Potential cybersecurity risk of quantum computing for investors considering Bitcoin as a diversification strategy
(InvestmentMonitor) Senior reporter Lara Williams asks investors who are considering Bitcoin as a diversification strategy to consider the potential cybersecurity risk of quantum computing in this article. IQT-News summarizes her discussion below.
Williams explains that approximately one-quarter of the Bitcoin ($168bn) in circulation in 2022 is vulnerable to quantum attack, according to a study by Deloitte. Cybersecurity specialist Itan Barmes led the vulnerability study of the Bitcoin blockchain. He found the level of exposure that a large enough quantum computer would have on the Bitcoin blockchain presents a systemic risk. “If [4 million] coins are eventually stolen in this way, then trust in the system will be lost and the value of Bitcoin will probably go to zero,” he says.
Most encryption relies on the relationship between public and private keys, which is called asymmetric cryptography. Quantum-vulnerable Bitcoins include those created before 2010 when public keys had not been hashed into a different and safer format. Also at risk are Bitcoin addresses that have been already used once and have therefore become visible on the blockchain. There are four million Bitcoin addresses that could in theory be hacked by a quantum computer large enough to derive the corresponding private key to unlock and transfer the value to another address. This is known as a storage attack.
The second kind of attack – a transit attack – attacks Bitcoin transactions in transit. In contrast to the storage attacks, where only a subset of addresses is vulnerable, all transactions are vulnerable.
Cybersecurity is top of mind for those within the quantum community, but many industry insiders, including Barmes, believe there is not enough communication between the quantum computing community and the Bitcoin community to ensure future cybersecurity on the Bitcoin blockchain.
Barmes believes that as long as cryptocurrencies migrate on time (to post-quantum cryptography) then everything should be fine. “It is not too late to migrate, but such a migration takes time, so waiting until the last moment might turn out to be too late,” he says. “The exact moment when it becomes too late is, of course, unknown.”
For investors without a technical background, quantum security is a difficult topic to evaluate. Cryptocurrency projects should be more transparent about their plans to mitigate quantum risk, says Barmes.
Miko Matsumura, general partner at San Francisco-based Cryptos Capital, says most knowledgeable investors have priced in the risk of quantum cybersecurity breaches. He is not concerned about quantum computing risk because attackers have two ways to breach Bitcoin, neither one of which presents a catastrophe for the blockchain.
On this more positive note, Duncan Jones, head of cybersecurity at Cambridge Quantum, says the conversation about risk needs to be more focused on how quantum technologies can enhance digital asset security. “We can strengthen blockchains against some of these risks if we integrate quantum technology into the core of these systems.”
Transitioning to post-quantum algorithms and conversations between the Bitcoin community and the quantum computing community will be key to mitigating the cybersecurity risk to cryptocurrency investment. As always, timelines around quantum computing appear to be vague, but nevertheless the time has come for Bitcoin investors to take note.
Sandra K. Helsel, Ph.D. has been researching and reporting on frontier technologies since 1990. She has her Ph.D. from the University of Arizona.