Quantum computers put blockchain security at risk
By 2025, up to 10% of global GDP (Gross Domestic Product) is likely to be stored on blockchains. A blockchain is a digital tool that uses cryptography techniques to protect information from unauthorized changes. It lies at the root of the Bitcoin cryptocurrency. Blockchain-related products are used everywhere from finance and manufacturing to healthcare, in a market worth more than US$150 billion.
A blockchain is a secure digital record, or ledger. It is maintained collectively by users around the globe, rather than by one central administration. Decisions such as whether to add an entry (or block) to the ledger are based on consensus — so personal trust doesn’t come into it. Any party inside or outside the network can check the integrity of the ledger by making a simple calculation. But within a decade, quantum computers will be able to break a blockchain’s cryptographic codes. Here we highlight how quantum technology makes blockchains vulnerable — and how it could render them more secure.
Blockchain security relies on ‘one-way’ mathematical functions. These are straightforward to run on a conventional computer and difficult to calculate in reverse. For example, multiplying two large prime numbers is easy, but finding the prime factors of a given product is hard — it can take a conventional computer many years to solve.
Such functions are used to generate digital signatures that blockchain users cite to authenticate themselves to others. These are easy to check and extremely difficult to forge. One-way functions are also used to validate the history of transactions in the blockchain ledger. The hash, a short sequence of bits, is derived from a combination of the existing ledger and the block that is to be added; this alters whenever the contents of the entry are changed.
Again, it is relatively easy to find the hash of a block (to process information to add a record) but difficult to pick a block that would yield a specific hash value. That would require reversing the process to derive the information that generated the hash.
Bitcoin also requires that the hash meets a mathematical condition. Anyone who wishes to add a block to the ledger must keep their computer running a random search until that condition is reached. This process slows the addition of blocks, giving time for everything to be recorded and checked by everyone in the network. It also stops any individual from monopolizing network administration, because anyone with sufficient computational power can contribute blocks.
Yet, within ten years, quantum computers will be able to calculate the one-way functions, including blockchains, that are used to secure the Internet and financial transactions. Widely deployed one-way encryption will instantly become obsolete.
Quantum computers exploit physical effects, such as superpositions of states and entanglement, to perform computational tasks. They are currently much less powerful than conventional computers, but will soon be able to outperform them on certain tasks. One such example is breaking security protocols that are based on cryptographic algorithms, as mathematician Peter Shor pointed out in 1994. A blockchain is particularly at risk from this because one-way functions are its sole line of defence — a user’s only protection is their digital signature, whereas bank clients are protected by plastic cards, security questions, identity checks and human cashiers.
Cracking of digital signatures is therefore the most imminent threat. A wrongdoer equipped with a quantum computer could use Shor’s algorithm to forge any digital signature, impersonate that user and appropriate their digital assets. Most specialists think that this feat would require a universal quantum computer (one capable of performing a wide variety of calculations). which is more than a decade away. Yet some researchers suggest that this could happen sooner, using emerging quantum computational devices that have more limited capabilities, such as those being developed by IBM, Rigetti Computing, Google and others.
Quantum computers will find solutions quickly, potentially enabling the few users who have them to censor transactions and to monopolize the addition of blocks to the Bitcoin ledger (known as mining). These parties could sabotage transactions, prevent their own from being recorded or double-spend. An international team of researchers has highlighted the possible impacts of such attacks, with a report earlier this year charting the threats and suggesting a possible workaround.
If nothing is done to update the protocols, cryptocurrencies will crash once quantum computers become available.
Fortunately, quantum technologies also offer opportunities to enhance the security and performance of blockchains.
Quantum communications are inherently authenticated — no user can impersonate another. Such technologies use states of individual particles of light (photons) to encode bits and communicate them. Fundamental physics stipulates that quantum states cannot be copied or measured without being altered. Any eavesdropper will be immediately uncovered.
Quantum cryptography can be used to replace classical digital signatures and to encrypt all peer-to-peer communications in the blockchain network. Our group has demonstrated such a simple system. However, the complexity and cost of quantum cryptography networks will limit their adoption. In particular, current protocols require that each node in the network be connected to every other through optical fibre channels, because there is no trust in any intermediary node and hence all communications must be direct. Protocols will be needed to maintain secure communications even when information flows through untrustworthy nodes; these systems have been developed but need to be made more accessible for consumers.
Photon losses in optical fibres are another challenge. These limit the range of modern quantum-key distribution systems to a few tens of kilometres. The solution is to develop a quantum repeater, which uses quantum teleportation and quantum optical memory to distribute entangled states between the communicating parties. Research is progressing, but is a long way from delivering a practical device.
In the interim, one-way functions should be tightened. Some alternative encryption functions have been proposed that should be equally difficult to reverse using conventional or quantum computers. Although not completely secure, these could be run on existing hardware and would buy time, but they, too, could be deciphered in the long term.
Using quantum technology for communicating as well as for the computational processing of blockchain data would further enhance security and enable blockchains to become faster and more efficient. This step requires a ‘quantum internet’ — connecting quantum computers across a quantum communications network. It would then become possible to run fully quantum blockchains. These would bypass some computationally intensive steps of the current verification and consensus processes, and thus be more efficient and more secure. The proposed Quantum Bitcoin currency could be realized, with its security assured by the no-cloning theorem of quantum mechanics. Such quantum ‘bank notes’, if they still prove necessary in future, could be made impossible to forge by containing quantum information records.
The quantum internet is several decades away, so ‘blind quantum computation’ is an interim step. In this, a user with a conventional computer could run an algorithm on a remote quantum computer without sharing the input data or algorithm. This technology would enable public cloud-quantum-computing platforms, making blockchains cheaper and more accessible.
The blockchain business needs to update its existing software to use one-way cryptographic functions that are equally hard to reverse using conventional or quantum computers. Until these post-quantum solutions are established or standardized, platforms must be flexible and capable of changing cryptographic algorithms on the fly. The longer-term answer is to develop and scale up the quantum communication network and, subsequently, the quantum internet. This will take major investments from governments. However, countries will benefit from the greater security offered. For example, Canada keeps its census data secret for 92 years, a term that only quantum cryptography can assure. Government agencies could use quantum-secured blockchain platforms to protect citizens’ personal financial and health data. Countries leading major research efforts in quantum technologies, such as China, the United States and members of the European Union, will be among the early adopters. They should invest immediately in research. Blockchains should be a case study for Europe’s Quantum Key Distribution Testbed programme, for example. Much greater urgency needs to be given to these risks — their impact could be grave.