Rapid advances in quantum computing could pose a risk to certain types of Bitcoin transactions.
A wide range of initiatives in post-quantum cryptography works to mitigate unwanted scenarios
Some predict that rapid advances in quantum computing will have key implications in domains that use public-key cryptography, such as the Bitcoin ecosystem.
Bitcoin’s “asymmetric cryptography” is based on the principle of “one-way function”, which means that the public key can be easily reported from the corresponding private key, but not vice versa.
This is because classical algorithms require an astronomical amount of time to perform such calculations and are therefore impractical.
However, Peter Shore’s quantum algorithm in polynomial time, which is performed on a sufficiently advanced quantum computer, could perform such calculations and thus falsify digital signatures.
To better understand the level of risk introduced by advanced quantum computing, we limit ourselves to simple person-to-person payments.
They can be divided into two categories, each affected differently by quantum computing:
- Pay to public key(p2pk): Here the public key can be obtained directly from the wallet address. A quantum computer could potentially be used to execute a private key, thus allowing a thief to spend money on an address.
- Pay to public key hash(p2pkh- Pay to public key hash): Here the address consists of a public key hash and therefore cannot be obtained directly. It is detected only at the moment of starting the transaction.
So, until the funds are transferred from the p2pkh address, the public key is not known and the private key cannot be reported even using a quantum computer.
However, if funds are ever transferred from a p2pkh address, the public key is revealed.
Therefore, in order to limit the exposure of the public key, such addresses should never be used more than once.
Although avoiding the reuse of a p2pkh address can limit vulnerability, there may still be situations in which a quantum-capable adversary can successfully commit fraud.
The act of transferring coins even from a “secure” address reveals the public key.
From that moment until the transaction is dug up, the opponent has the opportunity to steal the funds.
What are the theoretical methods of attack?
Transaction hijacking: Here the attacker calculates the private key from the public key of the pending transaction and creates a conflicting transaction by spending the same coins, thus stealing the victim’s property.
The opponent offers a higher fee to encourage inclusion in the blockchain through the victim’s transaction. It must be noted that before the victim’s transaction is mined, the attacker must not only create, sign, and broadcast the conflicting transaction, but also first run Shor’s private key execution algorithm.
It is clear that time is crucial for such attacks. Thus, the level of performance of quantum computers dictates the probability of success of this threat vector.
Selfish mining: In this potential attack vector, an attacker could theoretically use Grover’s algorithm to gain an unfair advantage in mining.
This quantum computing routine helps search for unstructured data and can provide a square jump in the hash rate.
The ability to rapidly mine by sudden quantum acceleration could lead to price destabilization and control of the chain itself, resulting in possible attacks of 51%.
Combined attacks: By combining the above two vectors, an attacker could theoretically build a secret chain and selectively publish blocks to reorganize the public chain.
How to defend against these attacks?
Data collected through the mempool API can be used to run real-time machine learning algorithms to spot anomalies in the transaction fees offered and thus mark transaction abduction attempts.
Such algorithms can also help spot sharp jumps in block hash and raise warnings about possible “selfish mining” accordingly.
Dynamic AI models can calculate the risk of fraud during transactions at any time until confirmation.
These models can infer the potential earnings of a fraudster for each threat vector.
Insurance products can be designed to cover the risk of fraud during the transaction, whose prices can be calculated dynamically based on the probability of fraud in accordance with the models.
In addition, a “reputation score” can be calculated for each node in the blockchain. APIs that collect device details, IP address, etc. can be used to group activities (mining and/or transactions) into homogeneous clusters, and therefore have a high chance of originating from the same users.
Such patterns can also be used to directly detect quantum computers in a blockchain. A “reputation score” could be of particular importance in the case of combined attacks because opponents use a multi-vector approach to stealing funds.
Intelligent user interface design can help alert customers to the risk of address reuse, through the strategic placement of warning messages.
The principles of efficient incentive design can be used to formulate changes in consensus rules, such as applying margins to transaction fees for p2px and reusing p2px wallets.
This would lead users to move to safer behavior. Additionally, this would result in shortening the confirmation time of such transactions because the miners would select them first, thus narrowing the window of opportunity for the opponent.
The growth of quantum computers, with internal states consisting of many qubits, may raise questions about the basic cryptographic security of Bitcoin.
Even users who adhere to best security practices can still be affected in situations where a significant number of Bitcoins have been stolen from insecure addresses, causing increased price volatility.
A wide range of initiatives in post-quantum cryptography is underway to mitigate such scenarios.
It is crucial to note that the emergence of “quantum supremacy” does not necessarily mean the weakening of the bitcoin ecosystem.
Better quantum computing systems will eventually provide opportunities for a slow economic transition to better tools.
While the phase of asymmetric use of quantum computers can generate multiple threat vectors, fraud risk management principles along with user awareness can help design solutions for such a future.