With claims circulating that not one but two quantum computers have already been developed which are 10 million times faster than the most powerful conventional supercomputers and IBM recently announcing their own exponentially faster quantum computer, quantum computing at a commercial level might be just around the corner.
However, if we are to interact with quantum computers, it will likely be through cloud technology like Amazon’s web services and Google’s Collab, and while the production of quantum computers could commence in less than a decade, major technology companies and military and research companies will be the first to adopt it – according to Mario Galatovic, vice president products & alliances, Utimaco.
Therefore, organisations, especially those that use blockchain technology, must begin to prepare for future threats and adapt their operations accordingly. For example, it could take standard computers decades to break the asymmetric encryption that secures a single blockchain wallet, but this would be an insignificant task for a quantum computer.
So, what are the threats and what can be done to abate them?
How secure is blockchain technology?
Asymmetric encryption, used in blockchain security for identity management and transaction authentication, employs pairs of private and public keys – the private key is used for signing ‘messages’ and decrypting data, while the public key (which can be shared with anyone) is used for validating signatures and encrypting data.
For example, if ‘Alice’ were to send a message to ‘Bob’ and be sure that only Bob could read it, Alice could encrypt the message with Bob’s public key, so even if the message was intercepted only Bob would have the corresponding private key to encrypt it.
This begs the question: if a public key and private key are paired and anyone can have a public key, why couldn’t somebody work out a private key from the public key?
Mathematically, they are far more complex than something like a substitution cypher (A=1, B=2 and so on), so to ‘crack the code’ with logic alone would be impossible.
This leaves ‘brute force’ attacks – guessing the digits that make up a private key. This might be feasible with a four-digit number by entering 0000, then 0001 and so on until you hit the right answer, but with even 256 bit encryption, where the number that needs to be guessed is 256 digits long, the chances of guessing correctly is one in 2256, or approximately one in 150,000 billion billion billion billion billion billion billion billion.
The encryption on blockchain technology is frequently 1024 bit, and the time it would take to guess by brute force would be in the trillions of years on a conventional computer, but hours or even minutes on a quantum computer.
This is of particular importance for cryptocurrency, which is increasingly being used in FinTech.
What is ‘true’ on a blockchain is decided upon by consensus between its component parts, meaning that if a person had the incredible computing power to gain control of 51% of a blockchain they could ‘double spend’ by sending the same coins to two different people and creating new blocks in which one person did not get the coins and another did.
Quantum computers would not technically be able to alter existing cryptocurrency transactions, however each transaction is created and secured with forms of encryption that could be made vulnerable because of quantum computing.
Making FinTech blockchains quantum-resistant
Although quantum computing will pose a considerable threat on the sector, major players such as Citi Bank and JP Morgan are trialling an application of blockchain technology to significantly speed up cross-border transactions.
Secondly, digital identity applications can be adopted to verify a person’s identity and reduce identity fraud considerably.
For example, by putting a person’s education and professional achievements on a blockchain, prospective employers can match jobs with candidates instantly rather than manually reviewing hundreds of applications.
Once identities can be easily and securely established, they can be used to ensure security in fields like lending and investing.
Both require a person or organisation to be who they say they are, and to have financial information that can be easily accessed and trusted to be legitimate.
Combined with digital identification this could open up finance to billions of people who currently lack documentation and documented financial histories – if it can remain secure.
Protecting the blockchain from quantum computing
Much like the concept of computation, which was around for nearly 100 years before the first computer, quantum computing has been theorised for decades before the first working quantum computers are built. In that time, quantum-safe cryptography has been developed to counter it.
FinTech companies working with blockchain technology must act now to ensure that their encryption is quantum safe. Organisations can build blockchain applications from the ground up with modern technology such as Hardware security modules can be deployed with a firmware that can generate quantum-safe public keys in order to stay secure during the ongoing changes in the digital society.