5. July 2019
The Threat Of Quantum Computing
Financial institutions, the Internet, and organisations that rely on traditional cryptography are undergoing a radical crisis of confidence under the threat of quantum computing (QC), and they are looking for new ways to protect blockchain technology from potential attack. The possibility of cyberattacks occurring grows increasingly imminent and in the same breath, previous estimates of the time scale for functional quantum computers are continually being brought forward.
Progress is currently growing at a staggering pace, as both the fields of QC development and blockchain ‘quantum proof’ encryption look to counter one-another in the technological boxing ring.
So Let’s Start at the Beginning.
In the beginning, was the ‘bit,’ which existed in a state of either 0 or 1. Flash forward to now, and concepts surrounding quantum computing are blowing people’s 0s and 1s--both at the same time.
Quantum computing is based on particle pieces, similar to the aforementioned ‘bit’--but quantum bits or ‘qubits,’ are suspended in a state just below absolute zero. These qubits, amazingly, can exist in multiple positions, either 0 or 1 or, their most desirable state of ‘superposition,’ both binary options at the same time. This state of simultaneous positioning enables quantum computers to calculate complex equations at extraordinary speeds, and it has led to the current concern regarding the future of blockchain.
Blockchain has become the system of choice for many big businesses primarily because of its decentralised approach to information management and the relatively secure nature of its architecture--until quantum computing, that is. To be clear, quantum computers are not any more ‘able’ than standard machines to crack crypto codes. What they are is super fast and therefore potentially able to break through conventional cryptography on information as it is being locked down, or “validated” in the blockchain. Time waits for no man--and in the case of the QC, ‘polynomial time’ whips along at speeds that make heads spin.
The Currency of Information
Economics and big-data businesses are all aware of QC developments concerning past and presently encrypted information. Utilising past information--with symmetric encryption--is like grasping a thread. Once you have hold of it, it is easy to track both forward and backward, seeing from where it came and where it is going, like a gateway.
Quantum computing implications reach far beyond those in finance, big business, and government, too. Breaking long-standing encrypted information may or may not be a good thing. Certain (nefarious) groups would not want their past affiliations known and, potentially, then their current state of affairs followed as if through a gateway, beginning at the first line of enquiry.
It is not just about their ‘in-the-moment’, static information. Worldwide, there is a lot of old encrypted data which--when suddenly decrypted--could lead to the resurfacing of painful wounds and a resurgence of animosity. Do we really need to know more about specific times of less-than-positive human history? Could the breaking of these codes then break down what is too often fragile peace, precipitating a loss of trust? After all, tech is just tech, ambivalent until humans utilise it.
So, time is one problem trust is another. A further issue is forward security. Forward security is the concept that if one key in a mass generated batch is cracked, then the other generated key signatures remain valid--you don’t lose the whole basket of eggs. Buchmann and Hülsing discuss this at length in their 2011 white paper, XMSS — A Practical Forward Secure Signature Scheme based on Minimal Security Assumptions.
In their 2016 white paper, Shorter Hash-Based Signatures, Geovandro C. C. F. Pereira, Cassius Puodzius, and Paulo S. L. M. Barreto acknowledge that previously considered problems like “very long key generation time, … the actual signature size and consequent bandwidth occupation, as well as leakage-resilience,” are all issues of concern with any forward-looking protocols. Specific problems with hash-based signatures appear to have been sufficiently addressed as they are now considered quantum resistant or are, in effect, actually post-quantum crypto-systems.
In spite of the current, understandable panic, viable candidates for post-quantum cryptography are actually more abundant than might be thought. According to Neal Koblitz and Alfred J. Menezes, the candidates are as follows:
-Supersingular elliptic curve isogeny cryptography (as opposed to elliptical curve cryptography)
-Symmetric key quantum resistance
-Quantum key Distribution
The time and energy developing keys and long keys have been the major issues that engineers and mathematicians have been pondering for the longest time. Time is money--as is energy. In fact, all resources carry a price tag, and therefore, it is about mitigating this as much as possible.
“Having long enough keys and following security requirements ... can resist both classic attacks and quantum attacks. Unfortunately, because of technical difficulty and the large size of quantum-resistant signatures (the need to store such signatures will significantly increase the size of blockchains), existent solutions can’t match the forthcoming threat.”
Demyan and his team at GeoProtocol are working on a new style network, the Internet of Value, with a post-blockchain flavour.
However, according to Buchmann and Hülsing, the XMSS (eXtended Merkle Signature Scheme) hash-based signature appears to have a 25% smaller signature size than the MSS-SPR (Merkle Signature Scheme-Second Preimage Resistant) with comparable runtimes, and therefore, a lesser storage load. They conclude that this is “very important as the signature size is considered the main drawback of hash-based signatures.”
Dorothy Denning, Emeritus Distinguished Professor of Defense Analysis at the Naval Postgraduate School, in the United States, states that:
“...so far, public-key encryption has been uncrackable by using very long key pairs–like 2,048 bits, which corresponds to a number that is 617 decimal digits long. But sufficiently advanced quantum computers could crack even 4,096-bit key pairs in just a few hours using a method called Shor’s algorithm.”
Taking Bigger Bit(e)s
Max Demyan relates this to the current crypto market, stating that:
“that is why the developers of Bitcoin, Ethereum, NEO and some other cryptocurrencies are seeking ways to solve this problem. But several projects are already using post-quantum cryptography as the base technology to protect their data”.
Quantum Resistant Ledger (QRL), GeoProtocol (GP) and IOTA all make claims to utilise post-quantum technology. IOTA uses Direct Acyclic Graph (DAG) technology rather than blockchain per se and GP uses a nodal, non-blockchain solution with one-time keys for each transaction, and QRL states their case for “XMSS iterative hash-chains”.
There is definitely a need for increased resources in this field at this time since, as a species, we are making headway in creating both a disease and a cure simultaneously. How very Black Mirror.
“Quantum computers are still in their nascent period. If Bitcoin and cryptocurrencies are in their teenage years, then any viable quantum computers are still learning how to crawl.” writes Danny Christ, CEO of Moonwhale Ventures. This may be the case, but as mentioned, this does not consider the breakneck speed of development of this particular baby. Perhaps crawling at breakfast, but it’s sitting, fully grown, discoursing at length and demanding wine by lunch. Preparing for this eventuality is nothing more than good sense.
Perhaps we should be grateful to the ‘threat’ of quantum computing because, as a result, the blockchain community is evolving at an even faster rate and making sure that it is dotting and crossing its 0s and 1s and getting its security much more in order. It appears that there is nothing like an external threat to make one attend to our security and get the ‘house’ in order.
Watch this space for the latest developments on quantum computing and the blockchain impact as these technologies are destined to collide. Visit Revain to see reviews on the latest blockchain projects and contribute your insights to the advancement of blockchain projects while giving a voice to the community responsible for the future of decentralised, secured information exchange.