Is Quantum Computing a Threat to Blockchain?

A paper published recently in the Nature magazine suggests that blockchain could become obsolete by quantum computing. The scientists argue that …

A paper published recently in the Nature magazine suggests that blockchain could become obsolete by quantum computing. The scientists argue that quantum computers can break the cryptographic codes of a blockchain within a decade. By 2025, up to 10 percent of the global gross domestic product will probably be stored in blockchains.

Quantum computing is a threat to technology blockchain because it increases the fundamental security assumption of elliptical curve cryptography, namely that computers cannot effectively factor large numbers. Quantum computing in practice poses only a minor threat. In practice, Cryptography with a public key is a standard encryption and authentication technique. This technique is used for Internet connections (HTTPS), blockchains, etc. Its security relies, most of the time, on difficult mathematical problems, such as integer factorization, that a traditional computer cannot easily break.

With the peer-to-peer (P2P) network of distributed nodes, the blockchain encryption is secured from most traditional hacking attempts. An attacker can insert a central database and have access to your account numbers and balances in a traditional banking system. If a hacker tries the cryptocurrency block to be modified and the private key redirected, the other nodes on the network will stop the move. Theoretically, such a change could be made by the hacker only if more than 50 percent of blockchain nodes could be modified simultaneously. Computers today do not have the power to perform such a time-limited attack, but quantum computers can pose a new threat. Quantum computing is based on what is referred to as qubits, allowing systems to process values between 0 and 1 and to offer an exponential level of performance.

It’s hard to predict the future. Building a quantum computer is extremely difficult, but the potential to solve major problems that classic computers cannot solve encourages big companies to spend a lot of time and resources first, and progress is quickly made. The greatest danger is that weak defenses against quantum computers are the two asymmetrical cryptographic algorithms (RSA and ECC), which form the basis for all modern encryption in the world. As effective quantum computers become a reality, cryptographic systems are transformed into new encryption algorithms designed against quantum computers. The magnitude of this transition is hard to overemphasize. In the next decade or two, virtually all of the cryptographic software and hardware will have to be reconstructed and replaced. This is a long and complex process, and industry experts will have to work hard to prepare for the major transition.

Related Posts:

  • No Related Posts

Serious Security: Post-Quantum Cryptography (and why we’re getting it)

Traditional computers work with binary digits, or bits as they are called for short, that are either zero or one. Typically, zero and one are represented by …

Traditional computers work with binary digits, or bits as they are called for short, that are either zero or one.

Typically, zero and one are represented by some traditional physical property – a hole punched in a tape, or no hole; a metal disc magnetised one way or the other by an electric current; an electronic capacitor that holds a charge or not; and so on.

Quantum computers aren’t like that – they work with qubits, which can essentially represent zero or one at the same time.

In theory, that makes it possible to perform calculations in parallel that would normally require a loop to do them one at a time.

The qubits represent what quantum physicists would call a superposition of all possible answers, tangled together through the mystery of quantum mechanics.

The idea, loosely speaking, is that for some types of algorithm, a quantum computer can calculate in N units of time what would otherwise take 2N units of time to work out.

In other words, some problems that are conventionally considered to be exponential time algorithms would turn into polynomial time algorithms.

Multiplication versus exponentiation

To explain.

Exponents involve “raising something to the power of X”, and exponential functions grow enormously quickly.

Polynomials involve “multiplying X by something”, and even though polynomial functions can grow very fast, they’re much more manageable than exponentials.

Here’s a thought experiment: lay 40 sheets of office paper on top of each other to create a pile 40 times thicker than one sheet – about 4mm in total.

Now imagine taking the top sheet and folding it in half 40 times.

That many folds are impossible in practice, of course, but if you could do it, you’d end up with a piece of paper more than 100,000 kilometres thick.

Two more folds and you’d be further out than the moon.

42 folds gives you 242 layers of paper. 242 is 4.39×1012. If a layer of paper is 0.1mm thick, that’s the same as 10-7km, so the total height is 4.39×105km, or just under 440,000km. The moon is always closer than that to earth.

As a result, many people are worried that quantum computers, if they really work as claimed and can be scaled up to have a lot more processing power and qubit memory than they do today, could successfully take on problems that we currently regard as “computationally unfeasible” to solve.

