Quantum computing is an area of quantum technology on the cusp of taking computing to a whole new level. It has the potential to vastly accelerate the calculation of complex problems and help us come up with solutions to improve healthcare, logistics, and tackle climate change. But as with other emerging technologies, it has a dark side. We speak to Dr Carlos Perez Delgado from Kent’s Cyber Security Research Group about the implications it has for the security of digital currencies.
Firstly, what is quantum computing, and how does it differ to the classical computing we use today?
Quantum physics tells us that all matter and energy behaves, at a fundamental level, in ways that are unfamiliar and even counter-intuitive. For instance, all energy and matter behaves like waves and particles and, perhaps, more bizarrely, objects can be in ‘superpositions.’ The human brain has no real intuitive grasp of what a quantum superposition is; but the closest explanation is that an object can be in two places at once or, as in Schrödinger’s famous thought experiment, the cat can be both dead and alive at once.
Quantum computers are digital computation devices built to take full advantage of the laws of quantum physics. They are built to use ‘quantum bits” or ‘qubits’ which, like classical bits used to store and process information in classical computers, can be in either the state ‘0’ or ‘1’ but, unlike their classical counterparts, they can also be in superpositions of ‘0’ and ‘1’. This liberty allows quantum computers to solve certain computational problems much more efficiently than classical computers.
What threats, broadly speaking, does quantum computing pose to distributed ledgers, blockchains, and cryptocurrencies?
Modern cybersecurity – that is our ability to secure our digital data and communications – is based on what we call ‘computational secure’ cryptography. What this means is that the security of our data depends on some computational problems being practically impossible to solve. Unfortunately, some of these problems upon whose difficulty our cybersecurity rests, can be solved efficiently using quantum computers.
Distributed ledgers, blockchains, and cryptocurrencies, all depend on the same cryptographic protocols I mentioned before. So, they suffer the same vulnerabilities that the rest of our information and network infrastructures suffer. However, there are a few differences that put blockchains/etc in a much worse position.
If a bank finds a vulnerability in its online banking infrastructure, the bank IT/management can bring the online banking service down, apply a patch to fix the vulnerability, and bring the service back up. This can be time-consuming and expensive, but even during the time the online banking service is down, the bank’s other services can continue to function.
This is not the case with cryptocurrencies. Cryptocurrencies, and blockchains in general, only exist in the cloud. If their online presence is compromised because, say, the cryptography on which they rely is suddenly vulnerable to attack, then these cryptocurrencies literally fail to exist. There are no back-ups. There is no ‘offline mode’. Also, unlike banks, there is no centralised authority that can decide to patch/upgrade the security protocols used in cryptocurrencies like Bitcoin. This means that despite the much larger risk cryptocurrencies suffer in the face of quantum computation, they may in fact be much slower in their response.
When can we expect this quantum computing threat to materialise? How do we know?
This is a hard question to answer, as it requires one to predict future technological progress, based on current trends. That said, Dr Michele Mosca and Dr Marco Piani of EvolutionQ and the Global Risk Institute have been compiling yearly reports that reflect the views of leading experts working on the development of quantum computers around the world. They currently estimate we can see the threat materialise, with an alarming probability of 30 to 50% within the next 10 to 15 years. This may not seem high. But consider this: would you be willing to risk our entire internet infrastructure on a coin toss?
How can we protect against these threats? What safeguards are there?
While almost all current-day computer security is based on cryptography that is vulnerable to quantum attacks, it doesn’t have to be. Cryptography that is based on computational problems for which no quantum algorithms are (currently) known to exist is called “post-quantum.” The US National Institute of Standards and Technology (NIST) has been working on standardising post-quantum cryptographic tools and protocols and various companies, including Google and Apple, have started to deploy these post-quantum solutions.
What’s the technical cost of implementing these safeguards in blockchains and cryptocurrencies?
If Google wishes to deploy post-quantum cryptography onto its Chrome browser, all it must do is issue a patch. It can further push the usage of its post-quantum browser technology by “deprecating” the non-quantum safe version of Chrome, dropping support for them, and essentially forcing users to upgrade.
No such mechanisms exist for blockchains and cryptocurrencies.Firstly, there is no central authority for cryptocurrencies, in general, that can force an upgrade. Secondly, blockchains, by their very nature are persistent, online, ledgers. To “upgrade” Bitcoin, you have to upgrade the entire ledger: gigabytes and gigabytes of information. Upgrading this information is costly, because the only way to ‘update’ the ledger is by introducing new transactions, and the number of transactions per hour is quite limited.
Recently, alongside my research group here at Kent, we calculated that if the Bitcoin network were to pause all ongoing transactions in order to focus entirely on upgrading to quantum-safety –essentially bringing down the entire Bitcoin network for maintenance – it would take upwards of 76 days of continuous non-stop maintenance to perform the update. This could be performed concurrently with ongoing transactions to avoid interrupting the functionality of Bitcoin completely, but transaction speed would be greatly reduced and the update would take longer to implement.
If these safeguards aren’t implemented, what impact is this likely to have on society?
Worst case scenario, a hostile party develops a large-scale quantum computer or gains access to one through other means. This party would then be able to take over all current Bitcoin, Ethereum, and other existing cryptocurrencies. They’d also be able to easily hack into all online systems, online banking, e-mail, online accounts for all services, all secure servers. Essentially, all existing networked infrastructure, be it personal, corporate, or government-owned, that is not already quantum-secure (via the use of post-quantum cryptography), would be easy pickings for this hostile party.
Interested in hearing more from Dr Perez Delgado? Here, he casts some more light on his research in quantum computing and talks about why it’s important.