Two emerging technologies are on a collision course.
The rapidly emerging technology of Blockchain, likened to the backbone of the next internet, will be vulnerable to hackers using another emerging tech, namely quantum computers, according to a team of scientists. The only way to mitigate that threat, they add, is to use quantum technology to better protect vulnerable areas of the blockchain.
In a paper, researchers from Cambridge Quantum, the Inter-American Development Bank, the IDB Lab and LACChain designed and demonstrated a way to use quantum to protect against quantum. The researchers report on a layer-two solution that can secure information exchanges between two blockchain nodes and add that they developed a way to use post-quantum keys to secure signatures in transactions.
The study confronts a looming threat that algorithms — such as RSA or ECDSA — that protect blockchains, along with many other important online networks and databases, just so happen to be the very algorithms that quantum computers are adept at hacking, according to Duncan Jones, head of Quantum Cybersecurity at Cambridge Quantum and one of the study co-authors.
“Quantum computers are not a panacea that solve everything,” said Jones. “But they solve certain things really, really well. Unfortunately, for the crypto world, factoring problems, this ability to split large numbers of component parts, is something that will be possible one day and so it forces us to move to algorithms that rely on different mathematical problems, which we don’t think quantum computers have any advantage in.”
In the quantum blockchain protection model, Cambridge Quantum’s Ironbridge supplied the quantum encryption keys.
Critically, keys must not just be hard to predict, but completely random. While some solutions rely on a whole range of techniques to approximate randomness, this pseudo-randomness will still create vulnerabilities, particularly in the quantum era.
“It’s not just that quantum computers can unpick the mathematics, it’s also that quantum computers will be able to unpick the keys that we’re actually using, as well,” said Jones. “Encryption keys, generally speaking, are just random numbers and the security of your key boils down to this: Can anybody predict anything about the zeros and ones that make up your key, even if they can predict a few bits of it reliably?”
Because Ironbridge produces numbers that are completely unpredictable, not just complex, it can uniquely address the challenges of the coming quantum era, unlike other methods, said Jones.
“Even when attackers have quantum computers, which are very good at spotting patterns and modeling complicated systems, they still will not be able to break these keys,” he added.
Protecting Vulnerable Points in Blockchain Technologies
The team’s solution is built as a layer on top of blockchain technologies to address two aspects of blockchain tech that make them tempting targets for hackers and especially tempting to future quantum black hats. One weakness hackers will look to exploit are the blockchain nodes that have internet communications between them. Another weakness: blockchain transaction signatures that are used by businesses to verify their identity when submitting transactions or validating blocks.
The researchers used IronBridge platform’s quantum-proof keys to thwart hackers attempting to use vulnerabilities at these points of the system layer.
This is more than theoretical. By shoring up these key vulnerabilities, the researchers tested their method to protect an actual blockchain. They report that the model is designed to not just work in the blockchain they used for the experiment but can secure all blockchains.
Re-Writing the Blockchain Past
Like writing down transactions in a ledger book, blockchains typically verify transactions in a linear fashion, with each block relying on a block or blocks in the past. Protecting the blockchain against quantum attacks could therefore help secure not just present and future transactions, but also better protect the history of past transactions,
“There is the risk that a quantum-powered attacker could rewrite history,” said Jones. “So, the attackers could create a version of the blockchain that appears valid, but it actually tells a very different story. You can then present a completely different ledger of record that it’s very difficult to refute.”
Catherine White, Technical Specialist, Quantum Research, BT, said that the work on blockchain is a timely advance.
“A stitch in time saves nine – as blockchain and other distributed ledger technologies gain an increasingly important role in the digital ecosystem, it is worth taking steps to implement solutions that are quantum resistant, particularly for any digitally signed transaction that will still need to be verifiable in a few years time,” said White. “CQ have demonstrated how this can be achieved. I expect that the use of quantum safe cryptography in distributed ledgers will become de facto within the next 2-3 years, as the best choice of algorithm becomes clearer, and as the community reacts to the significance of the quantum threat to this field.”
Jones said that the techniques and technology could be used to secure other types of blockchain — but, according to Jones, the basic approach can be used to secure more than just blockchain from pending quantum attacks. He hopes this work in blockchains raises awareness across industries where security is a prime concern — in other words, every industry.
“Our focus now is really on solving that problem in more and more places and in different use cases, trying to find those early adopters,” said Jones. “Just as William Gibson said, the future is here, it’s just not evenly distributed. You couldn’t apply that more to what we’re doing.”
The researcher published their findings online, available at the Inter-American Development Bank.
In addition to Jones, the team included first author Marcos Alleride López, Diego López León, Sergio Cerón, Antonio Leal Batista, Adrián Pareja, Marcelo Da Silva, Alejandro Pardo, David Worrall, Ben Merriman, John Gilmore, Nick Kitchener and Salvador E. Venegas-Andraca.