The Urgency of HNDL attacks : Quantum Threats to Blockchain Security
Quantum threats to data security and business operations are no longer a distant concern, partly due to a hacking strategy known as Hack-Now, Decrypt-Later (HNDL).
Imagine intercepting a secret message in a foreign language during the World Wars. While you can’t understand it now, you store it away, confident you’ll find a translator that can later tell you the meaning of the message. The cybersecurity version of this is HNDL, where hackers download encrypted data, knowing they can’t read it yet, but anticipating it will become readable — and therefore valuable — when quantum computing algorithms evolve to enable decryption.
Clichés aside, the cybersecurity version of this ‘store the secret’ strategy is known as “Hack Now, Decrypt Later” (HNDL), where hackers download encrypted data knowing they can’t read it now, but anticipating it will become readable and therefore valuable when quantum computing algorithms eventually allow decryption.
This is why companies such as Signal, Apple, Paypal and HSBC are taking seemingly early measure to protect their users’ data from quantum computer attacks. They understand that encrypted data stolen now will sit on the shelf for a time when quantum computers mature and is able to be decrypted.
Most likely, in the current matter of things — Hack Now, Decrypt Later attacks are being conducted by nation-state actors. Historical incidents include:
- In 2016, it was discovered that Canadian internet traffic to South Korea was being rerouted to China.
- In 2020, data from Google, Amazon, Facebook, and over 200 other networks was redirected through Russia.
- Currently, Russia is rerouting internet traffic from Ukraine during the Russo-Ukrainian War.
- Since 2017, North Korean Crypto Hackers Have Stolen $3B , as reported by the UN Security Council.
Most HCDL attacks go undetected because cybercriminals have not yet used the stolen data. Consequently, companies and individuals are often unaware that their data has been compromised. This does not mean the threat isn’t real. Despite the crypto industry’s general reluctance to discuss this taboo topic, which could undermine its progress, it is crucial for businesses and individuals to recognize the danger and take immediate action.
Quantum Computers and On-Chain Assets
All Bitcoin private keys are simply an integer between number 1 and 115792089237316195423570985008687907852837564279074904382605163141518161494337 or HEX: from 1 to 0xfffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364141. The integer range of valid private keys is governed by the secp256k1 ECDSA standard (the parameters of the elliptic curve used in public-key cryptography) used by Bitcoin, Ethereum and most other public blockchains.
When you say you have cryptocurrency, you mean you have a private key that proves your ownership. Ownership is recorded on the blockchain, and anyone can verify it using your public key. Importantly, the Bitcoin network and database itself do not use any encryption. Security comes from the need to include a signature for any transaction, signed by the addresses involved in its inputs.
Bitcoin addresses are not the same as public keys; they are derived from a double hash of a public key. Transactions consist of unspent transaction outputs (UTXOs) from previous transactions, a list of new outputs, and a digital signature. The signature allows one to verify the public key, which can then be double-hashed to generate the address. If this address matches the UTXOs being spent and the UTXOs exist, the transaction is valid because creating the signature requires the private key.
While traditional computers operate on classical bits that must be either 0 or 1, quantum computers use qubits that can represent 0, 1, or both simultaneously. This allows quantum computers to explore a vast number of potential solutions concurrently. Algorithms like Shor’s algorithm, which leverages entanglement, enable quantum computers to perform operations on multiple qubits simultaneously, solving problems in seconds or minutes that would take classical computers millennia.
Although private keys aren’t directly stored on the blockchain, each public key is linked to a single private key. Quantum computers, using Shor’s algorithm, can efficiently solve the mathematical problems underpinning public key cryptography. This includes factoring large integers and computing discrete logarithms, which are infeasible for classical computers. By leveraging these capabilities, a quantum computer can take a public key and calculate the corresponding private key, effectively bypassing the security provided by traditional cryptographic methods. This ability to perform rapid calculations and pattern recognition enables quantum computers to break cryptographic systems that rely on the difficulty of these mathematical problems, posing a significant threat to current blockchain security mechanisms.
The Potential Impact
One study by Deloitte showed that 25% of bitcoin could be stolen in one attack. As of June 2024, that would amount to approximately $1300 billion, and, as the cryptocurrency market size continues to grow dramatically, a quantum computer-based crypto hack could end up stealing trillions of dollars, potentially throwing the global economy into chaos, destroying entire blockchains in the process.
Specifically, a well-known theoretical computer algorithm called the Shor function, when implemented by a quantum computer, can, in theory, solve for the prime factors that are currently concealed by elliptic-curve multiplication. This is a form of multiplication used for hashing that is (currently) nearly impossible to reverse (i.e. discover the original numbers that were multiplied together to form the private key).
