Search
  • IPG

The Silent Quantum Threat To Web3 Cyber Resilience


If you are worried about DeFi’s war with cyber-hackers and the cyber-marauders at the gates of Web3, take a deep breath. Quantum computing is coming and could render today’s digital cryptography used in DeFi and Web3 useless.


The emerging generation of quantum computers currently under development will have the potential to hack Web3, very quickly. The cybersecurity and financial consequences of this could be unprecedented. The solutions are not straightforward and forthcoming and require complex work and most importantly, community consensus.


The Next Generation Of Computing - Quantum

Quantum computing is the next generation of computing machines and techniques that are very different from current computers, known in the jargon as classical computers. Quantum computers are more powerful for certain calculations. This means that calculations that would take thousands of years on today’s supercomputers are accomplished instantly by quantum ones.


Amongst these calculations are very useful applications like simulating drugs and their effect in organisms over time avoiding lab tests, financial forecasting and better predicting market behaviors to better avoid crises, and many innovations across business and society


Nevertheless, the most attractive application to cyber-criminals and the most concerning to society, is the capacity of these computers to hack the current cryptography of the Internet, telecommunications, and blockchain networks, jeopardizing our Web3 identities, digital assets, and their stores of value.

What Makes Quantum Computers So Different And Powerful?

Today’s classical computers are binary because their basic units of information are bits which can be either in a 0 or 1 value. The equivalent in quantum computing is quantum bits, or qubits, a basic unit of information. Qubits leverage two phenomena from quantum physics: entanglement, and superposition, and are used to do parallel computing exponentially faster than a classical binary computer.


For calculations that can be modelled, 50 computations on a quantum computer could achieve a result that would require a staggeringly large number of computations, 1,125,899,906,842,624 on any of today’s computers and at a millennium’s pace - (N2^N=2^50) for all of you math enthusiasts.


Web3 is an emerging concept that assembles different constituent technologies, protocols, and principles. One of these principles is the use of RDF, OWL, XLM and other languages and protocols to enable a machine-readable web suitable for AI, which was defined as the “Semantic Web” over two decades ago by Tim Berners-Lee, the Web’s founding father.


A big constituent of Web3 is the use of blockchain technology for decentralized and trusted peer-to-peer interactions and value exchanges. Digital wallets as personal, private, and portable key, data, and asset management tools are a key constituent to using the blockchain. Different combinations of these technologies, protocols, and principles are being used by a new generation of applications and platforms, which together are the main constituents to Web3.


Among the most popular use cases emerging in the world of Web3 commerce are cryptocurrencies, stablecoins, DeFi, DAO’s, and NFT’s. Soon we will be using different forms of tokenized money including central bank digital currencies (CBDCs), and we will be trading and investing in tokenized real-world assets like real estate, gold, and automobiles in real time – amongst all sorts of other things – everything that can be tokenized will be tokenized in Web3.


We will be able to own and present ourselves from our digital wallets with our “digital ID”, driver’s license, health records and certificates, and diplomas which will be verifiable against secure blockchain networks. Many Web3 applications use blockchain networks as an additional layer of the Internet protocol, something which Berners-Lee is less enthusiastic about.


Blockchain networks allow for cryptographic proofs of off-chain data and information, like real estate, to be immutably recorded and universally verifiable, making use cases compelling for government and business registries. Blockchain technology also allows for assets and value to be represented by on-chain tokens so they can be traded against each other or against any form or tokenized money eliminating any post-trade settlement and clearing process.


Blockchain Technology – The Weakest Link With Quantum Computing?

As appealing as it all sounds, blockchain networks are today possibly the most vulnerable technology to attacks by quantum computers. In 2016, the National Institute for Standards in Technology (NIST) and the National Security Agency (NSA) began to warn about the seriousness of the quantum threat.


NIST warns, “If large-scale quantum computers are ever built, they will be able to break many of the public-key cryptosystems currently in use.”


“A sufficiently large quantum computer, if built, would be capable of undermining all widely-deployed public key algorithms used for key establishment and digital signatures,” echoes the NSA.


