Without spending too much time dwelling on Harry Hamlin’s opus (“Release the Kraken!”), and definitely without spending any time talking about the Remake Who Shall Not Be Spoken, I was intrigued this week by a panel discussion in Washington DC at SINET where two metaphorical Titans clashed: Blockchain and Quantum Computing. These are two disruptive technologies we will see widely used in our lifetimes. Indu Kodukula (new VP Blockchain for Intuit) brought together an array of experts for a riveting panel, that spanned everything from cyberphysical infrastructure to a discussion of Satoshi through the lens of sociopolitical analysis and historical context going back 500 years (I’m looking at you, Susan Ramonat). One of the panelists was Andersen Cheng of Post-Quantum. Andersen raised the specter of a hack using post quantum computers: we’re racing to funnel our financial and other critical infrastructures into blockchain, but ignoring its security risk to attack by next-gen computers. So let’s unpack this a bit: Why is blockchain so secure? Well, a few things: It’s really resilient (meaning that there is multiple redundancy so if several “nodes” aka copies of the ledger are taken out, there are thousands of backups).

It uses really good cryptography – “elliptic curve” cryptography, which is a form of very secure encryption that needs relatively short “keys”.

Conventional attack could conceivably need thousands of keys to actually crack it open. Why is the post-quantum world so dangerous to blockchain? The speed and power of quantum computers could allow you to recover an elliptic curve private key rapidly (i.e., crack open the metaphorical safe).

Many widely-used forms of public key encryption today can be cracked using a quantum computer.

Once an attacker can use a recovered private key to fake new messages, it will destroy trust in the entire chain – problematic given that what makes blockchain work is trust. I asked Andersen the following question: if we have quantum computers hacking the crypto, won’t we have quantum computers making new crypto that’s more secure? He made clear to me we need to be thinking post quantum cryptography – algorithms that are relatively impervious to attack by a quantum computer. But the issue is while, yes, we could create stronger algo’s for blockchain…we aren’t using them widely. The major flavors of blockchain out there (whether Etherum or Bitcoin or …) are still using elliptic curve. The Ethereum Foundation has been thinking about this problem for a while, and according to Andersen is going to build an adapter to accept post-quantum secure signature schemes. "...as quantum computing at scale gets closer and closer to reality, these questions become more pressing." We’ve now gone pretty far afield from my area of specialty (I haven’t vetted the math behind Andersen’s company, named of course Post-Quantum), but I find interesting that as quantum computing at scale gets closer and closer to reality, these questions become more pressing. The reality is that the problem isn’t limited to blockchain – conventional bank systems rely in part on the imperviousness of public key schema – but at least with the conventional systems you have centralized updates when you implement new cryptography. A distributed network that you don’t control gains resilience at the cost of speed and effectiveness to update. No one tends to focus on the villagers when Titans clash. Pixar’s The Incredibles humorously played up the unintended consequences of all those amazing fight scenes in superhero movies. Yes, I know, Comic Book Guy is about to tell me about how Alan Moore invented the internet or something…where was I? Right. Ahem, let’s focus on impacts. New tech is creating unexpected risks to our core systems on which we run our lives. So what can we do about it? And the answer is not “stop all progress until I retire”, which is what I’ve heard said by more than one senior banking executive, eyeing the disruption that distributed ledgers and AI are introducing to the financial services industry. Here is my proposed checklist for the Tsunami: Get better informed about the risks. Hire really smart people to deal with them. Be nimble about responding to new developments – create an agile response architecture in people, processes and (computer) programs. Be prepared for when your systems fail, and have both insurance and a plan B. Educate your leadership team and organization about the risks and opportunities, and keep them updated.