“[There’s] a Y2K-level event coming. We just don’t know what the end date is. And if you haven’t already started your journey to become quantum-resistant, you might be too late.”

This warning from Peter Bordow, head of quantum technology research and development at Wells Fargo, may sound apocalyptic. But the comparison to the unknown effects that faced global systems at the turn of the 21st century may even understate the threat quantum computing presents to decentralized finance (DeFi)—and online security more generally.

Like kryptonite for Superman, it could be their undoing.

The danger is that quantum computing could see decryption of DeFi and other security algorithms happening at warp speed. Current encryption protocols, which would take conventional computers hundreds of years to break, could be cracked in almost no time by their supercharged quantum successors.

Some cyber-security experts believe quantum computers will be able to unpick the digital signatures guarding trillions of dollars’ worth of cryptocurrencies within a few years—so cryptocurrency markets face a race against time to implement new encryption algorithms before their security is breached.

Bordow tells Risk.net: “If there’s a compromise, and it hits the headlines, the value of bitcoin could drop radically.”

If there’s a compromise, and it hits the headlines, the value of bitcoin could drop radically

Peter Bordow, Wells Fargo

Niall Coffey, former chief foreign exchange dealer at the Federal Reserve Bank of New York, who now runs macro research firm Avoca Global Advisors, says quantum computing will render bitcoin cryptography outdated within five years, posing massive cyber-security risks for anyone involved in holding it.

This view is supported by a 2017 academic study, which suggested the elliptic curve digital signature algorithm (ECDSA) encryption used by most cryptocurrencies “could be completely broken by a quantum computer as early as 2027, by the most optimistic estimates”.

Not all quantum experts agree on the timeframe. Lee Braine, managing director of research and engineering at Barclays, says there are “widely differing” views on how quickly quantum could imperil crypto systems. The consensus appears to be 10 to 15 years away, he says, “although there may be unexpected leaps in progress which reduce that timeline”.

A survey published in January 2021 by research firm Global Risk Institute asked 44 experts when a quantum computer might break the prevailing form of encryption, known as RSA. A majority thought it was likely to happen in the next 15 years. A quarter suggested the threat could become “concrete” in 10 years. But experts did not discount a “short-term and impactful surprise” in which public-key crypto systems were cracked within five years.

How it works

RSA is a form of encryption popularised in the 1970s by Ron Rivest, Adi Shamir and Leonard Adleman, who lent their initials to it. The algorithm creates a public key by multiplying two large prime numbers that are stored in a private key. The public key is used to encrypt information, which can then be decrypted using the private key.

Most cryptocurrencies rely on ECDSA, a variation on this—which, rather than using prime numbers, takes a point on an elliptic curve and multiplies it by another number to create a new point on the curve, which then becomes the public key.

Without the private key, RSA and ECDSA are practically impossible to crack using conventional computers. In the case of RSA, an academic study conducted in 2010 found that the equivalent of almost 2,000 years on a regular computer would be required to reverse-engineer the primes multiplied to create a 232-digit public key.

But for the sort of quantum computers that are currently in development, this could be a cakewalk. For so-called classical computers, the bits used to run calculations exist in one of two states—a one or a zero. One bit holds one piece of information, two bits hold two, and so on. This means that computing power increases in linear fashion as more bits are added. But in quantum computing, qubits can exist in two states simultaneously. So, with the addition of every qubit, the number of possible states of the system doubles, and computing power increases exponentially, thereby allowing quantum computers to make vast numbers of calculations at breakneck speed.

When quantum computers surpass what is achievable by their classical counterparts, many beneficial uses could be possible. Banks and developers are testing use cases such as derivatives valuation and managing liquidity buffers. But it could equally be put to more nefarious purposes—including breaking the security of cryptocurrencies such as bitcoin.

The risk is getting higher and higher because of advances being made by IBM and Google

Ali El Kaafarani, PQShield

In fact, one method for decrypting RSA and ECDSA already exists in the form of Shor’s algorithm, which was discovered by Peter Shor in 1994 that, with enough computing power (eg, from a quantum computer), can find the prime factors of any whole number, no matter how large.

“At a high level, ECDSA is a digital signature scheme used to provide data integrity and authenticity. Its security relies on the difficulty of solving a mathematical problem called the elliptic curve discrete logarithm problem,” says Ali El Kaafarani, chief executive officer and founder of PQShield, a company specializing in quantum-proof cyber security. “However, it is easily solvable by Shor’s algorithm—hence the need for post-quantum cryptography.”

