Dr. Amit Sinha is CEO of DigiCert. Prior to DigiCert, he was President of Zscaler.
Quantum computing seems to be making great strides every month. Google, Microsoft and AWS have released new chips that mark real milestones in the development of quantum. Google’s Willow will reduce the errors commonly found in quantum chips, while Microsoft’s Majorana 1 (registration required) uses Majorana particles to create more stable qubits. Most recently, Amazon claimed that its AWS Ocelot chip will be able to reduce quantum error correction 90% better than current approaches.
These developments will inch us closer to realizing quantum’s possibilities. However, as has been well established in discussions around quantum, those possibilities also include the ability to break the asymmetric encryption systems on which we all rely. It might take a classical computer millions of years to break RSA or ECC encryption algorithms, but a quantum computer of sufficient size could do the same in a fraction of that time.
Digital currency has become a significant part of the global economy in the last few decades. The global cryptocurrency market is currently worth nearly $3 trillion. Yet it derives much of its value from the cryptographic technology that ensures its authenticity and security. It, too, will be significantly disrupted by the arrival of quantum.
Perhaps the best-known asset in this space is Bitcoin. If person A wants to send a Bitcoin to person B, person A will create a transaction using person B’s publicly visible address. Then A’s private key will sign that transaction, which verifies A’s ownership of the Bitcoin they intend to send. The transaction is then sent to the Bitcoin network to be verified and from there, network nodes validate the transaction using A’s public key. That transaction is then grouped into a block with other transactions, and the network nodes solve a computational puzzle to add the block to the blockchain. Finally, once that transaction has been added to the blockchain, that transaction is confirmed.
This particular digital currency is built on two fundamental cryptographic pillars. The first is the Elliptic Curve Digital Signature Algorithm (ECDSA), which is used to generate cryptographic key pairs and sign transactions, thus ensuring that only the rightful owner of the private key can authorize fund transfers.
The second is SHA-256 (Secure Hash Algorithm), which is crucial to uphold the blockchain involved in Bitcoin. Within each block, there is a header that contains a hash of the previous block, thus interlinking the blocks on the chain and making them immutable. It is also fundamental to Bitcoin’s proof-of-work (PoW) consensus mechanism. That’s the fundamental process in which miners—parties who use computational power to solve complex mathematical equations to acquire, or “mine,” digital currency—compete to find a valid block hash within the block’s header and thus mint a new unit of cryptocurrency.
These algorithms could be vulnerable to a quantum attack. In fact, a recent study from Deloitte actually showed that around 25% of currently existing Bitcoins—a figure that amounts to roughly $40 billion—are currently vulnerable to quantum attacks.
Shor’s algorithm will be able to break ECDSA-based keys, allowing attackers to derive Bitcoin private keys from public keys. In turn, this will mean that they can sign fraudulent transactions and purloin user funds.
While SHA-256 is much less vulnerable, Grover’s quantum algorithm reduces the brute-force attack time, essentially halving its effective key length—meaning a 256-bit hash would be as secure as a 128-bit hash. Grover’s algorithm can also be used to capture a blockchain’s computer resources, performing a 51% attack by massively accelerating the speed of a quantum miner’s proof-of-work calculations. In so doing, they’ll be able to dominate the network and ultimately undermine trust in the blockchain.
Stable quantum computers could be available in five to 10 years, but the path there could be both rapid and unpredictable, subject to delays or massive accelerations. Gartner now recommends that current crypto be retired by 2029. That may seem like a long time away, but the road to post-quantum resilience is long, too, and organizations need to start now if they want to be secure by then.
The U.S. National Institute of Standards and Technology (NIST) has been developing post-quantum cryptographic (PQC) algorithms for several years now, with the intention to use these to protect against quantum threats. New digital currencies will have to be developed that incorporate these PQC algorithms in order to safeguard the security of this increasingly large part of the global economy.
For digital currencies that are already in existence, post-quantum protection will start with testing and implementing PQC algorithms that are compatible with current blockchains. Those post-quantum signature schemes can then be introduced through a backward-compatible soft fork. This will then allow users to transition to post-quantum addresses by generating new key pairs and using them to transfer funds. This will have to be a community effort as well to ensure the widespread support and adoption of PQC standards.
Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives. Do I qualify?
