- Brute force attacks on cryptocurrency private keys are almost statistically impossible with current technology.
- Quantum computers, which can process data exponentially quicker than regular ones, might make these attacks possible.
- Quantum computers are some years away from entering the mainstream, but they could eventually pose a risk to cryptocurrencies.
A brute force attack on a Bitcoin private key is, in theory, much like a brute force attack on any regular password. An exhaustive search of possible combinations is carried out before a private key combination is identified.
In reality, brute force attacks on a private key are as close to mathematically impossible as it gets.
A private key is a number between one, and 2^256. That means a brute force attack has to search for the right number between one and 115 quattuorvigintillion. For perspective, that’s a 78-digit number that’s estimated to be greater than the total number of atoms in the universe.
If a brute force attack on that scale sounds impractical to you, that's because it is. However, there may be some new technology around the corner that makes the challenge less daunting—a worrying prospect for holders of cryptocurrency.
Could quantum computing break Bitcoin?
The crypto world has been eyeing quantum computing nervously for some time now. The development of the technology is proceeding at a pace, with tech giants like Google and IBM competing with nascent start-ups like PsiQuantum. The likes of Goldman Sachs and JP Morgan have invested in researching the technology, too; no surprise, then, that the market for quantum computing is expected to hit $64 billion by 2030.
But what exactly do quantum computers do, and how do they function?
Quantum computing involves using quantum phenomena like superpositions to perform computer tasks; in other words, quantum computers can perform calculations based on probabilities. Therefore, instead of working with 1s and 0s like regular computers, quantum computers can process exponentially more data.
So, do crypto holders have to worry? Can quantum computers speed up the time needed to pry open our crypto keys?
co-founder Vitalik Buterin tweeted about quantum computing in October 2019. He was not convinced that the crypto industry has to worry about it—yet. “My one-sentence impression of recent quantum supremacy stuff so far is that it is to real quantum computing what hydrogen bombs are to nuclear fusion,” he said.
With that said, there are some quantum computing minds that can unpack exactly what threats the crypto industry faces.
Andersen Cheng, CEO of Post-Quantum, a company providing information solutions against current and future threats, told Decrypt: “The general consensus for a commercially viable quantum computer is 10-20 years away. However, we are talking about a functional rather than a commercially available quantum computer. They are two entirely different things.”
A functional quantum computer, which Cheng described as “a Frankenstein monster created in a lab,” is five to 10 years away.
That begs the question: With the right means, are we set to watch private key secrecy fade away in the next decade?
Replacing private keys with a quantum computer
One potential way that a quantum computer can harm the security of cryptocurrency private keys is through replacing them directly, without needing to steal them from anyone’s wallet.
Cheng told Decrypt that some in the cryptocurrency community believe signatures are already post-quantum computing. Yet, even if it is, “until a block is truly confirmed by ensuring previous blocks are truly immutable, there is still an ephemeral period that one can replicate the private key to start signing unauthorized transactions,” Cheng added.
Once that happens, Cheng said, the trust is gone. “You can no longer tell if that Bitcoin transfer done just now came from your true private key or a private key duplicated by a quantum computer without even needing to disturb your wallet,” he said.
Of course, it’s also worth asking why anyone would actually want to do this en-masse. The second that private keys succumb to quantum computing, the industry will no longer be able to claim it is secured by impenetrable blockchain technology, and the value of crypto assets will plummet as a result.
Who would want that? Likely no one, but that doesn’t mean the risk posed by quantum computing just goes away.
Quantum computing is making waves
In February 2021, Microsoft announced the opening of its Azure Quantum service, which brings quantum computing to Microsoft’s customers. The service’s quantum computers use a design called an ion trap, which users electronically charged atoms to store and process information.
Those atoms are called qubits, and most quantum computers—to date—have only had a few dozen worth. In Australia, researchers publishing in the Nature Electronics journal are pushing the needle forward even further, potentially opening the door to quantum computers that make use of thousands of qubits. Quantum computing on steroids.
And quantum computers could be coming to a desktop near you; Shenzhen-based computer manufacturer SpinQ is reportedly working on a desktop quantum computer that could cost as little as $5,000. Targeted for release in the fourth quarter of 2021, the 2-qubit device is aimed at schools and colleges in China.
At the start of February 2021, a group of quantum computing experts raised concerns about the moral ramifications of this technology. "Whenever we have a new computing power, there is potential for benefit of humanity, [but] you can imagine ways that it would also hurt people," said John Martinis, professor of physics at University of California, Santa Barbara.
And the consequences could span well beyond the crypto industry, even with concerns about accelerated DNA manipulation coming to the fore.
For those who doubt whether quantum computing could fundamentally damage Bitcoin, Cheng uses a very simple acid test. “I have asked them if they are willing to convert all their real fiat assets such as USD, GBP or even their house into Bitcoin or Ether and sit through the quantum timeline,” he said. “To date, no one has yet told me they would.”
Cyber threats tend to sneak up on the world. Before Stuxnet, not a lot of attention was given to supply chain vulnerabilities, until—for Iran, at least—it was too late.
It might not be time to worry about quantum computers coming after your private keys, but it makes sense to get ahead of tomorrow’s risks today.