In this article, we zoom in on the post-quantum era of crypto assets Crypto assets have a simple ownership principle. Assets are inextricably linked to secret keys, so transactions must include proofs of ownership
Crypto assets use digital signature algorithms to prove key ownership. For example, every Bitcoin transaction must include the signature produced by ECDSA — Bitcoin’s digital signature algorithm — run with the secret key corresponding to the relevant Bitcoin as input. The nodes of the Bitcoin network verify the signatures contained in transactions using the public keys corresponding to the secret key. If someone copies your secret key, then they too can generate signatures, and the Bitcoin network will treat them as the legitimate owner of your Bitcoin.
Digital signature algorithms guarantee that only those who know a secret key, can sign with that key. Hence public keys can be distributed without fear that anyone will learn anything about the underlying secret key or will be able to transact. All crypto assets fundamentally rely on the guarantees of digital signature algorithms to operate securely. The fact that a digital signature algorithm like ECDSA can provide such strong security guarantees results from decades of cryptographic research. A critical part of the research is understanding what mathematics can efficiently be solved, which requires modeling how computers calculate.
Quantum computers calculate in a fundamentally different way, and mathematical problems which classical computers have a hard time solving efficiently can be done more efficiently on quantum computers. In fact, many digital signature algorithms are designed to be secure against classical computers and give no guarantees against quantum computers, so it might be possible to recover secret keys from public keys or from signatures. As a result, crypto assets would collapse due to their fundamental reliance on digital signatures for proof of ownership.
Using new models for how quantum computers work, researchers have developed theoretical attacks against all currently deployed signature algorithms, such as ECDSA, with the most prominent being Shor’s attack. Progress is being made in the development of quantum computers, from advances in research from Google and IBM, to commercial offerings like the IBM Q System One and D-Wave. Yet much more powerful quantum computers are necessary to mount attacks against cryptographic algorithms and estimates frequently place those quantum computers at least 10–20 years away. So, why worry about it now?
If crypto assets are to be perceived as safe stores of value, competitive with gold, then they should withstand the test of time and remain secure in the long-term. Even knowledge of the existence of a quantum computer, without any evidence of an attack, would cripple trust in crypto assets.
Furthermore, it takes time to come up with new cryptographic algorithms and deploy them. Researchers have not yet settled on suitable digital signature algorithms, and current proposals for post-quantum secure candidates often result in a performance hit. An on-going competition run by the US National Institute of Standards and Technologies (NIST) is expected to complete by 2021. The COSIC research group of the KU Leuven, run by our Advisory Board member Bart Preneel, has two submissions. Some have proposed new post-quantum secure blockchains, such as Fawkescoin, and others have been deployed already, like ABCMint.
Finally, standardizing, deploying, and optimizing cryptographic algorithms for wide-spread use can take years. Implementers need to understand the algorithms and port them to different platforms, with enough care to ensure the implementations themselves are secure.
Take-Aways for Investors
1. Crypto assets should strive to become post-quantum secure.
The advent of quantum computers is not an immediate threat, but most agree it is a question of when, not if they will be available. Achieving post-quantum security might result in a performance hit.
2. The main uncertainty with crypto-asset projects is how ’crypto agile’ they are.
As many are working on designing fast, post-quantum secure digital signature algorithms, we expect practical proposals to be available in the coming years. Therefore, the main risk in crypto-asset projects is the ease with which they can change their underlying protocol to use different cryptography, i.e. their crypto agility. This should be understood not only from a technology perspective but considering the project’s governance as well. Furthermore, crypto agility is not only beneficial to protect against the post-quantum threat but is important to limit damage anytime a vulnerability is found in a cryptographic algorithm.
Google’s Sycamore quantum processor, which was behind the recent breakthrough. (Credit: Google)
Resources on post-quantum cryptography proposals and further technical details on the quantum threat can be found at https://pqcrypto.org/. Recently, Google successfully ran experiments that demonstrate quantum supremacy — the fact that quantum computers actually are significantly more efficient at solving certain problems.
