Posted on

Hyperledger Announces New ‘Cryptography Library’ for DLT Development

Hyperledger announced Ursa, a modular cryptography software library meant to ease the development and interoperability of blockchains.

The Hyperledger Technical Steering Committee has approved the Ursa project, a modular cryptography software library, according to an official announcement Dec. 4.

According to the statement, as Hyperledger has matured, projects “have started to find a need for sophisticated cryptographic implementations.” The post describes Ursa as a shift from having each project implementing its own protocols to collaborating on a shared library.

Ursa is meant to avoid wasted work on duplicate projects, enhancing security by simplifying analysis and making it “less likely for less experienced people to create their own less secure implementations.”

Furthermore, the project is supposed to grant “the ability to enforce expert review of all cryptographic code” and simplify cross-platform interoperability since multiple projects would use the same libraries.
Hyperledger states that with the new library “blockchain developers can choose and modify their cryptographic schemes with a simple configuration file.” Also, Ursa will purportedly have “implementations of newer, fancier cryptography.”

The library is divided into two, smaller libraries. The first contains simple, standardized, modular cryptographic algorithms and the second one “more exotic cryptography.” Advanced cryptographic algorithms like pairing-based signatures, SNARKs, aggregate signatures, and threshold signatures are cited as examples.

Software will be primarily written in Rust, but will have “interfaces in all of the different languages that are commonly used throughout Hyperledger.”

Hyperledger expects that Ursa will ease development since “it is easier for new projects to get off the ground if they have easy access to well-implemented, modular cryptographic abstractions.”

Hyperledger is increasingly popular for institutional and commercial use. As Cointelegraph previously reported, major Russian bank Sberbank recently concluded an over-the-counter OTC foreign exchange repurchase agreement by employing smart contracts on the Hyperledger Fabric Platform.

In November, French retail giant Carrefour deployed a food tracking platform based on Hyperledger in its Spanish network. The system will be used to track free-range chickens raised without antibiotics.

Posted on

China's Government Censorship Agency Is Hiring a Crypto Expert

The state-level Chinese government agency responsible for censoring media output in the country may soon have a cryptographer on the payroll – and with expertise in blockchain technology.

The research center of the State Administration of Press – which is directly administrated by the State Council – is looking for a cryptographer who “keeps abreast of the most advanced cryptography applications in areas such as blockchain.”

According to the job description published by the government agency on Tuesday, the ideal candidate would be a technologist with strong skill-set in cryptography algorithm and performance optimization.

Other responsibilities will be researching and developing tools for measuring the security level of different cryptography applications.

Although the job description does not offer any detail around the agency’s plans regarding blockchain, the stated requirement still signals a notable move by the high-level central government agency.

Intriguingly, the job post comes at a time when blockchain is being increasingly used to bypass China’s pervasive web censorship – often dubbed the “Great Firewall” – in an effort to keep censored articles available to the public. Examples include an expose of a firm involved in China’s recent vaccine scandal and an effort by the #metoo movement in the country to not be silenced.

Founded in 1946, the State Administration of Press directly is administrated by the State Council, but reports to the propaganda department of the Chinese Communist Party. It is known for its role as a top censor with the remit of controlling information produced by all types of mass media in China, including TV, radio, newspaper and the internet.

Safe image via Shutterstock

The leader in blockchain news, CoinDesk is a media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. CoinDesk is an independent operating subsidiary of Digital Currency Group, which invests in cryptocurrencies and blockchain startups.

Posted on

Code Is Speech: Amir Taaki on Crypto's Debt to Phil Zimmerman

Amir Taaki created libbitcoin, the first alternative bitcoin implementation, and worked on wallets such as Electrum and Darkwallet, as well as privacy markets and decentralized technologies.

Currently, he is establishing an academy in Barcelona to train hackers to work on revolutionary technology projects.


I recently had the honor of meeting Phil Zimmermann, the creator of PGP, the world’s first freely available encryption software for the masses.

