The Race to Shield Blockchain Before It’s Too Late | HackerNoon

Table of Links

Abstract and 1. Introduction

2. Context

2.1. Quantum computing as a threat to cryptography

2.2. Current approaches for quantum-safe cryptography

2.3. Blockchain and the LACChain Blockchain Network

3. The vulnerabilities of blockchain technology with the advent of quantum computing

4. A Proposal for a Quantum-Safe Blockchain Network

5. Implementation and 5.1 Generation and distribution of quantum entropy

5.2. Generation of Post-Quantum Certificates

5.3. Encapsulation of the communication between nodes using quantum-safe cryptography

5.4. Signature of transactions using post-quantum keys

5.5. On-chain verification of post-quantum signatures

6. Conclusions and next steps, Acknowledgements, and References

6 Conclusions and next steps

We have analyzed the various areas of blockchain technology threatened by the advent of quantum computers and identified two areas that are under particularly critical risk: internet communication between blockchain nodes and the blockchain transaction signatures. Today, these protocols rely on algorithms such as ECDH and ECDSA, which are susceptible to attacks by quantum computers. Current quantum computers have already proven themselves able to break short asymmetric keys

using Shor’s algorithm and it is only a matter of time before robust quantum computers currently under development will be able to break larger and larger keys. As the “hack today, crack tomorrow” motto warns, quantum computers will be able to access secrets retroactively. This is particularly critical for blockchain, where information is recorded publicly and immutably so having access to all the information any time in the future will not even require any hacking.

The scarce previous work on this topic has focused on theoretical approaches, with the exception of one implementation of a QKD scheme for key establishment, which requires nodes to run close together on-site due to QKD channels’ length constraints. In this paper, we have proposed the first robust and scalable solution, to our knowledge, to protect communications and signatures in a blockchain network from attacks by quantum computers. Its effectiveness has been demonstrated by its implantation in a real blockchain network. Our solution consists of modifying libSSL to incorporate post-quantum algorithms that are quantum-resistant and adding post-quantum keys into X.509 certificates derived from traditional certificates. The nodes use these post-quantum X.509 certificates to encapsulate their communication by establishing post-quantum TLS tunnels. The nodes also use the post-quantum key associated with the certificate to sign the transactions they broadcast to the network. We have implemented this solution in the LACChain Besu Network, which is built on Ethereum technology.

There are several strengths and benefits to our implementation. First, it uses a quantum source of entropy (i.e., a non-deterministic quantum random number generator) as the seed for the generation of post-quantum keys. Second, we are respectful of the exchange of transactions and the blockchain protocols for encryption discovery and communication (still happens inside the postquantum tunnel). Third, we have proposed three different alternatives for the post-quantum signature verification, which every node accomplishes before adding a transaction to the transaction pool and replicating it. Therefore, if a signature is not valid, the transaction is never propagated nor added into a block.

The three different solutions for the verification of the post-quantum signatures that we have proposed, developed, and tested are: an implementation of the verification code in Solidity, the addition of a new operation code into the EVM assembly language (with a corresponding Solidity compiler modification to generate this ˙opcode˙), and the introduction of a new pre-compiled (i.e., native) smart contract. The first solution, despite the fact that it is totally compatible with the current protocol, is not computationally scalable due the enormous gas cost it involves. The latter two were implemented through a native Liboqs library outside of the EVM runtime allowing us to improve the execution time and to adjust gas consumption. The experience gathered through this work will lead our team to raise the discussion through an EIP to support the use of Falcon512 for on-chain verifications. This is the way to not diverge LACChain or any other particular blockchain network from Ethereum consensus and, at the same time, improve the security of any implementation of the protocol.

The three different solutions for the verification of the post-quantum signatures that we have proposed, developed, and tested are: an implementation of the verification code in Solidity, an implementation of the verification in a native Liboqs library outside of the EVM virtualized environment, and a verification using a EVM Java-code pre-compiled (i.e., native) smart contract. These three implementations are focused on ensuring the minimization of the number of operations and amount of entropy required, in addition to being NIST compliant. The first solution is not computationally scalable, and the other two require modification to the Ethereum protocol, which we will propose to the Ethereum community in the form of an EIP.

