Timelines for the emergence of quantum computers may be fuzzy, but the threat they pose to the vaunted security of blockchain technology is profoundly real. Originally popular as fail-safe security for bitcoin enthusiasts, blockchain is making inroads across numerous industries, most notably as a track and trace tool proving the provenance of goods across vast supply chains. Blockchain-based security may be even more valuable in managing supply and demand shocks during the pandemic and after. However, as blockchain services grow and quantum computers begin to emerge, now is the time to start thinking about quantum-resistant blockchain.
“Once quantum computers can break the cryptography being used today, blockchain loses its immutability,” said Cedric Hebert, senior researcher at SAP Security Research. “We wouldn’t be able to trust new transactions on a blockchain that wasn’t meant to resist quantum-fueled attacks. Companies will need to adopt new protocols to resist quantum attacks.”
Right now, it’s difficult to go backwards on a blockchain’s immutable ledger and change original information in each block of the chain. This is especially the case as blocks are added with more data. People can’t easily rewrite history on its immutable ledger because other nodes on the chain would automatically reject any changes. Also, traditional blockchains are based on asymmetric cryptography, which prevents fraudulent signing. Unfortunately quantum computers could theoretically break the immutability of any block in the chain and falsify historical transactions.
“Companies can use blockchain technology if they incorporate quantum-resistant encryption protocols,” said Hebert. “You would need to freeze the blockchain at some point and migrate transactions to the new protocol. ”
Prepare now for post-quantum security
Even if a fraction of the predictions about blockchain come true, the security stakes are high for consumers and businesses. Blockchain made Gartner IT’s list of top 10 strategic technology trends for 2020, predicted to infiltrate everything from processing insurance claims, loans, and recalls, to identity management for students, patients, and citizens. By 2022, IDC analysts said 10 percent of the world’s adult population will register for a blockchain-based self-sovereign ID, creating an expanding market of 485 million people who want to own and control their digital identity. Whether it’s verifying transactions for bitcoin mining or tracking food from farm to table, blockchain’s security horizon depends on the unique situation.
“Companies need to factor in the lifespan of their blockchains,” said Andrey Hoursanov, lead of quantum security at SAP. “If you’re using it to trace shipments from raw materials sourcing to delivery, maybe you’re looking at months, not years. In contrast, bitcoin investments typically take longer. That’s where you need to seriously consider how to protect the blockchain against quantum attacks likelier to happen further in the future.”
Cryptocurrency isn’t necessarily just for consumers trading bitcoins. IDC analysts predicted that over 12 countries, mostly emerging economies, will begin issuing a digital currency using blockchain technologies to promote economic stability and encourage electronic commerce by 2023. As some governments begin using cryptocurrencies, Hoursanov said companies will need to begin looking at post-quantum blockchain technology for business-to-business (B2B) transactions such as procurement that involves collaboration between buyers and suppliers.
Cross-border payments are another potential security risk. For example, IDC researchers predicted that 85 percent of global container shipping will be tracked by blockchain, with half of this volume using blockchain-enabled cross-border payments in just three years. They said that 40 percent of tier one financial institutions will use blockchain networks to process point-to-point cross-border payments, bypassing SWIFT and the correspondent or central banking infrastructure by 2024.
Embracing cryptography agility
We cannot dismiss the security implications around blockchain and quantum computers. High-profile blockchain examples tended to spotlight tracking the authenticity of exceptional transactions like rare artwork or diamonds. The truth is, blockchain could underpin many everyday activities, speeding up ownership recordkeeping, settlement payments, and even loyalty and rewards tracking for customers in many industries. Smart cities that rely on internet of things technology have tremendous potential to use blockchain as part of the infrastructure to trade energy, charge electrical vehicles, and manage smart grids.
By 2023, Gartner analysts think blockchain will be scalable technically, and will support trusted private transactions with necessary data confidentiality.
Anselme Tueno, researcher and cryptography expert at SAP Security Research, is on one of the teams at SAP exploring how to make software applications safe in a world with quantum computers.
“SAP is assessing post-quantum algorithms to determine how existing SAP applications can be made quantum-safe,” he said. “Replacing broken cryptography or integrating a new one takes decades. Moreover, the security of post-quantum algorithms is not fully understood, which is why we have to prepare to replace them if they are broken. This is called cryptographic agility.”
As COVID-19 has taught us all, we can’t wait for a crisis to reveal that worst that could happen. Forewarned of blockchain’s eventual vulnerability, companies can be armed against the risks posed by quantum computers to take full advantage of the tremendous benefits of both technologies.