Is quantum proof data security blockchain’s first killer app?
Blockchain dominates the news today, but aside from value transfer and speculation, there are no blockchain based products that many people outside of crypto use, let alone use regularly. That may now change.
Article by: Robert Hirsch
Welcome to the first quarter of the twenty-first century. Our young, vulnerable society that is still based on thousands of years old conventions, is being subjected to a bombardment of paradigm-shifting technologies at a rate never before seen. It used to be that every few hundred years, something truly awe-inspiring would change the course of humanity. The invention of fire, the wheel, agriculture, smelting, steel; these all came around and imparted new superpowers upon humanity, allowing it to grow at incredible rates, taking command of the planet.
After a while, the progress increased and we saw society shifting technologies every decade or so; steam engines, combustion engines, trains, cars, planes, ammonia production. Then technology invaded the human body; better sanitation methods, water treatment, vaccines, birth control, antibiotics. During this time we saw the rise of electronics, integrated circuits and ever shrinking, ever more powerful computers. Then a global, instant communication network.
Frankly, any alien observer could look upon us and think, “Well aren’t those resilient little buggers?”. We are living in a society that is exposed to technological and sociological change at rates never seen before by any species. And we haven’t stopped.
Four new major technologies have come down the pipe, simultaneously. Direct genetic modification (GM), artificial intelligence (AI), quantum computers (QC) and blockchain (no acronym!) technologies are right at our front door and working their way in. All of these are amazing, all of them have scary uses, all of them will greatly impact the human species in a variety of ways, both positive and negative. And try as some might, there is no way to stop them from coming into the house. Are we ready for that assault? Let’s be.
This article is not intended to cover every aspect of every technology. Instead, we are going to focus on two technologies, spend some time lauding how amazing they are, and show how one can help the other from wreaking havoc on us poor humans. These two amazing technologies are quantum computing and blockchain. The threat is the former, a solution is provided by the latter. That seems a little unfair, maybe there will be a condition where QC can help on blockchain one day.
The Quantum Computer and the threat
I am not a quantum physicist. I would not presume to be able to teach quantum computing in a single article. However, if you are interested, I would like to convey a few resources that bring the topic to the realm of normal humans.
The Wikipedia article on quantum computing has a technology overview and history which is pretty complete.
Wired has a pretty nice overview too.
This blogpost dives into the specifics of a quantum computing.
To be succinct, quantum computers can resolve some problems that normal computers are bad at. They can do this because they can find all potential solutions of a problem at the same time, and poor solutions to the problem fade away in decoherence. One of these problems quantum computers are particularly good at is encryption.
Now quantum based encryption is one thing, it said to be uncrackable because it is based around two quantum entangled bits, so unless you have one of them, it’s impossible to tap the communication line. However, this only protects data in motion, from a sender to a receiver. 99.9999% of our data is static, at rest, wating to be accessed. Quantum encryption does nothing for this! Quantum encryption does nothing for data in a file, on a device or in a blockchain.
How do QCs put today’s security at risk? Most encryption works on the following principle: put data through a one way process such that the outcome is difficult to reassemble into the original data. But, given a key that was used in the encryption process, you can decrypt it easily. This can be made even better by letting people encrypt information with a public key such that only using a private key can decrypt it. Now no one, not even the sender, can reveal the information once it is sent to Alice through this process.
Img via Wikipedia
But what if I wanted to decrypt it without a key? I could use a computer to reassemble the data into various combinations, until a message comes through. If the data coming through has only a few possible combinations, this is easy, but what if the encryption process encrypted it in a manner where there are billions or trillions of possible combinations. Trying to decrypt the message one combination at a time would take forever.
Enter quantum computers. What if you could decrypt all the combinations at the same time? Remember, all the solutions to a combinatorial problem are available quickly with quantum computers, changing the conditions such that the correct answer resolves and not having to try them all sequentially. Microsoft estimates that this process is 10 million times faster that classical computers could accomplish it in. If you want to dive deeper into this, Scott Aaronson has the best post on it. He explains how “Shor’s Algorithm” is the tool that cracks encryption.
Below is a list of articles about the impact of quantum computing on cryptography. They fall into different spots on this special Quantum Computing Alarmism Scale
I really recommend reading all of those articles to get a feel for the range of opinions about the effect of QCs on encryption. But let me delineate the key points:
- While QCs are currently not very capable right now, it’s simply a matter of time before they are. The scaling of QCs apparently follows something called Rose’s Law, which is like Moore’s law, but for quantum computers. In plain English, Andreessen Horowitz says it could be just “two years out and has the opportunity to so radically change the world.”
