; asymmetric encryption for host announcements and spending money; and hashing for, well, tons of stuff, but most notably Merkle proofs.
My understanding is that quantum crypto breaks asymmetric encryption, but not symmetric encryption or hashing. So a strong quantum computer threatens our payments and host announcements, but does not allow people to decrypt your files or cheat storage proofs.
We did not make Sia's asymmetric encryption "quantum proof" from the beginning because no post-quantum algorithms have been standardized yet. NIST is currently holding a contest to select such an algorithm to standardize; I expect that, as in the past, we will use either the winner or a runner-up. Fortunately, Sia was designed to accommodate arbitrary signature algorithms (see types.SiaPublicKey), so once we do select an algorithm, switching to it will be relatively painless.
shuruiz
Quantum computing is going to be available to the public soon. Did you consider the quantum vulnerability of Sia network? The privacy ability of Sia brought by the cryptography can be lost due to quantum computing.