The Bitcoin Backbone Protocol Against Quantum Adversaries

Bitcoin and its underlying blockchain protocol have received recently significant attention in the context of building distributed systems as well as from the perspective of the foundations of the consensus problem. At the same time, the rapid development of quantum technologies brings the possibility of quantum computing devices from a theoretical concept to an emerging technology. Motivated by this, in this work we revisit the formal security of the core of the Bitcoin protocol, called the Bitcoin backbone, in the presence of an adversary that has access to a scalable quantum computer. We prove that the protocol’s essential properties stand in the post-quantum setting assuming a general quantum adversary with suitably bounded number of queries in the Quantum Random Oracle (QRO) model. In order to achieve this, we investigate and bound the quantum complexity of a Chain-of-Proofs-of-Work search problem which is at the core of the blockchain protocol. Our results imply that security can be shown by bounding the quantum queries so that each quantum query is worth O(p−1/2) classical ones and that the wait time for safe settlement is expanded by a multiplicative factor of O(p−1/6), where p is the probability of success of a single classical query to the protocol’s underlying hash function.

[1]  Christof Zalka GROVER'S QUANTUM SEARCHING ALGORITHM IS OPTIMAL , 1997, quant-ph/9711070.

[2]  Mark Zhandry,et al.  A note on the quantum collision and set equality problems , 2013, Quantum Inf. Comput..

[3]  Oded Goldreich,et al.  The Foundations of Cryptography - Volume 1: Basic Techniques , 2001 .

[4]  Ran Raz,et al.  Exponential separations for one-way quantum communication complexity, with applications to cryptography , 2006, STOC '07.

[5]  Gilles Brassard,et al.  Tight bounds on quantum searching , 1996, quant-ph/9605034.

[6]  John Watrous,et al.  Limits on the power of quantum statistical zero-knowledge , 2002, The 43rd Annual IEEE Symposium on Foundations of Computer Science, 2002. Proceedings..

[7]  Mark Zhandry,et al.  Quantum-Secure Message Authentication Codes , 2013, IACR Cryptol. ePrint Arch..

[8]  Mihir Bellare,et al.  The Exact Security of Digital Signatures - HOw to Sign with RSA and Rabin , 1996, EUROCRYPT.

[9]  Serge Fehr,et al.  Security of the Fiat-Shamir Transformation in the Quantum Random-Oracle Model , 2019, IACR Cryptol. ePrint Arch..

[10]  Dominique Unruh,et al.  Quantum Proofs of Knowledge , 2012, IACR Cryptol. ePrint Arch..

[11]  Serge Fehr,et al.  Composing Quantum Protocols in a Classical Environment , 2009, TCC.

[12]  Andris Ambainis,et al.  Quantum security proofs using semi-classical oracles , 2019, IACR Cryptol. ePrint Arch..

[13]  Troy Lee,et al.  Quantum Query Complexity of State Conversion , 2010, 2011 IEEE 52nd Annual Symposium on Foundations of Computer Science.

[14]  Takashi Yamakawa,et al.  Tightly-Secure Key-Encapsulation Mechanism in the Quantum Random Oracle Model , 2018, IACR Cryptol. ePrint Arch..

[15]  Fang Song,et al.  Quantum Collision-Finding in Non-Uniform Random Functions , 2018, IACR Cryptol. ePrint Arch..

[16]  Dominique Unruh,et al.  Non-Interactive Zero-Knowledge Proofs in the Quantum Random Oracle Model , 2015, EUROCRYPT.

[17]  Peter W. Shor,et al.  Polynomial-Time Algorithms for Prime Factorization and Discrete Logarithms on a Quantum Computer , 1995, SIAM Rev..

[18]  Mark Zhandry,et al.  How to Construct Quantum Random Functions , 2012, 2012 IEEE 53rd Annual Symposium on Foundations of Computer Science.

[19]  Aggelos Kiayias,et al.  The Bitcoin Backbone Protocol with Chains of Variable Difficulty , 2017, CRYPTO.

[20]  Fang Song,et al.  Quantum Security of NMAC and Related Constructions - PRF Domain Extension Against Quantum attacks , 2017, CRYPTO.

