Quantum computing’s threat to blockchain security: expert
07/23/2024 17:17Quantum computing, once a theoretical concept, is now quickly advancing and reshaping our understanding of data processing
Quantum computing, once a theoretical concept, is now quickly advancing and reshaping our understanding of data processing.
Unlike traditional computers using bits, quantum machines leverage qubits, which can exist in multiple states at once. This makes them significantly more efficient than traditional computing systems when tackling complex problems.
For the blockchain sector, the rise of quantum technology poses a significant threat to cryptographic systems that underpin blockchain security. Current encryption methods, such as Rivest-Shamir-Adleman (RSA) and Elliptic-Curve Cryptography (ECC), are widely used in networks like Bitcoin and Ethereum.
Their core strength lies in their complexity, which traditional systems can’t crack. Yet quantum machines claim to be able to break these systems, potentially leaving these networks vulnerable to attacks that were once deemed improbable.
With the entire sector comprising cryptocurrencies, non-fungible tokens (NFTs), and decentralized applications (DApps) at risk, quantum-resistant cryptographic measures are urgently needed. As we slowly move towards the post-quantum era, the blockchain sector must innovate and adapt.
To illuminate these issues, Lisa Loud, Executive Director of the Secret Network Foundation and Chair of the IEEE SA Quantum Algorithms Workgroup, recently spoke with crypto.news, discussing the implications of quantum computing for blockchain security and how these threats are being addressed.
What are quantum computing attacks, and why is it considered a threat to blockchain and cryptocurrencies in general?
Quantum computing attacks are something like current-day brute force attacks in that their capacity to try different combinations is greatly enhanced over classical computers. If you have a combination lock with three digits, there are around a thousand combinations, and a patient thief could try them all and unlock your suitcase or steal your bike. When you have an online password of 12 characters, the permutations increase to 7212 different possible passwords, which a human being couldn’t manage – but a classical computer could try all of them in sequence and eventually find the right combination. If you have a wallet with an encrypted private key, the number of possible options increases to 2256. This is too many for classical computing to manage, but a quantum computer could do it.
This is a simplification of reality but conveys the concept of why a quantum computer attack is a threat to blockchains and cryptocurrencies. Many proposals to address this threat are largely theoretical or depend on the solution of creating new blockchains with native quantum resistance, but this is not practical when there are millions of dollars tied up in existing blockchains. Instead, some researchers are focusing on end-to-end frameworks that can be applied to existing blockchains3. Another less obvious but potential threat is that quantum computers might be able to mine blocks much faster than classical computers, potentially centralizing mining power.
Can the blockchain sector can address these issues before quantum computing technology is fully ready?
These are the issues that we see today, but who knows what will emerge once quantum computing is a reality. We know that blockchain cryptography is evolving specifically to counter these threats, but the biggest question is, what haven’t we thought of? What threats exist that are not obvious today but will only emerge once we have these two technologies in the same space? We don’t know the answer, but we can be certain of one thing: there will be new and unexpected problems to solve when blockchains encounter quantum computing.
Theoretically, quantum computers can break RSA and Elliptic Curve cryptographic algorithms; how imminent is the threat to current blockchain platforms like Bitcoin and Ethereum?
The field of quantum cryptography, while promising in its potential for breaking existing cyphers, is far from ready for practical deployments. At the same time, on-chain encryption continues to evolve, and today’s cryptographers are aware of the quantum threat on the horizon. As a result of this set of conditions, the development of new on-chain encryption methods considers quantum-proof methods to be necessary. Today, there is no imminent threat to Bitcoin or Ethereum simply because quantum hardware remains largely a theoretical construct.
Do you think cryptographic standards can help secure blockchain networks against quantum threats? Can they be integrated into existing systems like Bitcoin and Ethereum?
There are various cryptocurrency algorithms that are designed to handle quantum resistance, such as SPHINCS+. While I am chairing a standards committee at IEEE to define best practices in writing quantum algorithms, there are other working groups at IEEE and many other standards organizations working on the best practices for quantum-resistant software development. Blockchains will be able to switch encryption algorithms sooner than many other areas of industry. In particular, chains that have a governance structure in place will have an easier time making the switch. Chains such as Bitcoin or Ethereum may take longer.
What are the challenges decentralized blockchains face in migrating to post-quantum cryptography? Is the pseudonymity inherent with public blockchains an issue?
The pseudonymity of blockchain users is not so much the issue here – it’s the distribution of nodes on each blockchain, of which Bitcoin is the most extreme. Any mitigation strategy to make Bitcoin quantum-proof will almost certainly require a change in the wallet address format. Bitcoin’s proof-of-work consensus mechanism is less immediately threatened, but its address system (based on ECDSA – Elliptic Curve Digital Signature Algorithm) is vulnerable and will need to change. This has historically been a messy process that created chaos and some losses. Ethereum faces similar challenges with its address structure and wide distribution, but it has an advantage in that it’s more easily upgradable than Bitcoin due to its smart contract capabilities.
So yes, there will be challenges in migrating any blockchain to post-quantum cryptography, and the wider the distribution of the chain, the more difficult it will be to overcome these challenges. Wallets that are slower to migrate could face higher vulnerabilities to quantum attacks. Ensuring that post-quantum systems can interact with legacy systems during the transition period will require the maintenance of dual systems for an extended period, and the larger key structure may impact the performance of the blockchain.
So, are there any existing blockchain networks equipped for the transition?
Some blockchains that were more recently built have an easier path to mitigation. For example, Cosmos is configured in a way that would lend itself to an easier migration. All of the chains built on the Cosmos SDK may want to choose a common quantum-proof algorithm to make wallet integration easier. Some chains are specifically designed to encrypt the data they carry in transactions, such as Secret Network and Fhenix. Secret uses secure hardware enclaves (such as the Intel SGX’s TEE) to protect encrypted data on chain. These encryption are resistant to quantum attacks since it is possible for secure enclaves to change their encryption schemes in real-time with some performance implications. Fhenix uses math – or fully homomorphic encryption – to secure the data in a complex encryption scheme that is quantum-resistant. The technology for FHE is not ready to be used today, but its timeline is much shorter than the timeline for quantum computers. This allows for the future of blockchains to be built natively with quantum resistance built in, far sooner than quantum computing is ready to attack blockchains.
How long does the blockchain sector have before the threat of quantum computing becomes inevitable?
By the next 10-20 years, the [blockchain] industry should be fully prepared. Many experts believe that quantum computers capable of breaking current cryptographic systems could emerge in this timeframe. Beyond that, if not addressed, quantum computers will likely be able to break most current cryptographic systems used in blockchains. The day when quantum computing threatens the encryption of Bitcoin and Ethereum is in the uncertain future. As to when a computer with sufficient hardware and software for handling complex problems will be ready, based on modelling the number of qubits developed since 2014 and projecting that timeline forward1, the earliest estimates are 2035, and some say much later, up to the year 2050.