The most obvious example is cracking encryption.

If your security depends on the fact that a crook would need months or years to figure out your decryption keys, by which time he’d be too late, then you’re in trouble if someone finds a way to do it in seconds or minutes.

Code cracking made polynomial

Here’s the difference between exponential time and polynomial time in measuring the cost of cracking codes.

Imagine that you have a cryptographic problem that takes 1,000,000 loops to solve today if you have a 20-bit key, but by doubling the key to 40 bits you square the effort needed, so that it now takes 1,000,000,000,000 loops. (Actually, 240, which is approximately a million million, or one trillion.)

Imagine that you can do 1000 loops a second: multiplying the key size by 2 just boosted the cracking time of your cryptosystem one million-fold, from 1000 seconds (under 20 minutes) to a billion seconds (more than 30 years).

Now imagine that a quantum computer’s cracking time doubled along with the keylength, instead of squaring – your added safety margin of 30 years just dropped back to an extra 20 minutes, so a key that you thought would keep your secrets for decades wouldn’t even last an hour.

In other words, if reliable quantum computers with a reasonable amount of memory ever become a reality – we don’t know whether that’s actually likely, or even possible, but some experts think it is – then anything encrypted with today’s strongest algorithms might suddenly become easy to crack.

TEOTWAWKI?

Is this the end of the world as we know it, at least for cryptography?

Fortunately, the answer is, “No,” because there’s a catch.

If you loop through 256 possible solutions to a problem using a conventional algorithm and 16 of them are correct, you end up with a list of all 16 possibilities, thus reliably ruling out 240 of them.

From there, you can go on to dig further into the problem, knowing that you will eventually solve it because you’ll end up trying every valid path to the answer.

But with quantum computers, even though you can do a whole load of calculations in parallel because the qubits are in multiple quantum states at the same time, you can only read out one of the valid answers, at which point all the other answers vanish in a puff of quantum collapse.

You can calculate and “store” multiple answers concurrently, but you can’t enumerate all the valid answers afterwards.

If you’ve heard of Erwin Schrödinger’s Cat, you’ll recognise this problem.

Schrödinger’s Cat is a thought experiment in which a “quantum cat” hidden out of sight inside a box may simultaneously be both alive and dead, because quantum cats can be in both states at the same time, provided you aren’t looking at them. But as soon as you open the box to see this amazing creature in real life, it immediately adopts one of the possibilities – so opening the box may kill the cat instantly. You can’t figure out in advance if it’s safe – safe for the cat, that is – to open the box.

So if your quantum computer can do, say, 256 computations in parallel, you have to make sure that that there’s only one correct answer that can emerge before you go on to the next stage of the algorithm, or you might have discarded the path that leads to the right answer later on.

In other words, you might be able to “solve” each stage of a problem much faster than before, yet hardly ever get the correct answer, meaning that you’re stuck with repeating your “fast” calculations over and over again until you get lucky all the way through and end up at the genuine solution.

As a result of this stumbling block, not all encryption algorithms will be vulnerable to quantum cracking, even if a viable quantum computer is ever built.

Which algorithms are at risk?

Unfortunately, quantum computer calculations based on a process known as Shor’s algorithm just happen to provide super-quick solutions to various mathematical problems that we currently rely on heavily in modern cryptography.

Algorithms such as SHA-256 (used in hashing, for example to store passwords securely) and AES (used to encrypt files and hard disks securely) can’t be cracked with Shor’s algorithm.

But the algorithms that are widely used today for public key cryptography – the way we set up secure, authenticated web connections, for example – can be attacked quickly with a quantum computer.

When we encrypt data over a secure web connection, we usually use a non-quantum-crackable algorithm such as AES to keep the data secret, after agreeing on a random AES key first.

So far, so good, except that we use public key algorithms, such as RSA and elliptic curve cryptography (ECC), to do our initial AES key agreement, and those public-key algorithms can be attacked using Shor’s algorithm.

In other words, quantum computing can’t crack the AES encryption, but it doesn’t have to because it can crack the AES key instead, and then decrypt the AES data directly.

What to do?

Some experts doubt that quantum computers can ever be made powerful enough to run Shor’s algorithm on real-world cryptographic keys.

