Quantum Computing vs Cryptocurrency: The Race for Post-Quantum Security

What is quantum computing, and how does it threaten cryptocurrency?

Quantum computing is projected to have vastly more computing power and speed than standard computing, though for now it exists only in small-scale, highly controlled environments. Rather than classical computing’s ‘bits’, which can only have either a zero or a one value, it uses ‘qubits,’ which can exist as a zero and a one at once across a range of probabilities using a principle called superposition. A quantum register of multiple qubits can harness this superposition across the set of qubits and further chain interconnected qubits’ potential together using a process called entanglement, both of which increase potential computational power exponentially.

Quantum computers will be part of Industry 5.0 (advanced technology improving society) since they can rapidly accelerate drug development, machine learning, and agricultural efficiencies.

However, quantum computers also enable Shor’s algorithm, which uses quantum mechanics to mathematically determine which two prime numbers were used to produce a larger prime number (a linchpin of conventional computer security). With a powerful enough quantum computer, it can crack the public keys of cryptocurrency faster than ever thought possible. For this reason, new quantum-secure cryptographic methods are needed to protect cryptocurrencies into the future.

Considering quantum computing vs cryptocurrency, the foundational security principles underlying those currencies (and indeed online communications and transactions in general) begin to crumble.

Cryptocurrency transactions rely on the cryptographic algorithm RSA (an acronym for its three original developers). RSA is an asymmetric process of public keys and private keys that converts a message to ciphertext, which involves multiplying two large prime numbers (kept secret) to get a much larger number (publicly available).

With Bitcoin, for example, you generate a random address related to a public key and keep a private key for performing coin transactions with that address. The private key contains the cipher for determining which two original numbers produced the larger number, thus unlocking the public key. Determining those numbers through brute force could take billions of years with standard computing, but potentially only hours or minutes with a sufficiently powerful quantum computer using Shor’s algorithm to run many calculations simultaneously and employing Fourier transforms to help improve the iterations’ guess values.

Some best practices help guard against this: using p2pkh (pay-to-public-key-hash) rather than p2pk (pay-to-public-key) addresses to prevent the public key from initially revealing the address; not reusing addresses for transactions; and keeping track of your private keys.

Even with all that, though, once you transfer cryptocurrency from an address, it could be vulnerable to quantum computing attacks until the transaction is mined (a computationally intensive process that officially enters the transaction on the blockchain record). In Bitcoin, this window is usually about 10 minutes. If someone with a quantum computer can derive your private key from your public key within that time, they could attempt their own transaction using those keys, but using their address instead—thus stealing your access to those coins and their value.

Quantum computers are still years away from that computing scale, but once they get there (and it may only be 10 years away as development races forward), cryptocurrency transactions will become very vulnerable.

Given the demonstrated computational superiority of quantum computing vs cryptography, measures need to be taken to protect our personal information, communication, and money from malicious actors using sufficiently advanced quantum computers someday.

Achieving widespread post-quantum cryptography is no small task. Even once quantum-secure methods are achieved, they’ll also require user consensus, new industry standards, commercially viable software, and consumer trust in these concepts. All of these can take years or decades, time we may not have, depending on how quickly quantum computing develops.

This underscores the need to develop strong post-quantum cryptography methods now. Some methods have been developed, but they often come with cumbersome key sizes or signature sizes, which prevent them (for now) from being practically convenient for consumers to use.

Quantum-resistant blockchain and cryptocurrencies will first require more secure cryptography methods:

• Lattice-based cryptography: This is one of the most promising forms of quantum-resistant cryptography. It involves constructing interrelated vectors into a lattice (like a 2D grid or 3D space, but usually a field with several more dimensions than that). Cracking this requires solving mathematical lattice problems, such as finding the shortest vector in a lattice, which even quantum computers couldn’t solve quickly
• Hash-based signatures: This system assigns each bit in a group of values a randomly generated value as a private key, each one of which is then hashed into a public key. This gets more complicated (and less user-friendly) for securing objects with more bits since you need to generate more random values and their hashes, but there are methods for getting around that, like Winternitz One Time Signatures and Merkle trees
• Code-based cryptography: This introduces errors to public keys to make decoding them without the private key (a specialised type called a Goppa code) much more difficult
• Multivariate polynomial cryptography: This uses a series of quadratic equations (like 3x² + 2y − z, only with far more variables than that) that need the correct values for the variables to unlock the public key, though the private key sizes can be large

Now, here are some specific cryptocurrencies built with quantum security in mind:

