Quantum Resistant Ledger Readies For Battle Against Quantum Computing, Hires Testers And Seeks Feedback
Quantum Resistant Ledger (QRL), a blockchain technology designed to mitigate quantum computing attacks, has recruited testers to create 50 nodes and released an updated white paper by founder Peter Waterland. QRL is seeking comment on Slack prior to a presale.
Waterland has commented about the bitcoin scaling issue and the danger posed by quantum computing attacks on various bitcoin forums in recent years.
There are no known bitcoin quantum attacks at present. But if a quantum computer is created that can break ECDSA, one of the most common signature schemes, then all existing ledgers are susceptible to attack, according to Waterland.
Founder Sounds Warning
“Classical computers cannot break ECDSA through brute force attacks – there isn’t enough energy in the sun to guess a single private key correctly,” Waterland told Hacked.
“But a quantum computer may use Shor’s algorithm to reconstitute a private key from a public key. And the last time I checked, nearly half of all bitcoin addresses had revealed public keys. The problem is that when a bitcoin or Ethereum transaction occurs, the public key of the sending address is revealed and stored for all time in the blockchain. So at some point in the future, those addresses (currently nearly half) are at risk of quantum theft.”
“Once the public testnet has been hardened and is sufficiently stable, we will announce a launch date for the mainnet release,” Waterland said.
“It is exciting to be the first blockchain in the space to offer ledger-wide post-quantum security to users. Anyone interested may read the whitepaper or inspect our github repository via http://theqrl.org. We currently have a team of four devs, but are always looking for more volunteers.”
Jomari Peterson, a strategy, operations and development expert working with QRL, noted a vibrant community, along with the implementation of an extended merkle signature scheme (XMSS), is key to securing the technology’s future. For the system to be secure, it should not be feasible to break within the next 50 to 100 years.
The tester and public participation are expected to create a scalable and efficient quantum resistant security standard.
A small core of private investors (early bitcoiners and interested parties) are funding the research and development of the open source project, Waterland said.
How It Began
QRL began as a foray into coding a library of post-quantum secure hash-based digital signatures such as Lamport, Winternitz and Merkle Signature Scheme, he said. It then developed into a functional prototype ledger aiming to experiment with the use of post-quantum secure signatures in a live blockchain environment.
Development started around July 2016.
“After discussing post-quantum signatures with some members of the academic community, I realized that the EMSS would be an excellent design choice for a potentially successful blockchain ledger,” Waterland said.
“Over the last six months the QRL has developed gradually and now features fully integrated XMSS transactions with keys generated via a pseudorandom number function to allow much smaller keys and transaction sizes, as well as deterministic wallet recovery.”
While it was initially secured by proof-of-work, the team has moved towards a final proof-of-stake algorithm design.
“An ideal of the project is to allow all nodes to earn passive income, and several members of the team already have the QRL test node running from Raspberry Pi’s, so the hardware requirements are minimal,” Waterland said.
How It Works
The QRL uses a block selection algorithm based upon the closest hash of published reveal hashes from each stake validator (from a pre-signed iterative hash chain, logged to the blockchain as a transaction in the previous epoch) to a pseudo-randomly generated 32-byte number.
“Our latest design is extremely resistant to gaming and collusion as well as providing defenses against block withholding and Sybil stake attack strategies,” he said.
“We plan to integrate a proof-of-stake based voting/governance system regarding regular hard fork upgrades.”
There are some challenges to working with hash-based signatures like XMSS – namely the size of signatures (and therefore transactions) is far larger than for a conventional ECDSA chain like Bitcoin or Ethereum, but also the signature scheme is stateful – so a signature can only be used once safely. The blockchain must store all public keys signed for an XMSS address forever.
Existing Schemes Are Vulnerable
The commonly used ECDSA, DSA and RSA signature schemes are vulnerable to quantum computing attack, the white paper noted. But a quantum resistant blockchain ledger can counter a sudden, non-linear quantum computing advance.