They suggest that there’s an operational limit on quantum computers, baked into physics, that will eternally cap the maximum number of answers they can reliably calculate at the same time – and this upper bound on their parallel-processing capacity means they’ll only ever be any use for solving toy problems.

Others say, “It’s only a matter of time and money.”

Rather than simply bet that the first group are right, US standards body NIST is currently running a competition to design, analyse and choose a set of new algorithms for public key cryptography that are considered uncrackable even if a quantum supercomputer does get built.

The project is very much like previous crypto competitions that NIST has run, with a similar motivation.

In the 1990s, NIST ran a contest to select AES, needed to replace the no-longer-quite-safe-enough DES algorithm.

In the 2000s, the competitive target was SHA-3, a cryptographic hashing algorithm that was standardised just in case someone finds a way to crack SHA-256, and we need a trustworthy replacement in a hurry.

This latest contest is known as the PQC Standardization Challenge, where PQC stands for Post-Quantum-Cryptography.

The process has been running since April 2016, when NIST started accepting proposals, and entered its first evaluation stage in November 2017, when NIST stopped accepting new algorithms for consideration.

On 30 January 2019, the project went into Round 2, with NIST announcing that 26 out of the original 69 submissions were through to what it calls the ‘semifinals’.

NIST expects the next stage of evaluation to take 12 to 18 months, after which there may be a third round, and then official standard algorithms will be picked.

Why so long?

The process is taking a long time because cryptanalysis is hard.

Peer review, unbiased assessment and a transparent process to choose open standards can’t be rushed, not least because deciding that a cryptographic algorithm doesn’t have holes is effectively proving a negative.

If you find a hole, then your search is over and your work is done; if you don’t, assuming you haven’t come up with a formal mathematical proof of security, then there’s always the chance that with a bit more effort you might find something you missed before.

Additionally, rushing the process would inevitably ends up creating concerns that NIST, which is a US government organisation, was keen to approve something it knew it could crack but figured other countries couldn’t.

Lastly, NIST is trying to cover a lot of bases with its new standards, as NIST mathematician Dustin Moody explained:

“We want to look at how these algorithms work not only in big computers and smartphones, but also in devices that have limited processor power. Smart cards, tiny devices for use in the Internet of Things, and individual microchips all need protection too. We want quantum-resistant algorithms that can perform this sort of lightweight cryptography.”

In addition to considering the multitude of potential device types that could use the algorithms, the NIST team is focusing on a variety of approaches to protection. Because no one knows for sure what a working quantum computer’s capabilities will be, Moody said, the 26 candidates are a diverse bunch.

Who will win?

The new algorithms have a wide range of names, including some really funky ones…

…but we’re sure that the names will not have any influence on the outcome.

The 17 semifinalist algorithms for public-key encryption and key agreement are:

 BIKE Classic McEliece CRYSTALS-KYBER FrodoKEM HQC LAC LEDAcrypt NewHope NTRU NTRU Prime NTS-KEM ROLLO Round5 RQC SABER SIKE Three Bears 

The nine semifinalist algorithms for for digital signatures are:

 CRYSTALS-DILITHIUM FALCON GeMSS LUOV MQDSS Picnic qTESLA Rainbow SPHINCS+ 

As to who will win – only time will tell.

Some of the algorithms proposed have been around for years, but never caught on because they just weren’t as convenient as RSA or ECC.

The McEliece algorithm, for example, was invented by US mathematician Robert McEliece back in 1978, but took a back seat to RSA, and more recently to ECC, because it requires cryptographic keys that are several megabits long.

RSA keys are typically a few thousand bits, and ECC keys just a few hundred, making the use of McEliece over a network connection much more cumbersome than the conventional alternatives.

But by the time an RSA-cracking quantum supercomputer is built, we’ll probably regard a few megabits of bandwith as insignificant…

…and so we might as well get ready now.

Just in case.


Images of punched tape and core memory from Wikipedia.

Related Posts:

  • No Related Posts

NIST shortlists submissions for post-quantum crypto competition

The National Institute of Standards and Technology (NIST) announced that 26 potential algorithms have advanced to the post-quantum cryptography …

Quest to find new quantum-resistant standards

A competition to develop encryption tools which could one day protect against quantum computers has revealed its shortlist of candidates.

