Thought Leadership

CBDCs, DEFI, and Web 3.0 Must Prepare Now For The Coming Quantum Cyber Threat

Written by Contributing Writers, Lawrence Wintermeyer and Marcos Allende Lopez

Over the past two years the world suffered from a health crisis caused by the COVID-19 virus that took more than 6.5 million lives, destroyed businesses, and shocked the global economy. Population growth, climate change, food supply, energy sources, volatile financial markets, and challenges to the global political order provide clear evidence that crises are more likely to happen and more often.

Unfortunately, rarely is a future crisis taken seriously enough across global political and industry leadership to better prepare society for dealing with its aftermath, leaving most of the world largely unprepared. Often, it is only after a major crisis that we seem capable of mobilizing governments and industry leaders to respond.  

A future cybersecurity crisis is now lurking around the corner, waiting for the untimeliest moment to unleash itself. The big threat posed by the advent of quantum computers is the prospect of having our private digital data and communications easily stolen. Worse, it may render the next generation of the Web3 digital infrastructure and the financial system impotent in protecting our assets from criminal and state sponsored hackers.

Let us hope that quantum computing continues to receive more attention with government and industry leaders and that they are better preparing for the consequences of its arrival.

In 1994, a quantum physicist name Peter Shor presented a quantum algorithm, known as Shor’s algorithm, that can break the encryption of most of today’s systems. This includes the communications over the internet (that mainly rely on RSA asymmetric cryptography and AES symmetric cryptography) and the cryptography used by blockchain networks that host CBDCs, DEFI, and Web3 assets, which mostly rely on elliptic curve cryptography.

This quantum algorithm can only run on a device that makes computations using two phenomena from the quantum word: superposition and entanglement. Current computers are not able to do such a thing because their processors use bits. Bits can only be in the states 0 and 1 because they are usually represented by pulses of electrical voltage. You either have voltage or not.

To run Shor’s algorithm, you need much more powerful computers that are able to control the states of microscopic particles in a way that they can be in a superposition of different states and entangled with each other, so multiple calculations can be done at the same time.

The potential of Shor’s algorithm and other discoveries motivated the construction of new computing devices which gave them a name: quantum computers. Over the past 25 years, a race for the first large, robust, and scalable quantum computer has been taking place. IBM owns the largest quantum computer today, it utilizes 127 quantum bits, or qubits.

Other big techs including Google and Microsoft, universities, and governments are spending billions of dollars to be at the forefront of the quantum age. Over the past five years China has announced investments of over $10 billion, the E.U. $5 billion, and the U.S. $3 billion.

In 2015, the National Institute for Standards in Technology (NIST) began to warn about the seriousness of the quantum threat stating, “If large-scale quantum computers are ever built, they will be able to break many of the public-key cryptosystems currently in use.”

In the same year, the National Security Agency (NSA) also warned that, “A sufficiently large quantum computer, if built, would be capable of undermining all widely-deployed public key algorithms used for key establishment and digital signatures.”

Though it is not entirely clear when will quantum computers be market ready, there is little doubt that those intended for hacking purposes are not likely to announce their public arrival with any great fanfare. They will be used silently and strategically to accomplish their purpose and seek to avoid detection.

Understanding what quantum computers will be capable of is much more critical than figuring it out when will they be ready – the time to prepare against them is now – especially if blockchain technology is at the heart of your infrastructure.

Blockchain technology enables the building of decentralized trust registries where anyone can store data, information, rules, and assets. These registries are immutable and accessible to everyone, which makes them extremely vulnerable for quantum computers. With a quantum computer, any asset, role, or rule that is associated in the blockchain with a public key wallet can be stolen, hacked, or broken.

This is because a quantum computer running Shor’s algorithm can discover private keys from public keys in a few seconds. The number of qubits to achieve this hack is expected to be in the number of thousands, remember IBM has over 100 already. Quantum computers also do not currently have efficient error correction and therefore are not scalable, yet,

The development of a large, robust, and scalable quantum computer, hacking blockchain will be as easy as asking ChatGPT, and this is expected in the next decade.

The Future Threat to Blockchain

Central Bank Digital Currencies (CBDC) are tokenized versions of fiat currencies intended to bring efficiencies to cross-border payments and settlements. After surveying 81 central banks, the Bank for International Settlements (BIS) concluded that 9 out of 10 central banks are exploring CBDCs and more than 67 percent consider that they are likely to or might possibly issue a retail CBDC in either short or medium term.

Most CBDCs are considering the use of blockchain technology, which would imply having trillions of dollars denominated in different currencies vulnerable to quantum computers hacking not only token owners’ wallets but the Central Bank’s blockchain account.

Decentralized Finance (DEFI) is a decentralized collection of algorithms for lending, borrowing, and transferring money in the form of cryptocurrencies governed by a Decentralized Autonomous Organization (DAO). DEFI relies on constituents that include smart contracts and bridges. Smart contracts implement the logic on-chain, and bridges allow smart contracts to interoperate between different blockchain networks.

Using quantum computers to discover private keys would allow to hack the smart contracts and the bridges. DEFI hacks are already prevalent due the weakest link: bridges – the consequences of being able to hack the whole of the ecosystem must be confronted.

Web3.0 is a new generation of web infrastructure, platforms, and applications on the internet that are built around digital wallets and blockchain networks. The new generation of digital credentials that will be verifiable against blockchain networks and the many assets that will start populating digital wallets, including all kinds of securities such as bonds or tokenized currencies, are subject to the same quantum hacking and stealing threat.

What Must We Do Now About The Quantum Threat

It is easy to say but difficult to do. We need to modify blockchain protocols, so they don’t rely on cryptographic algorithms that are hackable by quantum computers, such as elliptic curves.

In July 2022, NIST standardized the first four quantum-resistant asymmetric algorithms that fit into this description, however, replacing current blockchain cryptographic algorithms for those new ones would be almost impossible.

A more feasible solution could be adding the new quantum-resistant algorithms to the current ones and therefore requiring two signatures (i.e. two keys), the current one plus a quantum-resistant, for every interaction with the blockchain.

We must learn the lessons from ignoring warnings about future crises that have had a major impact on society, and start preparing for the impact of quantum on cryptography and our emerging blockchain infrastructure. Changes takes time, require consensus, and imply retroactive modifications, and we do have time now, but not much. We cannot afford to ignore the quantum computing threat any longer.

About the Authors:

Lawrence Wintermeyer is a globally recognised digital finance advocate with a track record as an advisor, executive, and board member, working with startups to institutions. He is the Chair of GBBC Digital Finance (GDF), a not for-profit promoting fair and transparent markets for crypto and digital assets, and is the former CEO of Innovate Finance, the UK fintech members association. He is the Principal of Elipses, a digital investment management firm focused on sustainable investments, systematic investment management strategies, big data analytics, machine learning, and DLT technologies. Lawrence has an MBA, is a regular Forbes and Fintech.TV contributor, and promotes ethical and sustainable finance policies for a transparent, secure, and quality digital future for everyone.

Marcos Allende Lopez is the CTO of the LACChain Global Alliance led by the Inter American Development Bank. He is responsible for the development and maintenance of the LACChain blockchain infrastructure that more than 100 entities are already using in Latin America, the Caribbean and Europe, for more than 50 government and enterprise projects. He plays this role from the IT Department of the Inter-American Development Bank, as the Specialist in Blockchain, Digital Assets, and Quantum Technologies.