Hadrian Cho
Jun 10, 2018 · 10 min read
Might or might not be a quantum bomb

The-I’m-too-lazy-to read-summary: Quantum proofing is infeasible for 1st and 2nd generation blockchain currencies as they haven’t solved two main challenges:

  1. Long quantum addresses exponentially increases block size
  2. Inconvenient one time use quantum addresses

Some projects, including non-blockchain technologies, have added quantum proof addresses without fixing either of these issues. The following article will review my path to discover both challenges and my main discovery — Mochimo, a new, 3rd generation cryptocurrency, that solved both using proprietary BlockCrunch Technology and has managed to successfully secure one time accounts to the ever changing quantum addresses.


Quantum computers are real…at least I thought so. So what do you do when you don’t know — you ask Google. Two sleepless nights later Google helped me discover the magic of post Quantum Cryptography and a few Quantum resistant Coins. In one of those sub-reddits I discovered what would change the last 6 months of my life — Mochimo, but more about that later. After digging around the forums and talking to the the Development Team, I began to wonder: why aren’t more coins quantum resistant? What am I missing? Am I being scared for nothing? How exactly is IOTA quantum proof? How deep does quantum proofing have to go in the architecture of the coin? Can coins be quantum proofed in different ways or is it just the algorithm?

Lastly, why don’t all developers simply add on quantum as another feature on to their coin? and, frankly, is it really that important?

After doing my research, let me now try to simply explain what most cryptocurrencies have done so far and what quantum proofing actually means.


1. Let’s start from the basics — Aren’t all cryptocurrencies protected by cryptography? What encryption are current cryptocurrencies using and why isn’t it quantum proof yet?

A lot of coins copied bitcoin elliptical curve algorithm (ECDSA) and, unsurprisingly, things change over a decade. Even the NSA has made an official announcement that they’ve acknowledged ECDSA to be obsolete and moved onto Curve P-384 (also not quantum proofed), yet current cryptocurrency coins including Bitcoin, Bitcoin Cash, Litecoin and all ERC-20 tokens, are still using it because they can’t upgrade. Yes, CAN’T.

2. Ok, what sort of damage could a quantum computer actually do to your EDCSA cryptocurrency?

This answer should be split into two:

What can they attack:

Your wallet: today a public key is derived from the private key by elliptic curve multiplication, but the private key can’t be mathematically inferred from a public key. So far. Quantum computers with enough qubits could link public and private keys. Which means: bye bye funds.

The blockchain integrity: A quantum computer can also corrupt the blockchain history: “Deploying a quantum computer against the secp256k1 elliptic curve Bitcoin uses is much more dangerous: if the signature is cracked, the scheme is completely insecure and attackers can plant fake transactions and steal Bitcoin.”

When can they attack your wallet:

While funds are safe in an unspent bitcoin wallet, the minute you ever try to take your bitcoin out of that wallet, all of the information that anyone with a quantum computer needs to fully impersonate you is now in the open. Right now, quantum computers already exist and are ramping up in power, measured in qubits.

How fast is this “Quantum Computer” thing anyhow?

“The RSA-2048 Challenge Problem would take 1 billion years with a classical computer. A quantum computer could do it in 100 seconds” -Dr. Krysta Svore, Microsoft Research

In terms of numbers: it’s estimated that only 1300–4000 qubits are needed to crack bitcoin. Qubits have grown tenfold between 2016 and 2017. They tripled between 2017–2018. Read more here.

3. What exactly are qubits and how does quantum computing even work?

Qubits are a measure of processing power. Quantum computing involves parallel processing via alternate states.

“Quantum computers rely on quantum physics to process not only 1 and 0 bits, but also countless superpositions of them. So these probabilities are simultaneously explored. That makes the same final information much shorter to process. Non-binary superpositions of 0 and 1, called Qubits, if there enough of them, can run a quantum algorithm called Shor’s algorithm which can solve the integer factorization problem, the backbone of most cryptocurrencies”. Read more here.

Quantum computers can also work with a non quantum supercomputer to crack things even faster. Quantum computers are good at certain things. Nonquantum supercomputers are good at others.

You can read more about the details of how Shor’s algorithm would harness both a Quantum computer and a non quantum supercomputer to break RSA. Anastasia Marchenkova described it well: “Shor’s algorithm doesn’t brute force the entire key by trying factors until it finds one, but instead uses the quantum computer to find the period of a function which contains the RSA key and classically computes the greatest common divisor.” Basically, it might happen sooner than people are predicting. Read more here.

