James Butterfill, Investment Strategist at London-based CoinShares, a digital asset manager focused on expanding access to the cryptocurrency ecosystem while serving as a “trusted partner” for its clients, notes that advances in quantum computing are “stoking fears” that Bitcoin’s wallet structure is “vulnerable to exploits, theoretically undermining its security.”
The team at CoinShares pointed out that using quantum technologies to exploit the Bitcoin protocol is “theoretically possible.” But it’s “exceptionally difficult to do in practice.”
In order to mitigate against such attacks, “a soft fork with a commit–delay–reveal scheme could be implemented,” according to the update from CoinShares.
As explained by the firm in a detailed report:
“Due to the widespread use of 128-bit cryptography, quantum computing poses a much greater threat to a substantial proportion of the existing cryptographic infrastructure that the ecommerce and banking services rely on for everyday transactions.”
Recent news has “highlighted that China may well be ahead in the race for the most powerful quantum computer with their recently announced 66-qubit computer, named Zuchongzhi 2.1,” the team at CoinShares noted.
The update explained that this computer can reportedly “process 10 million times faster than the fastest digital computer and is likely to exacerbate existing fears over the security of blockchain infrastructure and the prospect of ‘Quantum Supremacy’, where a quantum device can solve a problem, that no classical computer can solve in any practical amount of time.”
According to the report:
“Only government administrations and militaries, who often use much more secure symmetric encryption would remain protected from quantum computing, but this requires keys to be securely delivered to each site involved in the communication, with couriers carrying locked briefcases, thus not a practical solution for everyday security.”
As mentioned in the report, Bitcoin uses SHA-256 cryptography “for mining, and for public key obfuscation in the transaction process, and it should therefore be secure in a post-quantum world.”
But the report explains that it “isn’t as simple as that.” Due to Bitcoin’s intricate structure there are “theoretically several ways in which its security could be compromised.”
The Elliptic Curve Vulnerability
Bitcoin transactions use a separate 256-bit Elliptic Curve Digital Signature Algorithm (ECDSA) for “authorizing transfers, a technique that is commonly used for much of internet security,” the report explained.
Although the ECDSA used in Bitcoin is 256-bit, the signature scheme is “equivalent to 128-bit as a hacker would need only to exploit one private key with funds on the 256-bit curve.” This is “where most academic research on the subject focusses,” the report revealed.
The Quantum attacks on Bitcoin (Aggarwal Et al. October 2017) summarize how ECDSA could be compromised: “An effective quantum attack would consist of finding the private key when the public key is revealed following the broadcast of a signed transaction to the network. This would allow an attacker to sign a new transaction using the private key, thus impersonating the key owner.”
As mentioned in the update:
“As long as the quantum attacker can ensure that their transaction is placed on the blockchain before the genuine transaction, they can essentially ‘steal’ the transaction and direct the newly created Unspent Transaction Output (UTXO) into whichever account they choose.”
Using this approach would likely “require the quantum computer to be able to reliably solve in a similar time to the Bitcoin 10 minute block interval,” the report explained.
Early Bitcoin users were paid using P2PK (Pay-to-Public-Key) tech where users were “paid directly to their public keys, so early Bitcoin public keys are known, meaning early and often affluent Bitcoin addresses are more vulnerable to this form of attack.”
Later addresses use the P2PKH (Pay-to-Public-Key-Hash) address format where addresses are “obscured behind two cryptographic hashes (SHA-256 and RIPEMD-160) when new UTXOs are created, making them less vulnerable to an attack.”
As mentioned in the update, the vast majority of UTXOs “are P2PKH.” Notably, the recent Bitcoin Taproot upgrade will “again make public keys publicly visible, suggesting that Bitcoin developers aren’t overly concerned with the risk of publicly known public keys.”
(Note: For more details on other ways the Bitcoin protocol could be impacted by advances in quantum computing, check here.)
As explained in the report:
“There are post-quantum algorithms being developed that tackle the risk that quantum computers pose to security, and some of these approaches have been in development for many years. Lattice-based, multivariate and hash-based cryptography are examples, but these typically involve some trade-off, be it higher costs, higher processing power or greater network traffic.”
To mitigate against such attacks, Imperial College has “proposed a soft fork with “a commit–delay–reveal scheme that enables the secure transition of funds to quantum-resistant wallets.”
The protocol allows users to “execute the first step of transitioning funds even before the upgrade is deployed as the necessary functionality already exists in Bitcoin.”
The report further noted that code changes are “required only for the reveal stage of the transition, and they can be implemented as a soft fork, allowing users to upgrade at their own convenience.”
The report further explained:
“If quantum computers scale as some expect, we are in a race against time to deploy post-quantum cryptography before quantum computers arrive. In that sense, 15 years seems like enough time to prepare. However, it is estimated it would take at least 10 years to modify existing cryptographic infrastructure. This entails modifying all existing systems that use public key cryptography, which includes most electronic devices that connect to the internet.
As mentioned in the update, it is clear that using quantum technologies to exploit the Bitcoin protocol is “theoretically possible.”
But it may be quite challenging to do in practice, and would be “non-trivial, even if truly powerful enough quantum computers were to arrive.”
The report added that similar exploits “exist for other stores of value and perhaps the best analogy are gold vaults.”
Gold vaults are typically “incredibly secure, with very sophisticated security, but there are theoretical ways in which the gold from them can be stolen.”
Those methods would involve considerable resources, perhaps with “the help of a state actor, but in reality, highly unlikely to happen.”
Bitcoin is similar in that it is “theoretically vulnerable to attacks, but until those theories become reality, it remains highly secure,” the CoinShares team wrote in their report.
The advantage Bitcoin has over gold (in this example) is that “it is programmable, and can be modified to thwart any future security threats,” the report explained.
The report concluded:
“Due to the widespread use of 128-bit cryptography, quantum computing poses a much greater threat to a substantial proportion of the existing cryptographic infrastructure that the ecommerce and banking services rely on for everyday transactions. Given such a broad use across systemically important organizations, any vulnerability exposed by quantum computing could therefore have far greater consequences to incumbent financial infrastructure than it would to Bitcoin.”