With the resurgence of the quantum threat theory, has the foundation of cryptocurrency been shaken?

Original article | Odaily Planet Daily ( @OdailyChina )

Author｜Azuma ( @azuma_eth )

Recently, the threat of quantum computing to cryptocurrencies has once again become a focus of discussion on the internet. This renewed interest stems from several key figures in the quantum computing and cryptocurrency industries publishing new predictions regarding the development of quantum computing and its potential capabilities.

First, on November 13th, Scott Aaronson, a leading figure in quantum computing and director of the Center for Quantum Information at the University of Texas, stated in an article : " I now believe that we may have a fault-tolerant quantum computer capable of running Shor's algorithm before the next US presidential election... "

Then, on November 19, Ethereum co-founder Vitalik Buterin also spoke at the Devconnect conference in Buenos Aires, stating that elliptic curve cryptography (ECC) could be cracked by quantum computing before the 2028 US presidential election , and urged Ethereum to upgrade to quantum-resistant algorithms within four years.

What is the quantum threat?

Before interpreting Scott and Vitalik's predictions, we need to briefly explain what the "quantum threat" is.

In short, the quantum threat to cryptocurrencies refers to the possibility that sufficiently powerful quantum computers in the future could break the cryptographic foundations that protect current cryptocurrencies, potentially destroying their security model.

Currently, the security of almost all cryptocurrencies (such as Bitcoin and Ethereum) relies on a technology called "asymmetric encryption," the two most crucial components of which are the "private key" and the "public key":

• Private key: kept secret by the user and used to sign transactions and prove your ownership of assets;
• Public key: Generated from the private key, it can be made public and used as part of a wallet address or address.

The cornerstone of cryptocurrency security lies in the fact that it is currently computationally infeasible to derive the private key from the public key. However, quantum computing may utilize the principles of quantum mechanics to significantly accelerate the process of solving certain mathematical problems by running specific algorithms (such as Shor's algorithm mentioned earlier), which is precisely the weakness of asymmetric encryption.

Let's continue explaining what Shor's algorithm is. We won't delve into the overly mathematical details here, but in short, the essence of Shor's algorithm lies in its ability to transform a mathematical problem that is "almost unsolvable" on a classical computer into a "relatively easy-to-solve" periodic search problem on a quantum computer , potentially threatening the existing "private key-public key" cryptographic system of cryptocurrencies.

To give a more easily understandable example, you can easily turn a basket of strawberries (class private key) into jam (analogous to public key), but obviously you can't reverse the jam back into strawberries. However, if a cheat code suddenly appears (analogous to quantum computing), it may be possible to achieve this in a convenient way (analogous to Shor's algorithm).

Has the foundation of cryptocurrency been shaken?

If that's the case, then isn't cryptocurrency doomed?

Don't panic. The quantum threat objectively exists, but the problem isn't that urgent. There are two main reasons for this. First, there's still time before a real threat arrives; second, cryptocurrencies can be upgraded to implement anti-quantum algorithms.

First of all, even if Scott's prediction comes true before the 2028 election, it does not mean that the security of cryptocurrencies will be truly threatened; Vitalik's statement is not saying that the foundation of Bitcoin and Ethereum will be shaken, but only pointing out a theoretical risk that exists in the long term.

Dragonfly Managing Partner Haseeb explained that there's no need to panic about the new timeline for quantum computing; running Shor's algorithm is not the same as cracking a real 256-bit elliptic curve key (ECC key) . You can use Shor's algorithm to crack a single number—that's impressive enough—but factoring a number with hundreds of digits requires a much larger scale of computation and engineering capabilities… This is something to be taken seriously, but it's not something that's imminent.

Cryptocurrency security expert MASTR provides a clearer mathematical answer: cracking the Elliptic Curve Signature (ECDSA) currently used by cryptocurrencies such as Bitcoin and Ethereum requires approximately 2,300 logical qubits and 10¹² to 10¹³ quantum operations. With error correction, it would require millions or even hundreds of millions of physical qubits. However, currently implemented quantum computing only requires 100-400 noisy qubits, and its error rate is too high and its coherence time is too short— still at least four orders of magnitude away from the requirements for cracking the former.

As for the second point, cryptographers in the industry are also developing new post-quantum cryptography (PQC) algorithms that can resist quantum computing attacks , and mainstream blockchains have already prepared for this.

Back in March of last year, Vitalik wrote an article titled " What if a quantum attack came tomorrow? How would Ethereum solve the problem? ", in which he mentioned the defensive effects of Winternitz signatures, STARKs, and other technologies against quantum threats, and even envisioned how Ethereum could be upgraded in an emergency.

Compared to Ethereum, Bitcoin may be less flexible in implementing upgrades, but the community has already proposed several potential algorithm upgrade solutions, such as Dilithium, Falcon, and SPHINCS+. Recently, with the increasing discussion surrounding this topic, Bitcoin OG Adam Back has also stated that post-quantum era cryptographic standards could be implemented long before a substantial quantum computing threat emerges.

In short, the quantum threat is like a "master key" hanging in the distance, theoretically capable of unlocking all current blockchains. However, the lock makers have already begun researching new locks that this master key cannot open, and are preparing to replace all the locks on all the doors before the master key is finished.

This is the objective reality regarding the quantum threat. We cannot ignore its progress, but there is no need to panic blindly because of it.