To spend unspent transaction outputs from a bitcoin address, it is necessary to create a transaction containing a valid elliptic curve signature from the private key for the specific bitcoin address. The chance of a specific bitcoin private key collision is one in 2,256. But when a transaction is signed, the sender’s ECDSA public key is revealed and stored in the blockchain. The best practice is not to reuse addresses. However, as of November 2016 49.58% of the bitcoin ledger is held in addresses with public keys that are exposed.
A quantum computer could theoretically reconstitute the private key given an ECDSA public key.
It is not certain how much quantum computing has advanced or that any breakthroughs will be publicized to allow cryptographic protocols to be made post-quantum secure.
Bitcoin could be an early target of a quantum computer.
If a significant quantum computing advance became public, node developers could deploy quantum-resistant cryptographic signature schemes into bitcoin and advise users to move from ECDSA-based addresses to new quantum-safe addresses.
A silent, non-linear quantum computing advance followed by a nuanced attack on bitcoin addresses with exposed public keys would be more problematic. The thefts could devastate the bitcoin exchange price due to heavy sell pressure and a loss of confidence in the system. The role of bitcoin as a store of value would suffer.
Crypotgraphic Schemes Offer Solutions
Several cryptographic systems are believed to be quantum-resistant, the white paper noted. These include lattice-based cryptography, hash-based cryptography, secret-key cryptography, code-based cryptography and multivariate-quadratic-equations cryptography. All are believed to resist both classical and quantum computing attack due to long key sizes.
One-time signatures offer satisfactory cryptographic security for verifying and signing transactions, but they can only be used once safely. Extending the signature scheme to incorporate more than one valid one-time signature (OTS) signature for each ledger address is a solution. A binary hash tree called a merkle tree can achieve this.
The Merkle Tree’s Role
A merkle tree is an inverted tree with parent nodes computed by hashing the linking of child sibling nodes upwards in layers to the root. Any node’s existence can be proven cryptographically by computing the root.
One strategy to defer computation during tree (and key) creation and extend the number of OTS keypairs available is to use a tree that is itself composed of merkle trees – a hypertree.
The cryptographic security of the signature scheme is secure against classical and quantum computing attack in the design of QRL.
QRL proposes an extensible, signature scheme composed of chained XMSS trees.
As the number of trees within a hypertree increases, signature and key sizes grow linearly, but the signature capacity grows exponentially.
A Public Blockchain
QRL is planned as a public blockchain secured by a proof-of-stake algorithm. Each stake validator signs a transaction containing the final hash of an iterative chain of length 10,000 hashes. With the stake transaction confirmed, each node can connect the cryptographic identity of the stake address to the hash chain for the next epoch.
The bigger transaction sizes in comparison to other ledgers require a transaction fee for each transaction. The market should set the minimum fee miners will accept. A minimum value will be set at the protocol level. As a result, miners will order transactions from the mempool to add to a block at their discretion.
The QRL will use a token as the base currency unit.
Like bitcoin, QRL will have a fixed upper limit to the coin supply. A smoothly exponential decay in the block-reward is favored up to the coin supply ceiling. This will remove the volatility associated with the bitcoin “halving” phenomenon.
Other Crytocurrencies Vulnerable
Bitcoin isn’t the only cryptocurrency at risk to quantum computer attack.
Other major ledgers use elliptic curve cryptography for their signatures within transactions.
“They are therefore all vulnerable to a quantum computing advance,” Waterland said.
“An important point to consider is that if just 10 or 20% of addresses remain in normal ECDSA, addresses, then funds can be stolen and the value of the whole ledger sent to zero by an attacker with a quantum computer,” he said.
“Some addresses being secure doesn’t protect a ledger with mixed address types. It was for this reason that we decided to create a ledger which is specially designed to be completely secure against classical and quantum computing attack – even if this poses some design challenges!”