Quantum resistant blockchains
“Quantum resistant” is only used to describe networks and cryptography that are secure against any attack by a quantum computer of any size in the sense that there is no algorithm known that makes it possible for a quantum computer to break the applied cryptography and thus that system. So a blockchain would be considered quantum resistant if it exclusively uses a quantum resistant signature scheme.
There are a lot of challenges and misconceptions concerning quantum resistant blockchains and the transition towards quantum resistance. I will address these in the following chapters, but first I will elaborate a bit about the special vulnerability of decentralized blockchain compared to centralized systems.
Why is it easier to change cryptography for centralized systems such as banks and websites than for blockchain?
A common thing you hear people say when the subject comes up is: “If ECDSA cryptography breaks, the whole internet will be broken. Why even worry about blockchain.” An important distinction to be made is the fact that most systems are centralized. While blockchain is decentralized. This creates three problems:
1. Developers of a centralized system can decide from one day to the other that they make changes and update the system without the need for consensus from the people who are running nodes. The central developers are in charge, and they can dictate the future of the system. But a decentralized system like blockchain will need to reach consensus amongst the nodes to update. Meaning that the majority of the nodes will need to upgrade and thus force the blockchain to only have the new signatures to be valid. We can’t have the old signature scheme to be valid next to the new quantum resistant signature scheme. Because that would mean that the blockchain would still allow the use of vulnerable, old public- and private keys and thus the old vulnerable signatures for transactions. So at least the majority of the nodes need to upgrade to make sure that blocks which are constructed using the old rules and thus the old vulnerable signature scheme, are rejected by the network. This will eventually result in a fully upgraded network which only accepts the new post quantum signature scheme in transactions. So, consensus is needed. There is no central power that can make the hard decisions. The need for consensus is exclusively a problem that decentralized systems like blockchain will face.
2. Another issue that decentralized systems face while wanting to change their signature scheme, is that users of decentralized blockchains will have to manually transfer/ migrate their coins/ tokens to a quantum safe address. The upgraded blockchain will only effect the key pairs of newly generated addresses. The old addresses obviously already exist and have been generated by the old blockchain. So only the new generated addresses would be quantum resistant key pairs. The old addresses, would be unchanged, and thus still be vulnerable key pairs. So only migrating funds from old addresses to new quantum resistant addresses would bring your funds under the protection of the new quantum resistant qualities of the upgraded blockchain. Remember, it is not the coins or tokens that are quantum resistant. It’s the private- public key pair, the address you store your coins or tokens on, that is quantum resistant. So in the decentralized system all users would need manually generate a new address and move their coins to that new address. Users of centralized networks, on the other hand, do not need to do anything, since it would be taken care of by their centralized managed system. As you know, for example, if you forget the password of your online bank account, or some website, they can always send you a link, or secret question, or in the worst case they can send you mail by post to your house address and you would be back in business. So in the centralized system there is a central entity who has access to all the data including all the private accessing data like public- and private keys. Therefore this entity can pull all the strings. It can all be done behind your user interface, and you probably wouldn’t notice a thing. You wouldn’t even have to change your password. In decentralized systems, there is no centralized entity who has your keys. It is you who has your keys, and only you. So in contrast to centralized systems, all users of decentralized systems need to act to fully make that entire system quantum resistant. The need for users to act is the second exclusive problem that decentralized systems like blockchain will face.
3. The third issue will be the “lost addresses”. Since no one but you has access to your funds, your funds will become inaccessible once you lose your private key. From that point, an address is lost, and the funds on that address can never be moved. So after an upgrade, those funds will never be moved to a quantum resistant address, and thus will always be vulnerable to a quantum hack. I will get in to this problem more in depth in the next parts, but to put it short: it wil be the sword of damocles hanging over the blockchain until an actual hack takes place. The issue this creates, is a dump in value due to a hack of one or more of those lost addresses. There is no solution to this problem. Blockchain doesn’t know its users, can’t communicate with them and won’t be able to distinguish funds on lost addresses from funds on addresses from users who still have access but somehow have not migrated their coins after a quantum resistant update. So burning “lost coins” will be legally a big issue. The question will be “are they actually lost, or has the owner not migrated them yet?” Since centralized systems have access to all the needed data, they will not face this issue. Lost addresses are the third exclusive problem that decentralized systems like blockchain will face.
To summarize: banks and websites are centralized systems. They will face challenges, but decentralized systems like blockchain will face some extra challenges that won’t apply for centralized systems.
- Updating the signature scheme will need consensus in the sense that all nodes need to update after implementation of a quantum resistant signature scheme.
- Users of blockchain will personally need to move their funds from old addresses to new quantum resistant addresses. You won’t need to move your bank funds.
- Lost addresses where people lost access to their funds will never be moved and stay vulnerable to quantum hacks.
These are all issues specific for blockchain and not for banks or websites or any other centralized system.
And the big companies are already experimenting with quantum resistant cryptography. Take Google for example, they have been experimenting with quantum resistant cryptography since 2016. Here the Google Online Security Blog about their experiment with the New-Hope system in their Chrome browser.
Bitcoin and all currently running traditional blockchains are not excluded from these problems and challenges. In fact, it will be central to ensuring their continued existence over the coming decades. All cryptocurrencies will need to change their signature schemes somewhere between now and the future. This won’t be an easy transfer. There are some serious challenges to overcome and this will not be done overnight. I will get to this in the next few articles.
You can continue reading part 4A here