In addition to the potential modifications of the Ethereum protocol to enable our layer-two implementation, we also believe it is necessary to modify current blockchain protocols to introduce new post-quantum signature cryptographic algorithms that allow the use of post-quantum cryptography natively. We hope that our work can contribute to current efforts in this direction such as the EIP-2938.

With respect to other blockchain networks that are not Ethereum-based, the proposed solution for a quantum-safe blockchain network presented in this paper is applicable too. However, the solution implementation will vary based on the technology used. Therefore, this solution might enable quantum-safeness in other blockchain networks in a more efficient way than in the Ethereumbased network.

Acknowledgements

We gratefully acknowledge the review and comments provided by Ignacio Alamillo, Solomon Cates, Suzana Maranh˜ao Moreno, and Marta Piekarska-Geater. Furthermore, we warmly thank the support of Nuria Simo and Irene Arias. SEVA thanks his family for their unconditional support.

References

[1] P.A. Benioff. The computer as a physical system: a microscopic quantum mechanical hamiltonian model of computers as represented by turing machines. Journal of Statistical Physics, 22(5):563, 1980.

[2] P.A. Benioff. Quantum mechanical models of turing machines that dissipate no energy. Phys. Rev. Lett., 48:1581–1585, 1982.

[3] R.P. Feynman. Simulating physics with computers. International Journal of Theoretical Physics, 21(6/7):467–488, 1982.

[4] R.P. Feynman. Quantum mechanical computers. Foundations of Physics, 16(6):507–531, 1986.

[5] D. Deutsch, A. Ekert, and R. Lupacchini. Machines, logic and quantum physics. Bull. Symbolic Logic, 6(3):265–283, 2000.

[6] R. P. Feynman. Feynman Lectures on Computation. Penguin Books, 1999.

[7] D. Deutsch. Quantum theory, the church-turing principle and the universal quantum computer. Proceedings of the Royal Society of London. Series A, Mathematical and Physical Sciences, 400(1818):97–117, 1985.

[8] T. Kadowaki and H. Nishimori. Quantum annealing in the transverse ising model. Phys. Rev. E, 58(5):5355–5363, 1998.

[9] D. Aharonov, W. van Dam, J. Kempe, Z. Landau, S. Lloyd, and O. Regev. Adiabatic quantum computation is equivalent to standard quantum computation. SIAM Journal of Computing, 37(1):166–194, 2007.

[10] C. McGeoch. Adiabatic Quantum Computation and Quantum Annealing: Theory and Practice. Synthesis Lectures in Quantum Computing, Morgan and Claypool, 2014.

[11] S.E. Venegas-Andraca. Quantum walks: a comprehensive review. Quantum Information Processing, 11(5):1015–1106, 2012.

[12] J. Biamonte. Universal variational quantum computation. Phys. Rev. A, 103:L030401, 2021.

[13] Cambridge Quantum Computing. https://cambridgequantum.com/. [Online; accessed 11- Mar-2021].

[14] Multiverse. https://www.multiversecomputing.com/. [Online; accessed 11-Mar-2021].

[15] M. Alex. Quantum technologies: A review of the patent landscape. arXiv:2102.04552v1 [cs.DL], 2021.

[16] R. Winiarczyk, P. Gawron, J. Miszczak, A. Jaroslaw, L. Pawela, and Z. Puchala. Analysis of patent activity in the field of quantum information processing. International Journal of Quantum Information, 11:1350007, 2013.

[17] P. W. Shor. Polynomial-time algorithms for prime factorization and discrete algorithms on a quantum computer. SIAM Journal on Computing, 26(5):1484–1509, 1997.