For example, researchers have calculated that it would take a classical computer 340,282,366,920,938,463,463,374,607,431,768,211,456 basic operations, to determine a private key associated with a public key utilizing elliptic-curve multiplication. In theory, that could take thousands of years.
In contrast, according to the same calculations, a quantum computer utilizing Shor’s function would take only 2,097,152 basic operations to determine the private key associated with a public key. This, in contrast, might only take a few hours.
Jim Sanders, CEO at CryptoDetail.com, sees quantum computing as a double-edged sword. On the one hand, it can potentially solve problems in seconds that our current supercomputers could take thousands of years to solve. Still, on the flip side, it can potentially break most of our current encryption security systems. “It’s like ordering a super-sized fast food meal — it might seem fantastic at the moment, but the aftermath could be slightly less appealing!” he said. According to him, “the magic number” of qubits is 2,048.
If the public key is known, “an attacker with a quantum computer of about 1500 qubits can solve it,” researchers at the Centre for Cryptocurrency Research and Engineering of Imperial College London write.
“Suppose your enemy gets a hold of your data today, and you’re not so worried because it’s encrypted. But if a quantum computer comes out and say 10 years, and you were hoping that data to be protected for 15 years … you’re not going to be protecting your data long enough,” says Dustin Moody, mathematician in the NIST Computer Security Division.
Quantum-Resistant Blockchain Systems
The National Institute of Standards and Technology (NIST) published 3 algorithms as the post-quantum cryptography standard looking to transfer all high-priority systems to quantum-resistant cryptography by 2035. The best part might be that engineers don’t need quantum computers to build quantum-resistant infrastructures.
A number of projects in the blockchain industry including Algorand and Abelian are now working on quantum resistant blockchain systems. Creating quantum-resistant blockchain systems fundamentally means to create wallet addresses, public keys, private keys; consensus protectors, ledger, transactions that cannot be compromised by not just conventional computers but also quantum computers.
Currently, quantum-resistant blockchain systems have limitations. For example, Abelian uses C and Golang implementations of NIST-standardized cryptography, specifically Crystals Kyber and Dilithium, resulting in an average block time of 960.9 seconds for the last 1000 blocks. Algorand uses Falcon to protect its chain against quantum computing attacks, preserving speed and scalability, but only the chain history is resistant to quantum attacks. This approach addresses only one-third of the problem, as it does not secure account signatures or the VRF (Verifiable Random Function). Engineering challenges remain, but more projects in the blockchain space are emerging, focusing on quantum-resistant technology to make crypto assets secure from quantum computing decryption.
Abelian aims to address the challenges faced by quantum blockchains, such as substantial block sizes, through a Layer 2 application that achieves quantum-resistant security for the original Layer 1 using a ZK rollup. This Layer 2 solution is designed to facilitate the mass adoption of quantum safety in the cryptocurrency industry by offering EVM compatibility, high TPS (transactions per second), and developer-friendly SDKs.
To tackle the blockchain trilemma, where high levels of security typically hinder scalability, Abelian is the first chain to implement a Proof of Stake (PoS) design over Proof of Work (PoW). The PoS layer will issue and operate using its own security token, $QDAY, thus avoiding the slow transaction speeds associated with lattice-based cryptography used by $ABEL. This approach enables an efficient and highly effective quantum-resistant Layer 2 that provides real utility.
References:
- What does “steal now decrypt later” mean for cybersecurity? — QCI
- Itan Barmes, Bram Bosch Quantum computers and the Bitcoin blockchain — Deloitte
- Ernestas Naprys — Bitcoin could be in danger as quantum computing advances — Cybernews
- Ellyptic Curve Cryptography — Grayblock
- Li Chuntang , Xu Yinsong, Tang Jiahao, Liu Wenjie — Quantum Blockchain: A Decentralized, Encrypted and Distributed Database Based on Quantum Mechanics — Proquest
- How imminent is quantum computing anyways? — Abelian Foundation
For more information, please contact: general@abelian.info
About Abelian
Abelian is a quantum-resistant blockchain infrastructure which enables digital gold 2.0 and empowers the post-quantum crypto ecosystem. Learn more about the quantum-safe Abelian blockchain & $ABEL Tokenomics at our documentation page.
The Abelian Foundation welcomes all feedback regarding tech developments and upcoming changes. To join the conversation, please visit us on our various social media and community channels linked below 👇
X | Announcements Channel | Telegram | Discord | YouTube | LinkedIn
