coindesk.com
Media coverage of the threat posed by quantum computing usually identifies cryptocurrencies as a key area of classical cryptography that will be effortlessly broken when the technology hits the mainstream which, according to some estimates, may be less than a decade from now.
Simply stated, computer chips based on quantum mechanics can perform some calculations exponentially faster than a traditional processor. That speed leaves much of existing cryptography, which is predicated on the time taken to solve complex equations, under threat.
Not surprisingly, there is a drive to identify approaches than can mitigate the risk, a point glossed over in much of the “parallel universe” reporting about the latest quantum chips. Among those efforts to develop quantum-resistant algorithms is to replace today's public key encryption with an alternative known as lattice-based signing.
One approach to protecting the $2 trillion Bitcoin blockchain has been unveiled by post-quantum cryptography specialist BTQ Technologies (BTQ): Bitcoin Quantum, a permissionless bitcoin fork testnet it says meet the challenge.
This is a public, runnable network where miners, developers, researchers and users can stress-test quantum-resistant transactions and surface the operational tradeoffs before any mainnet-level migration conversation becomes urgent, according to BTQ’s head of partnerships Chris Tam. The system includes a block explorer and a mining pool, providing immediate accessibility.
Two attack vectors
Quantum computing opens two attack vectors on Bitcoin: the ability to derive a private key from a public key, and attacks on the network’s proof-of-work algorithm. The algorithm is what allows miners, the participants that keep the network secure, to arrange transactions chronologically in blocks.
Given a public key, a quantum computer could quickly calculate the private key and use it steal funds, so the whole concept of security goes down the drain, Tam said.
“You're supposed to only be able to move from a private key to a public key, it's supposed to be a one way function,” Tam said in an interview. “But a quantum computer has this ability to solve what’s called the discrete logarithm problem. We assume that problem to be difficult, but unfortunately in the quantum world it's not difficult, where you get an exponential speed up in the number of qubits.”
The good news is you don’t need quantum to battle quantum, Tam said. It can be accomplished with existing computation and algorithms. Post-quantum algorithms employ the same sort of encryption mechanism and interface as today’s digital signatures, but with more robust mathematics underpinning the infrastructure, he explained.
“We still have what is called a digital signature algorithm, but the mathematical problems underpinning this are moving from a discrete logarithm to a mathematical problem that is assumed to be difficult by a quantum computer,” Tam said. “And when I say ‘assumed to be difficult,’ we're talking here about international cryptographic standards.”
The post-quantum process is well underway. As far back as 2016, the U.S. National Institute of Standards and Technology (NIST) solicited post-quantum cryptography algorithms to replace the ones in use at the time.
So far, a post-quantum algorithm known colloquially as Dilithium (officially, it's the Module-Lattice-Based Digital Signature Algorithm or ML-DSA) was standardized in the U.S. in August 2024. ML-DSA is also the algorithm used in Bitcoin Quantum.
One reason it hasn't already been implemented fast-moving and innovative areas like cryptocurrency is that's it's much more expensive to run.
Compared with existing digital signatures, which are used every time a message is sent to a blockchain or even to send a WhatsApp message, post-quantum algos are at least 200 times larger.
“So there are ways of mitigating these quantum risks, but they come with their own problems, namely in the performance and the cost overhead of deploying them at scale,” Tam said.
Keeping bitcoin's identity
But that's not the biggest problem. For any change to take effect, the Bitcoin blockchain would need to undergo a hard fork: an upgrade that is incompatible with older versions. Convincing the Bitcoin community that such a move is necessary is likely to meet solid opposition.
Anyone familiar with the history of the Bitcoin network knows that many influential personalities have said hard forking would effectively create a new coin that would not be bitcoin anymore.
Bitcoin Improvement Proposals such as BIP-360 aim to tackle the problem by introducing quantum-resistant address types and allowing a gradual transition. But no timeline has been set, and no migration has begun.
In an attempt to ameliorate those who may be opposed to implementing his company’s quantum-resistant measures, Tam cites the most influential voice of all, that of Bitcoin’s pseudonymous creator, Satoshi Nakamoto.
“Satoshi Nakamoto, from day one, understood there was a quantum risk to the type of cryptography that is currently being used. And if you actually go back and look at the code base, you'll see that a couple years in Satoshi changed the way that payments are made,” Tam said. “He saw this as a fundamental insight, where as soon as you expose your public key on the blockchain, a quantum computer can then derive the private key.”