The development of PGP (which stood for “pretty good privacy”) was a socio-political cause when Zimmermann managed to defeat the United States through a subversive mechanism and enshrine code as a form of free speech.

As such, it’s a foundational tale for the cryptocurrency community, one well worth retelling from time to time.

During the late 1980s, around the fall of the Soviet Union, there was heavy activism in the nuclear disarmament movement. Zimmermann, a software engineer, was deeply involved, even going to prison at various points with Carl Sagan and Daniel Ellsberg. He became well known in the circles as a speaker and organizer.

As a believer in civil liberties, Zimermann felt that humans throughout history had shared secrets and made alliances with each other to organize politically. That we always had the expectation of a private communication with another person and no third party involved. And he wanted to extend this freedom to any two people communicating across the globe.

His concept of free speech was a direct consequence of his experience in organizing activists. PGP was specifically developed for anti-nuclear weapons activists. He took out six mortgages over a multi-year period to finance his venture, and he became skilled at making excuses to his banks. Yet he managed to pull through and PGP was born.

At the time, strong encryption software was classified by the U.S. government as military munitions that could not be exported from the country. Yes, cryptography was in the same category as missiles, fighter jets and advanced weaponry. It took an idealist like Zimmermann to have the courage to defy this law because of the conviction that privacy of speech through cryptography was a
fundamental human right.

The U.S. government opened a criminal investigation against Zimmermann. Phil told us that despite it in retrospect being good for his career, at the time he was in a very stressful dark place and for several years he was working desperately with a team of lawyers to find avenues to keep himself out of prison.

Legal checkmate

It was at a conference when Zimmermann was approached by a big U.S. publisher, the MIT Press, who asked him to publish a user’s guide to PGP. He immediately responded, “Yes, but I want you to also publish a second book.”

Why? Zimmermann had heard about another case where Phil Karn had applied to the U.S. State Department Office of Defense Trade Controls for a license to export Bruce Schnier’s book Applied Cryptography. This book includes many code samples for cryptographic algorithms with explanations and is a standard text in the field.

The regulator was puzzled why a book was being applied for a commodity exports license and replied back that there is no restriction on exporting books in the U.S. They didn’t even consider the contents of the book, given that books are protected under the First Amendment right to free speech in U.S. Constitution.

Then Karn did something curious. He sent the same regulator a floppy disk with files including the same code inside the book. They promptly rejected it, since it contained cryptographic technology and was restricted by the munitions export list. Karn took the government to court and eventually won.

With that case in mind, Zimmermann told MIT Press that he wanted to publish a second book with the code for PGP. They accepted.
And this book contained everything you need for the PGP software package, the source code, the make files, all the config files… everything.

Then they repeated the same process Karn had done in applying for an export license. The government quickly realized it had been trapped. If they said no, the government would be no longer be able to regulate cryptography. If they said yes and accepted his export of the book, then Zimmermann would win his case.

Zimmermann and his team excitedly waited for an answer. He had caught them in a clever legal bind. They never responded, and very soon dropped the case against him.

Legacy

Later PGP and other cryptography products started to become big, and now play a fundamental role in our industry. Zimmermann went on to work on several other important cryptography related projects, steering and advising many standards including development of ZRTP which is an important widely used voice encryption system for messaging applications on mobile and desktop.

But it was his act of courage that led to the liberation of crypto from the control of the U.S. government into the hands of idealist hacker programmers, and more generally into securing our lives on the internet.

In 1992, the year after PGP was born, we saw the Crypto-Anarchist Manifesto calling for using this new power of cryptography to liberate humanity from the yoke of the state and central banks. Then in 1993, we saw the Cypherpunk Manifesto which laid down the philosophy for a movement which created many new ideas around digital currency and ultimately birthed bitcoin.

