Key Takeaways
Some of Bitcoin’s encryption algorithms are already quantum resistant, but many will be broken and need to be updated via a fork
By not reusing wallet addresses between transactions, users of cryptocurrencies can mitigate the threat of private key attacks
The larger threat from quantum computing is that it will improve mining efficiency which can enable a 51% attack
In earlier blogs we’ve already discussed what quantum computing is and how it should break modern public key cryptography sometime in the next 20 years, and we’ve discussed what the federal government is doing to update the nation’s encryption protocols to be quantum safe and how organizations can prepare for the transition by becoming crypto agile. To round out our series on the effects of quantum computing on cryptography we’ll take a deeper look at what it could mean for an especially popular application of cryptography nowadays: cryptocurrencies.
To make the discussion as concrete as possible we’ll specifically take a look at how quantum computing should affect the most popular cryptocurrency, Bitcoin. The big question is, could quantum computing break Bitcoin and the encryption that protects it? Will this cause Bitcoin’s value to drop to zero? The short answer is no. But we will dive into why this is the case.
What encryption does Bitcoin use?
In a previous blog, we covered how one area of specific focus in quantum computing is Shor’s Algorithm, which can factor large numbers down into two component primes. This is very useful for breaking RSA encryption, since the RSA family of encryption depends on factoring large numbers in this exact way.
However, even an efficient implementation of Shor’s Algorithm may not break some of the cryptography standards used in Bitcoin. The wallet file in the original Bitcoin client uses SHA-512 to help encrypt private keys. SHA-256 (a less secure version than SHA-512) is theorized to be quantum resistant. In fact the most efficient theoretical implementation of a quantum computer to break SHA-256 is actually less efficient than the theorized classical implementation.
Most of the encryption in modern cryptocurrencies are built on elliptic curve cryptography rather than RSA — especially in the generation of signatures in Bitcoin which requires ECDSA. This is largely due to the fact that elliptic curves are correspondingly harder to crack than RSA (sometimes exponentially so) from classical computers. Plus, secure RSA key sizes have grown so large so as to be impractical compared to elliptic curve cryptography — so most people will opt for elliptic curve cryptography for performance reasons for their systems, which is the case with Bitcoin.
Unfortunately for Bitcoin, quantum computers are expected to break elliptic curve cryptography easier than RSA. So we have found the breaking point. Quantum computing will technically make Bitcoin because elliptic curve cryptography, but this is not as big a problem as it seems.
Why Bitcoin’s encryption won’t be an issue
Even with a large enough quantum computer (that could be 20 years away), you still need to have somebody’s public key to find their private key. The two are mathematically linked and the public key gives the cracking algorithm just enough information to find the private key (finding the private key means the hacker can steal your Bitcoin).
Luckily, in the crypto world, cryptocurrency wallet reuse is frowned upon. The most private and secure way to use bitcoin is to send a brand new address to each person who pays you. After the received coins have been spent the address should never be used again. Also when sending money to people always ask them for a brand new bitcoin address. This way the public key that is out in the open is connected to a private key that you are no longer using. This reduces the threat of quantum attacks on private keys.
Not everyone will follow such standards and it's conceivable that other avenues of attack will emerge, which is why the Bitcoin community is already planning post-quantum encryption updates. Through the mechanism of forks, cryptocurrencies can be updated to use post-quantum encryption standards and defend against these weaknesses.
The Threat of a 51% attack
Another area of concern for the Bitcoin community comes on the mining front. Bitcoin mining verifies transactions and is performed using sophisticated hardware that solves an extremely complex computational math problem. Grover’s algorithm on quantum computers can exponentially speed up mining— though it’s probable that ASICs, the specialized classical computers mostly used to mine bitcoin now, would be faster compared to the earliest versions of more complete quantum computers.
This actually poses more of a threat to cryptocurrencies than private key attacks. The ability to mine quickly in a sudden quantum speedup could lead to destabilization of prices and more importantly control of the chain itself — an unexpected quantum speedup could, if hidden, lead to vast centralization of mining and possible 51% attacks.
A 51% attack refers to an attack on a blockchain—most commonly Bitcoin—by a group of miners controlling more than 50% of the network's mining hash rate or computing power. The attackers would be able to prevent new transactions from gaining confirmations, allowing them to halt payments between some or all users. They would also be able to reverse transactions that were completed while they were in control of the network, meaning they could double-spend coins.
This is a real thing that has happened before. In May of 2018, Bitcoin Gold, at the time the 26th-largest cryptocurrency, suffered a 51% attack. The malicious actor or actors controlled a vast amount of Bitcoin Gold's hash power, such that even with Bitcoin Gold repeatedly attempting to raise the exchange thresholds, the attackers were able to double-spend for several days, eventually stealing more than $18 million worth of Bitcoin Gold.
Yet, the introduction of superior mining hardware is something that has happened to Bitcoin several times. People hope that the transition to quantum computing mining will be similar to the transition for miners between GPUs, FGPAs and ASICs — a slow economic transition to better tooling.
Conclusion
Quantum computing does not crack all Bitcoin’s encryption methods. The methods that are in danger can be circumvented in the meantime by not reusing wallet addresses and will eventually be replaced with updated protocols after a fork. A 51% attack is a more pertinent issue, but the community is hopeful that quantum supremacy will be achieved gradually by multiple parties instead of one centralized power.