Blockchains use Elliptic Curve Digital Signature Algorithm (ECDSA) to secure transactions between the wallets and blockchain nodes. Due to the potential threat from quantum computers, these blockchain implementations need to migrate away from ECDSA to a post-quantum algorithm before quantum computers become powerful enough. However, the migration process is long and challenging because replacing the underlying cryptographic implementation will significantly impact several existing use-cases, causing financial losses to users and making applications fail. We study the impact of such use-cases from a user and application perspective. To partly minimize the impact, we observe that use of BIP39 Seed is key to achieving backward compatibility and propose possible strategies in choosing and adapting a BIP39-compatible post-quantum algorithm.Read More
Learning Parity with Noise (LPN) is an attractive postquantum cryptosystem for low-resource devices due to its simplicity. Communicating parties only require the use of AND and XOR gates to generate or verify LPN cryptogram samples exchanged between the parties. However, the LPN setup is complicated by different parameter choices including key length, noise rate, sample size, and verification window which can determine the usability and security of the implementation. To address advances in LPN cryptanalysis, recommendations for ever increasing key lengths have made LPN no longer feasible for low resource devices.Read More
a16z published a post on big ideas for 2023 (https://a16z.com/2022/12/15/big-ideas-in-tech-2023/) and asks for hardware VDFs. Do you know that current VDFs are not quantum-secure? We have a working construction of a post-quantum VDF here.Read More
What is an appropriate threat modelling method to understand your enterprise’s exposure to quantum threats? We recommend Process for Attack Simulation and Threat Analysis (PASTA).Read More
Is it possible to make ECDSA signatures quantum-secure?
Public key cryptography is threatened by the advent of quantum computers. Using Shor’s algorithm on a large-enough quantum computer, an attacker can cryptanalyze any RSA/ECC public key and generate fake digital signatures in seconds. If this vulnerability is left unaddressed, digital communications and electronic transactions can potentially be without the assurance of authenticity and non-repudiation.Read More