I recently had the opportunity to sit on a panel with Gavin Brennen of Macquarie University in Sydney, Australia, a physicist and one of the world experts on this topic. He presented a very nice paper that examined the perceived danger in some detail.
Proof of Work
At the root of the threat is the remarkable speed of quantum computing, which is far more efficient than classical computing at performing key functions that make the blockchain work, namely hashing operations and proof of work (PoW). With quantum computers, the proof of work standard can be met with far less energy and time, which could potentially hack existing mining operations and centralize the network.
In addition, quantum computing could pose a threat to standard cryptography by cracking keys in a way that could pose security risks, at least in theory.
Brennen and his co-authors set out to examine the timeframe for when this threat would become real. The results are far more boring that you would expect. Their simulation models come to the following conclusion.
The extreme speed of current specialized ASIC hardware for performing the hashcash PoW, coupled with much slower projected speeds for current quantum architectures, gives quantum computers no advantage. Future improvements to quantum technology, allowing speeds up to 100GHz, could allow quantum computers to solve the PoW about 100 times faster than current technology.
However, such a development is unlikely to come for another decade, at which point classical hardware may be much faster and quantum technology might be so widespread that no single quantum-enabled agent could dominate the PoW problem. The threat is not that the network would become too fast, as the network difficulty could increase infinitely. The threat is that a single quantum computer or a group of computers could get more than 51 percent of the network's computing power and take it over.
The paper's results show that this will not become an issue for another 10 years, but even after that, it will be no real threat to the existing bitcoin network.
The Signature Threat
What about the second threat to cryptography, posed by better signature-cracking technology? This one is more real, but not without solutions. The problem is that “the signature scheme can be broken in less than 10 minutes ... as early as 2027.” The most serious problem concerns the following scenario:
“After a transaction has been broadcast to the network, but before it is placed on the blockchain, it is at risk from a quantum attack. If the secret key can be derived from the broadcast public key before the transaction is placed on the blockchain, then an attacker could use this secret key to broadcast a new transaction from the same address to his own address.
“If the attacker then ensures that this new transaction is placed on the blockchain first, then he can effectively steal all the bitcoin behind the original address.”
What can be done? Brennen presented a number of post-quantum signature schemes that would protect against such a scenario. He points out that there are at least four classes of known solutions to the problem and alternatives within each, all within reach of programmers today. Moreover, there are 10 years of lead time to get there and adapt them to the protocol.
All of which is to say, this quantum threat to bitcoin is mostly a red herring—not entirely false but a fixable issue, especially given the robust network behind cryptocurrency and the strong incentive to provide the best security possible.Jeffrey Tucker is editorial director for the American Institute for Economic Research. This article was first published on AIER.org