Quantum Tough

From Snowblossom Wiki
Revision as of 20:30, 31 October 2018 by Fireduck (talk | contribs) (Where we are going)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search


  • Quantum Resistant - A thing is quantum resistant if no known algorithm makes it easier to break with a quantum computer than a classical computer.
  • Quantum Safe - A thing is quantum safe is it is proven that no possible algorithm would make it easier to break with a quantum computer than a classical computer.

Previously we used the term quantum resistant, which was in error. That is not the term for what we have going on (currently).

Where we are

It is estimated by people much smarter than I that 256-bit elliptic curve (like bitcoin uses) could be broken by a quantum computer with about 1600 qubits. RSA is expected to take 2x the key size (in bits) in qubits.

So a reasonable long term storage multisignature scheme might be a 3of3 consisting of:

  • standard secp256k1 - in case someone breaks factoring to break RSA
  • RSA 8192-bit - in case someone builds a quantum computer with a few thousand qubits
  • DSTU 4145 - just to include something a bit different

This is enabled in the SnowBlossomClient. Simply put "key_mode=qhard" in your configuration before you make your wallet.

QHard TX

Note: the public keys and signature (which need to be included in a spending transaction will be large for that large of RSA). A transaction spending such a scheme would be at least 4k plus normal transaction overhead, so probably around 4.4k. Compare to a regular standard EC transaction, which is around 270 bytes.

So it might cost more in fees but could easily be worth it.

In short, if you use QHARD keys in your Snowblossom Client you should be safe until quantum computers are in the 16000 qubit range.

Where we are going

We are watching the NIST Post-Quantum Cryptography process: [1]

Since Snowblossom is designed to support multiple signing algorithms, if someone comes up with a new signing method it can easily be added, that is assuming it follows the standard form for signing and verification. So we are keeping an eye on the NIST process and hope to include any finalists there once they are ready.

It is possible that the winner or winners will be state-full algorithms that require more data to be tracked or have other requirements that will make them more difficult to add to Snowblossom, however with our flexible protobuf based protocol design we are confident that it can be done.

So in short, once the algorithms are ready and vetted we will add them to Snowblossom and get to full Quantum Resistant or even Quantum Safe.