Code Cracking: Will Quantum Computing Allow Hackers to Drain Crypto Wallets?
Dec 21, 2018, 1:46PMQuantum computing could threaten blockchains by cracking public key encryption and draining crypto address balances. Can the threat be stopped?
This is part one in a two-part series on quantum computing and the security threat (or opportunity) it poses to current blockchain applications. Part one looks at the impending threat of quantum hackers cracking private key codes. Part two will look at the effect quantum computing will have on blockchain mining and consensus.
Quantum computing has the potential to completely revolutionize the world of technology. Whereas computers have traditionally used bits to store information in binary states, quantum computers rely on qubits, which can exist in multiple states at once. This feature allows quantum computers to be astronomically more efficient than current computers.
One of the areas in which quantum technology has already been applied is cryptography. Encryption involves mathematical operations that are simple to perform, but difficult to reverse. This is why, when you use cryptocurrency, you can generate a public key (or address) from your private key, but people who send you money cannot derive your private key from your public address.
As far as blockchain is concerned, quantum computing poses two possible problems. One problem is the possibility that quantum computers could dominate cryptography-based blockchain networks, such as mining networks. However, this article focuses on a more imminent problem: the possibility that quantum computers will be able to "crack" crypto addresses, allowing hackers to steal private keys and drain crypto balances from wallets.
At the moment, all encryption schemes – including the type used by Bitcoin – are so strong that they are impossible to break with today's computers in any reasonable timespan. However, quantum computers may be able to quickly break current encryption schemes in the imminent future.
In a worst-case scenario, this problem could render most of today's blockchains obsolete in terms of storing funds safely. Luckily, many emerging blockchain platforms are taking into account the threat that quantum computing poses. Let's take a look at a few ways that blockchain platforms can keep key encryption safe.
Stronger Encryption
As noted, key cracking could become a major focus for quantum attackers. For this reason, some blockchains are implementing encryption algorithms that are more difficult to break than current schemes. These advanced algorithms are variously referred to as post-quantum or quantum-safe encryption schemes.
Platforms such as IOTA, the Quantum Resistant Ledger, and Hcash have taken this approach. These platforms use quantum-resistant algorithms like Winternitz, BLISS, XMSS, and DILITHIUM. Although the details of these algorithms are beyond the scope of this article, one common aspect should be noted: most quantum-safe algorithms produce public keys that can only be used once. This limitation is discussed below.
Limitations On Public Keys
Most blockchains use a public ledger that records public keys (or addresses) whenever a transaction is made. At the moment, this merely poses a small privacy risk: if you reuse a Bitcoin address, people can trace the activity of that address. But with the advent of quantum computing, public keys could provide attackers with enough leverage to deduce a private key and steal funds.
This means that reusing quantum-safe addresses is a security issue — not just a privacy issue. In IOTA, for example, part of a private key is revealed each time funds are sent from an address. This means that IOTA cannot simply use a strong quantum-safe algorithm: it also must safely manage addresses on behalf of its users through automation. This essentially involves moving unused balances to a new address after any address sends IOTA tokens.
One-time addresses are not a solution to quantum threats on their own, but they are an important part of strong quantum-resistant encryption. However, there are other ways of limiting the damage a quantum attacker can do with a public key: Nexus, for example, uses special signature chains with usernames, passwords, and PINs in order to obscure public keys without changing addresses. (IOTA, incidentally, is working on reusable addresses as well.)
Private Blockchains
Another way to solve the problems posed by public keys is to sacrifice the public nature of blockchain altogether. Most blockchains are public, meaning that anyone can participate on the network. This is one of the major appeals of blockchain technology: a system that is controlled by no authority but the collective consensus of its users.
However, some platforms, such as IBM Hyperledger, allow groups to develop their own private blockchains with traditional authority and permissions. Private chains could inadvertently provide quantum resistance by only allowing approved users to access a blockchain. Although private blockchains are not an ideal basis for a widely-distributed cryptocurrency, there would be no public ledger to reveal addresses in broad daylight.
In other words, quantum attackers would not necessarily have access to a private blockchain network, and this could make quantum-based key cracking less feasible. However, since network administrators are fallible, it is possible that attackers could gain approval on private blockchains due to human error or traditional hacking methods.
Conclusion
Quantum computing poses an impending threat against blockchain platforms — particularly in the area of public keys and addresses, which are a major weak point. Although many platforms are certainly making efforts to resist this new wave of computing, whether improved encryption schemes can fend off this threat remains to be seen.
One issue is that the quantum computers that have been developed by IBM, Intel, and Google are not yet strong enough to pose a serious threat in any domain. As a result, quantum-resistant blockchains have no way to prove their worth to investors and users, and few quantum-resistant blockchain ledgers have risen to prominence.
Hcash was a flash-in-the-pan platform: as HyperCash, it quickly rose to #21 on CoinMarketCap, but then fell through the ranks – it now sits at #90. The Quantum Resistant Ledger also remains low-profile, as it rests at #251. IOTA has certainly made a name for itself and holds position #13, but quantum-resistance is just one of its selling points. In other words, quantum-resistant platforms may simply be ahead of their time.
Next time, we'll look at how blockchain platforms may be affected by quantum computing at a deeper level. Blockchain platforms may face quantum computing at the level of mining and consensus, node networks, or even the most basic blockchain code. Quantum computing poses less of a threat at this level, but the trend will nevertheless force blockchain projects to innovate.
Disclaimer: information contained herein is provided without considering your personal circumstances, therefore should not be construed as financial advice, investment recommendation or an offer of, or solicitation for, any transactions in cryptocurrencies.