WHY THIS MATTERS IN BRIEF
Quantum computers will soon be so powerful they could crack 70% of the world’s encryption systems, so researchers are racing to find a solution.
This year a chap called Stefan Thomas really could have used a quantum computer – a kind of new computer that performs calculations millions of times faster than traditional classic computers – because the German-born programmer and cryptocurrency trader forgot the password to unlock his digital wallet, which contains 7,002 bitcoin, now worth $265 million. Ouch! A quantum could have easily helped him crack it, and to add insult to injury, it could have done it in just hours if not minutes.
Though still very much in its infancy, governments and private sector companies like IBM, Microsoft and Google are working to make quantum computing a reality, and by 2025 or there abouts when they get to about 1,000 qubits in size, they should be powerful enough to break the vast majority of encryption that protects cell phones, bank accounts, email addresses, and — yes — bitcoin wallets. Furthermore, these machines would be so powerful that it’s estimated that they could take just 8 hours to crack even the toughest 4,096 encryption – and that’s as impressive as it is scary.
“If you had a quantum computer today, and you were a state sponsor – China, for example – most probably in about eight years, you could crack all the [cryptocurrency] wallets on the blockchain,” said Fred Thiel, CEO of cryptocurrency mining specialist Marathon Digital Holdings.
This is precisely why cryptographers around the world are racing to build a quantum-resistant encryption protocol.
Right now, much of the world runs on something called asymmetric cryptography, in which individuals use a private and public key pair to access things like email and crypto wallets.
“Every single financial institution, every login on your phone – it is all based on asymmetric cryptography, which is susceptible to hacking with a quantum computer,” explained Thiel, former chairman of Ultimaco, one of the largest cryptography companies in Europe, which has worked with Microsoft, Google and others on post-quantum encryption.
The public-private key pair lets users produce a digital signature, using their private key, which can be verified by anyone who has the corresponding public key.
In the case of cryptocurrencies like bitcoin, this digital signature is called the “Elliptic Curve Digital Signature Algorithm,” and it ensures that bitcoin can only be spent by the rightful owner.
Theoretically, someone using a quantum computer could reverse-engineer your private key, forge your digital signature, and subsequently empty your entire bitcoin wallet.
“If I was dealing in fear mongering… I’d tell you that among the first types of digital signatures that will be broken by quantum computers are elliptic curves, as we use them today, for bitcoin wallets,” said Thorsten Groetker, former Utimaco CTO and one of the top experts in the field of quantum computing. “But that would happen if we do nothing,” he said.
Crypto experts say they aren’t all that worried about quantum hacking of bitcoin wallets for a couple different reasons.
Castle Island Ventures founding partner Nic Carter points out that quantum breaks would be gradual rather than sudden.
“We would have plenty of forewarning if quantum computing was reaching the stage of maturity and sophistication at which it started to threaten our core cryptographic primitives,” he said. “It wouldn’t be something that happens overnight.”
There is also the fact that the community knows that it is coming, and researchers are already in the process of building quantum-safe cryptography and quantum safe blockchains.
“The National Institute of Science and Technology (NIST) has been working on a new standard for encryption for the future that’s quantum-proof,” said Thiel. NIST is running that selection process now, picking the best candidates and standardizing them.
“It’s a technical problem, and there’s a technical solution for it,” said Groetker. “There are new and secure algorithms for digital signatures… You will have years of time to migrate your funds from one account to another.”
By 2024, Groetker is expecting the first standard quantum-safe crypto algorithm, which is still, as he puts it, well before we’d see a quantum computer capable of breaking bitcoin’s cryptography. Once a newly standardized post-quantum secure cryptography is built, Groetker says the process of mass migration will begin.
“Everyone who owns bitcoin or ethereum will transfer [their] funds from the digital identity that is secured with the old type of key, to a new wallet, or new account, that’s secured with a new type of key, which is going to be secure,” he said.
However, this kind of upgrade in security requires users to be proactive. In some scenarios, where fiat money accounts are centralized through a bank, this process may be easier than requiring a decentralized network of crypto holders to update their systems individually.
“Not everybody, regardless of how long it takes, will move their funds in time,” explained Groetker. Inevitably, there will be users who forget their password or perhaps passed away without sharing their key. “There will be a number of wallets that become increasingly insecure, because they’re using weaker keys.”
But there are ways to deal with this kind of failing in security upgrade. For example, an organisation could lock down all accounts still using the old type of cryptography and give owners some way to access it. The trade-off here would be the loss of anonymity when users go to reclaim their balance.