In the wrong hands, quantum computing could be used to hijack billions of dollars worth of cryptocurrencies. Image: REUTERS
Explore and monitor how Blockchain is affecting economies, industries and global issues
Get involved with our crowdsourced digital platform to deliver impact at scale
Stay up to date:
- Quantum computing could upend existing assumptions about the security of the blockchain.
- In the wrong hands, sophisticated attackers could seize cryptos directly from a wallet, or even as they are traded from one wallet to another.
- While the technology is not yet ready for this, we must prepare now to mitigate the threats of the future.
Quantum computing has reached an inflection point. Venture capitalists are pouring funding into the technology, and public initiatives are picking up pace as they explore the role it could play in our society.
As it develops, quantum computing will push existing areas of technology into uncharted territory — and perhaps none more so than blockchain.
Itself a relatively new innovation, blockchain technology allows for parties to perform peer-to-peer transactions in a system not governed by a central authority. Instead of trusting a central authority, blockchain provides a trust framework that is enabled by the properties of cryptographic algorithms.
As long as these algorithms are considered secure, activities that do not abide by the rules, such as illegitimate cryptocurrency transactions, are discarded, incentivizing actors to behave honestly. They are assumed to be secure against powerful supercomputers, now and for the foreseeable future.
But, as quantum computers evolve, this assumption is in danger of being upended — potentially exposing hundreds of billions of dollars’ worth of cryptocurrencies to sophisticated cyber criminals.
Despite quantum computing being in a relatively early stage of development, specialists are already forecasting the potential of quantum-equipped actors to steal vast quantities of cryptocurrencies by abusing the advantage that quantum computing can provide.
New technology and new algorithms could, in the near to medium term, subvert established digital security practices using two key types of attack: the storage attack and the transit attack.
In the so-called storage attacks, an adversary would target vulnerable addresses — those in which the wallet’s public key is held on the blockchain — to steal funds.
A recent study found that 25% of all bitcoins in circulation and 65% of ether — the tokens in the Ethereum network — reside in addresses with a published public key. This means they could be stolen by a quantum computer with sufficient resources.
Hundreds of billions of dollars’ worth of cryptocurrencies could be vulnerable to storage attacks.
The computing power needed to carry out these assaults is estimated at around 10 million qubits — a unit of measurement best understood as the equivalent to a regular bit used in standard computing.
That is significantly more than the hundred or so qubits we currently have available. However, scientists have predicted that quantum computers could reach the 10 million mark within 10 or 15 years.
Protecting from these attacks requires fund owners to avoid vulnerable addresses or move their funds out of them into addresses where the public key is not published — perhaps easier said than done.
In a transit attack, a malicious actor with large-scale quantum computing capabilities could try to hijack a blockchain transaction in transit and redirect funds to their own addresses.
The scope of this attack is larger as it applies to all transactions. However, performing it is more difficult, as it must be completed before the transaction is processed by the miners.
Under normal conditions, this leaves a window of just tens of seconds for Ethereum, and a few minutes for Bitcoin.
To perform such an intensive attack could take billions of qubits, so the risk of transit attacks is less than that of storage attacks — but worth consideration nonetheless.
And mitigating transit attacks is not simple. It requires transitioning the blockchain’s underlying cryptographic signing algorithm to one that is resistant to a quantum attack.
Mitigating quantum computing threats
Considering these challenges, a dilemma surfaces: should investments be made in limited changes to blockchain protocols to mitigate the storage attack, buying time to see whether a transit attack is even practically possible? This approach would require less serious intervention, but perhaps leave wallets vulnerable in the long run.
Or should we move straight to new cryptographic algorithms, a much more significant change with many more unknowns?
These questions lay bare the complexity of the governance structure of public blockchains. Due to their decentralized nature, blockchain implementations require a broad consensus to apply change to the protocol.
With so many unknowns about the development of quantum computers, and the significant effort required to mitigate the various levels of this threat, the extensive debates required could hamper timely action.
If we want the quantum revolution to not be overshadowed by such security challenges, it is important to take timely action to mitigate the risks.
Don't miss any update on this topic
Create a free account and access your personalized content collection with our latest publications and analyses.
License and Republishing
The views expressed in this article are those of the author alone and not the World Economic Forum.
More on BlockchainSee all
December 5, 2023
Shawn Dej and Sandra Waliczek
October 19, 2023
September 22, 2023
Michelle Faverio and Olivia Sidoti
April 18, 2023