How soon will quantum computing threaten cryptocurrency?
They said three years, five years, but I don’t know if I believe this. But in 20 years, for sure.
If the threat isn’t immediate, is this something we need to worry about now?
The French official position is that we don’t really know the new [quantum computing] schemes that are being put into place [and as] it’s not so soon, let’s see how things unfold and maybe we’ll have a better look at those schemes in five years. NIST [National Institute of Standards and Technology, a U.S.-based Department of Commerce organization] thinks differently and they say that we have to make a decision now .
Isn’t bitcoin already quantum-proof, though?
Some people say it is, but sometimes you reveal your public key and then you are breakable if there is a computer which is strong enough. There’s a tiny time window where I will send my public key along with the transaction I want to inject into the system, 10-20 minutes or so, and if it stays here too long maybe a quantum computer can crack them before they are on the chain.
How do you think quantum attacks on blockchains will take place?
I think that quantum driven attacks are mostly going to happen at the periphery of the system. It’s one thing to break things that are encrypted on the chain, but the point of attack will be closer to the user, to what kind of physical device the user is using to inject a transaction into the blockchain system.
Is there anything available to stop this?
One technique is called PUF, which is a physical unclonable function. This is a device that promises to not be physically cloneable. I can use this to make myself identified by you if you know how the little machine is supposed to respond. You send me a challenge, I send you a response and you’ll compare the response that you receive from me to the response that you know that I should be giving, and then you’ll be able to identify me as the person holding the device.
And this would stop quantum computers from attacking cryptocurrency?
We should be looking for vulnerabilities that will be exploited by quantum attacks at the level of the physical protection of the keys of all the cryptographic schemes used in one way or another. PUFs are a way to not use keys, but something similar to prove that you are who you say you are.
Is there a specific reason why people are concerned about quantum computing in the cryptocurrency world?
Yes, I think people in the crypto asset world have an acute sense of security problems and potential vulnerabilities in cryptographic schemes, so I think they are a little ahead of the curve.
Where will this potential threat come from?
This discussion is fun because it’s only the big technology companies like Microsoft, IBM, Rigetti, Google, and Chinese players, like Alibaba and Tencent, that are coming into the picture. Quantum computers are going to be very expensive to build, so they will be concentrated in a few hands. It means hackers may not have access to them, as it’s not going to be easy to summon the computational power to do it.
Could some of these big companies use what they develop against the cryptocurrency industry?
Not in any malicious way. They are really large objects with a huge reputation to preserve, right? So Google is not going to crack the bitcoin blockchain, but if they can, they will certainly demonstrate that they can do it to impel further momentum.