The National Institute of Standards and Technology (NIST) announced that 26 potential algorithms have advanced to the post-quantum cryptography ‘semi-finals’, narrowing the field of schemes that could protect sensitive data stored on mainstream PCs, servers, and smartphones.

Although still in the arena of prototypes, quantum computers have the potential to render most current modes of encryption obsolete.

The security of schemes such as RSA and Diffie-Hellman is undermined by the difficulty of factoring the products of two large prime numbers using conventional computers.

The mathematics of elliptic curves, which forms the basis of one-way functions used in other modern crypto schemes, would likewise be vulnerable to attack from future quantum computers.

This threat remains at least 10 years away, but work in developing quantum-resistant cryptography is already well advanced.

NIST opened its competition in December 2016, receiving 82 submissions, out of which 69 met minimum acceptance criteria – this has been narrowed down to a shortlist of 26, following a year-long review process.

“These 26 algorithms are the ones we are considering for potential standardization, and for the next 12 months we are requesting that the cryptography community focus on analyzing their performance,” said NIST mathematician Dustin Moody. “We want to get better data on how they will perform in the real world.”

Of this number, 17 candidates cover public-key encryption and key-establishment algorithms, while a further nine offer a way forward for digital signatures.

Moody told The Daily Swig that NIST was looking to take forward two to three approaches in each category, so there may be as many as five or six ‘winners’ when the competition eventually ends. At minimum, two schemes will be implemented.

The selected algorithms will “supplement or replace three standards considered to be most vulnerable to a quantum attack”.

The three at-risk approaches are: FIPS 186-4 (which specifies how to use digital signatures), NIST SP 800-56A, and NIST SP 800-56B (both of which specify how to establish the keys used in public-key cryptography).

Quantum leap

The second round will involve evaluating the submissions’ performance on a wide variety of systems and devices, from mainframes and smartphones to devices with limited computing power, such as smart cards and IoT kit.

“A wide range of mathematical ideas are represented by these algorithms,” Moody explained.

“Most fall into three large families – lattice, code-based, multivariate – together with a few miscellaneous types. That’s to hedge against the possibility that if someone breaks one, we could still use another.”

Lattice, code-based, and multivariate systems are thought to be resistant to the type of brute force number-crunching attack that could be run using a quantum computer.

By contrast current encryption approaches relying on either integer factorization or the elliptic-curve discrete logarithm problem, the basis of most of the public key crypto tech used today, are not resistant.

A sufficiently strong (and as yet hypothetical) quantum computer would be able to run one of a class of algorithms designed with quantum computers in mind to factor the products of prime numbers in short time.

That would break the whole foundations of schemes such as RSA and simply increasing the key length, as is the current approach, to make keys resistant to brute force attacks from the most powerful conventional computers, would no longer do the trick.

Small steps

In practice, even leading vendors in the nascent field such as IBM and D-Wave Systems have only advanced as far as developing prototype quantum computing devices, way below what would be needed to do integer factorization, a technique that would slice right through public key cryptographic systems.

IBM currently offers 5-qubit and 16-qubit quantum computing systems available through the cloud on the IBM Q Experience.

The system, first established in May 2016 and periodically upgraded since, is built on IBM’s prototype quantum processors.

“Companies, academic institutions, and startups use IBM Q technology and collaborate with IBM Research to advance quantum computing,” according to IBM.

Google, Intel, Microsoft, and others are all also active in the field of quantum computing. Working prototype systems have advanced to be capable of handling between 50-70 qubit at the top end – still a yawning chasm from the thousands of qubits thought necessary to break modern encryption schemes.

It might be possible that there could be quantum computers capable of breaking modern encryption schemes “within 10-15 years”, but “no-one knows for sure” when the industry might be advanced enough to deliver of such lofty targets, Moody told The Daily Swig.

Vendors working on quantum computer systems have steadily advanced the number of qubits they support over time, but there has been “no big breakthrough,” he added.

Seconds out. Round two

Quantum computers may still be years away but that doesn’t mean that developing algorithms to protect secrets in a post-quantum world can be sidelined or put off indefinitely.

NIST will allow the submitting teams to tweak their specifications and implementations before a March 15 deadline. The second phase of evaluation and review is expected to last between 12-18 months.

If anything, the field of post-quantum cryptography is more advanced than quantum computing.

