It might be only a matter of time before quantum computers crack the cryptography keys that support sensitive data and cryptocurrencies on blockchain networks. Now quantum software company Cambridge Quantum (CQ) says it has developed a "quantum-safe" method that could future-proof any blockchain by making the system invulnerable to quantum attacks.
CQ partnered with the Inter-American Development Bank (IDB) and its innovation laboratory IDB Lab, which has been actively investing in blockchain technology to support social and economic applications in Latin America and the Caribbean.
Specifically, IDB Lab has developed LACChain, a blockchain platform leveraged by more than 50 organizations in the region for use cases ranging from cross-border e-money payments to exchanging data between different countries' customs administrations.
CQ implemented a quantum-safe security layer to LACChain that has made the system secure from future quantum computers.
To do so, CQ deployed its own commercially available platform to protect against quantum threats, called IronBridge, to LACChain.
Blockchain's vulnerability to quantum computers comes from its extensive reliance on cryptography.
The technology, also called a distributed ledger, is essentially a computational system in which information is securely logged, shared and synchronized among a network of participants. The system is dynamically updated through messages called transactions, and each participant can have a verified copy of the system's current state and of its entire transaction history.
For this type of decentralized data-sharing system to work requires strict security protocols – not only to protect the information and communications in the blockchain, which are often sensitive, but also to confirm the identity of participants, for example thanks to digital signatures.
These protocols, for now, rely on classical cryptography keys, which transform information into an unreadable mush for anyone but the intended recipients. Cryptography keys are used to encrypt data – data that can in turn only be read by someone who owns the right key to decode the message.
The strength of encryption, therefore, depends on how difficult it is for a malicious actor to decode the key; and to make life harder for hackers, security protocols currently rely on algorithms such as RSA or the digital signature algorithm to generate cryptography keys that are as complex as possible. Those keys, in principle, can only be cracked by crunching through huge amounts of numbers.
This is why most current cryptography protocols are too hard to decode – at least with a classical computer. But quantum computers, which are expected to one day possess exponential compute power, could eventually crack all of the security keys that are generated by the most established classical algorithms.
Quantum computers are still an emergent technology, and they are nowhere near mature enough to reveal any secrets just yet. But scientists have already identified some quantum algorithms, namely Shor's algorithm, which have the potential to eventually break existing security protocols.
Alexander Lvovsky, professor at the department of physics at the University of Oxford, says that quantum computers, therefore, pose a threat to blockchain security processes like digital signatures.
"By using Shor's algorithm, a quantum attacker is able to calculate the private key of a user on the basis of their signed message, which is impossible to do with classical computers, and in this way, impersonate any party they want," Lvovsky tells ZDNet.
Quantum computers in the hands of a hacker could have dramatic consequences for the critical information that is currently stored. For example, hundreds of billions of dollars denominated in cryptocurrencies rely on blockchain ledgers, and the World Economic Forum estimates that 10% of GDP may be stored in blockchains by 2027.
This could one day be at risk from quantum attacks. Recent analysis by Deloitte estimates that a quarter of all bitcoins could be stolen with a quantum attack, which currently represents over $40 billion.
CQ and IDB, therefore, teamed up in an effort to deploy what is known as "post-quantum cryptography" to the blockchain – a form of cryptography that is adapted to a world in which quantum computers are no longer a thing of the future.
There are various ways to address post-quantum cryptography, but all approaches essentially consist of making cryptography keys harder to crack, even for quantum computers. To do so requires an extra dose of randomness, or entropy. A key that is generated purely randomly, indeed, is much harder to decode than one that is the product of a mathematical operation – which can be reverse-engineered by a powerful computer.
And while classical algorithms rely on mathematics, quantum computers can harness a special, non-deterministic property of quantum mechanics to generate this true randomness. CQ has leveraged this to create the IronBridge platform, which taps those quantum processes to create random numbers and make extra secure cryptography keys.
IronBridge was successfully used in LACChain to protect communications as well as to secure digital signatures. "LACChain blockchain was an ideal target for keys generated by our IronBridge platform," says Duncan Jones, head of quantum cybersecurity at CQ. "Only keys generated from certified quantum entropy can be resistant to the threat of quantum computing."
CQ deployed IronBridge as a "layer-two" service, meaning that it comes on top of the original architecture of the LACChain blockchain and could, therefore, be adapted to other systems.
Even if large-scale quantum computers are still some way off, the announcement is likely to address the concerns of blockchain users. Whether it is in five, 10 or 15 years, a quantum computer could crack the security protocols that are protecting information now – meaning that sensitive information that is currently being stored on the blockchain is still at risk from future hacking.
"The security currently used in most blockchains is vulnerable to quantum attack," Itan Barmes, quantum specialist at Deloitte, tells ZDNet. "No one knows when these attacks are going to become feasible. Estimates range between five and 30 years. On the other hand, migrating to a quantum-safe solution is also expected to take years, so ignoring the problem is taking an unnecessary risk."
Blockchain is not alone in helping to prepare for the future of cryptography. Governments around the world are also rushing to develop post-cryptography protocols, as concern mounts that information about defense and national security might one day be revealed by quantum computers.
The UK's National Cyber Security Centre has been saying for many years that reliance on classical cryptography needs to end, for example; while in the US, the National Security Agency is currently investigating a number of algorithms that could improve the resilience of cryptography keys.