The Vulnerability of Blockchain Technology to Quantum Decryption
Blockchain technology, a pillar of modern digital transactions, is now under the microscope for potential vulnerabilities against quantum decryption. This article seeks to understand these vulnerabilities, their implications, and the strides taken in post-quantum cryptography to counteract them.
Asymmetric encryption techniques, including RSA, hinge on the challenging nature of factoring large integers and tackling the discrete logarithm problem. Such methods employ two keys: a public one for encrypting and a private one for decrypting. The belief in the security of these methods is rooted in the presumption that factoring sizable integers or resolving the discrete logarithm problem is computationally prohibitive. Nevertheless, Shor's algorithm is designed to factorize large numbers effectively on a sufficiently advanced quantum computer and can swiftly compromise these encryption methods.
Currently, hashing stands as our most robust safeguard. Hash functions are unidirectional mechanisms that convert input data into a constant-sized output, termed a hash value or hash code. Typically, hash functions find applications in data integrity validation, password protection, and forming digital signatures. Contrary to asymmetric encryption, the assurance of hashing algorithms stems from something other than the arduousness of factoring big numbers or solving math challenges. Instead, it depends on innate properties of the hash function, like its resistance to collisions and pre-image resilience. Quantum computing has a limited edge over traditional computing in breaching hash functions. In simple terms, hashes aren't revertible, so quantum computing's risk towards hashing techniques remains comparatively minimal.
Concerning cryptocurrencies like Bitcoin and Ethereum, they leverage hashing methods to maintain the trustworthiness and safety of transaction data in the blockchain. At the same time, asymmetric encryption aids in secure exchanges and digital signatures. This means that while the genuineness of data and trades remains unscathed, the algorithms based on public keys face threats. In this scenario, private keys are jeopardized, and theoretically, an adept quantum hacker could utilize Shor’s algorithm to breach and potentially access an individual's cryptocurrency by procuring their private keys.
The essence is that these individuals are merely apprehensive about impending changes and seek another angle to critique Bitcoin. One must remember that Bitcoin is not the only player in the blockchain domain; these technologies are continuously evolving. Some debate that it could take between 7-20 years for quantum computing to materialize, if at all, making predictions about its impact uncertain. Moreover, it's crucial to note that the challenges posed by quantum computing aren't exclusive to cryptocurrencies; they would potentially jeopardize other significant digital ecosystems.
The National Institute of Standards and Technology (NIST), a branch of the U.S. Department of Commerce, is taking active steps toward establishing quantum-resistant cryptographic standards. With their announcement of Round 2 candidates in early 2019, it's evident they are keenly addressing the issue.
By August 2023, NIST had rolled out draft FIPS detailing algorithms sourced from CRYSTALS-Dilithium, CRYSTALS-KYBER, and SPHINCS+. The community will have until November 2023 to weigh in on these drafts. Another algorithm, FALCON, will have a draft standard in the coming year. With Classic McEliece, BIKE, and HQC also in the mix for evaluation, we see tangible progress in this domain. The momentum suggests that we are not just bracing for the quantum era but actively pioneering the tools to navigate it safely.
Like the United States, other governments, such as China and the European Union, have established national quantum initiatives and are investing heavily in quantum research and development.
Does it really matter if blockchain is susceptible to quantum decryption? This question opens Pandora's box of ethical considerations, from the intent behind using a quantum computer to the choice of private or state-funded targets. Quantum decryption poses a technological challenge and raises concerns about potential misuse. The ramifications of quantum decryption span beyond just cryptocurrencies; the global financial ecosystem could witness upheaval.
While moving and obfuscating stolen cryptocurrency would be easier, you would still need to target the right account. By attacking Bitcoin or another cryptocurrency’s blockchain, they would be outing themselves and letting the world know they have a quantum computer. With the most powerful technology in the world, it’s unlikely that it would be used for something as simple as financial theft. After this happens, the prices will tank, which would be felt globally, whereas a state-led quantum attack would likely target specific enemies and aim to do more than steal people’s Bitcoin. There are also much more profitable targets to attack outside the blockchain world, whether banking, stock markets, or otherwise.
