Quantum computing could have far greater consequences to incumbent financial infrastructure than it would to Bitcoin
(CrowdFundInsider) Advances in quantum computing are “stoking fears” that Bitcoin’s wallet structure is “vulnerable to exploits, theoretically undermining its security.”
The team at CoinShares pointed out that using quantum technologies to exploit the Bitcoin protocol is “theoretically possible.” But it’s “exceptionally difficult to do in practice.”
In order to mitigate against such attacks, “a soft fork with a commit–delay–reveal scheme could be implemented,” according to an report from CoinShares.
As explained by the firm in a detailed report:
“Due to the widespread use of 128-bit cryptography, quantum computing poses a much greater threat to a substantial proportion of the existing cryptographic infrastructure that the ecommerce and banking services rely on for everyday transactions.”
According to the report:
“Only government administrations and militaries, who often use much more secure symmetric encryption would remain protected from quantum computing, but this requires keys to be securely delivered to each site involved in the communication, with couriers carrying locked briefcases, thus not a practical solution for everyday security.”
As mentioned in the report, Bitcoin uses SHA-256 cryptography “for mining, and for public key obfuscation in the transaction process, and it should therefore be secure in a post-quantum world.”
But the report explains that due to Bitcoin’s intricate structure there are “theoretically several ways in which its security could be compromised.”Bitcoin transactions use a separate 256-bit Elliptic Curve Digital Signature Algorithm (ECDSA) for “authorizing transfers, a technique that is commonly used for much of internet security,” the report explained.
Although the ECDSA used in Bitcoin is 256-bit, the signature scheme is “equivalent to 128-bit as a hacker would need only to exploit one private key with funds on the 256-bit curve.” This is “where most academic research on the subject focusses,” the report revealed.
“As long as the quantum attacker can ensure that their transaction is placed on the blockchain before the genuine transaction, they can essentially ‘steal’ the transaction and direct the newly created Unspent Transaction Output (UTXO) into whichever account they choose.”
Early Bitcoin users were paid using P2PK (Pay-to-Public-Key) tech where users were “paid directly to their public keys, so early Bitcoin public keys are known, meaning early and often affluent Bitcoin addresses are more vulnerable to this form of attack.”
Later addresses use the P2PKH (Pay-to-Public-Key-Hash) address format where addresses are “obscured behind two cryptographic hashes (SHA-256 and RIPEMD-160) when new UTXOs are created, making them less vulnerable to an attack.”
As mentioned in the update, the vast majority of UTXOs “are P2PKH.” Notably, the recent Bitcoin Taproot upgrade will “again make public keys publicly visible, suggesting that Bitcoin developers aren’t overly concerned with the risk of publicly known public keys.”
As explained in the report:
“There are post-quantum algorithms being developed that tackle the risk that quantum computers pose to security, and some of these approaches have been in development for many years. Lattice-based, multivariate and hash-based cryptography are examples, but these typically involve some trade-off, be it higher costs, higher processing power or greater network traffic.”
The report further explained:
“If quantum computers scale as some expect, we are in a race against time to deploy post-quantum cryptography before quantum computers arrive. In that sense, 15 years seems like enough time to prepare. However, it is estimated it would take at least 10 years to modify existing cryptographic infrastructure. This entails modifying all existing systems that use public key cryptography, which includes most electronic devices that connect to the internet.
The report concluded:
“Due to the widespread use of 128-bit cryptography, quantum computing poses a much greater threat to a substantial proportion of the existing cryptographic infrastructure that the ecommerce and banking services rely on for everyday transactions. Given such a broad use across systemically important organizations, any vulnerability exposed by quantum computing could therefore have far greater consequences to incumbent financial infrastructure than it would to Bitcoin.”