[21]  Mark Zhandry,et al.  On Finding Quantum Multi-collisions , 2018, IACR Cryptol. ePrint Arch..

[22]  Ran Canetti,et al.  Security and Composition of Multiparty Cryptographic Protocols , 2000, Journal of Cryptology.

[23]  Mark Zhandry,et al.  Revisiting Post-Quantum Fiat-Shamir , 2019, IACR Cryptol. ePrint Arch..

[24]  Fang Song,et al.  Mitigating Multi-Target Attacks in Hash-based Signatures , 2016, IACR Cryptol. ePrint Arch..

[25]  Troy Lee,et al.  Quantum Attacks on Bitcoin, and How to Protect Against Them , 2017, Ledger.

[26]  Fang Song,et al.  Making Existential-Unforgeable Signatures Strongly Unforgeable in the Quantum Random-Oracle Model , 2015, IACR Cryptol. ePrint Arch..

[27]  Troy Lee,et al.  Strategies for quantum races , 2018, ITCS.

[28]  Abhi Shelat,et al.  Analysis of the Blockchain Protocol in Asynchronous Networks , 2017, EUROCRYPT.

[29]  Ueli Maurer,et al.  Bitcoin as a Transaction Ledger: A Composable Treatment , 2017, CRYPTO.

[30]  Mark Zhandry,et al.  Secure Identity-Based Encryption in the Quantum Random Oracle Model , 2012, CRYPTO.

[31]  Moni Naor,et al.  Pricing via Processing or Combatting Junk Mail , 1992, CRYPTO.

[32]  Or Sattath,et al.  On the insecurity of quantum Bitcoin mining , 2018, International Journal of Information Security.

[33]  Mihir Bellare,et al.  Random oracles are practical: a paradigm for designing efficient protocols , 1993, CCS '93.

[34]  Christian Schaffner,et al.  Using Simon's algorithm to attack symmetric-key cryptographic primitives , 2016, Quantum Inf. Comput..

[35]  John Watrous,et al.  Zero-knowledge against quantum attacks , 2005, STOC '06.

[36]  Jeroen van de Graaf,et al.  Towards a formal definition of security for quantum protocols , 1998 .

[37]  Igal Sason,et al.  On Refined Versions of the Azuma-Hoeffding Inequality with Applications in Information Theory , 2011, ArXiv.

[38]  S. Rajsbaum Foundations of Cryptography , 2014 .

[39]  Lov K. Grover A fast quantum mechanical algorithm for database search , 1996, STOC '96.

[40]  Tommaso Gagliardoni,et al.  Unforgeable Quantum Encryption , 2017, IACR Cryptol. ePrint Arch..

[41]  Mark Zhandry,et al.  How to Record Quantum Queries, and Applications to Quantum Indifferentiability , 2019, IACR Cryptol. ePrint Arch..

[42]  Kazuoki Azuma WEIGHTED SUMS OF CERTAIN DEPENDENT RANDOM VARIABLES , 1967 .

[43]  Dominique Unruh,et al.  Universally Composable Quantum Multi-party Computation , 2009, EUROCRYPT.

[44]  Ran Canetti,et al.  Universally composable security: a new paradigm for cryptographic protocols , 2001, Proceedings 2001 IEEE International Conference on Cluster Computing.

[45]  María Naya-Plasencia,et al.  Breaking Symmetric Cryptosystems Using Quantum Period Finding , 2016, CRYPTO.

[46]  Mark Zhandry,et al.  Random Oracles in a Quantum World , 2010, ASIACRYPT.

[47]  Fang Song,et al.  Quantum security of hash functions and property-preservation of iterated hashing , 2019, PQCrypto.

[48]  Adam D. Smith,et al.  Classical Cryptographic Protocols in a Quantum World , 2011, IACR Cryptol. ePrint Arch..

[49]  Leslie Lamport,et al.  The Byzantine Generals Problem , 1982, TOPL.

[50]  Tommaso Gagliardoni,et al.  Computational Security of Quantum Encryption , 2016, ICITS.

[51]  Aggelos Kiayias,et al.  The Bitcoin Backbone Protocol: Analysis and Applications , 2015, EUROCRYPT.