4. So do quantum computers exist? How close are we to quantum supremacy?

Yes, they do exist. And there are big players, both in the government and private sector. Here’s a brief history to show you how fast it’s been accelerating in the last two years and who’s involved:

2015 — Alibaba entered the field teaming up with the state-backed Chinese Academy of Sciences to open a new research lab. In February the company made an experimental 11-qubit chip available over the internet. China’s government has committed $10 billion to build a new national quantum lab. Read more here.

2016 — IBM launched a 5 qubits quantum computer

2017 — Intel launched a 49 qubits quantum computer and IBM launched a 50 qubit computer — 10x increase in one year

2018 — Google launched a 72 qubit quantum computer codenamed “Bristlecone”

The Unknown — 3 letter government agencies including the NSA have openly sponsored quantum computing projects in the past. The NSA even has an in-house project called Penetrating Hard Targets

From what I have gathered from various sources 1,300 to 4,000 qubits is sufficient to break Bitcoin and pretty much any ECDSA coin. Remember that warning on your side mirror? Things are closer than they appear.

5. Okay, so why can’t these “old” currencies just upgrade? I’m reading that Bitcoin Cash can just flip a switch and it will be done.

Yes, Bitcoin Cash has flipped back on FSFA. However, if you read this article, you will see that, despite the cheery title, it’s only a stopgap to shorten the window time of availability, not quantum proofing.

This article from 2014 states the actual problem rather nicely: “The average transactions size is currently about 500 bytes, either CMSS or GMSS would push it up over 4000 bytes. That means you could be looking at an increase in the size of the block chain of upwards of 700% (it’s actually 800%). The blockchain is currently at 12.7** gigabytes. Had Bitcoin employed either of these signature schemes from the beginning, it would be over 100 gigabytes right now. Signature and key size isn’t a problem that is unique to hash-based signature schemes either, most of the others are in the same ballpark. Also, note the insane keygen time for GMSS. If you left your computer running for 24 straight hours you would have only generated 3 bitcoin addresses and that’s using the optimized variant with larger signatures! I suspect, however, that an ASIC hardware wallet would significantly improve that performance. Keygen for CMSS isn’t that bad”. (**Note: bitcoin is currently at 160 GB so that would be 1.2 TB. Ethereum is currently over 1TB, so it would be around 8 TB)

I chose Bitcoin as an example because it is relatively lean as it doesn’t have smart contracts. Ethereum already is a hot mess with validating nodes being replaced by light nodes. Implementing a block size cap to stop this exodus will raise fees and prevent Dapps from working. So they definitely are not in a position to implement quantum addresses. Read more here.

And the takeaways are:

  1. Blockchains other than Bitcoin are scaling exponentially without a solution to the blockchain size. (They claim Moore’s law is going to save them)
  2. Adding quantum proof addresses to the blockchain size increases it by 800% due to the huge addresses required of quantum proof. Large blockchain size is bad because of node processing requirements
  3. Transactions would change radically, i.e. the current wallets would have to change. Quantum addresses can only send once before becoming a security risk
  4. It would be hard to soft fork with the current scaling difficulties of first generation blockchains

Some people have even laid out the scenario of what it would take to ‘port’ Bitcoin. It’s not pretty. Read more here.

6. Okay, so why isn’t every new blockchain enabling quantum resistance?

Some of the cutting edge coins that one author collectively calls non blockchain “math coins” have approached it. IOTA would be one of these and unfortunately it’s a hot mess with coins being zapped from users wallets and held hostage by the foundation, developers lashing out etc…and basically it’s not really working.

Functional Quantum Computer resistant blockchains are difficult to build because you have three challenges:

  • You have to deal with extremely long signatures: possibly a page long. These are awkward to track and to handle
  • These signatures become vulnerable after one spend from the wallet. The public key of an address is not revealed while unspent. So the Quantum cracker needs to reverse SHA256 and RipeMD160 before getting to the public key (and able to reverse to private key)
  • Blockchains are growing exponentially in size which means slow and expensive transactions. Even Moore’s Law of increasing computational power cannot resolve the runaway size of current blockchains such as ETH which is currently over 1TB. Sidechains bound to regions (as in physical locations), with eventual settlement on the global mainchain

As you can see, adding an quantum resistant algorithm isn’t the hard part. But how to make something work AFTER you add the signatures is what these projects haven’t solved yet.

