We sat down with our blockchain advisor, Daniel Kraft, to ask about quantum computers and what to do to make sure Divi’s blockchain is “future-proof” against them when they become available in a few years. We thought people would ask us about this and wanted to be prepared with an answer.

So we asked him: What about Quantum Computer attack resistance? Can we just double the key length? This wikipedia article makes it seem like it’s that easy: (https://en.wikipedia.org/wiki/Post-quantum_cryptography)

Response:

There are two different main algorithms that a quantum computer would enable:

Shor’s Algorithm: This one is the main reason why a QC would break a lot of encryption. Basically, it means that a QC is able to compute the private key to a public key quickly, for the most popular encryption systems (including RSA and also ECDSA as used by Bitcoin and most other cryptos). For Shor’s algorithm, it won’t help to double (or otherwise increase) the key size — the only weak protection from longer keys may come from the fact that it is more difficult to build a QC with many qubits (so if you have keys longer than the maximum possible qubit size at the moment, you are still somewhat safe — but that is very fragile protection).

Gopher’s Algorithm: This allows to speed up things like finding a pre-image or a hash — substantially, but not in a way that absolutely breaks things. To counteract Gopher’s algorithm, doubling the key size (or length of a hash function) is precisely what one needs.

With respect to security in Bitcoin (and thus mostly all other cryptos as well), it looks like this: If an attacker with a QC knows your ECDSA public key, then they can steal your coins — and increasing the key size won’t help. However, if you have never used an address before, the address alone *won’t* reveal your public key — as the address adds another layer of hash around the public key. So coins in addresses that haven’t been used ever are mostly safe against QCs — at least up to some practical difficulties in how to enable spending of these outputs without making the unconfirmed transaction (which reveals the public key) vulnerable to a QC attack.

I think that for now, though, worries about quantum computers are not yet really relevant; and if there would be a practical QC, then there are probably bigger problems than Bitcoin being broken — since basically all the world’s communications would become vulnerable. When a QC seems possible, it will always be possible to upgrade the protocol to quantum-resistant crypto. (BTW, there’s almost regularly a thread or two popping up on Bitcointalk asking about quantum computers — so if anyone is interested, you should be able to find a lot of good discussions about this topic there.) https://bitcointalk.org/index.php?topic=1749803.0

More info: http://www.cryptomorrow.com/2017/10/21/quantum-resistant-cryptocurrencies