How blockchain can resist the quantum computing security threat
Quantum computing poses a threat to many elements of digital security. Is this the case for blockchain solutions such as Ericsson Data Centric Security? We look at the case.
Cryptography is more or less based on mathematical functions called algorithms. These algorithms are designed in a such way that the data is easy to calculate in one direction but hard to calculate in the other direction. So given x, it is easy to find f(x)= y, but given y it is supposed to be hard to find x.
Quantum computing and insecure functions
However quantum computing changes the equation, making some existing cryptography functions insecure, with a new report from the Global Risk Institute estimating a 50 percent risk that public-key cryptography tools will be broken by 2031.
The solution to this problem is simple: stop using the newly insecure mathematical functions and instead use mathematical functions known to be immune from a quantum computing threat.
So far so good. But what are these secure functions?
Hash functions and security
We can start with a mathematical function called a hash function, which remains secure if faced with a quantum computing threat, as long as it fulfills certain criteria. When these criteria are fulfilled, hash functions are unique and create fixed-sized, irreversible fingerprints of data.
In general, a cryptographic hash function is considered secure if—when fed an arbitrary piece of data—it returns a truly random value for every different query while a repeated query returns the same random value each time. For example, you could feed "Security is important" into the hash function, and the output could be "10." But if you feed “Security is a must," you would get back, say, "13." Then if you return to "Security is important," the hash function must once again return "10."
Today's secure hash algorithms are considered among experts to be SHA-2 and SHA-3.
However, there are certain caveats that a hash function needs to fulfill in order to be perceived secure.
First, the hash function must have "pre-image resistance." In principle, it must not be possible to go backwards from an answer to the related question. This means that if the hash function output is "10," to derive that the original feed was "Security is important" must not be possible.
Second pre-image resistance
Second, the hash function needs to have "second pre-image resistance." In principle, it should not be possible from looking at the feed "Security is important" to determine that the feed " Security is always important" will produce the same result. This means that if a hash function is fed with "Security is always important" it should not return "10"—which is the result from the feed "Security is important."
Third, the hash function must have collision resistance. This is similar to second pre-image resistance. It must not be possible to easily find two messages that have the same hashed result. Even though collisions will exist simply due to the limited range of outputs versus the infinite range of inputs, it must not be possible to easily derive colliding messages.
If both "Security is important" and "Security is always important" resolve to "10," it must not be possible to conclude this result independently. It must take a tremendously (read, improbable) amount of brute force work to discover that the two inputs resolve to the same hashed output.
Ericsson Data Centric Security and quantum computing
So where does this leave the Ericsson Data Centric Security solution?
This solution is based on a blockchain architecture, with two fundamental and crucial parts that make it immune to quantum computing threats: the cryptographic algorithm (SHA2-256) and the Merkle signature scheme also known as a binary hash tree.
The Merkle signature scheme
The Merkle signature scheme is based on a mathematical hierarchical hash tree structure, which has the shape of a tree in which the lower branches have the largest amount of leaves. The higher in the tree, the smaller the branches and the fewer leaves on each branch, until the top is reached.
Native hash data is fed into the bottom of the tree, as source input. The architectural functionality is then to concatenate all hash data from the lower layers into next layer of branches until the top of the tree is reached, where a root hash is produced. The Merkle tree works in a dedicated and confined time slot of one second. This means that each Merkle tree schema, with the associated concatenation action and the creation of a tree-top root hash, is carried out and processed every second.
Thereafter the Merkle tree schema is torn down, for the next second to become rebuilt again and again—and so on for every second into the future. What is important to acknowledge in context to the Merkle tree is that the hash tree is secure as long as it uses a secure hash function in its architecture that is resistant to pre-images and second pre-images as, for example, SHA2-256 or above.
Unique blockchain security
Another fact that makes the Ericsson Data Centric Security blockchain solution unique is the way the blockchain is securely created and processed every second. Since each root hash is time-stamped and cryptographically interlinked with the previous time slot hash value, the digital blockchain ledger becomes immutable for backwards changes in time, as well as for other general tampering.
So finally, against a quantum computing threat, a "perfect" hash function of output size "n" bits still offers strong resistance as long it is above 128 bits—which means 2 to the (n/2) power or above, for example, with SHA2-256, a 256-bit output. In this case, the best quantum computer would still need 2 to the 128th power of simultaneous operations (that is, with current technology too many to be feasible by a huge margin) to break pre-image resistance. Further a possible attack has to be executed within one second for each leave in the binary hash tree at the same time in order to become close knowing what information is being hashed, concatenated and processed, which is today know to be impossible even for future quantum computers, which makes Ericsson Data Centric Security the perfect choice for thwarting quantum computing threats.
We have published an e-book describing in more depth blockchain technology and its applications for integrity assurance. Please download it.
Background photo by Deirdre Straughan.