It was incredible to hear the story of a pivotal moment in computing history from the man himself. I’m sure I haven’t done it full justice in my retelling but I hope I have captured the general importance of PGP in the heritage of the free technology movement.

Image via PhilZimmerman.com

The leader in blockchain news, CoinDesk is a media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. CoinDesk is an independent operating subsidiary of Digital Currency Group, which invests in cryptocurrencies and blockchain startups.

Posted on

A Long-Secret Bitcoin Key Is About to Finally Be Revealed

A long-held bitcoin secret is about to be revealed.

No, it’s not the identity of Satoshi Nakamoto, it’s a private key the cryptocurrency’s creator entrusted to several bitcoin developers that activates the protocol’s so-called “alert system,” once used to flash a text warning to those running the software in case something happened that could impact the security of their funds.

If you didn’t know bitcoin had a warning system like this, that’s because it was retired in 2016 due to security concerns and frequent confusion about its use.

“The alert system was a frequent source of misunderstanding about the security model and ‘effective governance,'” well-known Bitcoin Core contributor Greg Maxwell wrote in a public email from September 2016.

In short, some in the bitcoin community thought it could be used to change that network rules that unite users, which isn’t really the case. For example, a BitcoinJ developer once wanted to use the key to control fees, while a Bloq staffer pressed for Bitcoin Core developers to use the key to change the network’s mining difficulty.

Plus, developers were worried that if the wrong person got ahold of the key, they could broadcast false messages or potentially cause panic.

As such, to some, the reveal – being undertaken by Bitcoin Core contributor Bryan Bishop – is a long time coming.

“Folks, it’s going to be an interesting show,” Bishop tweeted, followed by a string of tweets cryptographically proving he’s in possession of the secret key, without fully revealing it quite yet.

The reveal is the final step to destroying the system. After Bitcoin Core developers released new code in 2016 without the alert system, in January 2017, a “final alert message” was broadcast, which – by law of the code – made that message unable to be overridden by any other messages in the future.

Still, the private key needs to be displayed publicly so there’s no possibility of reputation attacks against those developers that hold it.

Bishop told CoinDesk he plans to release it soon, though he’s not sure about the exact date, adding:

“It’s time. I’m thinking about releasing the private key early July at Building on Bitcoin, though it’s not finalized yet.”

Danger for altcoins

Still, it isn’t as easy as it sounds.

Revealing the key is potentially dangerous for any cryptocurrencies that used an older version of bitcoin’s code to create their cryptocurrency and have not disabled the alert key mechanism in their own code.

“If the copycats have not disabled the alert system, nor changed the alert key [public key], and if they have not sent what’s known as a final alert message, then once the [bitcoin] keys are released, anyone will be able to send alerts on those [other] networks,” Bishop told CoinDesk.

It’s happened before actually. Litecoin creator Charlie Lee recounted on Twitter just last week how the lesser-known Feathercoin protocol (which copied litecoin’s code) received litecoin’s alert about upgrading to the latest litecoin client.

And while that isn’t a particularly nefarious example, Bishop said, controlling what alert messages are sent on various networks “sounds dangerous.”

As such, in Maxwell’s 2016 email, he said he had spent and would continue spending some time searching through other cryptocurrency codebases. If they were found to contain the alert key code from bitcoin, he vowed to notify those projects to remove that code.

Maxwell concluded:

“At some point after that, I would then plan to disclose this private key in public, eliminating any further potential of reputation attacks and diminishing the risk of misunderstanding the key as some special trusted source of authority.”

Reputation on the line

But, two years later, neither Maxwell – nor any other Bitcoin Core developer – has revealed the key.

“It’s something we have wanted to release for a few years. Nobody took any action, though,” Bishop said.

But by now, the projects susceptible to this vulnerability have had time to remove the code and upgrade. Although, some of those projects might not have developers anymore, even though users and still trading and using the cryptocurrencies, which could mean there’s been no update.

That said, Bishop’s giving these projects one last chance by sending messages on Twitter and through other channels.

