As part of Qrypt’s “Understanding Quantum Risk” series, this article sheds light on the significant danger that quantum computing poses to the security of crypto wallets. The rapid advancement of quantum computers is a cause for concern as they are expected to become operational before the crypto industry takes adequate measures to upgrade its security. This could result in the loss of funds, loss of trust in cryptocurrencies, and a decrease in adoption, presenting a significant risk to the crypto industry.
Quantum Threat to Cold Storage
Many individuals hold the false belief that bitcoins stored offline, such as on hard drives or in Swiss bunkers, are secure as they are disconnected from the internet. However, the public key is all that is needed to calculate the private key and transfer funds, making cold storage vulnerable to quantum computing attacks. In a classical computing environment, the private key cannot be calculated from the public key, but quantum computers have the potential to break this one-way function and calculate the private key from the public key.
Quantum Threat to Pay-to-Script Hash (P2SH) or Pay-to-Public-Key Hash (P2PKH)
In the case of P2SH or P2PKH, the public key must be revealed to the blockchain to perform a transaction, making it immediately vulnerable to quantum computing attacks. A quantum attacker can leverage their increased computational power to calculate the private key from the public key exposed during the transaction process and steal the funds stored in the P2PKH address.
Smart Contract and Digital Signature Forgery
Digital signatures and certificate workflows used in smart contract execution and digital signatures are also at risk from quantum computing attacks. Quantum computers will break the mathematical algorithms used in digital signatures, such as RSA or Elliptic Curve Digital Signature Algorithm (ECDSA), by calculating the private key from the public key (the breaking). Once in possession of the private key the attacker can forge digital signatures and create fraudulent transactions. In a smart contract, an attacker could create a fraudulent transaction that appears valid and signed by an account owner, transferring ownership of the account or accessing its funds. In digital signature forgery, an attacker creates a fraudulent message or transaction that appears to be signed by a legitimate sender, allowing them to steal funds or access sensitive information.
To protect against these threats, it is important to adopt quantum-resistant cryptography and educate crypto wallet users about the threat of quantum computing and the steps they can take to protect their assets. Qrypt offers technology that secures data against the threats of quantum computing.