Quantum Computing causes anxiety and restlessness in many people. They are afraid of Qubits (= Quantum bits) and fear that their carefully hodled whatever-coin wallets could be drained one day. If you are one of those people, this article is for you — after reading this you will finally be able to sleep again…

TL;DR: Quantum computing will not break blockchain! I’m going to explain why and promise you will understand, even if you don’t know a bit about Quantum computing (pun intended).

There are plenty of articles out there that explain Quantum Computing and what it can do but that’s not the purpose of this article. For the sake of simplicity, let’s just assume Quantum Computing is a magic power that allows us to solve any mathematical problem incredibly fast — let’s say, in less than a second. Perfect, now let’s assume we have unlimited access to this magical power and we can break cryptographic algorithms like SHA256 and ECDSA, both used for hashing and digital signatures in Bitcoin.

For the rest of this article we will assume we have unlimited access to Quantum Computing!

We’re all set. Now, we just need to find out what we actually want to hack…

It’s all about your Private Key

Hacking a blockchain can mean different things but we are going to focus on stealing funds since that is where the greatest incentive is.

The security of your signature and in turn the ownership of funds eventually relies on the secrecy of your private key, i.e. you are always going to keep control over your coins as long as you are the only one in possession of your private key. Great, now we know our target. Let’s hack a private key…

Hacking the Private Key — 1) Reversing a Hash

Okay, let’s get on it! All we need to do is reverse engineer the private key. This should be easy since a blockchain address is the cryptographic hash of a public key and the public key is the cryptographic hash of the private key (this example is based on Ethereum).

Example based on Ethereum — The public address is the hash of the public key. The public key is the hash of the private key.

Great, the hash algorithm is broken by Quantum Computing and since we have unlimited access, we can simply reverse the hash and … Well, hold on a second… What does this actually mean: “The hash algorithm is broken”?

It means that it is possible to easily find a collision. A hash algorithm is a mathematical one-way function that takes an input of arbitrary length and calculates an output of fixed length (let’s say 256 bits). If one is able to find two inputs that results in the same output, that’s a collision. Calculating a collision for a given hash is called a Pre-Image Attack and is just what we need here. To better explain this concept, let’s say you’re creating a hash value of all Harry Potter books:

The output (256 bits) is much shorter than the input (4,224 pages). Now, with the magic of Quantum Computing we’re going to be able to execute a Pre-Image Attack and find another input that results in the same output in a comparably short time. However, this pre-image is probably not equal to the original input. Meaning that even if we did find a collision, it would not even be close to the original content of all Harry Potter books but most likely be a random bunch of characters of arbitrary length. In fact, it is almost impossible to figure out the original value since the information content of the output (256 bits) is much smaller than the information content of the input (4,224 pages). There are too many possible pre-images and we would have to find a lot of them to get the actual input.

Sum of all digits — It’s easy to find a pre-image but impossible to find the original input.

To further illustrate this problem, consider the above hash function which calculates the sum of all digits. Now, if I told you I created a random number, ran it through this function and the output was 3, could you tell what my number was? Was it 21, 300 or maybe 1002? All of these are valid inputs but none is the number I used. In other words, we will find an unlimited amount of collisions but we may never find the original input. This information is not part of the output. This basic concept of hash functions is called reduction and makes it impossible to find the right input even if the hashing algorithm has been broken by Quantum Computing.

Let’s get back to the private key. Using Quantum Computing, we will be able to find a collision for the blockchain address. However, this will most likely not be the original public key. Although the private key is within a greatly reduced subset of potential inputs, the key space (i.e. the number of all possible values) is still 2²⁵⁶ which is pretty close to the number of atoms in our universe.

Hacking the Private Key — 2) Cracking the Digital Signature

Luckily, with Quantum Computing, there is another way to hack the private key. Since it allows us to break asymmetric cryptographic algorithms that are commonly used in blockchain (e.g., ECDSA which is used in Bitcoin and Ethereum), we should be able to calculate the private key by analyzing the digital signature.

Whenever funds are transferred on a blockchain, the sender uses their private key and the intended transaction input to calculate a signed output, the digital signature. The result of this calculation (the digital signature) is written to the blockchain. Let’s simplify this and suppose our digital signature algorithm is based on the following equation:

Equation 1: Calculation of the digital signature (solvable using Quantum Computing).

Due to the nature of asymmetric cryptography, it is mathematically infeasible to determine the private key with today’s computing standards. Luckily, we have Quantum Computing and this will take us less than a second.

DONE! We calculated the private key and hacked the blockchain account using Quantum Computing, didn’t we? Well, yes we did but our calculation was based on the assumption that the private key is the only unknown variable in the equation. However, the public key and the digital signature are only disclosed if a sender actually signs a transaction and writes it to the blockchain.

Without a transaction on the blockchain, this equation has three unknowns and an infinite number of solutions. Even with Quantum Computing, we will never be able to find the right private key because the actual equation looks like this:

Equation 2: The situation changes if no transaction has been signed and submitted to the blockchain (the equation becomes not uniquely solvable, not even with Quantum Computing).

The bottom line is, this hack will almost never work since any good wallet will automatically generate a new address after every transaction and transfer all the funds to a new address. This concept is known as change and entails that an unspent transaction output (UTXO) which is used as an input of another transaction must be spent entirely. Usually, a wallet client generates a new address and sends the difference back to this address.

Due to this process, most signatures on the blockchain will not be associated with a wallet that actually holds funds. Even though Quantum Computing allows us to crack the private keys of these wallets, they are useless as they don’t hold any money. We have been hacking empty wallets.

What about changing the history of the blockchain?

With Quantum Computing, we could calculate block hashes, mine new blocks within seconds, obtain block rewards, and change the history of the blockchain. Yes, all these actions would be possible and represent major threats. But let’s look at this from a practical perspective. There is another component that is needed to take control over a blockchain network.

Blockchain requires consensus and the majority of participants to agree on the current state. If somebody was to change the transaction history, tamper with data or manipulate the blockchain in any other way, the majority of participants would probably disagree and not accept the change. At the end of the day, every blockchain transaction must be accepted by the community and the ‘right blockchain’ is what the majority of participants believes in.

Even with Quantum Computing, we would not be able to change the entire blockchain history. Too many people have copies and the community could react, fix things manually, change the algorithms, implement Quantum-proof cryptography and keep the blockchain intact. Admittedly, an attacker could still try to attack the chain and cause a significant denial of service. However, this attack would be temporary and there’s only little incentive to do this. Long-term, attacks like this can be prevented by algorithm changes.

Conclusion

Even if Quantum Computing was available tomorrow, it would not destroy blockchain. In fact, its impact on blockchain might be less severe than most people think. Most funds would still be safe and the history could not be changed without convincing the majority of participants. However, Quantum Computing will require a change of algorithms and a significant development effort by the community.

The bold assumptions of this article were made to envision the worst case. In fact, it is very unlikely that Quantum Computing becomes reality overnight. The power of Quantum Computing will increase over time. Its development is an ongoing process that will take years. Blockchains and other systems will have time to adapt to the new standards.

As a final remark, if Quantum Computing really was available tomorrow, blockchain would be our least concern.