As we all know, companies such as IBM and Google are working around the clock to create something that is almost physically impossible to create: quantum computers. The keyword, however, is “almost”.

The advent of quantum computing brings several complications and even dangers to our day-to-day lives. For example, most of the encryption methods that we use today are easily breakable by a sufficiently powerful quantum computer. This means that all encrypted data, from Whatsapp messages to top-secret government communications can all be very easily decrypted by a quantum computer.

A new design change in the way transactions are signed in the Purple Protocol shields against adversaries that wish to use a quantum computer to steal your blockchain-stored riches.

How quantum computers break encryption and digital signature algorithms

Normal computers perform calculations by taking input and transforming it through a sequence of steps, which we call an algorithm, and then spits out an output. Now, if we wanted to break encryption with a normal computer, we would have to calculate the secret encryption key. The only way to do this is to choose a random encryption key, check if it works, then try again.

Encryption algorithms and signature algorithms rely on the fact that this is unfeasible to do on a normal computer, regardless of how powerful it is. In order to break RSA, a computer with hundreds of CPU cores would have to spend thousands of years checking if an encryption key matches. This is because of the way that a computer works physically: take a few bits, place them in a register, perform some calculations, check if the bits match, rinse and repeat.

In a quantum computer, a bit is not only 0 or 1. It is either 0 or 1 or both. This makes quantum computers very efficient at checking multiple cases in parallel, whereas a normal computer would have to check each case at a time.

For some algorithms, this change is so drastic that a computation which would normally take decades can then be performed in less than a second. Unfortunately, most of the encryption and digital signature algorithms that we use today are situated in this category.

Quantum resistant algorithms

While encryption and digital signature algorithms are easily breakable by a quantum computer, there are some algorithms which quantum computers are as useless in performing as classical computers are. One of these algorithms is hash function inversion.

A hash function takes a sequence of characters of arbitrary length and transforms it to another sequence of characters of fixed length. For example, the sha256 (a hashing algorithm) of the sequence “Hello, I am a hash function input” always spews out the following: bc7055da4e4946ff5ac9891cbbdca3335d4a2b645773de709cf97637556c1a57.

If we change just one character of the input sequence, we get a completely different output. For example, “ello, I am a hash function input” spews out: 5c374848b51154944eab2e9c5c4c74ca5be85998c4e084317f7ce11d34add275.

It is impossible for any computer, be it quantum or classical to invert a hash function i.e. you cannot give an algorithm a hash and determine the input sequence which created that hash.

Feel free to play with this here.

Quantum security in Blockchain

Hash functions are the central building block of blockchains as the definition of a blockchain is: a set of digitally signed blocks, each of which is represented by a hash and which all contain the hash of each block’s parent. In this way, we can know for certain that all of the data preceding the current block is correct as any bit that changes along the chain will yield a completely different hash for the current block.

Bitcoin has some quantum security already built-in, and it is also the inspiration for the design change implemented in the Purple Protocol. If the private key corresponding to a public key, which is required to spend coins, can easily be calculated by a quantum computer, the hash of a public key cannot be used to do such a thing.

This is exactly the way in which Bitcoin works. Addresses in Bitcoin are not bare public keys but hashes of public keys, which are stored on the blockchain. When the owner of an address wishes to spend their coins, they must provide a signature that matches the hashed public key and expose the underlying public key. If the signature matches the public key and the hash of the public key matches the address on the blockchain, then the sender is authorized.

The only issue is that when you do this, you expose your public key and a quantum computer can then use this to calculate your private key. This is one of the many reasons why it is highly encouraged to not re-use your Bitcoin addresses.

As long as one creates a new address for each time they wish to spend Bitcoin, there is no way an adversary with a quantum computer can steal your coins. Ethereum on the other hand, has no such protection built-in making it highly susceptible to quantum attacks.

Quantum security in the Purple Protocol

The Purple Protocol follows the Bitcoin model of security with additional improvements on top. First of all, if you use Bitcoin the way it is previously described there is no way in which you can have a permanent address to which people can send you coins. This makes the intended way of using the Bitcoin protocol null and void for most use-cases. Imagine your IBAN or sort code changed each time you spent money from your bank account.

This is why, in the Purple Protocol an account is represented by 3 things:

Permanent address — The equivalent of an IBAN or sort code, which never changes and is stored publicly on the blockchain. This is what people use when they want to send you purple. Signing key — The current public key of the account’s owner. This is kept private until a transaction is signed. The owner of the account has to generate a new signing key for each transaction. Private key — The corresponding secret key of the current signing key, this is generated along with it and is always kept private.

The blockchain stores the following mapping in order to verify a transaction: hash(Signing Key) -> Permanent Address.

When a transaction is signed, the current signing key must be exposed in the transaction along with the corresponding signature. If the mapping is satisfied and signature is correct, the transaction is authorized.

The signer is required to also provide in the transaction the hash of the next signing key: hash(Signing Key’). The new mapping will be stored on the blockchain, making any previously used signing keys irrelevant and only allowing the next signing key to authorize a transaction.

The permanent address never changes, meaning that people sending you coins can use it forever to send coins only to you, even if the signing key changes.

Proof of Work quantum security

While the Bitcoin protocol does provide security against a quantum attacker that wants to steal your coins, it does not provide security against a quantum attacker that wishes to alter the blockchain by mining. Hashcash, the Proof of Work algorithm in Bitcoin can be performed exponentially faster by a quantum computer, making any ASICS or GPU miners irrelevant.

The Purple Protocol does not use Hashcash but Cuckoo Cycle, an algorithm based on the memory bandwidth bottle-neck instead of the CPU bottle-neck. As memory bandwidth latency is the same for both classical and quantum computers, this algorithm is immune to quantum speed-ups.

This, combined with the non-reusable address model effectively makes the Purple Protocol quantum-proof, forever.

Closing remarks

This article has presented a completely new way to represent value on the blockchain. This way protects against quantum attackers while bridging the gap between convenience and safety.

The Purple Protocol is now an almost two-year-old self-funded mission to built the safest, most usable and scalable blockchain/decentralized ledger. It is now approaching the public test-net phase. The future looks bright.

If you have any questions do not hesitate to join our official telegram or discord channels. If you have enjoyed this article, please share it with your acquaintances and friends!