So we continue.. More challenges when upgrading an existing blockchain to quantum resistance. I’m using BTC as an example here and there, but this really goes for any blockchain that doesn’t use a quantum resistant signature scheme.
Lost addresses and the human factor: a partly protected circulating supply after a quantum resistant upgrade
Again we face another consequence of the fact that blockchain is a decentralized system. If you have managed to change the cryptography of your blockchain, then that doesn’t mean you immediately have your full circulating supply protected without the cooperation and action of your users. After consensus between nodes is achieved, there is a second stage where you depend on others to make the change final. After successfully changing your signature scheme, you have created a blockchain that can create quantum resistant keypairs. But… None of the circulating coins are protected by them yet. You’ve just managed to change your signature scheme, but you have not canceled out all existing old keypairs. All circulating coins or tokens are still stored on old addresses, protected by old key pairs. This is because of the simple fact that you can’t change the accessibility of the existing address and therefore the accessibility of your complete circulating supply. Meaning: you can change the signature scheme, and therefore the accessibility of all new addresses created from that point of time, but not the accessibility of all old addresses created before that point of time. So all the old addresses will still be vulnerable until the users who own those addresses cooperate and take action: they need to create a new address and move their coins or tokens to that address.
The crux of the matter is this: Only the actual owners of the coins or tokens have the public and private key combination. And that is exactly what needs to be changed. The old key pairs need to be switched for new quantum resistant key pairs because these old key pairs will be vulnerable for quantum attacks. And it’s just that, that can’t be done automatically for the users of a decentralized system like blockchain. You can give the users the tools to do so themselves, so you can change the cryptography in your blockchain and therefore make sure all new key pairs that are created are quantum resistant key pairs, but the users will have to do the switch personally. Just to compare to centralized systems like your email: Everybody knows that when you lose your private key in blockchain, you lose access to your funds. There is no “I forgot my password” or “what’s your secret question”. There will be no “We will mail you your new key pair”. Therefore, even if the blockchain would be able to change your key pair for you, and change it to a quantum resistant key pair while deactivating your old key pair, you would not have this new key pair and would have effectively lost access to your funds.
There is no way to finalize the protection and the quantum resistance of the circulating supply, but to rely on all users to take personal action. And only after every single user (now and from the past) did that, the whole circulating supply would be protected from quantum attacks.
Every single user now and from the past. This is impossible.
- From the past (Old users): lost addresses cause the problem here. The longer a blockchain has been running, the more people would have possibly lost access to their funds. (Lost keys all together, crashed computer, lost USB sticks, lost interest when the price was low in the beginning of a project, etc.) Also some projects have run tests at the beginning or mined to some address that’s now unaccessible. BTC would be the most obvious example, where the infamous Satoshi addresses contain huge amounts of BTC. (And no, in those days the public keys were used as address in their full original form, so not in hashed form, so the public keys of these addresses are actually public. Not like today where they are first published in hashed form. So the Satoshi funds are vulnerable to quantum attacks.) Since you need access to the coins to move them to a quantum resistant address, and nobody actually has access to these coins, there is no one who can bring those coins under the protection of new quantum resistant key pairs. They will stay vulnerable to quantum hacks, even after the blockchain has upgraded successfully.
- Every single user now: consider human nature. Not everybody will move their funds. (In time, or not at all.) (Lots of reasons to name why people don’t do what should have been done. Because: people are people, some people haven’t followed the news (Not everyone is a frequent reddit or bitcointalk visitor, some just check the price every now and then), some don’t understand how the migration works and why it’s important, some don’t understand the urgency, maybe funds are part of a heritage/ divorce that takes time to legally process, jail, sick, lost memory stick that has been found later, you know, life, etc. etc.)
So even if an existing blockchain would implement quantum resistant cryptography, there would always be a certain percentage of the circulating supply that will not be protected.
In the next part I elaborate on the consequences for the average user to depend on other users to act. Further on I will discuss the time factor and a possible black swan event.
You can continue reading part 5 B here: the importance of a fully protected circulating supply.