[18] S. Loepp and W. Wootters. Protecting Information: From Classical Error Correction to Quantum Cryptography. Cambridge University Press, 2006. [

19] C. Foreman, S. Wright, A. Edgington, M. Berta, and F. Curchod. Practical randomness and privacy amplification. arXiv:2009.06551, 2020.

[20] D.J. Bernstein and T. Lange. Post-quantum cryptography. Nature, 549(7671):188–194, 2017. [21] S. Haber and W.S. Stornetta. How to time-stamp a digital document. Journal of Cryptology, 3(2):99–111, 1991.

[22] L. Chen et al. Report on post-quantum cryptography. Technical report, National Institute for Standards in Technology, April 2016.

[23] National Security Agency/Central Security Service. Commercial national security algorithm suite and quantum computing faq. Technical report, National Security Agency, January 2016.

[24] M. Campagna et al. Quantum safe cryptography and security. an introduction, benefits, enablers and challenges. Technical report, European Telecommunications Standard Institute, June 2015.

[25] NIST Post-Quantum Cryptography Standardization Process. https://csrc.nist.gov/ projects/post-quantum-cryptography/post-quantum-cryptography-standardization. [Online; accessed 11-Mar-2021].

[26] C.H.Bennett and G. Brassard. Quantum cryptography: Public key distribution and coin tossing. In Proceedings of the IEEE International Conference on Computers, Systems and Signal Processing, pages 175–179. IEEE, 1984.

[27] Charles H. Bennett and Gilles Brassard. Quantum cryptography: Public key distribution and coin tossing. Theoretical Computer Science, 560:7–11, 014. Theoretical Aspects of Quantum Cryptography – celebrating 30 years of BB84.

[28] A.K. Ekert. Quantum cryptography based on bell’s theorem. Phys. Rev. Lett., 67(6):661–663, 1991.

[29] D. Bouwmeester, A. Ekert, and A. Zeilinger (Eds.). The Physics of Quantum Information. Springer, 2001.

[30] B. Abd-El-Atty, S.E. Venegas-Andraca, and A.A. Abd El-Latif. Quantum information protocols for cryptography. In A. Hassanien, M. Elhoseny, and J. Kacprzyk, editors, Quantum Computing: an environment for intelligent large scale real application. Studies in Big Data 33, chapter 1, pages 3–23. Springer, Oxford, 2018.

[31] M. Lucamarini, Z.L. Yuan, J.F. Dynes, and A.J. Shields. Overcoming the rate–distance limit of quantum key distribution without quantum repeaters. Nature, 557:400–403, 2018.

[32] S-K. Liao et al. Satellite-to-ground quantum key distribution. Nature, 549:43–47, 2017.

[33] Y-P. Li, W. Chen, F-X. Wang, Z-Q. Yin, L. Zhang, H. Liu, S. Wang, D-Y. He, Z. Zhou, G-C. Guo, and Z-F. Han. Experimental realization of a reference-frame-independent decoy bb84 quantum key distribution based on sagnac interferometer. Opt. Lett., 44(18):4523–4526, 2019.

[34] G. Brennen, E. Giacobino, and C. Simon. Focus on quantum memory. New Journal of Physics, 17:050201, 2015.

[35] K. Heshami, D.G. England, P.C. Humphreys, P.J. Bustard, V.M. Acosta, J. Nunn, and B.J. Sussman. Quantum memories: emerging applications and recent advances. Journal of Modern Optics, 63(20):2005–2028, 2016.

[36] R.L. Rivest, A. Shamir, and L. Adleman. A method for obtaining digital signatures and public-key cryptosystems. Communications of the ACM, 21:120–126, 1978.

[37] R.L. Rivest, A. Shamir, and L.M. Adleman. Cryptographic communications system and method, U.S. Patent 4405829A, 1983.

[38] Nigel P. Smart. Cryptography Made Simple. Springer, 2016.

[39] W. Diffie and M.R. Hellman. New directions in cryptography. IEEE Transactions on Information Theory, 22:644–654, 1976.