Adding pressure that could prioritize the reveal, though, is that Bishop and others are worried about attacks on their reputation. For instance, if the private key was compromised and used to sign a message with bad intentions, it could be blamed on one of the Bitcoin Core developers who’s known  to have the key.

“Nobody knows the full list of people that have access to the private key. A message could be signed by the private key, and the secrecy is a liability because some of the people who have the key are known in public to have the key,” Bishop said, pointing to the fact that those with the key that are unknown could blame people who are known to hold the key for nefarious messages.

Bishop recently used the alert key (without revealing it) to sign a simple text message that he then tweeted out, displaying how it could be used to trick users or cause confusion within the community.

Plus, he told CoinDesk, there are other long-standing vulnerabilities within the alert key setup that he plans to disclose when he reveals the key to the public.

As such, Bishop concluded:

“It would be better if the key was released.”

Antique keys image via Shutterstock

The leader in blockchain news, CoinDesk is a media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. CoinDesk is an independent operating subsidiary of Digital Currency Group, which invests in cryptocurrencies and blockchain startups.

Posted on

Whitfield Diffie Talks Cryptography 'Resurgence' and Blockchain

“This is very fulfilling because when you thought the subject [of privacy and cryptography] must have run its course, it flares up again.”

Those words, from cryptography legend Whitfield Diffie, perhaps captured the essence of the first day of CoinDesk’s Consensus 2018 conference. Diffie famously co-authored a landmark paper in 1976 that laid the foundations for public key cryptography, a key element of modern internet security and of cryptocurrencies.

During a freewheeling, jovial fireside chat with zcash founder Zooko Wilcox, Diffie praised blockchains and cryptocurrencies, saying the technology represents a “resurgence” of the work he helped start in the 1970s to empower individuals and strengthen privacy.

The current era, he said, reminds him of the time around 1997, when attendance at cryptographers’ conferences suddenly jumped from the hundreds to the thousands.

Diffie remarked:

“These last few years have been another resurgence of cryptographic technology, and blockchain is now a huge refocus on the cryptographic aspects of these things.”

Wilcox echoed that sentiment and credited Satoshi Nakamoto for triggering this renaissance – causing Diffie to joke that they should “get another chair” on stage for bitcoin’s unknown, pseudonymous creator. Still, Diffie – whose work has focused more on securing communications than financial transactions – similarly gave props to Nakamoto for accomplishing what many before in his field could not.

“There were a good 10 years when privacy and cryptography were almost embarrassing to talk about in public,” Wilcox said.

He cited the famous (or infamous) 1999 quote from Sun Microsystems co-founder Scott McNealy, who remarked: “You have zero privacy anyway, get over it.”

“In the ensuing 10 years, everyone sort of fell in line on that – until Satoshi,” Wilcox said.

Diffie echoed that, saying: “For years many people [in cryptography] thought about how to develop money techniques, and nobody succeeded before that.”

That solicited a deadpan response from Wilcox – “Yeah, I know” – alluding to his own work in the 1990s at Digicash, a storied but unsuccessful digital currency venture.

‘Bulletproof or useless’?

On a related subject, Diffie said he was not worried that the financial fortunes of the cryptocurrency market would compromise its cypherpunk ethos.

“In some sense, you can’t be a revolutionary force without eventually taking over the establishment,” he said, drawing laughter from the audience. “So I don’t see a conflict between business development and political development.”

In fact, Diffie said that introducing market forces into protocols (as cryptocurrencies do) can be a powerful catalyst for the advancement of privacy-enhancing technology since battle-tested systems are likely to earn higher valuations than vulnerable ones.

“I like that phrase ‘introduce market forces,'” Diffie said in response to a question from the moderator and CoinDesk research director Nolan Bauerle. “The market force view of the development of cryptography may be the best single one we have, because so few things depend on this balance … of offensive techniques and defensive techniques.”