There is no “bulletproof guarantee” that bitcoin won’t be hacked by quantum computers before 2030, he says, and “the risk is getting higher and higher because of advances being made by IBM and Google”.

Last month, IBM announced that its Eagle quantum processor can manage 127 qubits, double both the amount of its previous machine and that achieved so far by Google.

Current estimates suggest using Shor’s algorithm on a hypothetical quantum computer could break elliptic curve cryptography with fewer quantum bits than would be necessary to break RSA. But the number of qubits required for both would still measure in the thousands, compared with the hundred or so available today.

But a solution may be in the making.

Nist computes

The US’s National Institute of Standards and Technology is now leading a process to identify quantum-resistant algorithms for public-key cryptography.

“You could foresee a quantum computer that could break [cryptography] in a manner that affects a lot of things,” says Bruce Schneier, a technologist teaching at Harvard Kennedy School. “Which is why Nist is already working on post-quantum cryptography. And presumably anything like bitcoin will migrate to that well before a quantum computer appears.”

“The right mitigation against the quantum threat—as confirmed by intelligence agencies and standardization bodies including [the UK’s] GCHQ, the [US’s] National Security Agency and Nist—is to use post-quantum cryptography which simply relies on mathematical problems that are not affected by Shor’s algorithms,” says PQShield’s El Kaafarani.

Nist has led an international, collaborative five-year process to standardize post-quantum cryptography, and will soon announce the winning algorithms, he tells Risk.net: “In a few weeks’ time, we will know which public-key cryptography algorithms will help secure our identities, data and devices for the decades to come.”

Nist started its process in 2017 with 69 candidate algorithms, and is now down to seven finalists: Classic McEliece; Crystals-Kyber; NTRU; Saber; Crystals-Dilithium; Falcon; and Rainbow. Draft standards are expected to become available in 2022.

Nist-approved digital signatures could now be deployed by networks in a transition phase (for bitcoin, for example) before getting agreement from users to only use post-quantum signatures, he adds.

In the interim, people could use multiple digital signatures. “There is no harm whatsoever in signing the same thing twice,” says El Kaafarani.

Schneier agrees: “We’ve had forks before, and seen forks where both exist for a while. If the bitcoin community wants to do it, they will do it.”

Wells Fargo’s Bordow points out that US financial services standards body X9 has already proposed a standard for dual-signature certificates—“a really good, preparatory, tactical step to take”, he adds.

El Kaafarani warns of the need for urgency: “Nist is going to announce the standards by the end of this year, so there isn’t much time, and people need to start transitioning.”

Threat vector unknown

There are also unique challenges posed by the decentralized nature of cryptocurrencies. Bitcoin code is maintained by a group of developers called Bitcoin Core, whose work is funded by crypto firms such as Square. But the network is governed by its users, not its miners or developers. A consensus process is followed for bitcoin improvement protocols to be proposed and then enacted.

“Bitcoin Core are looking for threats to bitcoin all the time. When something comes along and they believe it’s time for an upgrade to the bitcoin code, they will propose it,” says Caitlin Long, CEO of Avanti Bank, a bank chartered to handle digital assets and currencies.

Individual node operators around the world would then need to signal that they want the upgrade for the process to take place, she says: “That’s usually very programmed—and very public—because it’s open-source.”

And commentators point to the likely effects of quantum computing power beyond the realms of crypto. According to Bordow, bitcoin and cryptocurrencies are a narrow target within a larger framework of blockchain: “Anything that rides upon a blockchain construct would theoretically be at risk, such as real-estate titles or medical records.”

The “seismic” impact of quantum computing will probably affect the traditional banking system, too, says Christopher Giancarlo, the former head of the US Commodity Futures Trading Commission, known as Crypto Dad for his embracing of cryptocurrencies.

Avanti’s Long takes the point even further: “If encryption algorithms get broken by quantum computing, the entire internet would be insecure.”

She believes bitcoin developers would “see it coming”, however, “and quickly pivot to a quantum-resistant encryption algorithm”.

From a defensive standpoint, developing classical approaches to quantum resilience would include quantum-resistant algorithms as well as increasing key strengths, agrees Bordow.

But he emphasizes: “Crypto migration takes a long time, and we really don’t know what the entire threat vector looks like. Everything is at risk. That’s what makes this so incredibly unique.

“It’s every industry in every country, all across the world. And we’re all in this together.”