[40] V.S. Miller. Use of elliptic curves in cryptography. In Advances in Cryptology — CRYPTO ’85 Proceedings, pages 417–426. Springer Berlin Heidelberg, 1986.

[41] NIST Post-Quantum Cryptography Round 3 Submissions. https://csrc.nist.gov/ projects/post-quantum-cryptography/round-3-submissions. [Online; accessed 15-Mar2021].

[42] NIST Post-Quantum Cryptography Workshops and Timeline. https://csrc.nist.gov/ projects/post-quantum-cryptography/workshops-and-timeline. [Online; accessed 15- Mar-2021].

[43] Post quantum cryptography for long-term security PQCRYPTO ICT-645622. https:// pqcrypto.eu.org/index.html. [Online; accessed 29-Mar-2021].

[44] The Open Quantum Safe (OQS) Project. https://openquantumsafe.org/. [Online; accessed 29-Mar-2021].

[45] Classic McEliece. https://classic.mceliece.org/. [Online; accessed 15-Mar-2021].

[46] Crystals-Kyber. https://pq-crystals.org/kyber/. [Online; accessed 15-Mar-2021].

[47] NTRU. https://ntru.org/. [Online; accessed 15-Mar-2021].

[48] SABER. https://www.esat.kuleuven.be/cosic/pqcrypto/saber/. [Online; accessed 15- Mar-2021].

[49] Crystals-Dilithium. https://pq-crystals.org/dilithium/. [Online; accessed 15-Mar-2021].

[50] Falcon. https://falcon-sign.info/. [Online; accessed 15-Mar-2021].

[51] Rainbow. https://www.pqcrainbow.org/. [Online; accessed 15-Mar-2021].

[52] NIST PQC Comments. https://csrc.nist.gov/Projects/post-quantum-cryptography/ round-3-submissions. [Online; accessed 15-Mar-2021].

[53] Ethereum Foundation Blog. On abstraction by Vitalik Buterin. https://blog.ethereum. org/2015/07/05/on-abstraction/. [Online; accessed 29-Mar-2021].

[54] J. Proos and C. Zalka. Shor’s discrete logarithm quantum algorithm for elliptic curves. Quantum Inf. Comput., 3(4):317–344, 2003.

[55] M. Roetteler, M. Naehrig, K.M. Svore, and K. Lauter. Quantum resource estimates for computing elliptic curve discrete logarithms. In Proceedings of the 23rd International Conference on the Theory and Applications of Cryptology and Information Security, pages 241–270, 2017.

[56] D. Aggarwal, G. Brennen, T. Lee, M. Santha, and M. Tomamichel. Quantum attacks on bitcoin, and how to protect against them. Ledger, 3, 2018.

[57] E.O. Kiktenko, N.O. Pozhar, M.N. Anufriev, A.S. Trushechkin, R.R. Yunusov, Y.V. Kurochkin, A.I. Lvovsky, and A.K. Fedorov. Quantum-secured blockchain. Quantum Science and Technology, 3(3):035004, 2018.

[58] J.D. Preece and J.M. Easton. Towards encrypting industrial data on public distributed networks. In Proceedings of the 2018 IEEE International Conference on Big Data, pages 4540– 4544, 2018.

[59] R. Shen, H. Xiang, X. Zhang, B. Cai, and T. Xiang. Application and implementation of multivariate public key cryptosystem in blockchain (short paper). In Proceedings of the International Conference on Collaborative Computing: Networking, Applications and Worksharing, pages 419–428, 2019.

[60] M.C. Semmouni, A. Nitaj, and M. Belkasmi. Bitcoin security with post quantum cryptography. In Proceedings of the International Conference on Networked Systems, pages 281–288, 2019.

[61] A. Cojocaru, J. Garay, A. Kiayias, F. Song, and P. Wallden. Post-quantum security of the bitcoin backbone and quantum multi-solution bernoulli search. arXiv:2012.15254, 2020.