Wilcox agreed in theory, though he cautioned that in the case of cryptocurrencies, market forces don’t tend to distinguish between different coins at present.

Cryptocurrency prices tend to go up and down in unison, he said, “regardless of whether the coin has proven to be bulletproof or useless.” In the long term, though, “I assume they eventually will because I think the markets do that,” Wilcox said.

Looking back on the breakthrough he helped bring about decades ago – which is widely hailed for breaking governments’ monopoly on cryptography, thereby giving private companies and citizens access to encryption tools – Diffie said it had a similar decentralizing effect compared to today’s blockchain projects.

“If you don’t have public-key [cryptography], it’s not that you have to know the people you talk to, but you have to be connected to them by an administrative authority,” he said, adding:

“That works wonderfully for the U.S. military, it has lots of employees, a million or more and has a key management structure that follows. That just plain won’t work for an internet of commerce.”

From left: Nolan Bauerle, Whitfield Diffie and Zooko Wilcox image via Annaliese Milano for CoinDesk

The leader in blockchain news, CoinDesk is a media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. CoinDesk is an independent operating subsidiary of Digital Currency Group, which invests in cryptocurrencies and blockchain startups.

Posted on

The Winklevoss Brothers Receive Patent For Digital Transaction Security System

Winklevoss IP, owned by brothers Cameron and Tyler Winklevoss, has been granted a patent for a system to enhance the security of digital transactions, according to a patent document published by the US Patent and Trademarks Office (SPTO) April 10.

According to the patent, the new system is an “improvement to computer security technology” that seeks to embrace a “system, method, and program product for processing secure transactions within a cloud computing system” implementing common cryptographic encryption principles.

As the authors claim in the patent, the system would provide a secure means of data verification in order to prevent “unauthorized access of information over external data connections.”

According to the patent’s abstract, the described computing sub-system would operate the first electronic processing request, then verify and decrypt the first signed data before producing the second processing output that would be encrypted and transmitted to a second sub-system involving a second private key.

“The present invention can provide verification that a user is authorized or that a user session is authorized, such as having valid user credentials and the session not having timed out. The authenticity of any client request received from a user device, or configured to appear as if it originated from a user device, can be confirmed by the computing system. In other embodiments, communications among sub-systems of a computing system can be verified using the trust chain verified computing methods of the present invention.”

The cloud computing security system patented by the Winklevoss twins may be applied to their cryptocurrency exchange Gemini, which is set to start offering cryptocurrency block trading with large amounts of Bitcoin (BTC) and Ethereum (ETH) outside of their regular order books starting April 12.

Posted on

The New Ways to Save Crypto from a Post-Quantum World

What if a key piece of cryptography underpinning bitcoin fell apart?

That might sound like science fiction (or even FUD – fear, uncertainty and doubt) to many a cryptocurrency enthusiast, yet hardly a day goes by without some breakthrough in the field of quantum computing hitting the wires.

And while the technology will have many beneficial effects on humankind, for cryptocurrency holders, the technology could spell devastation.

That’s because quantum computers have the ability to unwind much of the cryptography that underlies how data – including cryptocurrency private keys – passes through the internet. As such, researchers in the space are playing it safe, already looking for ways to re-architect cryptocurrency systems to be resistant to quantum computing.

For instance, researchers at last week’s Financial Crypto 2018 conference were so concerned about the tech’s possible effects on crypto that they’re already outlining possible solutions.

“Cryptocurrencies are tightly associated with user’s money, and that is an extremely sensitive subject,” said Fangguo Zhang, a Sun Yat-sen University researcher and co-author of a new paper, Anonymous Post-Quantum Cryptocash. “As a cryptographer, we have to take precautions on the fast development of quantum computing such that if it becomes strong enough, we are able to update cryptocurrency systems as soon as possible.”

That’s why Zhang and several others designed a cryptocurrency construction (detailed in the paper) that uses so-called “ideal lattice” cryptography to replace bitcoin’s digital signature algorithm so that it could withstand quantum computers.

