The quantum computing threat that isn’t
We were privileged to join a discussion on quantum computing with noted experts Prof. Dr. Thomas Elsässer from Humboldt University Berlin and Dr. Björn Stein, CTO at Quantum Factory (aiming to build one of the first commercially viable quantum computers), that also covered, among other things, the question whether quantum technology will put current cryptography used in blockchain at risk. TL;DR: It does, in parts, but remediation is either already available, or actively being worked on.
Cryptography is applied in the following main areas in blockchain technology:
- Hashes ensure the integrity of the blockchain through the new block including the hash (essentially a digest of the contents) of the previous block, thus ensuring immutability as any tampering could be easily detected
- Digital signatures are used to authenticate new transactions
- In addition, the actual data on the blockchain could be encrypted, and hence subject to quantum computing threats, but as many of the algorithms used are already included in the previous two cases, we will not investigate this area further in the scope of this article
Symmetric and hash algorithms
Hashes are vulnerable to Grover’s Algorithm that allows for a faster processing path for brute force attacks. For symmetric key algorithms, such as the widely used Advanced Encryption Standard (AES), where the strength of the algorithm is directly correlated to the length of the digest (hash), it follows that quantum computing would reduce the effectiveness of the key by half. As AES is defined in the NIST standard with key length of 128, 192 and 256 bits, the strongest variety would provide protection even in a quantum computing world.
For hash algorithms like the frequently applied SHA-2 and SHA-3, the strength of the algorithm is typically one half of the length of the key, the security level is reduced to one third of the digest size. This implies that a SHA2 or SHA3 algorithm with a 384 bit key size should be used, and the currently applied 256 bit key size algorithms in Bitcoin and Ethereum are not secure (but could be easily secured by a move to a 384 key).
Digital signatures
Public key cryptography is a so-called “hard problem” that is easy to calculate in one direction, but very difficult to solve in the other direction. Hard problems are vulnerable to Shor’s Algorithm, which makes the widely used Elliptic Curve Digital Signature Algorithm (ECDSA) used in blockchain insecure in a quantum world. The question is when would that risk materialize.
At the end of 2017 and in early 2018, the major players in the quantum computing space, IBM, Intel and Google, have announced quantum computers with 49 or 50 physical qubits. Physical qubits are incoherent, and hence a large number of them is required to represent one stable qubit. For RSA with a 2048 bit length, it is estimated that about 5,000 logical qubits are required (some experts even quote a number into the five digits), which in turn will require at least one million, or even several orders of magnitude more, physical qubits. There is a long way from 50 to 1 million qubits, although the technology will certainly not develop linearly. The most aggressive estimates for technology advancement, and hence the most conservative estimates from a security perspective, assume 10 to 15 years. In the interim, efforts are under way in Europe and in the US (through NIST) to develop new, quantum-resistant technology. It is expected that reliable solutions will be in place with 3 to 5 years.
If you found value in this article, please “clap” (up to 50 times).
This article is part of our Tokyo FinTech Publication, please follow us to read more from our writers, like hundreds of readers do every day. Should you live in Tokyo, or just pass through, please also join our Tokyo FinTech Meetup.
