Quantum computing has long been regarded as Bitcoin (BTC)’s ‘bogeyman.’ The popular fear is that, as secure as Bitcoin and other proof-of-work cryptoassets are in terms of standard cryptography, quantum computers could provide additional means of breaking them.
One other popular assumption is that, because they don’t use PoW, proof-of-stake cryptoassets such as Cardano (ADA), Polkadot (DOT), and Tron (TRX) (and eventually, Ethereum (ETH)) aren’t as vulnerable to quantum computing attacks as networks like Bitcoin, Bitcoin Cash (BCH) and Litecoin (LTC). However, according to a variety of computer scientists and crypto experts, it’s not the consensus mechanism of a coin which creates the biggest risk in terms of quantum computers, but rather the signature system.
In other words, given that the vast majority of PoS cryptoassets also use (non-quantum) cryptographic signature systems to sign individual transactions, they’re nearly as vulnerable to quantum hacks as their PoW rivals. That said, the advent of sufficiently powerful quantum computers is still some way off, while their emergence is likely to incentivize a widespread shift to post-quantum cryptography.
51% attacks and signature attacks
The important point to make when considering whether PoS is less vulnerable to quantum computing is that there are two mechanisms by which a quantum computer might violate a cryptoasset:
The mechanism used to win the right to publish a block of transactions and to achieve distributed consensus (e.g. PoW or PoS)
The mechanism used to authorize individual transactions (typically involving some public/private key signature system)
It’s the first mechanism that affects PoW more than PoS, with Bitcoin and other proof-of-work coins theoretically vulnerable to a quantum computer-driven 51% attack.
That said, Marek Narożniak — a physics PhD student at New York University who has worked with Prof. Tim Byrne on research into quantum computing — explains that talk of a 51% attack perpetrated by quantum computers still remains theoretical.
“If someone has a sufficiently large quantum computer and wishes to perform a 51% attack — consisting of outperforming remaining miners and producing invalid blocks — it would have to be a really massive quantum machine. The reason for that is that Bitcoin’s proof-of-work is based on a hashing function for which there is no known efficient quantum algorithm [that can reverse it],” he told Cryptonews.com.
But while Bitcoin’s weakness compared to PoS cryptoassets is still pretty hypothetical, quantum computing poses another threat that concerns PoS and PoW in equal measure.
“Even if consensus requires no cryptographic ‘work’ [in the case of PoS] it still does rely on cryptography which is currently mainly based on elliptic curves which are vulnerable to quantum algorithms. An attacker with sufficiently powerful quantum computers could break other validators signatures and still mess with the consensus,” said Narożniak.
This is a concern echoed by other commentators. In an analysis published by Deloitte, Bram Bosch wrote that around four million bitcoins are stored in addresses that use p2pk and p2pkh scripting, which is vulnerable to attacks via quantum computers.
“Presently, about 25% of bitcoins in circulation are vulnerable to a quantum attack. Even in case one’s own bitcoins are safe, one might still be impacted if other people will not (or cannot) take the same protection measures,” he told Cryptonews.com.
Again, vulnerable scripting is something that could potentially affect PoS cryptoassets as well as Bitcoin, even if quantum computers are far from being widely available. And even without older schemes such as p2pk(h), Shor’s algorithm — an algorithm for quantum computers — could be used to break many public-key cryptography systems.
“If one has a sufficiently large and reliable quantum computer it would be possible to break the digital signature used to sign Bitcoin transactions. Such a person could use the modified Shor’s algorithm to sign transactions which take other people’s coins and transfer them at will,” said Marek Narożniak.
He added that the worst thing about this “is that it could not even be detected,” and that PoS is just as vulnerable as PoW: “It would still be possible to produce transactions by breaking cryptographic signatures and producing transactions using someone else’s outputs.”
Fortunately, current cryptographic research is more than aware of the theoretical threat posed by quantum computing, so you probably shouldn’t start selling all of your crypto just yet.
Researchers at Imperial College London published a paper in 2019 that outlined a protocol that would allow Bitcoin “users to securely move their funds from non-quantum-resistant outputs to those adhering to a quantum-resistant digital signature scheme.”
In September 2020, Australian computer scientists at Monash Blockchain Technology Centre and CSIRO’s Data61 developed what they described as “the world’s most efficient blockchain protocol that is … secure against quantum computers.”
So solutions seem to be available, should a viable quantum computer emerge that could realistically be used to threaten PoW and PoS cryptoassets. And for most commentators, it’s more likely that existing cryptos will shift to using post-quantum algorithms, rather than new post-quantum cryptoassets appear to take their places.
“I think the latter scenario of existing cryptocurrencies shifting to the use of post-quantum cryptography is going to be far more likely,” said cryptocurrency journalist and analyst Roger Huang. “It occurs to me that it will be much harder to build the legitimacy, network effects, and exchange/off-exchange volume of something like BTC from scratch than it is for BTC to just adopt post-quantum cryptography.”
For Bram Bosch, it still may be some time before the Bitcoin community (or any other) is compelled to actually implement solutions for quantum computing risks.
“The threat of a quantum attack would have to be very obvious and serious before the Bitcoin community would gain consensus on this matter. It’s difficult to predict whether such a threat would emerge suddenly or gradually and as such, whether there would be time to react at all,” he said.
That’s precisely what’s interesting about the danger posed by quantum computing: it’s unknown, unpredictable quality. But given that it’s a risk mostly to the signatures used by pretty much all cryptoassets, we do know it will be a threat to PoS and PoW cryptos alike.