Public-key cryptosystems and algorithms referred to by NIST and NSA are essentially the mechanisms that we use to encrypt our telecommunications over the phone or the Internet and to control our assets in blockchain networks.


In simple terms, when we send any communication over the Internet such as an email, a transaction from our wallet to a node, or a communication between nodes, we are encrypting the information with the recipient’s public key so the recipient can decrypt it with their private key. Similarly, when we send a transaction to a blockchain we sign it with our private key, so we can for instance, prove that we are the owner of certain amount of bitcoin we want to transfer.


Marcos Allende Lopez, CTO of LACNet, says, “What NIST and NSA warnings reflect is that quantum computers can discover any of those private keys from our public keys. Most prominent blockchain networks, such as Bitcoin or Ethereum, rely on an Elliptic Curve public-key algorithm. This algorithm, as well as others such as RSA and Discrete Logarithm frequently used to encrypt communications over the Internet, are already proven to be breakable by quantum computers.


Allende is a quantum physicist who leads the technical work in blockchain, Web3, and quantum technologies at the Inter-American Development Bank and has designed and piloted an implementation of a quantum-resistant blockchain. Addressing the delegates at the Necker Blockchain Summit this summer, Allende warned, “If quantum hacking has not happened already it is only because quantum computers are not large enough yet.”


In 2013, Vitalik Buterin, the founder of Ethereum, pitched, “If you have bitcoins in an address you never use they are safe, otherwise, anyone can steal them.”


This happens when someone makes a transaction, and their public key is exposed to the entire network. However, in July at the Eth 2.0 conference, Butterin admitted that, not only is there not a plan or roadmap for Ethereum to become quantum-resistant, but that the solution is not even know yet and the problem is being postponed to solve more urgent matters such as scalability, interoperability, or costs until quantum computers are ready.


The New Quantum Digital Space Race

Since 2000, private and public entities have competed in a race to develop quantum computers that could scale. At present, IBM leads the race with 127 qubits, however, the number of qubits for breaking current cryptography and being relevant for other disruptive applications is estimated to be in the order of thousands, and at least between 1,000 and 3,000, or more.


Current implementations do not achieve “error correction”, meaning that errors are propagated without the control that is necessary to scale, however, many experts predict quantum computing at scale is just around the corner.


China has invested as much as $11 billion in quantum between 2019 and 2021 followed by $5 billion by the E.U. and $3 billion by the U.S. Every global superpower understands that this may be the next most valuable technology on the road to digital dominance.


The truth is that the quantum threat is in general not well understood in the Web3 world, and the solutions are very complex to implement. Replacing current cryptographic algorithms with one of the new quantum-resistant public-key algorithms that NIST has recently standardized in July 2022 would be almost impossible.


Alternatively, adding a quantum-resistant signature into every transaction might be more feasible but requires consensus, is technically difficult to implement, and could have very negative consequences such as reducing processing throughput, considerably.


“As difficult as it might seem, the time to act is now. By using blockchain technology we are already exposed to the hack today, crack tomorrow practice,” asserts Allende in an industry call to action.


Being realistic, are we really expecting those that achieve building large quantum computers to disclose their projects and users? A strategist might posit that cyber-criminals will silently use quantum computing to strategically hack communications and assets without being noticed as a quantum computer. It is not an enigma to find out cases when this has happened in the past.


As devotees of the Netflix series Game of Thrones know, “winter is coming.” When is the right time to start making Web3 quantum cyber-resilient if not now? An ounce of prevention is worth a pound of cure.


https://www.forbes.com/sites/lawrencewintermeyer/2022/11/03/the-silent-quantum-threat-to-web3-cyber-resilience/?sh=4a019ccd7227

1 view0 comments
GearBox-with-Logo_1080x1080.jpg

Simple. Powerful. Cybersecurity.

IPG’s GearBoxTM is the first cybersecurity tool designed to secure and protect the Internet of Things (IoT).