Quantum computing, once a theoretical concept, is now advancing rapidly and reshaping our understanding of data processing.
Unlike traditional computers that use bits, quantum machines make use of qubits, which can exist in more than one state at a time. This makes them significantly more efficient than traditional computing systems when tackling complex problems.
For the blockchain industry, the rise of quantum technology poses a significant threat to the cryptographic systems that support blockchain security. Existing encryption methods such as Rivest-Shamir-Adleman (RSA) and Elliptic Curve Cryptography (ECC) are widely used in networks such as Bitcoin and Ethereum.
Their fundamental power lies in the complexity that traditional systems cannot solve, yet quantum machines claim to be able to break these systems and make these networks vulnerable to attacks once thought unlikely.
Quantum-resistant cryptographic measures are urgently needed as the entire industry of cryptocurrencies, non-fungible tokens (NFTs), and decentralized applications (DApps) is at risk. As we gradually move towards the post-quantum era, the blockchain industry must innovate and adapt.
To shed light on these issues, Lisa Loud, Director of the Secret Network Foundation and Chair of the IEEE SA Quantum Algorithms Working Group, recently spoke with crypto.news to discuss the implications of quantum computing on blockchain security and how these threats are being addressed.
What are quantum computing attacks and why are they considered a threat to blockchain and cryptocurrencies in general?
Quantum computing attacks are similar to today’s brute-force attacks in that their ability to try different combinations is vastly improved over classical computers. If you have a three-digit combination lock, there are about a thousand possible combinations, and a patient thief could try them all and unlock your suitcase or steal your bike. When you have a 12-character online password, the possibilities increase to 7,212 different possible passwords, which is beyond a human’s ability to manage — but a classical computer can try them all in order and eventually find the right combination. If you have a wallet with an encrypted private key, the number of possible options increases to 2,256. That’s far more than classical computing can manage, but a quantum computer can.
This is a simplification of reality, but it conveys the concept of why quantum computer attack is a threat to blockchains and cryptocurrencies. Many proposals to address this threat are largely theoretical or rely on the solution of creating new blockchains with native quantum resistance, but this is impractical when millions of dollars are tied up in existing blockchains. Instead, some researchers are focusing on end-to-end frameworks that can be applied to existing blockchains3. Another less obvious but potential threat is that quantum computers could mine blocks much faster than classical computers, potentially centralizing mining power.
Can the blockchain industry solve these problems before quantum computing technology is fully ready?
These are the problems we see today, but who knows what will emerge when quantum computing becomes a reality. We know that blockchain cryptography has been developed specifically to counter these threats, but the big question is: What are the threats that we haven’t thought about? What are the threats that are not obvious today but will emerge when we use these two technologies in the same space? We don’t know the answer, but we can be sure of one thing: there will be new and unexpected problems to solve when blockchains meet quantum computing.
Theoretically, quantum computers could break RSA and Elliptic Curve cryptographic algorithms, but how imminent is the threat to existing blockchain platforms like Bitcoin and Ethereum?
The field of quantum cryptography, while promising in terms of its potential to break existing encryption, is far from ready for practical applications. At the same time, on-chain cryptography continues to evolve, and today’s cryptographers are aware of the quantum threat looming on the horizon. As a result of this set of circumstances, the development of new on-chain encryption methods requires quantum-proof methods. Today, there is no imminent threat to Bitcoin or Ethereum, as quantum hardware remains largely a theoretical construct.
Do you think cryptographic standards can secure blockchain networks against quantum threats? Can they be integrated into existing systems like Bitcoin and Ethereum?
There are several cryptocurrency algorithms designed to address quantum resistance, such as SPHINCS+. While I chair a standards committee at IEEE to define best practices for writing quantum algorithms, there are other working groups at IEEE and many other standards organizations working on best practices for developing quantum-resistant software. Blockchains will be able to change cryptographic algorithms sooner than many other areas of the industry. In particular, chains with a governance structure in place will make the transition easier. Chains like Bitcoin or Ethereum may take longer.
What challenges do decentralized blockchains face in transitioning to post-quantum cryptography? Is pseudonymity inherent in public blockchains a problem?
The problem here is not the pseudonyms of blockchain users – it is the distribution of nodes on each blockchain, and Bitcoin is the most extreme of these. Any mitigation strategy to make Bitcoin quantum-proof would require a change in the wallet address format. Bitcoin’s proof-of-work consensus mechanism is less immediately threatened, but its address system (based on ECDSA – Elliptic Curve Digital Signature Algorithm) is vulnerable and will need to change. This has historically been a complex process that has created chaos and some losses. Ethereum faces similar challenges with its address structure and wide distribution, but has the advantage of being more easily upgradeable than Bitcoin due to its smart contract capabilities.
So yes, there will be challenges in migrating any blockchain to post-quantum cryptography, and the wider the distribution of the chain, the harder it will be to overcome these challenges. Wallets that are slower to migrate may face higher vulnerabilities to quantum attacks. Ensuring that post-quantum systems can interact with legacy systems during the transition will require long-term maintenance of binary systems, and the larger key structure may impact the performance of the blockchain.
So, is there an existing blockchain network that is equipped for the transition?
Some more recent blockchains have an easier path to mitigation. For example, Cosmos is structured to allow for easier migration. All chains built on the Cosmos SDK may want to choose a common quantum-proof algorithm to facilitate wallet integration. Some chains are specifically designed to encrypt the data they carry in transactions, such as Secret Network and Fhenix. Secret uses secure hardware partitions (such as Intel SGX’s TEE) to protect encrypted data on the chain. These encryptions are resistant to quantum attacks because secure partitions can change encryption schemes in real time with some performance impact. Fhenix uses math or fully homomorphic encryption to secure data in a complex quantum-resistant encryption scheme. The technology for FHE is not ready for deployment today, but the timeline is much shorter than the timeline for quantum computers. This allows the future of blockchains to be built natively with quantum resistance built in, much sooner than quantum computing is ready to attack blockchains.
How much time does the blockchain industry have before the threat of quantum computing becomes inevitable?
In the next 10-20 years, [blockchain] The industry must be fully prepared. Many experts believe that quantum computers capable of breaking current cryptographic systems could emerge in this timeframe. Beyond that, if left unaddressed, quantum computers will likely be able to break most current cryptographic systems used in blockchains. The day when quantum computing threatens the encryption of Bitcoin and Ethereum is in the uncertain future. As for when a computer with sufficient hardware and software to handle complex problems will be ready, based on modeling the number of qubits developed since 2014 and projecting that timeline forward, the earliest estimates are 2035, while others say much later, as late as 2050.