It's long been hypothesized, and now broadly accepted, that should practical quantum computers arrive, they could eventually break the conventional cryptography methods that underpin today's digital world. Crucially, they might crack elliptic-curve cryptography (ECC), a principle in use today across many fields. The timeframe for the quantum cryptocalypse was previously believed to lie past 2030, but new research from Google pulls this schedule forward to 2029.
The paper predicts profound effects across blockchain infrastructure and cryptocurrencies, among other applications. The list of blockchains expected to be under fire from the quantum ECC attack is essentially "all of them," as demonstrated by a recent Cambridge study.
Although the potential for quantum attacks on ECC is wide-ranging, it's particularly troublesome for blockchain applications, as the participants' public keys and transaction data are by definition published worldwide and can therefore be stored for later cryptanalysis and attack. The fact that historical data is readily available is why blockchains (and cryptocurrencies by extension) are particularly vulnerable to quantum attacks.
At a technical level, the attack on ECC is called Shor's algorithm, published in 1994, when quantum computers were nothing but a fever dream. The recent development that led Google's researchers to sound the klaxons is the fact that they demonstrated that Shor's attack can be performed with systems comprising 1200 logical qubits and 90 million Toffoli gates, or under 1450 qubits and 70 million gates.
Those are exceedingly high figures compared to existing gear that caps out at 48 logical qubits, but those figures are expected to grow exponentially as the technology evolves in coming years. Ironically, the viability of Shor's algorithm against ECC relies on the key length, meaning it would be far harder to use against the now-deprecated RSA encryption scheme and its long 2048-bit-plus keys.
Should the blockchain networks not quickly adapt to what Google describes as an increasingly imminent threat, the resulting chaos from a quantum attacker is predicted to be swift and brutal: among other consequences, wallet funds could be stolen, identities could be impersonated (thus tilting the scale on transaction verifications), and ledgers' intrinsic integrity could no longer be trusted. The DeFi ecosystem and all its smart contracts will also be at risk, plus intrusions into that network will be harder to trace as all transactions will appear legitimate. With a cryptographically relevant quantum computer (CRQC) in play, the chain of trust is not just broken but smashed to pieces.
Google asserts that moving from ECC to Post-Quantum Encryption (PQC) while there is still time to do so is the most appropriate countermeasure, but the fact that blockchains are by definition distributed and don't have a central authority becomes the main implementation problem. Experts have long warned that these attacks aren't merely theoretical, and generally speaking, blockchains take their sweet time in adapting to changing conditions, arguably by design.
Three years is therefore a very short timeframe for an ecosystem that took seven years to turn Ethereum over to a proof-of-stake system (that is, coin staking enables transaction validation) instead of proof-of-work (miners validate transactions).
Rubbing salt on the wound, Bitcoin in particular is technologically ancient by today's standards. Its original design was indeed resistant to attack and did get some upgrades along the way, but many participants see the continuation of mining and the slow evolution of the platform as a feature rather than a bug. That may well be the network's undoing.
Blockchains aren't the only applications at risk, either. Applications like website key exchange, SSH, messaging applications are transitioning away from ECC to PQC, plus any attack still requires capturing the encrypted data to begin with. X.509 certificates, used for server authentication, are a tough nut to crack, since moving to PQC requires coordination from certificate issuers, root certification authorities, and browsers. Code signing is another pain point, with the technology available but not truly implemented at scale yet.
As ever in the cybersecurity world, legacy gear is particularly at risk. At some point, its encryption will be easily broken, plus any captured traffic from now-legacy hardware and applications will be ripe for slicing open. This is yet another reason why it's critical to keep computing gear updated, particularly but not only networking-related hardware and software.
