As the prospect of quantum computers breaking today’s cybersecurity standards edges ever closer, Johann Polecsak, co-founder of the QAN blockchain platform, argues that public blockchains such as Bitcoin, Ethereum, and Solana are still ill-equipped to adopt post-quantum cryptography without significant user impact.
Existing Blockchains Can’t Adopt Post-Quantum Cryptography Without Significant User Impact, Says Johann Polecsak
This article was published more than a year ago. Some information may no longer be current.
WRITTEN BY
SHARE
Post-Quantum Migration Risks
Polecsak, an advocate for heightened awareness of imminent quantum attacks, asserts that the pseudonymity of blockchain will backfire during post-quantum migration. In written answers sent to Bitcoin.com News, Polecsak explained that this occurs because it will be impossible to distinguish legitimate crypto asset owners moving their funds and data from hackers attempting to steal the funds.
With billions of dollars likely to be lost, rendering the aforementioned public blockchains worthless, Polecsak said attempting a rescue is already a lost cause. He added that there is simply no secondary authentication mechanism to prevent this from happening in the case of already running blockchains.
Polecsak suggested that Google’s quantum computing breakthrough in 2019 should serve as a wake-up call to enterprises and governments. They can no longer neglect the threat of quantum computing attacks if they want to protect their cybersecurity infrastructure. For individual users who do not wish to lose their funds, Polecsak advised that they must conduct their research to find the right time to transfer their assets to a post-quantum blockchain.
Elsewhere, the QAN blockchain co-founder also explained why it is no longer the time to focus on whether quantum computing can break blockchain security algorithms. He briefly discussed how his platform is tackling the threat of quantum attacks.
Below are Polecsak’s answers to all the questions sent.
Bitcoin.com News (BCN): What are quantum computing attacks, and what threat do they pose to blockchains and cryptocurrencies? How long will it be before quantum computers are capable of breaking the security algorithms in blockchains?
Johann Polecsak (JP): Powerful quantum computers with sufficient stable qubits will be able to break today’s cybersecurity standards. Today’s asymmetric cryptographic algorithms like RSA and EC used by the whole internet – including governments, banks, email providers, social media, blockchain platforms, etc .– will be cracked by quantum computers.
This threat affects blockchain technology as follows: all cryptocurrency wallets relying on Elliptic Curve (EC) cryptography which have at least one outgoing transaction will break. In short: hackers will be able to steal your cryptocurrency.
We are already having the wrong conversation in cryptography if we argue about whether we have 1, 3, or 5 years before quantum computers will break today’s security algorithms. We must always be ahead of the curve when it comes to cybersecurity.
BCN: How challenging would it be for blockchain projects as well as centralized enterprises or governments to make their infrastructure quantum-resistant? Blockchains tend to be fairly decentralized so how would this affect their ability to embrace post-quantum cryptography?
JP: Currently, only a limited number of companies and cryptographers are comfortable with post-quantum cryptography and cybersecurity, but for the sake of this discussion, let’s set that aspect aside.
Centralized authorities like governments, companies, and organizations can switch their IT security to post-quantum cryptography much more easily than blockchain platforms. People often overlook that blockchains are decentralized.
Existing public blockchains like Bitcoin, Ethereum, Solana, etc. cannot adopt post-quantum cryptography without significant user impact. According to Vitalik Buterin: “few users would lose their funds”. Pseudonymity of blockchain will backfire at post-quantum migration because it will be impossible to tell legitimate owners migrating their own funds and data or hackers stealing all of it apart. In this case, billions of dollars worth of “free money” and data could land in hackers’ hands if they start migrating on the real owners’ behalf making the affected blockchains immediately worthless. There is simply no secondary authentication mechanism to prevent this from happening in case of already running blockchains.
BCN: Could you explain the quantum-resistant technology of Qanplatform, its workings, and the cryptography it employs to safeguard networks from future quantum attacks? How does the technology of Qanplatform integrate with existing blockchains?
