Table of Links
2. Context
2.1. Quantum computing as a threat to cryptography
2.2. Current approaches for quantum-safe cryptography
2.3. Blockchain and the LACChain Blockchain Network
3. The vulnerabilities of blockchain technology with the advent of quantum computing
4. A Proposal for a Quantum-Safe Blockchain Network
5. Implementation and 5.1 Generation and distribution of quantum entropy
5.2. Generation of Post-Quantum Certificates
5.3. Encapsulation of the communication between nodes using quantum-safe cryptography
5.4. Signature of transactions using post-quantum keys
5.5. On-chain verification of post-quantum signatures
6. Conclusions and next steps, Acknowledgements, and References
4 A Proposal for a Quantum-Safe Blockchain Network
As a result of this high-level analysis, it becomes clear that the threat blockchain networks face with respect to quantum computers is primarily related to vulnerable digital signatures of blockchain transactions and vulnerable key-exchange mechanisms used for the peer-to-peer communication over the network. The solution we propose does not require modification of the algorithms used by the Internet or blockchain protocols but creates a layer on top that provides quantum security. This solution consists of:
• Encapsulating communication between nodes using post-quantum X.509 certificates to establish TLS tunnels. As part of the on-boarding process, nodes are issued a “post-quantum X.509 certificate”, from a LACChain Certificate Authority (CA), which is an extension of an X.509 certificate using the v3 extension specification that allows for the incorporation of new fields into the credential, such as complementary cryptographic algorithms. In our case, these complementary algorithms are post-quantum [71]. Using these certificates, nodes can establish secure post-quantum connections that encapsulate data sharing over the communication protocol, defined by the blockchain network. The encapsulated data are transactions broadcasted by writer nodes and the blocks produced by producer or validator nodes.
• Signing transactions with a post-quantum signature along with the regular signature defined in the blockchain protocol and establishing on-chain verification mechanisms. Our solution consists of enabling a second layer cryptography scheme that allows nodes that broadcast transactions -writer nodes- to sign them with a post-quantum signature that can be verified onchain. This is in addition to the ECDSA signature that comes by default with the blockchain protocol. If the ECDSA signature becomes compromised by a quantum computer, integrity is preserved by the post-quantum signature. We leverage the post-quantum keys associated to the post-quantum X.509 certificates for this purpose.
For both the encapsulation and transaction signing, we rely on certified quantum entropy to generate keys for maximal security.
One could argue that by the time large quantum computers capable of breaking current cryptography are ready, blockchain protocols will have upgraded their cryptography to post-quantum safe algorithms. However, considering that blockchain networks are immutable ledgers, the rule of “hack today, crack tomorrow” urges us to protect them now.
For example, a university can start issuing digital diplomas today and register the proofs with their digital signature (ECC or RSA) in a blockchain network. However, in 5, 10, or 15 years, when a quantum computer can break that signature and discover the private key, all previously issued digital diplomas will be compromised, as the issuer can be impersonated. Further, we there is no way of knowing whether a person has a quantum computer with the capacity to impersonate others and steal their assets without being detected. The same rationale can be applied to the issuance of a bond or the issuance of a central bank digital currency (CBDC) by a Central Bank.
Authors:
(1) M. Allende, IDB - Inter-American Development Bank, 1300 New York Ave, Washington DC, USA and LACChain - Global Alliance for the Development of the Blockchain Ecosystem in LAC;
(2) D. López Leon, IDB - Inter-American Development Bank, 1300 New York Ave, Washington DC, USA and LACChain - Global Alliance for the Development of the Blockchain Ecosystem in LAC;
(3) S. Ceron, IDB - Inter-American Development Bank, 1300 New York Ave, Washington DC, USA and LACChain - Global Alliance for the Development of the Blockchain Ecosystem in LAC;
(4) A. Leal, IDB - Inter-American Development Bank, 1300 New York Ave, Washington DC, USA and LACChain - Global Alliance for the Development of the Blockchain Ecosystem in LAC;
(5) A. Pareja, IDB - Inter-American Development Bank, 1300 New York Ave, Washington DC, USA and LACChain - Global Alliance for the Development of the Blockchain Ecosystem in LAC;
(6) M. Da Silva, IDB - Inter-American Development Bank, 1300 New York Ave, Washington DC, USA and LACChain - Global Alliance for the Development of the Blockchain Ecosystem in LAC;
(7) A. Pardo, IDB - Inter-American Development Bank, 1300 New York Ave, Washington DC, USA and LACChain - Global Alliance for the Development of the Blockchain Ecosystem in LAC;
(8) D. Jones, Cambridge Quantum Computing - Cambridge, United Kingdom;
(9) D.J. Worrall, Cambridge Quantum Computing - Cambridge, United Kingdom;
(10) B. Merriman, Cambridge Quantum Computing - Cambridge, United Kingdom;
(11) J. Gilmore, Cambridge Quantum Computing - Cambridge, United Kingdom;
(12) N. Kitchener, Cambridge Quantum Computing - Cambridge, United Kingdom;
(13) S.E. Venegas-Andraca, Tecnologico de Monterrey, Escuela de Ingenieria y Ciencias. Monterrey, NL Mexico.
This paper is available on arxiv under CC BY-NC-ND 4.0 DEED license.
