Mario Galatovic of Utimaco
With Chinese scientists claiming to have built not one but two quantum computers that are ten million times faster than even the most powerful conventional supercomputers and IBM following their announcement by announcing their own exponentially faster quantum computer, it seems that commercially viable quantum computing is just around the corner. This will mean huge leaps forward for almost every industry, but it also puts an incredible amount of computing power in the hands of criminals.
Of course, we are still a while off from quantum computing starting to become available widely, and if we are to interact with them at all then it likely will be through cloud technology like Amazon’s web services and Google’s Collab, says Mario Galatovic, vice president products & alliances at Utimaco. While production of models of quantum computers could commence in less than a decade’s time, the first adopters of this technology is likely to be major technology companies and military and research institutions, where their misuse is likely to be in corporate and international espionage rather than cybercrime (though the lines between the two are not entirely solid).
Therefore, although quantum computing is not a current threat as such, it is important that organisations begin to prepare for future threats and adapt their operations accordingly. One key area which could be affected by quantum computing is blockchain technology. While it would take standard computers decades, even centuries to break the asymmetric encryption that secures a single blockchain wallet, this would be an insignificant task for a quantum computer. Therefore, both the $2.59 trillion (€2.29 trillion) cryptocurrency market and financial services industry which use blockchain technology would be at risk.
Making the blockchain secure
Private key cryptography, used in far more applications than blockchain security, utilises a pair of ‘keys’ to confirm the identity of participants and ensure that new entries in the chain, a new transaction for instance, are legitimate. So, if ‘Bob’ wants to send a secure message to ‘Alice’, he can encrypt the message with Alice’s public key, ensuring that only she can open it.
If you have a public key then finding the corresponding private key is virtually impossible, as it involves correctly guessing a very long string of letters and numbers. Since you have an approximately one in 150,000 billion billion billion billion billion billion billion billion chance of correctly guessing a 256-bit encryption key, where the key is 256 characters long, the time it would take to try every combination of letters and numbers would be astronomical, and although 256 bit keys are common there are blockchains secured with 512, 1024, or even 2048 bit keys.
This is of particular importance for cryptocurrency, the most well-known application of blockchain technology. What is ‘true’ on a blockchain is decided upon by consensus between its component parts, meaning that if a person had the incredible computing power to gain control of 51% of a blockchain then although they couldn’t reverse transactions, delete them or create new transactions or coins, they could ‘double spend’ by sending the same coins to two different people and creating new blocks in which one person did not get the coins and another did.
Although technically a quantum computer wouldn’t be able to alter existing cryptocurrency transactions, all transactions are created and secured with forms of encryption that could be made vulnerable by the advent of quantum computers. Therefore, any encryption method that is not quantum safe could face attacks.
Applications to secure blockchain technology
The threat of quantum computing on the sector has not stopped major players however, and companies such as Citi Bank and JP Morgan, are trialling an application of blockchain technology to significantly speed up cross-border transactions. A process which previously took days and could be disrupted by weekends or public holidays can be performed almost instantaneously.
Secondly, digital identity applications can be adopted. Given the current problem of fraud in all industries, and its use for governments for passports and confirming vaccination status for example, the ability to verify a person’s identity would be revolutionary, and something that blockchain technology would be able to do. For example, by putting a person’s education and professional achievements on a blockchain, prospective employers can match jobs with candidates instantly rather than manually reviewing hundreds of applications.
Once identities can be easily and securely established, they can be used to ensure security in fields like lending and investing. Both require a person or organisation to be who they say they are, and to have financial information that can be easily accessed and trusted to be legitimate. Blockchain technology allows the time it takes for an organisation to check that a potential customer has set to prove that they are eligible for a loan or to invest in a security to be cut down to a few seconds, instead of the organisation having to manually check records. This, combined with digital identification, would allow billions of people that do not currently have the documentation to prove their financial history to have access to the finance that they desire.
Preparing for a future of quantum computing
The concept of computation was developed almost a hundred years before the first computer. Likewise, the theory of quantum computing has been around for years, proving the scale that we are likely to see quantum computing become in the future. We are therefore able to predict approximately what will and won’t be quantum safe and have developed quantum-safe cryptography to counter it. In fact, it has been theorised that several existing cryptographic primitives like SHA-256, are considered quantum resistant.
As the time creeps closer to having quantum computing available to consumers, at least as a cloud-based product, and guidance such as The USA’s Department of Homeland Security ‘mitigate security risks with the advancement of quantum computing’ report are becoming available, FinTech companies working with blockchain technology must act now to ensure that their encryption is quantum safe.
Older, existing blockchains can create a ‘fork’, a new iteration of a blockchain, while newer companies will be able to create blockchain applications from the ground up with modern technology. Hardware security modules can already be deployed with firmware that can generate quantum-safe public keys, and to stay secure during one of the most monumental changes to digital society since the invention of the personal computer, it is important to integrate this kind of security into a FinTech blockchain.
To learn more, visit: here
The author is Mario Galatovic, vice president products & alliances at Utimaco.
About the author
Mario Galatovic has a diploma in engineering for information technology with a main focus on applied cryptography from the University of Applied Sciences in Offenburg. Currently, he is very active in the fields of Blockchain and Post-Quantum-Cryptography. Mario has more than 10 years of experience in consulting, planning and implementing cryptographic systems like PKIs and payment systems. Prior to joining Utimaco he gathered experience with payment solutions, smartcards and authentication systems at Gemalto and Thales.
Follow us and Comment on Twitter @TheEE_io