JP: We are developing a quantum-resistant hybrid blockchain. We already released the first version of the QAN Private Blockchain or so called QAN Enterprise Blockchain last year. We will launch the quantum-resistant QAN TestNet this spring.
In alignment with the US National Institute of Standards and Technology (NIST)’s primary recommendations, QAN blockchain platform has incorporated CRYSTALS-Dilithium algorithm into QAN XLINK. Actually QAN has been using CRYSTALS-Dilithium well before NIST started recommending it as the primary PQ signature algorithm. The QAN XLINK cross-signer ensures post-quantum transaction security while maintaining Ethereum EVM compatibility, safeguarding the QAN blockchain platform and its users against the looming threat of quantum computing.
This protocol enables seamless integration of every Ethereum-compatible wallet (such as MetaMask, Trust Wallet, and Ledger) with Quantum-resistant signature-capable keypairs. Operated on the blockchain, XLINK runs as a lightweight, continuous process that can be effortlessly deployed currently on desktop, operating in the background. Your transactions are only approved when accompanied by a corresponding XLINK signature linked to your wallet, authenticated with a post-quantum key. With this unique approach there’s no need for draconian measures like cutting off funds for those who fail to migrate to post-quantum crypto promptly. Nor do we face unnecessary risks posed by quantum computing attacks, which could potentially flood the market and disrupt the economics of most chains.
BCN: Big tech companies like Apple, Google, Microsoft and others may well have their initiatives developing quantum computers. However, is it also possible that they are also working on countermeasures to protect against quantum attacks?
JP: Each of the three IT giants is somewhat involved in quantum computing. Google, among the companies mentioned, is particularly active in this area, covering a wide spectrum, including quantum computing development and quantum-resistant security. Thanks to Google’s quantum computing achievement in 2019, the blockchain community became more aware of the upcoming threat posed by these powerful new machines to blockchain technology.
The past year has shown that everyone should prepare for the quantum threat. Microsoft launched its Quantum-Safe program, and Google and Apple have also taken a proactive approach by incorporating post-quantum cybersecurity into Google Chrome and Apple iMessage.
BCN: Recently, your platform announced that a country in Europe has adopted your quantum-resistant technology. While you have not disclosed the country’s name due to “national security reasons,” could you share with our readers how this country might be using your technology to secure its operations?
JP: Governments and critical infrastructures are currently the most exposed to ‘Store now, decrypt later’ cybersecurity attacks. Store now, decrypt later (SNDL) also known as harvest now, decrypt later (HNDL) is a cybersecurity threat that involves attackers collecting encrypted data today, with the intention of decrypting it later using more powerful computing methods, such as quantum computers.
Essentially, attackers are capturing and storing the encrypted data now, knowing that they are highly likely to be able to decrypt it later as soon as technology advancements allow them to. I would be happy to share more information about how the first European country implemented QAN’s technology; however, I haven’t received approval to disclose any further details.
BCN: Earlier this year, the North Atlantic Treaty Organization (NATO) and the World Economic Forum related their strategies to prepare for the quantum era. The European Commission reportedly has a $1.07 billion (€1 billion) research initiative focused on quantum threats. What does this all mean for the individual users of the digital and blockchain platforms?
JP: It’s no wonder why global powers are investing heavily in this technology—both in developing quantum computers and in enhancing security against them. Both are crucial in terms of cybersecurity from an offensive and defensive point of view.
Nevertheless, it must be highlighted that no matter how much these entities invest in these areas, their goal is not about saving already running public blockchains in particular, since that pretty much can not be even done as discussed above.
Individual users of blockchain platforms must do their own research to find the right time when to transfer their assets to a post-quantum blockchain to ensure their funds are secured against new, continuously evolving quantum computing attacks.
What are your thoughts on this interview? Let us know what you think in the comments section below.
