How quantum computers will reshape the cryptographic landscape

Professor Aggelos Kiayias, Chief Scientist at IOHK, outlines why quantum computing is an opportunity rather than a threat to cyber security

Late last year, Google claimed it had achieved the Holy Grail of ‘quantum supremacy', the ability of quantum computers to solve problems that are beyond classical computers. The search giant announced that it has performed a calculation in 200 seconds that would have taken the world’s most powerful classical computer 10,000 years. This naturally conjures up visions of a future computing super-brain of unfathomable power able to solve previously unbreakable cryptographic algorithms. In theory, this would leave conventional security protocols and even blockchain vulnerable to quantum attacks. For example, quantum computers capable of performing vast calculations instantly could break currently used digital signatures and significantly speed up cryptographic hash calculations; such primitives form the protective shield that secures blockchain protocols but also, in many ways, the global information and communications technology infrastructure. There is little doubt that quantum computers will reshape the cryptographic landscape and potentially leave many classical cryptosystems vulnerable to attack. To address this serious consideration, we have to look into either the use of quantum cryptography, which, by default, aims to fight “fire with fire” so to speak, and thwart quantum adversaries by using the same means, or delve deeper into researching classical algorithms that are quantum-safe. In important ways, both these approaches will have serious repercussions and put forth arrays of problems. For the former, we will have to consider the impact of making our information technology infrastructure quantumly-equipped for those tasks, like key exchange for instance, for which we have quantum cryptography equivalents. For the latter, we will have to understand the security of novel and largely untested algorithms as well as quantify the performance penalty that will be incurred vis-a-vis their quantum-unsafe counterparts.

Professor Aggelos Kiayias, Chief Scientist at IOHK

A recent research breakthrough by scientists at City University of New York, Princeton University, University of Edinburgh, NTT Research and IOHK, an engineering company that creates blockchain systems based on peer-reviewed science, has indicated that it might be possible to create a happy marriage between quantum and classical cryptography. In this work, the team found that hybrid quantum/classical cryptography, which harnesses the joint benefits of classical and quantum characteristics, offers a path to securing blockchain and other conventional computer systems. A feature of quantum mechanics which has been long considered to be a gold mine for cryptographic applications is that of no-cloning. It simply states that it is impossible to copy a quantum state. In the above work, we harnessed quantum no-cloning and some sophisticated quantum safe classical cryptography to create ‘one-shot signatures’. Such a signature scheme possesses a single, secret, self-destructing quantum secret key that can be used to sign a message. Verifying the signature nevertheless, can be done in an entirely classical fashion. Crucially, this quantum computing feature can be harnessed to boost the cyber security of classical computing systems such as blockchains or online payment systems due to its ability for classical computing verifiability. In this way, this system shows how to harness the benefits of quantum mechanics to safeguard classical computer transactions. For example, quantum money is a novel form of money immune to forgery. Using one-shot signatures makes it possible to send quantum money using classical messages using their ability to issue certificates, which is the cornerstone of classical public-key infrastructure. To mint a banknote with a certain value, anyone simply creates a secret key/public key pair for a one-shot signature scheme, and validates it in some fashion, e.g., in a permissionless setting they may tie it to a proof-of-work, or, in a permissioned setting they can get it certified by a minting authority. In the former case, the total supply of quantum money is controlled by the computational power available - in the latter case, it is determined by the minting authority. Subsequently, transfers of quantum money can take place in succession in a completely peer-to-peer fashion using only classical communication and without the assistance of an authority. This quantum money scheme can be also made infinitely divisible, allowing in principle people to use quantum money even for ‘micro-transactions’ such as pay-per-view articles. One-shot signatures could become a building block for novel quantum cryptographic protocols with many promising economic applications. For example, one-shot signatures could allow banks to take advantage of the benefits of quantum money in preventing fraud and forgery. The related concept of ‘delay signatures’, also introduced in the paper, where the signer must wait a certain amount of time between signing messages, could be combined with quantum money to throttle the rate at which new currencies can be minted by the minting authority, preventing an untrustworthy issuer from paying debts by printing unlimited money. This research at the intersection of cryptography and quantum computing demonstrates that quantum computing could help safeguard rather than threaten classical computing systems. It renders ‘quantum supremacy’ less of a threat than an opportunity, allowing classical computers to harness the benefits of the quantum revolution to safeguard our information technology infrastructure and our economy. Far from quantum computers posing a threat to classical communications and cryptosystems, hybrid quantum/classical cryptographic systems can ensure a mutually beneficial coexistence between the two.