If there is one thing which can cause real trouble to the whole Blockchain sphere it certainly is Quantum Computing. The new technology gives access to a lot more computing power than we have ever had before which could also be used for cracking the security systems of Bitcoin and the likes: At the CES 2018 it could be seen that this new kind of processor is not a thing of the future anymore, but its development is ( has just announced a ‘ ’). IOTA is striving to be the new base layer for the whole Internet of Things (IoT), a whole new ecosystem with millions and billions of connected devices and transactions — of course, such a network must be safe from attacks, also from attacks from Quantum Computers. I shall argue that IOTA — in contrast to Bitcoin and the likes- is using an underlying architecture which makes it safe from malicious attacks carried out by Quantum computers. rapidly making progress Intel major breakthrough 1. What you need to know Note: The goal here is to explain the process by means of easy words, so I have to skip some deep and confusing technicalities. Bitcoin uses a public ledger to store its data on. It packs all of the data of a specific time period into one so-called block. What this block also carries is a so-called “ ” of the previous block: a mathematical function which turns data into a set of specific length, normally a long string of random numbers and letters (“a003c86b3e1038….”). In order to prevent users from spending the same Bitcoin multiple times, there is a so-called which is also added to each transaction and stored in the block. And then there is another number called the . hash timestamp nonce Block = Hash of the previous block + transactions / timestamps + nonce A miner checks the transactions which are about to be sent through the network if they are valid (by comparing if all the hashes and values make sense). If they are valid, he grabs the transactions into a block and hashes the whole thing twice using a very famous and secure algorithm called SHA-256. By doing this, a new hash is created and in order for the block to be published as the new block of the blockchain. , so if the hash is not smaller than the target value, the miner must try another number. This is a lot of work in terms of calculations and is rewarded by Bitcoins once you find the nonce which verifies the block: All of this together is called , which you might have heard of :-). By the way some food for thought: this hash must be smaller than a certain target value The only value which can be changed by the miner is the nonce mining conducted by a U.K.-based energy comparison tariff service called , the average electricity used to mine bitcoin this year has surpassed the annual energy usage of some 159 countries . […] A single bitcoin transaction consumes enough energy to power the average household for an entire month.( ) According to a research PowerCompare link https://www.supportsages.com/bitcoin-mining/ 2a) Risk of 51%-attack Now here’s the kicker: Because every miner packs one individual transaction into the block (the one which will send him his hopefully rewarded bitcoins), each miner’s is individual. Which means that theoretically two miners can find a solution to their problem at the same time, the result would be two mined blocks. The Bitcoin protocol’s rule here is to only accept the one which has been worked on more. So far, so good. hashingproblem But what happens if miners come together in mining pools and share their mined bitcoins because everybody is working on it, like in a team (which is what is happening) and they have such powerful PCs that they represent more than 50% of the computational power of the network? Then it “[could] spend bitcoins twice, by deleting transactions so they are never incorporated into the blockchain. The [rest of the miners] are none the wiser because they have no oversight of the mining process. ( )” So with that much computational power the whole mining system could break down! MIT technology review So far, this has never happened because it would need a whole lot of people to come together and put all of their computational power together — ? but what would happen if you used one or more Quantum Computer to mine Bitcoins According to MIT experts the answer is that this would (at least not for the next 10 years) because the clockspeeds of the quantum processors are not (yet) high enough to keep up with today’s most powerful mining machines from Nvidia and the likes. not really be a danger 2b) Risk of calculating the private key Of course, the Bitcoin protocol wants to ensure that every Bitcoin can only be spent by its owner. Every wallet has a secret private key (so to speak the password to gain access to the bitcoin account) and public key which is easily generated from the private key and is published to the network (the hash of this key is the wallet address!): So basically you could say one is the password and one is the wallet address. What you can do is to use a signature which shows others that you really have the private key for this account without sharing your password/secret key. This technology is called “elliptic curve signature scheme” (Such a signature ) identified IOTA’s Come-from-Beyond as the creator of NXT So you can easily create a public key from the private key and prove your