Vendors, including Cloudflare, are already experimenting with post-quantum cryptography. The European Telecommunications Standards Institute (ETSI) is also promoting research in the area by helping to run workshops on quantum safe cryptography.

“It’s a growing field of research,” Moody concluded, adding that NIST was coordinating its work on post-quantum cryptography with ETSI, among other organizations.

Trail of Bits has a more detailed primer on post quantum cryptography that explores the topic in some depth.

Related Posts:

  • No Related Posts

Quantum Computing: Sizing Up the Risks to Security

Within the next five to 10 years, quantum computing will get so powerful that it could be used to break encryption on the fly, predicts Steve Marshall, …

Within the next five to 10 years, quantum computing will get so powerful that it could be used to break encryption on the fly, predicts Steve Marshall, CISO at U.K.-based Bytes Software Services.

“We rely on cryptography to prevent people from decoding our credit cards and to protect highly sensitive data that we share. Quantum computing is going to have a major influence on all of these things,” Marshall says in an interview with Information Security Media Group.

“At the moment, quantum computers have about 72 qubits of quantum information. … In order to crack things like RSA 2048 public key cryptography, you require about 400 qubits of power. So it’s only a matter of time before quantum computers get to the point where they have got enough power in order to be able to crack RSA and other asymmetric cryptography.”

In this interview (see audio link below image), Marshall also discusses:

  • Categories of post-quantum cryptography;
  • The state of research on quantum-resistant cryptography;
  • How quantum computing impacts information security.

Marshall, who is based in the U.K., is CISO at Bytes Software Services, a computer support and services firm. He specializes in business consulting, payments, compliance, breach clean-up, enterprise architecture validation, assurance, corporate/information security, security restructures and risk across many business verticals and markets.

Related Posts:

  • No Related Posts

Unique Cryptanalytic Attack Used To Crack Private Keys of Cryptocurrencies

Vinny Lingham, CEO of Civic, on January 11, 2019, predicted that the cryptocurrency might fall below $3,000. Lingam states that the market would …

Vinny Lingham, CEO of Civic, onJanuary 11, 2019, predicted that the cryptocurrency might fall below $3,000.

Lingam states that the marketwould either breakdown or breakout. Bitcoin is trying to decide which way togo, therefore would trade sideways until the crypto finds a breakout orbreakdown direction.

On Thursday, within just a fewminutes Bitcoin shed $250 out of $4000. Thevolatility pattern of the Bitcoin took a new turn. The gains that were made earlier got canceledout. The price movements of Altcoinsreacted intensely to the price drop of Bitcoin. Almost all the cryptocurrenciesin the top twenty list by market capitalization shed 11.3% on Friday.

Recent research has identifiedthat hackers are using methods to calculate the private keys ofcryptocurrencies. They make use of a unique cryptanalytic attack.

However, these attacks occur onlyin cases where the developers have not executed their codes properly or in situationsthat involve faulty hardware that functions with multi-signature. Thosenetworks that are properly implemented do not suffer these attacks.

It so happens that anytime acrypto holder is involved in a transaction, they create a cryptographic signature.They make use of Elliptic Curve Digital Signature Algorithm (ECDSA). A nonce isgenerated by the algorithm. Thisarbitrary number is to be used for just once. It is important for the softwareto sign up with a different nonce each time otherwise hackers will be able tocalculate the private key of the signers.

Hackers continually monitor theblockchain watching for repeated nonces. Thus, they will be able to extractmoney from compromised keys. Hackers will be able to calculate the keys fromsignatures that make use of different signatures, but similar nonce. In cases,where the nonces have similar strings in the beginning and end of thesignatures then the hackers can exploit it.

The digital signature nonce isdifferent from the nonce used in the cryptocurrency mining process. The chancesfor exploitation of nonce are more when the values are very shorter than itshould be.

Lattice is an advancedmathematical approach that can be used to crack the wallet addresses toidentify the private keys. Several cryptanalytic techniques make use of thelattice algorithms as a building block.

This need not set most of thecryptocurrency users into a world of worry, because, a hack is possible onlywhen there is a bug in the digital signature code. The security scheme will be secure for aslong as it is executed according to the protocol and documented methods.The amount of time and electricity required forthis process is too high to make it profitable for attackers.