For a contrarian view on the widescale applicability of quantum computing, see The Case Against Quantum Computing by Mikhail Dyakonov.
Is the quantum threat unique to crypto assets?
No, any system relying on digital signature algorithms suffers from the same problems. This includes the security of the entire internet, and along with it traditional financial systems using the internet (such as bank logons).
What is the impact of quantum computers on proof-of-work?
Proof-of-work puzzles generally rely on hash functions for security. In a post-quantum world, hash functions will provide guarantees much as they do in the classical world. Quantum computers will be able to solve proof-of-work puzzles more efficiently, however not to the point that proof-of-work becomes meaningless. We imagine that if quantum computers are the more economical choice for miners then they will come to dominate mining, much like ASICs dominated over GPUs, and GPUs over CPUs, and that mining difficulty will increase naturally to account for the presence of quantum computers.
What is the impact of quantum computers on proof-of-stake?
Unlike proof-of-work, proof-of-stake protocols rely exclusively on digital signature algorithms, and therefore need to be modified to account for quantum computers.
In case you would like us to help you to elaborate more in depth on any of the above, do not hesitate to reach out to us.
About Tioga Capital Partners
Headquartered in Europe and with a strong presence in the Silicon Valley, Tioga Capital Partners provides an unprecedented European investment vehicle to capture blockchain Venture Capital investment opportunities. Tioga provides diversified exposure through a long-term strategy including both crypto assets and equity positions. Our deep technical expertise combined with investment, legal, and entrepreneurial experience allows us to be value-added partners to the teams that choose to work with us and that we meet through our “grassroots network” across the industry. With compliance and security at the highest standard, we provide an institutional-grade investment vehicle out of Luxembourg supported by a best-in-class fund ecosystem.
Tioga Capital Partners (“Tioga“) is an investment manager offering a long-term VC strategy tailored to take advantage of the opportunities related to blockchain innovation.
This post does not constitute an offer to sell or a solicitation of an offer to purchase any interest in Tioga, any affiliate of Tioga or any undertaking for collective investment or other investment structure managed or advised by Tioga (each, an “Investment Structure”) or any other security or interest. Any such offer or solicitation shall be made only to eligible and qualified investors, and only pursuant to final offering documentation which describes the terms applicable to the securities or interests being proposed and the risks related to an investment in such an Investment Structure. This post does not constitute part of any offering documentation, public offering prospectus or private placement memorandum. Any information contained in this post concerning any Investment Structure is qualified in its entirety by the terms of the final offering documentation of the relevant Investment Structure subject, and remains subject to revision and completion at any time.
An investment in an Investment Structure proposed from time to time by Tioga is speculative and involves a high degree of risk, including a complete risk of loss of capital. The performance of any Investment Structure may be volatile, and there can be no assurance that any investment proposed by any Investment Structure will be able to implement its investment strategy or achieve its investment objective. An investment in an Investment Structure may lack diversification and be concentrated in terms of sectoral, geographical and/or asset allocated, thereby increasing the risk of loss, and its performance may be affected by material market or economic factors. In making an investment decision, potential investors must rely solely on their own examination of an Investment Structure and the terms of the applicable offering documentation, including the merits and risks involved, and not on any information or representation made or alleged to have been made herein or otherwise.
All figures and statistics, including but not limited to track records and past performance data, are purely indicative and are being provided for information purposes only, and do not constitute a promise or guarantee as to the current or future performance of any Investment Structure. Indications of past performance and financial market scenarios are not reliable indicators of future performance. Any performance data do not take into account the fees, commissions, costs, expenses and taxes that may apply at the level of an Investment Structure.
Potential investors should not regard the contents of this newsletter as investment, financial, legal, tax or other advice, but should retain appropriate advice in all relevant fields from their own professional advisors.