And although there’s disagreement over the timeline quantum computing will be realized, and even over whether it’s possible at all, still other researchers are putting their minds to work on a solution.

Saarland University computer science PhD student Tim Ruffing, for example, is working on his own scheme, telling CoinDesk:

“Even if this is still far away, quantum security is already important today.”

Replacing digital signatures

And that’s because it wouldn’t just be one cryptocurrency that would take a hit, but all of them, since the digital signature algorithms would be the vulnerable part of the systems.

These algorithms generate the public/private key pairs that cryptocurrency holders use to store and transfer their bitcoin. While public keys can be shown to other users as they are the mechanism used to receive cryptocurrency, the private key allows users to spend their crypto and as such should be kept, as the name suggests, private.

With computers today, a private key can’t be mathematically generated from a public key. But quantum computers could be theoretically so powerful, they could link public and private keys.

As such, much of the research being done looks to replace cryptocurrency’s digital algorithms with something else.

For instance, the Zhang’s proposal replaces the cryptography with “ideal lattices,” which are not only quantum resistant but also bake in privacy features. According to the paper, both unlinkable ring signatures – a technical scheme perhaps most famous because of its use in privacy-oriented cryptocurrency monero – and stealth addresses are added to the scheme.

Although, due to the system’s complexity, a whole new cryptocurrency would need to be deployed, and according to Zhang that’s not in the researchers’ plans, although ome undergraduate students are now testing the system.

Numerous solutions

And since a tremendous amount of money and time is already wrapped up in existing cryptocurrencies, that’s not an ideal solution.

As such, other researchers are more focused on re-architecting existing cryptocurrencies to be quantum resistant.

Saarland University’s Ruffing is one. Plus, Imperial College London research assistant, Alexei Zamyatin, has also recently co-authored a new paper, although it’s not fully finished yet.

Both researchers are independently working on ways to educate users on the problem so that they’re ready, since even if new addresses were developed, users would need to take the responsibility to switch to them.

For example, Ruffing posted an idea to a leading bitcoin developer mailing list. Basically, Ruffing describes a “two-step” transaction process, which hides user’s public key until the coins are appropriately moved to a quantum-ready address.

Meanwhile, Zamyatin believes another way to push users to securely move their crypto to resistant addresses is through a backwards-compatible soft fork upgrade.

Not only this, but a “huge number” of alternative quantum-resistant signature schemes to a major cryptographic conference last November, according to Zamyatin.

As such, many researchers don’t think making cryptocurrency resistant to quantum computers will be that difficult. Instead, several, believe cryptocurrency will be the least of the world’s problems in an era ruled by quantum computers.

Zamyatin said:

“We’ll have other problems if quantum computers actually come up.”

Alien card image via CoinDesk

The leader in blockchain news, CoinDesk is a media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. CoinDesk is an independent operating subsidiary of Digital Currency Group, which invests in cryptocurrencies and blockchain startups.

Posted on

Encryption Becoming 'Public Safety Issue' – FBI

Encryption technology has reached a stage where even government agencies like the FBI don’t have the technology to unlock hidden data. In fact, it’s mathematically impossible to break many advanced forms of encryption, regardless of technology or available budget.

While the world’s most well-known investigation authority is tasked with providing the US government with crucial intelligence information, it is struggling to follow up on investigations due to advances in data encryption.

As reported by Reuters this week, the FBI was unable to crack over 7,800 devices that contained information the FBI considered vital to ongoing investigations from 2016-2017. The agency has been given legal authority, by the courts, to try and access the data on these devices, but they were simply unable to do so because of the high-level encryption used to protect the information.

FBI director Christopher Wray delivered these statistics in an address at the International Conference on Cyber Security.

