Some Thoughts on the Security Strength and Cryptographic Algorithms for Blockchain Platform
Digital signature is one of the fundamental cryptographic primitives for Blockchain. It ensures the integrity of data on a Blockchain system, identifies the ownership of digital assets, and provides the non-repudiation property of the transactions recorded on a ledger. If an underlying digital signature scheme becomes forgeable, the corresponding Blockchain system will no longer be secure. Records on the Blockchain will become mutable, ownership of assets can no longer be ensured, and transactions on the ledger can be repudiated.
The most commonly used digital signature schemes are based on RSA, Digital Signature Algorithm (DSA), Elliptic Curve Digital Signature Algorithm (ECDSA), and their variants. Their security is related to factorization problem, Discrete Logarithm Problem (DLP), or DLP over the elliptic curve groups, and their related number theoretic problems. These problems are believed to be intractable for conventional computers as there is no efficient, probabilistic polynomial-time solution known to these number theoretic problems.
Security Strength vs. Data Value and Freshness Duration
With the knowledge above, we usually focus on choosing the key size for ensuring that our cryptographic systems are secure in practice, with 128 bits usually considered to be the minimum key length in today’s security standard, and some going further to say that we should choose 256 bits as the security level. First of all, it is the security level rather than the actual key sizes; when we say 128 bits of security, we are trying to make an equivalency to the symmetric key cryptosystems. Assuming that the best-known attack against a secure symmetric key cryptosystem is a brute-force attack, and we say that a randomly generated 128-bit symmetric key gives the security level of 128 bits, for public key cryptographic, the security level equivalency for RSA is 3072 bits for the public modulus; and for ECDSA is 256 bits for the private key. Now if we require the system to have 256 bits of security, the RSA public modulus should be at least 15,360 bits long, while the ECDSA key length needs to be increased to 512 bits.
Another important factor to consider is about the freshness of the data to be protected, for example, where the privacy of some data is valuable for only a few days. Let’s say the solutions to an examination which will be held later this week need to be encrypted, they can be encrypted with a shorter random key given that the likely potential opponents will be the candidates who are going to take the examination, and would be reasonable to assume they could not be able to crack open the ciphertext in such a relatively short time-span. If we look into this aspect further, we would realize that there are actually two aspects, one is on the duration of the data freshness, and the other is on the computational capability of the potential opponents. These two aspects are both related to the value of the data and the cost of cracking open the corresponding ciphertext from the opponents’ perspective. An analogy is on minting the coins. In most countries and regions, coins are minted with alloys which are more expensive than the denominations of the coins. This acts against the incentive of criminals from forging the coins. As a result, criminals are all trying to minimize the forgery cost rather than attempting to actually mint the coins.
Aligning with this principle, if a hacker realizes that the cost of forging a digital signature is higher than the value of the message to be forged, the hacker would have less incentive of forging the signature.
Post-Quantum Cryptography
Now when we apply all the principles and considerations above to Blockchain systems, especially the cryptocurrency systems, we would consider the duration of the transactions on the Blockchain systems that the integrity, immutability and non-repudiation properties have to be ensured. Use Bitcoin as an example, all previously committed transactions on the Bitcoin ledger should remain immutable, and any changes including reordering, should be detectible.
The Bitcoin system has been up and running for 10 years and is already one of the oldest cryptographic systems in this scale and type in operation, and is still expected to run for another couple of decades. This implies that the security of the underlying digital signature scheme should withhold any forgery attacks in the coming decades in order to ensure that all previous transactions on the ledger are intact.
With the advent of practical quantum computers, the number theoretic problems that the security of the signature schemes used by most cryptocurrency systems are no longer intractable. According to Shor’s 1994 discovery, some efficient probabilistic polynomial-time quantum algorithm can be built and executed on a quantum computer for forging a digital signature of the scheme used in the Bitcoin system. Shor’s algorithm has laid a strong foundation on breaking the conventional public key cryptographic systems whose security is based on those well-known number theoretic problems such as factorization problem, DLP or DLP over elliptic curve groups. The development of practical quantum computers is now under the spotlight globally, and major countries and high-tech companies are making measurable investments into the area. A practical quantum computer with enough qubits capable of solving DLP over elliptic curve groups in particular could become a reality in 20 years time, and arguably, as soon as 5 to 10 years.
Abelian Solution
Abelian Foundation is now working on preparing the cryptocurrency community for the era of quantum computing. The Abelian platform is proposing the use of public key cryptographic algorithms which are no longer based on the traditional number theoretic problems. Instead, the Abelian platform is developing and adopting well-studied cryptographic algorithms with their security being based on hard problems such as Learning With Errors (LWE), which are as hard to solve as several worst-case lattice problems, and are not known to have any efficient solution even in quantum computing.
The Abelian team comprises of researchers from major cryptologic research teams which have strong track records on the academic research in lattice-based cryptography, and also developers from a world-leading Blockchain development team. In the forthcoming blogs, we will elaborate more on other features and thoughts behind the Abelian Coin.
