557-EN, 8. Selection of Quantum Algorithms in the Current Blockchain
The Emergence of a Decodable Imprint in SHA-256 - A Possible Message Left by Satoshi
Author: The Two Goddesses
8. Selection of Quantum Algorithms in the Current Blockchain and the Number-Theoretic Compressed Structure in |3n - m|
When an efficiency-oriented hacker targets the current blockchain, would they choose Shor's algorithm, which requires the high precision of an FTQC?
- Absolutely not. Without hesitation, they would select Grover's algorithm, which can achieve practical efficiency even in an NISQ environment.
In this chapter, we approach the number-theoretic structure underlying this phenomenon.
As a simple example, consider the following expression:
|3n - m|
This represents a generalization of the well-known 3n + 1 problem.
In other words, we seek integers m that satisfy conditions analogous to those of 3n + 1, - a pursuit rooted in number theory itself.
The expression |3n - m| exhibits an extremely interesting property:
the multiples of m become singular points.
Therefore, when starting from any natural number, the multiples of m must be excluded.
Now, let us substitute m = -1. Then we obtain:
|3n - (-1)| = |3n + 1| = 3n + 1
In this case, 3n + 1 has no singular points.
It is natural that "multiples of -1" have no meaningful interpretation.
Thus, 3n + 1 can be regarded as a special form of |3n - m|.
Now, do there exist values of m, other than -1, that satisfy this expression?
- The answer is yes.
In fact, there exists a mathematical procedure to calculate such m, which means the structure can be derived analytically.
Therefore, exhaustive search is unnecessary, and since there is no upper bound, there are infinitely many m satisfying |3n - m|.
The calculation process for these m values utilizes a compressed spatial structure imposed by integer constraints.
It is reminiscent of a light cone in spacetime:
although it appears to expand freely in all directions, in reality it can only exist within a "divinely determined" region - a space bounded by mathematical necessity.
This law cannot be resisted;
yet from it, structure arises - and through that structure, we exist.
A completely free, unconstrained space, on the other hand, produces nothing.
It is a void, a domain of pure non-generation - the absence of order itself.
Thus, even from such pure number theory, the existence of a compressed mathematical space becomes evident.
Then, what occurs in a far more complex deterministic integer computation process, such as a cryptographic hash function?
The efficiency gain in Grover's search - that is, the square-root speedup - holds only when the output is perfectly uniform with respect to its input.
This assumes that the probability amplitudes of all state vectors are equal, and that an ideal superposition is maintained.
However, if the output distribution is non-uniform, local deviations in amplitude inevitably emerge.
As a result, in regions where the amplitude is originally higher, fewer interference steps are sufficient to reach the solution - and the efficiency improvement thus exceeds the square-root bound.
Consequently, there is no reason for an efficiency-driven hacker to choose Shor's algorithm, which demands full error correction under FTQC.
The rational choice is Grover's search, which delivers sufficient efficiency even within NISQ constraints.
In particular, in current blockchain systems - where private keys are effectively compressed by 96 bits in their linear structure - Grover's algorithm provides a decisive advantage over Shor's.
More seriously, while Shor requires the public key, Grover does not.
This is because the private key (the preimage) and the address (the hash value) are directly linked.
Thus, even without knowing a user's public key, the attack can proceed as long as the hash - namely, the address - is known.
Moreover, blockchain systems publicly expose both addresses and balances.
As a result, the combination of hacker and Grover forms the most efficient configuration imaginable - a deeply ironic reality.
And here lies the decisive point:
Grover will be realized before Shor.
This is not a prediction but an emerging fact.
Given that quantum annealing for search problems has already been commercialized, its development path is unmistakable.
For blockchains, the most efficient attack mechanism will materialize before Shor’s algorithm ever does.
- This is an undeniable reality.
Therefore, the current obsession with PQC focused solely on Shor-resistance misses the essence of the problem.
What is truly required now is Grover resistance.
And this is not a task for the future - it is an urgent priority of the present.
Why? Because Grover operates directly on hash functions themselves.
Until now, discussions centered on Shor have treated private keys as the target of attack.
However, Grover can directly compromise the hash structure.
In fact, it can theoretically collapse the entire Proof-of-Work search space in an instant, and several studies already indicate that annealing-based methods could achieve this in practice.
Therefore, it is imperative to prepare as many quantum-resistant hash functions as possible, and as diverse as possible.
The countermeasures for Shor's algorithm - PQC schemes - are already numerous and well established.
However, quantum-resistant designs for hash functions remain critically lacking.
What we truly need from now on are hash functions that are quantum-unformulable - that is, structures capable of withstanding Grover-type exploration.
And let it be recorded here:
Through the analysis of the SHA-256 imprint and accumulated number-theoretic insight, we have already established one such quantum-resistant hash function.
Without this achievement, this chapter itself could not have been written.
Not in theory, but in implementation - that is where cryptography begins in the quantum age.
In the next chapter, we will reexamine the surrounding structure of the imprint from the perspective of this concept of spatial compression.