• Mochimo: It focuses on quantum-secure digital signatures using a quantum-secure algorithm called the Winternitz One-Time Signature Plus (WOTS+). This foundation of secure signatures aims to ensure that transactions remain secure from quantum computing
• Quantum Resistant Ledger: QRL has been a forward-thinking pioneer as a cryptocurrency with strong quantum security. It uses hash-based signatures, is open-sourced, and MIT-licensed

Beyond this, some projects aim to encourage development in quantum-resistant cryptography. The USA has the Quantum Computing Cybersecurity Act, requiring the development of protection against quantum attacks on government systems. As part of this, the National Institute of Standards and Technology (NIST) held a Post-Quantum Cryptography Standardisation competition to find the best quantum-resistant algorithms to use for government cryptography standards. The ones selected included:

• CRYSTALS-Kyber: a lattice-based key encapsulation, and now officially called FIPS 203
• CRYSTALS-Dilithium: a lattice-based signature algorithm, now called FIPS 204
• SPHINCS+: a hash-based signature algorithm, now FIPS 205

So, quantum-resistant cryptography is in the works, but essentially needs to beat quantum computers to the general market.

So, with the disadvantages and vulnerabilities of blockchain vs quantum computing, will blockchain continue to be useful once quantum computers become more practical? Should you upgrade your legacy systems’ security or abandon them in favour of new, quantum-secure systems? Blockchain systems that fail to safeguard against quantum computing will be increasingly vulnerable.

Along with Shor’s algorithm’s threats to the public/private keys of blockchain, quantum computing also enables Grover’s algorithm, which threatens the security of the hashes that enable blockchain’s characteristic tamper resistance and immutability.

Blockchain and cryptocurrency also face the looming threat of ‘harvest now, decrypt later’. Malicious actors could collect public keys and then bide their time. Upon the advent of practical quantum computing, they could retroactively unlock those keys and steal the data.

When assessing a legacy system, consider Mosca’s Theorem: How long do you need your data to be secure (x), how long will it take to convert it into a quantum-secure encryption (y), and is the sum of those periods of time greater than the time until the creation of a hypothetical quantum computer that can crack your existing encryption (z)? If x + y > z, then your data has insufficient protection.

Adapting a legacy blockchain system to be quantum-secure could be effective, but it could also be exceedingly complex, miss some vulnerabilities, and take a similar amount of effort as adopting a new, quantum-secure method would. Therefore, you should carefully consider the most secure, cost-effective way to ensure the protection of your data in a post-quantum world.

Though quantum computing has ceased to be science fiction, its security threats’ effects are still not a reality (yet). Remember that qubits are fragile, meaning the slightest disturbance or temperature change can alter how they behave computationally. This requires constant, extreme cooling along with insulation from noise sources like magnetic fields and radiation, keeping quantum computers scaled for threatening cryptocurrency still far from practical. These present limitations may only be as little as 10 years away from being overcome, though, so developers all across the digital world need to develop mitigation measures now.

Investors in these currencies need to consider which ones are quantum-secure now, which are working on achieving that, and which are far from it. And once quantum computing starts cracking cryptocurrencies that use conventional security, those currencies’ value may swiftly drop due to their vulnerability, leaving investors both less secure and less wealthy. That alone could make cryptocurrencies with strong protection against quantum computing a better long-term investment choice.

If you’re building a custom computer that needs strong computational power, browse our semiconductors today.

Cryptography: A system using a specific word, phrase, or scramble of code to decode something.

Blockchain: A ledger of interconnected computerised records that’s publicly available. Once information is entered in a blockchain, it’s inalterable and thus considered indisputable.

Cryptocurrency: A system of assigning ownership and value to portions of a blockchain. This system is independent of governments and banks and considered highly secure due to blockchain’s inalterability and public consensus-based nature.

Public and private keys: Two paired scrambles of code that are part of a system of cryptography used to authenticate cryptocurrency transactions. Any user can send a crypto transaction to a public key, but it can only be unlocked with its private key, which only the authorised user should have access to.

Mining: A computationally intensive process that officially enters a crypto transaction on the blockchain record. During this period, the transaction could be vulnerable to malicious quantum computing.

Shor’s algorithm: A mathematical operation that can determine which two prime numbers were multiplied to produce a known larger prime number (which conventional computer security assumes is impractical). This algorithm requires quantum computing at a practical scale.

Fourier transform: Another mathematical operation used for determining what parts were used to produce something. It’s used in Shor’s algorithm.

Qubit: The physical processing parts of a quantum computer. Each can exist as both a zero and a one across a range of probabilities. This enables far greater computational power than conventional bits, which are essentially switches with only two states.

Quantum computing: The process of utilising qubits to perform computing at speeds exponentially faster than conventional computers.

Superposition and entanglement: Processes of making qubits work together to achieve their incredible computational power.