37 research outputs found
Quantum attacks on Bitcoin, and how to protect against them
The key cryptographic protocols used to secure the internet and financial
transactions of today are all susceptible to attack by the development of a
sufficiently large quantum computer. One particular area at risk are
cryptocurrencies, a market currently worth over 150 billion USD. We investigate
the risk of Bitcoin, and other cryptocurrencies, to attacks by quantum
computers. We find that the proof-of-work used by Bitcoin is relatively
resistant to substantial speedup by quantum computers in the next 10 years,
mainly because specialized ASIC miners are extremely fast compared to the
estimated clock speed of near-term quantum computers. On the other hand, the
elliptic curve signature scheme used by Bitcoin is much more at risk, and could
be completely broken by a quantum computer as early as 2027, by the most
optimistic estimates. We analyze an alternative proof-of-work called Momentum,
based on finding collisions in a hash function, that is even more resistant to
speedup by a quantum computer. We also review the available post-quantum
signature schemes to see which one would best meet the security and efficiency
requirements of blockchain applications.Comment: 21 pages, 6 figures. For a rough update on the progress of Quantum
devices and prognostications on time from now to break Digital signatures,
see https://www.quantumcryptopocalypse.com/quantum-moores-law
Foundations, Properties, and Security Applications of Puzzles: A Survey
Cryptographic algorithms have been used not only to create robust ciphertexts
but also to generate cryptograms that, contrary to the classic goal of
cryptography, are meant to be broken. These cryptograms, generally called
puzzles, require the use of a certain amount of resources to be solved, hence
introducing a cost that is often regarded as a time delay---though it could
involve other metrics as well, such as bandwidth. These powerful features have
made puzzles the core of many security protocols, acquiring increasing
importance in the IT security landscape. The concept of a puzzle has
subsequently been extended to other types of schemes that do not use
cryptographic functions, such as CAPTCHAs, which are used to discriminate
humans from machines. Overall, puzzles have experienced a renewed interest with
the advent of Bitcoin, which uses a CPU-intensive puzzle as proof of work. In
this paper, we provide a comprehensive study of the most important puzzle
construction schemes available in the literature, categorizing them according
to several attributes, such as resource type, verification type, and
applications. We have redefined the term puzzle by collecting and integrating
the scattered notions used in different works, to cover all the existing
applications. Moreover, we provide an overview of the possible applications,
identifying key requirements and different design approaches. Finally, we
highlight the features and limitations of each approach, providing a useful
guide for the future development of new puzzle schemes.Comment: This article has been accepted for publication in ACM Computing
Survey
The Superlinearity Problem in Post-Quantum Blockchains
The proof of work mechanism by which many blockchain-based protocols achieve consensus may be undermined by the use of quantum computing in mining—even when all cryptographic primitives are replaced with post-quantum secure alternatives. First, we offer an impossibility result: we prove that quantum (Grover) speedups in solving a large, natural class of proof-of-work puzzles cause an inevitable incentive incompatibility in mining, by distorting the reward structure of mining in proof-of-work-based protocols such as Bitcoin. We refer to such distortion as the Superlinearity Problem. Our impossibility result suggests that for robust post-quantum proof-of-work-based consensus, we may need to look beyond standard cryptographic models. We thus propose a proof-of-work design in a random-beacon model, which is tailored to bypass the earlier impossibility. We conclude with a discussion of open problems, and of the challenges of integrating our new proof-of-work scheme into decentralised consensus protocols under realistic conditions
HashCore: Proof-of-Work Functions for General Purpose Processors
Over the past five years, the rewards associated with mining Proof-of-Work
blockchains have increased substantially. As a result, miners are heavily
incentivized to design and utilize Application Specific Integrated Circuits
(ASICs) that can compute hashes far more efficiently than existing general
purpose hardware. Currently, it is difficult for most users to purchase and
operate ASICs due to pricing and availability constraints, resulting in a
relatively small number of miners with respect to total user base for most
popular cryptocurrencies. In this work, we aim to invert the problem of ASIC
development by constructing a Proof-of-Work function for which an existing
general purpose processor (GPP, such as an x86 IC) is already an optimized
ASIC. In doing so, we will ensure that any would-be miner either already owns
an ASIC for the Proof-of-Work system they wish to participate in or can attain
one at a competitive price with relative ease. In order to achieve this, we
present HashCore, a Proof-of-Work function composed of "widgets" generated
pseudo-randomly at runtime that each execute a sequence of general purpose
processor instructions designed to stress the computational resources of such a
GPP. The widgets will be modeled after workloads that GPPs have been optimized
for, for example, the SPEC CPU 2017 benchmark suite for x86 ICs, in a technique
we refer to as inverted benchmarking. We provide a proof that HashCore is
collision-resistant regardless of how the widgets are implemented. We observe
that GPP designers/developers essentially create an ASIC for benchmarks such as
SPEC CPU 2017. By modeling HashCore after such benchmarks, we create a
Proof-of-Work function that can be run most efficiently on a GPP, resulting in
a more accessible, competitive, and balanced mining market
On Iterative Collision Search for LPN and Subset Sum
Iterative collision search procedures play a key role in developing combinatorial algorithms for the subset sum and learning parity with noise (LPN) problems.
In both scenarios, the single-list pair-wise iterative collision search finds the most solutions and offers the best efficiency.
However, due to its complex probabilistic structure, no rigorous analysis for it appears to be available to the best of our knowledge.
As a result, theoretical works often resort to overly constrained and sub-optimal iterative collision search variants in exchange for analytic simplicity.
In this paper, we present rigorous analysis for the single-list pair-wise iterative collision search method and its applications in subset sum and LPN.
In the LPN literature, the method is known as the LF2 heuristic.
Besides LF2, we also present rigorous analysis of other LPN solving heuristics and show that they work well when combined with LF2.
Putting it together, we significantly narrow the gap between theoretical and heuristic algorithms for LPN
Vulnerability of blockchain technologies to quantum attacks
Quantum computation represents a threat to many cryptographic protocols in operation today. It has been esti- mated that by 2035, there will exist a quantum computer capable of breaking the vital cryptographic scheme RSA2048. Blockchain technologies rely on cryptographic protocols for many of their essential sub-routines. Some of these protocols, but not all, are open to quantum attacks. Here we analyze the major blockchain-based cryp- tocurrencies deployed today—including Bitcoin, Ethereum, Litecoin and ZCash, and determine their risk exposure to quantum attacks. We finish with a comparative analysis of the studied cryptocurrencies and their underlying blockchain technologies and their relative levels of vulnerability to quantum attacks