[62] J. Chen, W. Gan, M. Hu, and Ch-M. Chen. On the construction of a post-quantum blockchain for smart city. Journal of Information Security and Applications, 58:102780, 2021.

[63] W. Cui, T. Dou, and S. Yan. Threats and opportunities: Blockchain meets quantum computation. In Proceedings of the 39th Chinese Control Conference (CCC), pages 5822–5824, 2020.

[64] LACChain-IBD Lab. https://www.lacchain.net/home?lang=en. [Online; accessed 15-Mar2021].

[65] Hyperledger Besu. https://www.hyperledger.org/use/besu. [Online; accessed 29-Mar2021].

[66] Ethereum EVM. https://ethereum.org/en/developers/docs/evm/. [Online; accessed 15- Mar-2021].

[67] M. Allende-López and M.M. Da Silva. Quantum technologies: Digital transformation, social impact, and cross-sector disruption. Inter-American Bank, pages 1–94, 2019.

[68] L. Chen, S. Jordan, Y-K. Liu, D. Moody, R. Peralta, R. Perlner, and D. Smith-Tone. Report on post-quantum cryptography-nistir 8105. Technical report, NIST, April 2016.

[69] L. K. Grover. A fast quantum mechanical algorithm for database search. Proceedings of the 28th annual ACM symposium on the Theory of Computing, pages 212–219, 1996.

[70] Information Technology Laboratory. Sha-3 standard: Permutation-based hash and extendableoutput functions. Technical report, NIST, August 2015.

[71] Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile. https://tools.ietf.org/html/rfc5280. [Online; accessed 29-Mar-2021].

[72] Z. Zheng, Y. Zhang, M. Huang, Z. Chen, S. Yu, and H. Guo. Bias-free source-independent quantum random number generator. Opt. Express, 28(15):22388–22398, 2020.

[73] M. Herrero-Collantes J.C. and Garcia-Escartin. Quantum random number generators. Rev. Mod. Phys., 89:015004, 2017.

[74] Y. Shi, B. Chng, and C. Kurtsiefer. Random numbers from vacuum fluctuations. Appl. Phys. Lett., 109(4):041101, 2016.

[75] N. Leone, D. Rusca, S. Azzini, G. Fontana, F. Acerbi, A. Gola, A. Tontini, N. Massari, H. Zbinden, and L. Pavesi. An optical chip for self-testing quantum random number generation. APL Photonics, 5(10):101301, 2020.

[76] J.S. Bell. Speakable and Unspeakable in Quantum Mechanics. Cambridge University Press, 1987.

[77] Stanford Encyclopedia of Philosophy Bell’s Theorem. https://plato.stanford.edu/ entries/bell-theorem/. [Online; accessed 15-Mar-2021].

[78] W-J. Huang, W-Ch. Chien, Ch-H. Cho, Ch-Ch. Huang, T-W. Huang, and Ch-R. Chang. Mermin’s inequalities of multiple qubits with orthogonal measurements on ibm q 53-qubit system. Quantum Engineering, 2(2):e45, 2020.

[79] Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile. https://tools.ietf.org/html/rfc5280. [Online; accessed 15-Mar-2021].

[80] Falcon GitHub. https://github.com/bhess/openssl/blob/OQS-OpenSSL_1_1_1-stable/ crypto/objects/objects.txt. [Online; accessed 15-Mar-2021]. [81] W3C DID Standard. https://www.w3.org/TR/did-core/. [Online; accessed 15-Mar-2021].

[82] LACChain Topology. https://github.com/lacchain/besu-network/blob/master/ TOPOLOGY_AND_ARCHITECTURE.md. [Online; accessed 15-Mar-2021].

[83] EIP-155: Simple replay attack protection. https://eips.ethereum.org/EIPS/eip-155. [Online; accessed 15-Mar-2021].

[84] EIP-2938: Account Abstraction. https://eips.ethereum.org/EIPS/eip-2938. [Online; accessed 15-Mar-2021].