ownership by means of the above-mentioned scheme — but not vice versa! Even with our fastest computers today, this is not possible because the encryption method is strong enough. However, […] with a quantum computer, it is easy. And that’s how quantum computers pose a significant risk to Bitcoin. “The elliptic curve signature scheme used by Bitcoin is much more at risk, and ,” say Aggarwal and co. could be completely broken by a quantum computer as early as 2027 Indeed, quantum computers pose a similar risk to all encryption schemes that use a similar technology, which . includes many common forms of encryption MIT technology review This would make it possible for a Quantum Computer to calculate the private key = password of any account once the wallet address/public key is known (if you want to dig deeper, the keyword is . Shor’s algorithm 3. IOTA As opposed to Bitcoin, IOTA does not use the (ECC) but thus not only making the protocol but also simpler and faster for signing and verifying transactions. elliptic curve cryptography hash-based signatures resistant against by Quantum Computers IOTA is quantum-secure because of its usage of Winternitz signatures: The signature is derived from parts of the private key (Lamport-Diffie-scheme) The best summary I could come up with is the following: For this kind of signature one generates random data for each case of having a ‘0’ or a ‘1’ representing a single bit of the message. This is the . The . To sign a message, the private key data for each bit is revealed, depending on the single message bit being ‘0’ or ‘1’. A verifier can calculate the hashes and compare them to the public key. Here one notices that generating a second signature would tell more about the private key and allow an attacker to forge further signatures. . To improve performance and reduce space requirements, Merkle proposed the Winternitz OTS (One-time-signatures), named after Robert Winternitz. The basic idea of the Winternitz OTS is to sign several bits at once. private key public key represents the hashed version for each of the random data blocks Therefore a single key pair must only be used once As for IOTA, this is — simply speaking- the reason, why you should not use the same address for sending IOTAs twice because each time a part of the private key is revealed; using the same address more than once would make it attackable even with today’s methods. However, IOTA is still being developed and improved — one of the main aspects is its , i.e. developing a chip which can handle the cryptographic calculations as fast as possible. Of course, this also needs a software-solution which takes ternary logic into account. Since there is nothing on the market which could be used, it had to be invented by some really bright people: the IOTA developers! focus on ternary (instead of binary) hardware IOTA’s ternary (again, NOT binary as above!) hash-function is called CURL-P (P = Prototype). At the moment, (which makes sense because it’s entirely new technology which is supposed to handle tomorrow’s billion-transaction-IoT-network). , this is being reviewed/audited by one of the worlds most renowned security audit firms To cite the IOTA-foundation CURL is “based on well-studied sponge construction invented by the Keccak creators (SHA-3) and strictly conforms to all requirements ” described in their official paper. Because it cannot be used without a complete and successful security audit, security precautions have been undertaken by using a algorithm for signing: since the IOTA network is not yet running on ternary hardware, there needs to be a software function which converses information from binary to ternary; this hashing function is called (=Keccak-384). NIST standard Keccak (SHA-3) Kerl Outlook As can be seen, quantum computing provides a real danger to the security of Bitcoin (and also its derivate) accounts because of the elliptic curve cryptography and its shortcomings in this context. IOTA has nothing to fear from this due to its choice of hash-based signatures. At the moment, IOTA is not yet running on full speed because the calculations have to go through a software-conversion (KERL). In the future, this will be done by : IoT-tailored microprocessors This means that even small devices in the Fog/Edge of the network will be fully capable of carrying out their own hashing for hundreds/thousands of transactions per second locally without the need to outsource it. With hardware support the fundamental limit of IOTA’s scaling will be the laws of physics themselves. It’s important to note that this hardware component does not add any extra cost either in price or size of the chip to the manufacturer and will be entirely open source. ( ) I.E how fast radio waves/photons can communicate data. David Sonstebo, IOTA Co-founder I hope this helped you a bit to understand a) why IOTA is such a great and special undertaking and b) why IOTA is (despite its already huge success) still only in the beginning when it comes to its actual capabilities in combination with the hardware… And remember: ! All this will be done at a fraction of the energy costs (compared to Bitcoin and the likes) and without any fees If you want to, I would be happy about a little donation ;-): IOTA: KGOZYHJRYVDBSXTUSECYJVEBLDVYFKCAKAWTPTCKXMBNOWNVRDRHRVSJNIVOQUFRODFPXWYSGROKRWKRZWJZTJOHSX