The question of whether Bitcoin and other cryptocurrencies based on Bitcoin’s code can resist quantum computing divides the crypto community into two opposing groups. Crypto-enthusiasts continue to believe that cryptocurrencies and Bitcoin, in particular, can resist quantum technologies. Crypto-realists pay much more attention to the issue of quantum safety. Let’s look at the arguments of both groups and try to draw conclusions.
The arguments against the quantum vulnerability of cryptocurrencies
Those who don’t believe in the quantum vulnerability of most cryptocurrencies, give the following arguments: «In Bitcoin, your public key isn’t (initially) made public. While you share your Bitcoin address with others so that they can send you bitcoins, your Bitcoin address is only a hash of your public key, not the public key itself. What does that mean in English? A hash function is a one-way cryptographic function that takes an input and turns it into a cryptographic output. By one-way I mean that you can’t derive the input from the output. It’s kind of like encrypting something then losing the key» (https://news.bitcoin.com/antonopoulos-bitcoins-protection-against-quantum-computing/).
Yes, indeed, bitcoin addresses are not stored in clear, and if the hash of a public key had been stolen it wouldn’t have been of any use to potential hackers of bitcoin wallets. It is impossible to derive a public key of a digital signature from a hash value, and, therefore, it is impossible to derive a private key.
But there are a couple of nuances that bitcoin enthusiasts deliberately or through ignorance forget to mention.
When it is possible to get a public key
On the example of Bitcoin, let’s consider two possibilities to damage blockchain. For example, you want to send a certain amount of bitcoins to your friend. Bitcoin blockchain is designed so that you can’t send only a certain part of bitcoins from your wallet. You will have to send all your bitcoins to a friend, and then get the change back to your wallet. While performing a transaction the following information is broadcasted to the network:
– number of coins transferred
– public address of your friend’s bitcoin wallet
– the digital signature of ECDSA standard generated by your private key
– your public key to the digital signature
And – attention! – all these data as part of your transaction are broadcasted to the network in unencrypted form. Because the nodes of the blockchain have to verify the validity of the digital signature in the transaction with unencrypted (non-hashed) public key. The average generation time of a new block is 10 minutes. But the speed of inclusion of your transaction in the new block also depends on the size of the transaction fee assigned by you. If the fee is small, perhaps the transaction will be waiting for inclusion in the block for more than 10 minutes. Therefore, a potential attacker has at least 10 minutes to intercept your public key openly placed on the network.
So, the transaction was confirmed, and the change got back to the same bitcoin address from which the transaction was made. The hacker knows the public key of yourECDSA digital signature and using a quantum computer derives the private key of your bitcoin address to which the change got back, and steals your bitcoins.
To protect ECDSA against hacking by a quantum computer you can use a new bitcoin address each time to get the change back. Indeed, in this case, nothing is left on the previous bitcoin address, and the hacker will have nothing to profit from. Oddly enough, until now many crypto-users hold their funds on bitcoin addresses already “flashed” on the network.
But if you are not going to keep your coins on the new bitcoin address forever, sooner or later you will need to make a transaction from the new address. A hypothetical (so far) hacker with a quantum computer has at least 10 minutes to steal your public key which is on the network in the clear, derive your private key and quickly make his own transaction from your address setting an increased fee for miners. According to scientists, “as early as 2027 a quantum computer could exist that can break the elliptic curve signature scheme in less than 10 minutes, the block time used in Bitcoin.”https://arxiv.org/pdf/1710.10377v1.pdf.
As we can see Bitcoin and similar altcoins can be hacked using a quantum computer only under certain conditions. But this problem is quite feasible with a sufficiently powerful quantum computer. And those cryptocurrencies (for example, Ethereum) which tokens and smart contracts are tied to static addresses will be even more vulnerable – a public key will be “flashed” on a network after a first transaction.