Let’s not Panic about Quantum Computers
NIST provides a quantum of solace.
Dateline: Guildford, 4th October 2023.
The news that IBM has used a quantum computer to solve a problem that that stumps the leading classical methods is another step on the road to what has become known as “quantum advantage”, where a quantum system solves a problem that cannot be solved by any amount of classical computation. For those of us around fintech, the one problem that we really want to solve is breaking public key cryptography so that we can forge digital signatures, get access to bank systems and, of course, steal a lot of Bitcoin.
Priorities
This is important stuff. In the British government’s new technology strategy, quantum computing is one of the “priority” technologies and it is easy to understand why. That point about solving problems beyond the reach of existing computers means that there is something of an arms race underway, with quantum supremacy as the goal. One of the interesting problems that quantum computer can solve is breaking the asymmetric cryptography at the heart of cryptocurrency in order to transfer money out of lost or abandoned wallets.
It will take a while to get to the aforementioned quantum supremacy, where quantum computers can outgun the classical incumbents. Detailed calculations by people who know what they are talking about suggests that if quantum computers are put up against classical supercomputers capable of up to a quintillion (10^18) floating-point operations per second, quantum supremacy could be reached with as few as 208 qubits. But… the IBM solution is already at 127 qubits (quantum bits).
with kind permission of Helen Holmes (CC-BY-ND 4.0)
Why does this matter to fintech? Well, as Hupel and Refiee explain in their paper “How does post-quantum cryptography affect Central Bank Digital Currency?” assets in digital currencies are typically represented as public-private key pairs. In the world of cryptocurrencies, the main contenders Bitcoin and Ethereum both use the secp256k1 elliptic curve as a basis and breaking that algorithm would give an attacker knowledge of the private key corresponding to some digital assets, which then enables the attacker to spend those assets. Assuming that CBDCs would follow the same or a very similar model, then they are vulnerable to the famous “Shor’s algorithm” that can be used not just for breaking RSA keys, but also for breaking elliptic curve keys.
What would this mean? Well, if you look at Bitcoin, for example the accountants Deloitte reckon that about four million Bitcoins will be vulnerable to such an attack. That means there are billions of dollars up for grabs in a quantum computing digital dumpster dive!
If we apply quantum computers that specific problem of breaking the 256-bit elliptic curve encryption of keys in the Bitcoin network within the small available time frame in which it would actually pose a threat to do so, researchers calculation it would require 317 × 106 physical qubits to break the encryption within one hour using the surface code, a code cycle time of 1 μs, a reaction time of 10 μs, and a physical gate error of 10−3 10 − 3. To instead break the encryption within one day, it would require 13 × 106 physical qubits.
So never mind quantum supremacy with a few hundred qubits, quantum computers would need millions of physical qubits to be a threat to Bitcoin.
QRC is Coming
Nevertheless, quantum computing will come. So is the sky falling in for the banks and the credit card companies and mobile operators and the military and everyone else who uses public key cryptography then? Well, no. They are not idiots with their heads in the sand and they are already planning to adopt a new generation of Quantum Resistant Cryptographic (QRC) algorithms to defend their data against the inevitable onslaught from quantum computers in unfriendly hands. They have been looking towards the National Institute of Standards and Technology (NIST), which last year selected a set of algorithms designed to withstand such an onslaught after a six-year effort to devise encryption methods that could resist an attack from a future quantum computer that is more powerful than the comparatively limited machines available today. NIST has now released these algorithms as standards ready for use out in the wild.
If you are interested in the details, the algorithms are:
CRYSTALS-Kyber, designed for general encryption purposes such as creating secure websites, is covered in FIPS 203;
CRYSTALS-Dilithium, designed to protect the digital signatures we use when signing documents remotely, is covered in FIPS 204;
SPHINCS+, also designed for digital signatures, is covered in FIPS 205;
FALCON, also designed for digital signatures, is slated to receive its own draft FIPS in 2024.
These algorithms are important because while there are no Bitcoin-stealing quantum computers around right now, they will come. As the quantum technology advances, there will be an inevitable competition between the quantum computers that can break cryptographic algorithms and the cryptography community's efforts to develop quantum-resistant algorithms. This means there will be a period where entities (e.g., Visa and the DoD, not just Bitcoin) will be transitioning to new cryptographic methods, which is why the US Cybersecurity and Infrastructure Security Agency (CISA) has just issued a note calling on critical infrastructure and other organizations to begin work now to create road maps for how they’ll migrate to QRC.
The cryptocurrency world should follow suit so that if and when quantum computers become a threat, then cryptocurrencies can be updated to use QRC. This would be a significant undertaking, but it's theoretically possible.
(For example: Account and wallet keys can be used to establish a secure channel by means of CRYSTALS-Kyber, since it is the only Public Key Encryption/Key Encapsulation Method selected algorithm by NIST.)
The Bank of Canada, for one example is already investigating quantum-safe cybersecurity technologies for greenfield digital currencies and they intend to take the code developed for their research project and issuing it as open source to give developers and researchers the opportunity to explore the new cryptographic methods and propose improvements or modifications, accelerating the development of quantum-safe technologies.
Harvest Now Decrypt Later
Technology strategists in banks, fintechs and “crypto” know why these standard algorithms are being pushed out now, when any actual quantum computer is still some years away. The fact is that you can be at risk from quantum computers that do not yet exist because of what is known as the “harvest now, decrypt later” attack. It’s the idea that your enemy could copy your data, which is encrypted, and they can hold onto it right now. They can’t read it. But maybe when a quantum computer comes out in 10 years, then they can get access to your data.
Incidentally, this prospect has implications for the world of central bank digital currency (CBDC). In an interesting paper on “Post-Quantum Protocols for Banking Applications” Luk Bettale, Marco De Oliveira and Emmanuelle Dottax of IDEMIA point out the that the cryptographic data involved in banking transactions is valuable only for a short period of time and after validation by the bank they become useless. This makes banking transactions such as tapping your credit card on a contactless terminal immune to that “harvest now, decrypt later” threat. However, offline transactions (which are integral to any worthwhile population scale CBDC) rely exclusively on card authentication that is vulnerable to such an attack. Interesting times.
If the information you’re protecting is valuable enough, then you’re already in trouble because of that threat.
Are you looking for:
A speaker/moderator for your online or in person event?
Written content or contribution for your publication?
A trusted advisor for your company’s board?
Some comment on the latest digital financial services news/media?