Quantum computing represents a potential future threat to many of today’s cryptographic systems, including those underpinning popular cryptocurrencies. Unlike classical computers, quantum machines leverage quantum bits (qubits) to perform complex calculations at unprecedented speeds. This capability could allow them to break encryption methods like the Elliptic Curve Digital Signature Algorithm (ECDSA), which secures networks such as Bitcoin.
When a Bitcoin transaction occurs, the public key is exposed. A sufficiently powerful quantum computer could theoretically reverse-engineer the private key from this public key, compromising the wallet’s security. In response, several newer cryptocurrencies have emerged with designs intended to resist quantum attacks.
This article examines several projects—QRL, Mochimo, IOTA, and Cardano—exploring their approaches to quantum security and the cryptographic principles behind them.
Understanding Quantum Threats to Cryptography
Most cryptocurrencies rely on asymmetric cryptography, which uses a pair of keys: a public key and a private key. The security of these systems depends on the computational difficulty of deriving the private key from the public one.
Quantum computers threaten this model through algorithms like Shor’s algorithm, which can solve the mathematical problems behind ECDSA and RSA encryption exponentially faster than classical computers. Grover’s algorithm, another quantum algorithm, offers a quadratic speedup for searching unstructured databases, which could reduce the effective security of hash functions—though to a lesser extent than Shor’s impact on public-key cryptography.
These risks have spurred interest in post-quantum cryptography: cryptographic algorithms believed to be secure against both classical and quantum computer attacks.
Quantum Resistant Ledger (QRL)
The Quantum Resistant Ledger (QRL) was designed from the ground up to address quantum threats. It employs the eXtended Merkle Signature Scheme (XMSS), a hash-based signature scheme standardized by the IETF and recognized by NIST.
XMSS combines a one-time signature (OTS) scheme with a Merkle tree structure to create a reusable public key. Here’s a simplified breakdown of how it works:
- The private key consists of a set of random values.
- Each value is hashed multiple times to generate the corresponding public key.
- These public keys form the leaves of a Merkle tree, where each parent node is a hash of its children.
- The root of this tree becomes the long-term public key.
This structure provides security even against quantum attacks, as hash-based cryptography is currently considered resistant to known quantum algorithms. QRL’s implementation allows for reusable addresses, improving usability without sacrificing security.
Mochimo
Mochimo is another cryptocurrency prioritizing quantum resistance. It uses the Winternitz One-Time Signature Plus (WOTS+) scheme, endorsed by the EU-supported PQCRYPTO project.
WOTS+ is also a hash-based method. It generates signatures by applying a hash function repeatedly to random private values, producing public keys that are difficult to reverse even with quantum computing power. Mochimo’s team claims to have developed their implementation in consultation with Andreas Hülsing, one of the creators of WOTS+.
While the project emphasizes imminent quantum threats, current estimates suggest that breaking ECDSA with quantum computers would require millions of stable qubits—a technological hurdle still years away. Nonetheless, Mochimo’s use of WOTS+ positions it as a proactive solution in the quantum-resistant cryptocurrency space.
IOTA
IOTA initially adopted Winternitz One-Time Signatures (W-OTS) as part of its quantum-resistant design. However, the project transitioned away from this approach with its Chrysalis upgrade (IOTA 1.5) in April 2021.
The shift was motivated by practical challenges:
- W-OTS signatures are large, increasing transaction size.
- Addresses could only be used once without security risks.
- Past vulnerabilities, including a significant wallet hack, highlighted limitations in its implementation.
IOTA now uses the Ed25519 signature scheme, which is based on elliptic-curve cryptography and is vulnerable to quantum attacks. The team has stated that they plan to adopt a post-quantum algorithm once NIST finalizes its standards, relying on the network’s upgradeability to adapt in the future.
Cardano
Cardano has not yet implemented quantum-resistant features but is actively researching the field. The project has collaborated with academic institutions and published papers on post-quantum cryptography, including studies on WOTS+ and other schemes.
Cardano’s research-focused approach suggests that any transition to quantum resistance would be based on thoroughly vetted, standardized algorithms. The team is monitoring NIST’s post-quantum cryptography standardization process and is likely to integrate the final recommendations when they are finalized.
The Role of NIST in Post-Quantum Standards
The National Institute of Standards and Technology (NIST) is leading efforts to standardize post-quantum cryptographic algorithms. Since 2016, NIST has been evaluating proposals across several categories:
- Lattice-based cryptography
- Code-based cryptography
- Multivariate cryptography
- Hash-based signatures
Hash-based signatures, like those used in QRL and Mochimo, are already considered strong candidates. However, NIST is expected to recommend multiple algorithms to ensure diversity and security. The final standards are anticipated between 2024 and 2025.
Frequently Asked Questions
What makes a cryptocurrency quantum-resistant?
A quantum-resistant cryptocurrency uses cryptographic algorithms that are believed to be secure against attacks from both classical and quantum computers. These often include hash-based, lattice-based, or other post-quantum schemes.
Can existing cryptocurrencies like Bitcoin become quantum-resistant?
Yes, but it would require a consensus-based upgrade to change the signature scheme. This process could be complex and time-consuming, but it is theoretically feasible.
How soon will quantum computers break Bitcoin?
Most experts believe that large-scale, stable quantum computers capable of breaking ECDSA are at least a decade away. This timeline allows developers to prepare and implement quantum-resistant solutions.
Are hash-based signatures the only option?
No. NIST is evaluating multiple families of post-quantum algorithms. Lattice-based cryptography, for example, is also a promising candidate for future standards.
Is quantum resistance the only factor to consider when choosing a cryptocurrency?
No. Quantum resistance is one aspect of security. Other factors include decentralization, transaction speed, governance, and ecosystem development.
What can users do to protect their assets from quantum attacks?
Users can diversify into quantum-resistant cryptocurrencies or stay informed about upgrades to existing networks. For long-term storage, using advanced quantum-resistant wallets may become advisable.
Conclusion
Quantum computing poses a theoretical future risk to current cryptographic systems, including those used in cryptocurrencies. Projects like QRL and Mochimo are already implementing hash-based signature schemes to address this threat. IOTA has shifted its focus away from quantum resistance for now but remains upgradeable, while Cardano is actively researching future solutions.
The ongoing NIST standardization process will likely provide clearer guidance and robust algorithms for broader adoption. For investors and users, staying informed and understanding the underlying technology is key to navigating this evolving landscape. As the field advances, exploring quantum-secure options will become increasingly important.