- The computing power of a QC is measured by its number of qubits. There are viable designs right now that have 72 qubits. At 512 Qubits, a quantum computer will be able to crack SHA256 encryption which is common to most encrypted data on the planet. (quick note: D-Wave makes a specific type of quantum computer that performs quantum annealing which is not great for cracking encryption, as opposed to a general quantum computer. The difference can be found here. The fact that D-Wave has attained over a thousand qubits for their machines is not worrisome for encryption. The fact that Google announced a 72 qubit QC, and that general QCs follow Rose’s Law, is far more worrisome.
- Most efforts at ameliorating the quantum threat is by adding more and different encryption. This in turn may move the threat back, it does not eliminate it.
- The National Institute for Standards and Technology (NIST) wont approve quantum resistant (not quantum proof) protocols for years. NIST is testing dozens of algorithms that it “hopes” will work.
- An immediate threat exists in “record now and break later” attacks in which encrypted data is being recorded with the intention of cracking it later when the tools are available. The Chinese are said to be vaccuuming up data everywhere in hopes of accomplishing this.
- The first encryption cracking quantum computer will be owned by a government, and perhaps not your government. This makes the first government, and anyone they sell a system to, able to see data encrypted with todays standards. And there will be no warning. You will wake up one day and your data will be used by others. (note: I say “not your government” because while the US outspends every other country on quantum computing, China is a close second, and the EU as a whole outspends the US. Link).
It is that last point that sets off the alarm bells for most people. But this is a solvable problem, with no new technology, without more complicated encryption methods, and that is a defense against any amount of computing power for both the encryption side or decrypting side. In fact, the method is already implemented in financial systems.
Tokenization of Data
When you are at Target buying something with your credit card, you swipe your card, the information from your card goes into the wires, it goes somewhere, some computer checks your balance on your account against this purchase, and then accepts the transaction or not. Right?
Not quite. If that were the case, anyone with access to that wire or communication stream could get access to your credit card information. The merchant themselves would have your credit card information. Instead, you send fake data, a token that represents your credit card information, rather than the credit card information itself.
The transaction is shown in the image, you send a token that represents your financial and identifying information to your merchant who sends it forward, requesting the transaction. The payment network matches the token to your account using a “Token Vault”and sends the token and your personal account number (PAN) to the bank requesting funds. The bank then passes back the results of the authorization. This way no one outside of the payment network can see your credit card information. The token doesn’t contain any data about you or the transaction itself and is therefore safe from QCs. Your license plate on your car work the same way, until now you’ve never appreciated how secure that system is, imagine if it were decentralized!
And now, here is where blockchain comes in and saves the day for everyone. Blockchain dominates the news today, but aside from value transfer and speculation, there are no blockchain based products that many people outside of crypto use, let alone use regularly. That may now change.
VaultChain: The Blockchain of Data Pointers
What if the bank’s way of protecting credit cards could be expanded for all type of data? What if a competitor or rogue government who uses a QC, but only gets fake data? What if a generalized token vault was available for every database, every encrypted communication, every encrypted transactions?
Thats what the folks at VaultChain are doing. Doug Peckover, the CEO and founder of VaultChain explains it like this, “If a quantum computer can not find it, it cannot break it”.
So How Does VaultChain work?
Basic configuration for VaultChain based Quantum Proof data security
The idea is relatively simple and doesn’t require any technology from the future. If blockchain is good for something, it’s the creation and maintenance of an immutable register (or ledger). Traditionally (if 11 years can be thought of as a tradition), blockchains paradigm shift was a ledger of transactions that can not be corrupted while rewarding those who help maintain the ledger.
Well, lists of things that can not be corrupted is a super cool feature. Let’s use that. So the idea is as follows:
Segmentize the data (this is a known process and has been used since even before Bittorrent used it for file distribution. Shuffle the segments, keeping a list of pointers so that it is really easy to unshuffle the data. To unshuffle the data, you need to have recorded the size of the segments (which can be fixed or variable), you need to know where the first segment is. After that each pointer will tell you where in the data vault the next segment is. Now those pointers are valuable too. But what if instead of having a list of pointers, you had a token represent each pointer (and possibly other information about the data segments such as their size). And now you store these tokens on an immutable ledger? Whoa! You have a secure data vault. If a quantum computer cracks the standard encryption on the data vault, it will just come to garbled data because the data segments are in a random order. If it gets the into the blockchain, the information will be just a bunch of tokens that represent where the data is, not the data itself, nor actual information about how to recompile the data.
Boom! Quantum proof data security.
This security offers many features, and I’ll go over these applications of this technology in future articles. Here is a short list of them:
- Protecting clients from Quantum Based Attacks
- Embedded Forensics that warn about attacks without putting your data at risk
- User Authentication that can retroactively make your data more secure
- Changing data after it has been shared
- GPDR compliance and implementing The Right to be Forgotten
- Blockchain independance, this idea could be implemented on any blockchain or its own blockchain.
- Blockchain content security for all dApps
- And one critical use case that is needed right now which will be outlined in the third article of this series.