Why Blockchain isn’t as secure as you think – Evening Standard


lockchain has rapidly become one of the most disruptive technologies of the 21st century, but with the continuous improvements in quantum computing, the foundations of the technology are starting to falter.

Blockchain, cryptocurrencies, NFTs and decentralised finance have become common terms, with blockchain now hailed as an extremely secure and much faster method of recording transactions due to the computational intensity of attempting to break it. Both companies and people have poured endless amounts of capital into the technology by buying cryptocurrencies or by developing their own currency or asset chains.

But in a dynamic cyber environment, is this $2.7 trillion dollar market really future-proof and secure?

With every innovation in quantum computing, the threat to blockchain increases.

There are two main issues that face the technology, the first being its reliance on a form of encryption known as public key cryptography; and second, its reliance on a type of algorithm called a hash function.

Public key cryptography is a method of encryption that publishes a key for the world to use so that they can encrypt information that only the holder of the private key can see.

A hash is generated by running a widely known and well-established algorithm on a piece of information to create a near unique digital representation of it. It is computationally impossible to construct the original information from a hashed representation, and they are said to be resistant to finding another piece of data that has the exact same digital representation. In both proof-of-work and proof-of-stake blockchains, digitally signed hashes are used in combination with random numbers to sign off a block.

So what’s the problem?

The threat from quantum computing to public key encryption is a known issue and has been discussed at length by many experienced professionals. It is an issue that both governments and commercial entities have recognised. NIST, the US National Institute of Standards and Technology, is currently in the process of defining what the next phase of encryption (also known as post-quantum encryption) will be. Many experts will highlight that the types of quantum computers that are capable of cracking this are still far away, which is true, but various competing technologies alongside quantum are bringing this to the forefront of the cybersecurity threat vector.

Therefore, one can see that the main near-term issue facing the chain comes from the threat to the hashing algorithm from quantum computing or quantum accelerated hardware. There are a few issues with the hash-method, however, the main issue facing these chains is that a quantum computer will be able to solve for these hashes at a much faster rate than any computational-based approach, thereby taking ownership of a network. Significant progress has been made in the past two years on a type of quantum algorithm called Grover’s algorithm, which poses the greatest risk to the network as a fully well error-corrected quantum computer is not needed.

“Evaluating and understanding the risk only gets us part way,” says David Worrall, co-founder of Secqai. “It is now time to implement the solutions available to prepare us for the future.”

This risk is further accentuated due to the decentralised nature of blockchain, where the latest cyber technology hasn’t been built to integrate easily with, for example, new hardware based cryptography such as secure entropy sources or quantum random number generators.

Indeed, research has shown that the deployment of post quantum safe algorithms in today’s blockchain architectures is not possible without a huge increase in transaction costs sometimes outweighing the value of the transaction.

Conversely, traditional banking infrastructure is relatively easy to update as the back-end software and hardware is managed centrally by each bank and each integrated party, i.e. the list of parties that need to be secure is well known.

Blockchain developers understand the challenge today, and as has been shown need to start the work of preparing their systems by integrating post-quantum methods into their infrastructure and adopt best practice techniques to ensure that they are prepared for a quantum world.

Rahul Tyagi is an ex-management consultant, inventor and co-founder of cyber security start-up Secqai


Leave a Reply

This website uses cookies. By continuing to use this site, you accept our use of cookies.