Difference between revisions of "Quantum Tough"

From Snowblossom Wiki
Jump to: navigation, search
(Created page with "==Terminology== ==Where we are== It is estimated by people much smarter than I that 256-bit elliptic curve (like bitcoin uses) could be broken by a quantum computer with abo...")
 
Line 1: Line 1:
 
==Terminology==
 
==Terminology==
 +
 +
* Quantum Resistant - A thing is quantum resistant if no known algorithm makes it easier to break with a quantum computer than a classical computer.
 +
* Quantum Safe - A thing is quantum safe is it is proven that no possible algorithm would make it easier to break with a quantum computer than a classical computer.
 +
 +
Previously we used the term quantum resistant, which was in error.  That is not the term for what we have going on (currently).
  
 
==Where we are==
 
==Where we are==
Line 19: Line 24:
 
So it might cost more in fees but could easily be worth it.
 
So it might cost more in fees but could easily be worth it.
  
Also, since Snowblossom is designed to support multiple signing algorithms, if someone comes up with a new signing method it can easily be added.
 
  
 
* [https://en.wikipedia.org/wiki/Elliptic-curve_cryptography#Quantum_computing_attacks EC - Quantum_computing_attacks]
 
* [https://en.wikipedia.org/wiki/Elliptic-curve_cryptography#Quantum_computing_attacks EC - Quantum_computing_attacks]
 
* [https://crypto.stackexchange.com/questions/35137/how-many-qubits-are-required-to-break-rsa-2048-or-4096-with-a-universal-quantum how-many-qubits-are-required-to-break-rsa-2048-or-4096-with-a-universal-quantum]
 
* [https://crypto.stackexchange.com/questions/35137/how-many-qubits-are-required-to-break-rsa-2048-or-4096-with-a-universal-quantum how-many-qubits-are-required-to-break-rsa-2048-or-4096-with-a-universal-quantum]
 +
 +
==Where we are going==
 +
 +
We are watching the NIST Post-Quantum Cryptography process: [https://csrc.nist.gov/Projects/Post-Quantum-Cryptography/Round-1-Submissions]
 +
 +
When there are finalists we will l
 +
 +
Since Snowblossom is designed to support multiple signing algorithms, if someone comes up with a new signing method it can easily be added, that is assuming it follows the standard form for signing and verification.
 +
 +
It is always possible that the winner or winners will be state-full algorithms or have other requirements that will make them more difficult to add to Snowblossom, however with our flexible protobuf based protocol design we are confident that it can be done.
 +
 +
So in short, once the algorithms are ready and vetted we will add them to Snowblossom and get to full Quantum Resistant or even Quantum Safe.
 +
 +
 +
Of course, if the

Revision as of 20:06, 31 October 2018

Terminology

  • Quantum Resistant - A thing is quantum resistant if no known algorithm makes it easier to break with a quantum computer than a classical computer.
  • Quantum Safe - A thing is quantum safe is it is proven that no possible algorithm would make it easier to break with a quantum computer than a classical computer.

Previously we used the term quantum resistant, which was in error. That is not the term for what we have going on (currently).

Where we are

It is estimated by people much smarter than I that 256-bit elliptic curve (like bitcoin uses) could be broken by a quantum computer with about 1600 qubits. RSA is expected to take 2x the key size (in bits) in qubits.

So a reasonable long term storage multisignature scheme might be a 3of3 consisting of:

  • standard secp256k1 - in case someone breaks factoring to break RSA
  • RSA 8192-bit - in case someone builds a quantum computer with a few thousand qubits
  • DSTU 4145 - just to include something a bit different

This is enabled in the SnowBlossomClient. Simply put "key_mode=qhard" in your configuration before you make your wallet.

QHard TX

Note: the public keys and signature (which need to be included in a spending transaction will be large for that large of RSA). A transaction spending such a scheme would be at least 4k plus normal transaction overhead, so probably around 4.4k. Compare to a regular standard EC transaction, which is around 270 bytes.

So it might cost more in fees but could easily be worth it.


Where we are going

We are watching the NIST Post-Quantum Cryptography process: [1]

When there are finalists we will l

Since Snowblossom is designed to support multiple signing algorithms, if someone comes up with a new signing method it can easily be added, that is assuming it follows the standard form for signing and verification.

It is always possible that the winner or winners will be state-full algorithms or have other requirements that will make them more difficult to add to Snowblossom, however with our flexible protobuf based protocol design we are confident that it can be done.

So in short, once the algorithms are ready and vetted we will add them to Snowblossom and get to full Quantum Resistant or even Quantum Safe.


Of course, if the