7. Okay, but what coins are trying to quantum proof?

Various cryptocurrencies on the market have begun to approach these challenges…. on their roadmaps. As this author puts it rather well:

“The rule in blockchains is: hypotheticals are worthless….If someone in crypto says something’s coming soon, that’s nice, but it should absolutely not be treated as “exciting news” until they have a product — and the product doesn’t fail in some hilariously obvious manner. No white paper without a product should be taken as “exciting news”. Unless you are actually a mathematician or a computer scientist and have a direct professional interest.”

While there are a few small coins that have added these long signatures, they haven’t figured out how to compress or handle the one time addresses. You could say they’ve presented the problem — it’s not like quantum proof algorithms are hard to find — the EU has funded the Post Quantum Cryptography group to gather and analyze candidates. But presenting a feature that has obvious challenges and not solving the challenges is not what I’d call a working product.

The non-blockchain coins that are also touting quantum proofing are what I will refer to them as math coins. They’re not working too great right now either. Read more here.

So this is where Mochimo differs. Not only is the quantum proofing code vetted by Hulsinger, a cryptography expert, it’s up and running. People are beta mining right now and the mainnet will be live on June 30th 2018. The code is on Github for review and blocks are being solved.

8. Who are the major quantum players (besides Mochimo)?

Here are some examples of differing approaches to the quantum threat:

Semi solutions and stopgaps

  • Bitcoin Cash has reimplemented FSFA is a p2p full node policy which, in the article, helps with the issue though not fully. Read more here

It’s on our roadmap

  • Quantum Resistant Ledger (QRL) — despite it’s moniker, has yet not implemented quantum resistance although it is on the roadmap
  • NEO — also has quantum resistance on its roadmap. However, as its white paper states, it’s currently using secp256r1: “Public keys in AntShares are generated by the private key through the ECC (Elliptic Curve Cryptography) curve algorithm. The algorithm used by AntShares are secp256r1 and SM2 (Chinese commercial cryptographic algorithm).”
  • Cardano — has a milestone to implement quantum resistance to their ledger in the first semester of 2018

We put it in but we can’t handle it

  • Snowflower — did put in quantum algorithm but hasn’t solved the issues that these quantum addresses create. If you haven’t solved scaling or built in decentralization or only have addresses you can only use once? Well, then all you’ve got is a really bloated blockchain with long addresses

9. Okay, so what’s Mochimo’s secret sauce?

Just in case you were wondering, the answer isn’t sharding or delayed transaction child chains. Nor are we a hard to understand math coin, i.e. non-blockchain technology. We’re a fourth generation blockchain.

To accommodate the huge quantum addresses and single spend issue of these addresses, we’ve decided our blockchain needs to learn how to control its size permanently. It’s not slow growth, it’s no growth.

So our first challenge was: keep it small forever. No more exponential blockchain bloat because bloat leads to fewer validating nodes.

It’s BlockCrunch and Trigg’s Algorithm, a new consensus mechanism. Mochimo understands that starting well is not enough. You have to have stop gaps to prevent erosion. Unfair transaction queue jumping, centralization, slow speeds, unsafe node centralization, big miners, runaway blockchain size….all these things can prevented if the blockchain is built with these things in mind. The history of Bitcoin has taught that if something is left to its own devices, it will eventually centralize and become insecure.

So, to make a long story short, I was so excited at the end of all my research that I offered up my user experience services to the Mochimo team. Now I’ve been part of the team for six months. I had no idea when I first came on how beautiful the Mochimo Tech was. Yes, beautiful.

Part of Trigg’s Algorithm, the consensus mechanism, generates AI haikus. So we have HPS instead of TPS. Haikus per second.

But that will all be explained in my next articles — Trigg’s Algorithm: Building in Fairness, and BlockCrunch: Scaling the Blockchain

Until then, enjoy finding out about Mochimo through:

  • You can see the whitepaper and preview our GUI wallet on our website: www.mochimo.org
  • Start preparing to launch by setting up a node on Mac or PC
  • Join our Slack channel here.
  • Watch this Mochimo overview video:

We’re going live with the main net on Jun 30 and our PC desktop wallet will be ready by June 30th with the Mac wallet coming soon afterwards in July.

So hope we see you on the Slack channel!

Mochimo Crypto

Next Generation Cryptocurrency

Hadrian Cho

Written by

Mochimo Crypto

Next Generation Cryptocurrency

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade