Difference between revisions of "Quantum Tough"
(Created page with "==Terminology== ==Where we are== It is estimated by people much smarter than I that 256-bit elliptic curve (like bitcoin uses) could be broken by a quantum computer with abo...") |
(→Where we are going) |
||
(3 intermediate revisions by the same user not shown) | |||
Line 1: | Line 1: | ||
==Terminology== | ==Terminology== | ||
+ | |||
+ | * Quantum Resistant - A thing is quantum resistant if no known algorithm makes it easier to break with a quantum computer than a classical computer. | ||
+ | * Quantum Safe - A thing is quantum safe is it is proven that no possible algorithm would make it easier to break with a quantum computer than a classical computer. | ||
+ | |||
+ | Previously we used the term quantum resistant, which was in error. That is not the term for what we have going on (currently). | ||
==Where we are== | ==Where we are== | ||
Line 19: | Line 24: | ||
So it might cost more in fees but could easily be worth it. | So it might cost more in fees but could easily be worth it. | ||
− | |||
* [https://en.wikipedia.org/wiki/Elliptic-curve_cryptography#Quantum_computing_attacks EC - Quantum_computing_attacks] | * [https://en.wikipedia.org/wiki/Elliptic-curve_cryptography#Quantum_computing_attacks EC - Quantum_computing_attacks] | ||
* [https://crypto.stackexchange.com/questions/35137/how-many-qubits-are-required-to-break-rsa-2048-or-4096-with-a-universal-quantum how-many-qubits-are-required-to-break-rsa-2048-or-4096-with-a-universal-quantum] | * [https://crypto.stackexchange.com/questions/35137/how-many-qubits-are-required-to-break-rsa-2048-or-4096-with-a-universal-quantum how-many-qubits-are-required-to-break-rsa-2048-or-4096-with-a-universal-quantum] | ||
+ | |||
+ | In short, if you use QHARD keys in your Snowblossom Client you should be safe until quantum computers are in the 16000 qubit range. | ||
+ | |||
+ | |||
+ | ==Where we are going== | ||
+ | |||
+ | We are watching the NIST Post-Quantum Cryptography process: [https://csrc.nist.gov/Projects/Post-Quantum-Cryptography/Round-1-Submissions] | ||
+ | |||
+ | Since Snowblossom is designed to support multiple signing algorithms, if someone comes up with a new signing method it can easily be added, that is assuming it follows the standard form for signing and verification. So we are keeping an eye on the NIST process and hope to include any finalists there once they are ready. | ||
+ | |||
+ | It is possible that the winner or winners will be state-full algorithms that require more data to be tracked or have other requirements that will make them more difficult to add to Snowblossom, however with our flexible protobuf based protocol design we are confident that it can be done. | ||
+ | |||
+ | So in short, once the algorithms are ready and vetted we will add them to Snowblossom and get to full Quantum Resistant or even Quantum Safe. |
Latest revision as of 20:30, 31 October 2018
Terminology
- Quantum Resistant - A thing is quantum resistant if no known algorithm makes it easier to break with a quantum computer than a classical computer.
- Quantum Safe - A thing is quantum safe is it is proven that no possible algorithm would make it easier to break with a quantum computer than a classical computer.
Previously we used the term quantum resistant, which was in error. That is not the term for what we have going on (currently).
Where we are
It is estimated by people much smarter than I that 256-bit elliptic curve (like bitcoin uses) could be broken by a quantum computer with about 1600 qubits. RSA is expected to take 2x the key size (in bits) in qubits.
So a reasonable long term storage multisignature scheme might be a 3of3 consisting of:
- standard secp256k1 - in case someone breaks factoring to break RSA
- RSA 8192-bit - in case someone builds a quantum computer with a few thousand qubits
- DSTU 4145 - just to include something a bit different
This is enabled in the SnowBlossomClient. Simply put "key_mode=qhard" in your configuration before you make your wallet.
Note: the public keys and signature (which need to be included in a spending transaction will be large for that large of RSA). A transaction spending such a scheme would be at least 4k plus normal transaction overhead, so probably around 4.4k. Compare to a regular standard EC transaction, which is around 270 bytes.
So it might cost more in fees but could easily be worth it.
- EC - Quantum_computing_attacks
- how-many-qubits-are-required-to-break-rsa-2048-or-4096-with-a-universal-quantum
In short, if you use QHARD keys in your Snowblossom Client you should be safe until quantum computers are in the 16000 qubit range.
Where we are going
We are watching the NIST Post-Quantum Cryptography process: [1]
Since Snowblossom is designed to support multiple signing algorithms, if someone comes up with a new signing method it can easily be added, that is assuming it follows the standard form for signing and verification. So we are keeping an eye on the NIST process and hope to include any finalists there once they are ready.
It is possible that the winner or winners will be state-full algorithms that require more data to be tracked or have other requirements that will make them more difficult to add to Snowblossom, however with our flexible protobuf based protocol design we are confident that it can be done.
So in short, once the algorithms are ready and vetted we will add them to Snowblossom and get to full Quantum Resistant or even Quantum Safe.