Consider that it doesn’t even require hacking Amazon to hurt Amazon stock. For example, if a quantum computer could access several media agencies and feed them wrong information about a company, that alone could massively impact a stock. There are nearly infinite ways to achieve a goal when you can break any asymmetric encryption.
One of the basic tenets of IT penetration testing is that you go for the weakest link with the least resistance. The only question we must ask is, “Are any cryptographic algorithms secure against quantum computing?” the answer for now is no, but probably soon. At least the public knows and is aware of this now.
If a truly powerful quantum computer existed today, it would be a severe concern to use asymmetric encryption using Shor’s algorithm but not so much to hashing. As hashing improves and cryptography improves with post-quantum encryption being standardized, we will likely see a transition of widespread compliance in adopting the standard to protect against future quantum threats.
At Cornell, under the subject of quantum physics, a paper was written for Divesh Aggarwal and several others stating that based on the elliptic curve signature scheme of Bitcoin, it may be broken by quantum computing as early as 2027 and that the concerns about quantum computers mining Bitcoin is a much smaller concern.
The real threat is asymmetric cryptography and the systems that rely on it. They will need to adopt better cryptographic solutions to prepare themselves for this coming disruption, and beyond that, they will need to prepare for the post-quantum world that lies ahead. Implementing post-quantum cryptography into existing systems poses challenges. Implementing potentially quantum-safe algorithms into current methods is an active area of research and development. Various organizations, such as Microsoft Research and Google, have conducted test implementations of post-quantum algorithms. Developing and adopting post-quantum cryptography requires careful consideration of performance, cost, and security trade-offs. Companies like IBM, Google, Microsoft, and others are investing in quantum computing research and development. They have made significant progress in building quantum computers with increasing qubit counts and improving quantum algorithms but haven’t made any significant progress toward a working prototype.
While timelines are entirely speculative, the US government, for example, has urged its services to implement post-quantum algorithms by 2035 to ensure the security of sensitive data that must remain secret for years.
Given the cost and performance requirements, it is likely that only the most secured and high-value assets, such as military, finance, and infrastructure, will have post-quantum cryptography implemented in the earliest stages of its adoption rather than a rollout across every industry.
The high-value targets would likely be:
Financial institutions – Most notably banks, forex, and stock markets
Government agencies - Organizations that handle sensitive information, including defense and intelligence agencies or the military.
Server hosts – Google, Amazon, Microsoft, and more would likely be targets for the information they host on their servers for billions of people and organizations.
Infrastructure – If a quantum computer is acquired by a hostile nation that aims to use it for warfare and not attempt to conceal it heavily, there is a high chance it will target telecommunications, the power grid, and critical infrastructure.
While cryptocurrencies seem like small fish compared to the others, the spoils have much more potential in illicit dealings, so they could be considered a target aiming at smart contracts to manipulate payments and public key algorithms to access private keys.
While the quantum future remains uncertain, individuals and organizations can take tangible steps today. By investing in enhanced cybersecurity measures, you can erect barriers that make quantum-driven attacks less viable. Given the hacker mindset, which typically seeks out the most vulnerable targets, fortifying your digital assets makes you a less enticing target.
It's not merely about creating post-quantum encryption but also its swift and widespread implementation. The looming quantum threat could instigate a dash to upgrade systems, ensuring they are quantum resistant. But with this urgency comes a concern: will the entire blockchain ecosystem keep pace?
Cryptocurrencies, particularly those based on asymmetric encryption, are at a crossroads. We could witness a seismic shift if these digital currencies lag in transitioning to quantum-resistant mechanisms. Users and investors might flock to cryptocurrencies, prioritizing quantum security and leaving traditional platforms vulnerable.
The crux of the debate revolves around the real and lasting threat of quantum decryption. Will the specter of quantum breaches dissolve with the advent of post-quantum algorithms? Or will it persist, casting a shadow over digital security?
Optimism surrounds post-quantum algorithms, seen by many as the silver bullet against quantum decryption. Yet, promises must be translated into reality. The challenge lies in developing these algorithms and ensuring their rapid standardization and adoption across industries.
My gratitude goes to the journalists, authors, researchers, and institutions whose studies and reports have informed this publication. I would also like to acknowledge AI for helping me organize and prepare the final copy.