Thursday, 19 September 2019

The Threat to Bitcoin from Quantum Computing

Quantum computing is here although it’s far away from making it into the mainstream. To make a long story short, it will revolutionize computer hardware and be a lot faster than traditional machines. This will pose a problem for Bitcoin and other blockchain projects because they rely on difficult math problems which normal computers have problems solving, including the encryption of the keys.

I recently had the opportunity to sit on a panel with Gavin Brennen of Macquarie University in Sydney, Australia, a physicist and one of the world experts on this topic. He presented a very nice paper that examined the perceived danger in some detail.

Proof of Work

At the root of the threat is the remarkable speed of quantum computing, which is far more efficient than classical computing at performing key functions that make the blockchain work, namely hashing operations and proof of work (PoW). With quantum computers, the proof of work standard can be met with far less energy and time which could potentially hack existing mining operations and centralize the network. In addition, quantum computing could pose a threat to standard cryptography by cracking keys in a way that could pose security risks, at least in theory.

Mr. Brennen and his co-authors set out to examine the likelihood and timeframe when this threat becomes real. The results are far more boring that you would expect. Their simulation models come to the following conclusion.

The extreme speed of current specialized ASIC hardware for performing the hashcash PoW, coupled with much slower projected speeds for current quantum architectures gives quantum computers no advantage. Future improvements to quantum technology allowing speeds up to 100GHz could allow quantum computers to solve the PoW about 100 times faster than current technology.

However, such a development is unlikely in the next decade, at which point classical hardware may be much faster, and quantum technology might be so widespread that no single quantum enabled agent could dominate the PoW problem. The threat is not that the network becomes too fast, as the network difficulty could increase infinitely. The threat is that a single quantum computer or a group of computers could get more than 51 percent of the network’s computing power and take it over.

The paper’s results show that the problem cannot become an issue for another 10 years but even following, there is no real threat to the existing Bitcoin network.

The Signature Threat

What about the second threat to cryptography posed by better signature-cracking technology. This one is more real but not without solutions. The problem is that “the signature scheme can be broken in less than 10 minutes…as early as 2027.” The most serious problem concerns the following scenario:

After a transaction has been broadcast to the network, but before it is placed on the blockchain it is at risk from a quantum attack. If the secret key can be derived from the broadcast public key before the transaction is placed on the blockchain, then an attacker could use this secret key to broadcast a new transaction from the same address to his own address. If the attacker then ensures that this new transaction is placed on the blockchain first, then he can effectively steal all the bitcoin behind the original address.

What can be done? Mr. Brennen presented a number of post-quantum signature schemes that would protect against such a scenario. He points out that there are at least four classes of known solutions to the problem and alternatives within each, all within reach of programmers today. Moreover, there are ten years of lead time to get there and adapt them to the protocol.

All of which is to say: this quantum threat to Bitcoin is mostly a red-herring, not entirely false but a fixable issue, especially given the robust network behind cryptocurrency and the strong incentive to provide the best security possible.


Legal disclaimer: The insight, recommendations and analysis presented here are based on corporate filings, current events, interviews, corporate press releases, and what we've learned as financial journalists. They are presented for the purposes of general information only, and all the information belongs to the original publishers. These may contain errors and we make no promises as to the accuracy or usefulness of the information we present. You should not make any investment decision based solely on what you read here.

Creamcoin Marketcap