While unpacking the challenges facing the bureau, Wray maintained that the FBI supports advances in encryption and information security. However, that has become a double-edged sword that is making the FBI’s life increasingly difficult:

“We face an enormous and increasing number of cases that rely heavily, if not exclusively, on electronic evidence.”

Making progress in this regard will take “significant innovation,” according to Wray, but the FBI head does not consider it impossible. To date, half of the devices safeguarded by encryption have been inaccessible, Wray said in his address.

Goes both ways

While the FBI’s sentiments relate directly to investigations where they have been given legal access to try and break through encryption to unlock information, both state and public individuals have vested interest in encryption technology.

Messaging apps that utilize encryption technology have become all the rage, allowing people to communicate without fear of being spied on- for whatever reason. Encrypted communication platforms have become vital in repressive nations like Iran, for instance.

Nevertheless, governments around the world have pushed for regulation that allows widespread surveillance of the public. The United Kingdom has done so in a number of instances.

No such thing as soft encryption

The FBI faces an uphill battle against encryption technology and there seems to be no middle ground in this regard. The essence of encryption is to safeguard information by granting access to authorized parties only.

Whether or not agencies like the FBI have been given legal authority to decode encrypted data, they are still deemed unauthorized by the encryption itself.

The irony here is that modern-day encryption technology stems from developments made primarily by military operations decades ago. The need to protect sensitive information being sent during war times can be attributed to the development of various encryption technologies, which are now widely available to the general public.

Once software developers got their hands on the basic code, like the so-called cypherpunks who laid the foundation for the cryptography that powers Bitcoin and other cryptocurrencies, massive strides were made.

In the quest to safeguard information, encryption developers weren’t about to create a backdoor for the FBI and other security agencies to make use of. That would defeat the point and create an entry point for nefarious entities to get their hands on important information.

The most likely course of action will be the development of better decryption methods. It’s highly unlikely that software engineers will be making less powerful encryption technology in years to come.

Posted on

Quantum Computers Could Jack Your Crypto Private Key in 10 Years, Researchers Say

Quantum computers are coming and encryption – including the kind used to underpin cryptocurrencies – is in trouble, researchers say.

That’s according to researchers at the National University of Singapore and colleagues who have estimated how soon the computers might be able to break bitcoin’s security. Based on the most aggressive estimates for the advancement of quantum computation, private keys might be cracked as early as 2027, their paper says.

Bitcoin encryption today is ensured by the difficulty of cracking its code using existing computers, but quantum computers will theoretically be able to work much faster because they are not constrained to working with bits (values that are either 0 or 1). Quantum computers use qubits, which take advantage of the very strange ways subatomic particles behave to contain more values (or even two values at once).

As first reported by the MIT Technology Review, the researchers investigated quantum computers’ application against both mining pools and using the machines to attacks private keys. Miners will be safe for longer than wallets, the researchers contend.

Rewriting transactions

The greatest danger for bitcoin users will come when transactions have been broadcast to the network but not yet processed, according to the paper.

An attacker with a quantum computer is likely to be able to change the transaction before the legitimate one goes through, the researchers found.

Settled transactions will remain safe, at least for a while. Even a paradigm-shifting computer is unlikely to be able to change the ledger after several blocks have been processed.

If private keys are compromised, that’s not just bad news for cryptocurrency. It would expose anything else that uses public-private key encryption, such as messaging apps, SSL certificates and data storage.

Glint of hope

As the researchers acknowledge, this finding holds true provided nothing changes in the way private keys are created. They write:

“Many presumably quantum-safe public-key signature schemes have been proposed in the literature.”

However, their discussion neither completely endorses nor dismisses any of the proposals.

This summer, researchers at the University of Pennsylvania also proposed ways in which more robust private keys could stymie these new machines. And, as has been argued, quantum computers might also develop much more slowly than the researchers have modeled.

Tesla coil image via Shutterstock.

The leader in blockchain news, CoinDesk is an independent media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. Have breaking news or a story tip to send to our journalists? Contact us at news@coindesk.com.