Listening to educator, inventor and scientist Scott Stornetta on May 30th during the presentation curated by the Government Blockchain Association Of UAE provided insight into one of the least understood problems in blockchains. Stornetta was part of the team that created what can be called a proto blockchain. With three out of nine references in the bitcoin paper by Satoshi Nakomoto, Stornetta and co-inventor Stuart Haber’s ideas have had an outsize influence on the design of bitcoin and of subsequent blockchains.
Stornetta answered a question about what message he will have if he were to ever meet Satoshi. Stornetta said that he would ask him to fully read the second paper. Here Stornetta is referring to a way to upgrade bitcoin or any time-stamping mechanism, if the signature algorithm is in danger of being compromised.
That paper deals with two topics, one of which is familiar to us from bitcoin and other blockchains. The use of Merkle trees as a way of aggregating the commitments and referring to just the root of the tree, which if timestamped and witnessed properly, ensures immutability of all the leaf documents or transactions. This is a way to refer to lots of transactions with just a single number. This is the basis of the concept of “block” in blockchain.
The paper’s second topic is how to renew the timestamps of documents if the cryptography behind timestamping using signatures is in danger of being broken. The simple prescription is to renew the timestamp, referring to the document (the hash) and the old signature in the new one.
Stornetta and Haber’s concerns were to preserving immutable and unrepudiatable references to digital documents with the time they are entered into a registry. That is not about value exchange and control of assets, like most other blockchains. They also make the observation that the timestamp, if fixed in a chain at a time known to be before the break, can be assumed to be correct.
Many of the cryptographic structures behind any blockchain network are relatively safe from quantum computing as they are based on hash functions which are quantum resistant. For bitcoin and for other blockchains, this means that, Merkle trees and the structure of the chain itself are quite safe as most of this is based on hashes.
The vulnerability of digital signatures to Shor’s algorithm using quantum cryptanalysis is a Damocles sword that hangs over any blockchain that is meant to last for ever. Although, it is improbable that quantum computing will be able to break the signature algorithm in the short term there is a possibility that it will in the long run. For decentralized value exchanges whose longevity should be measured in hundreds of years, this consideration is crucial.
The more quantum vulnerable parts are signatures, as value transfer is based on signatures, the unspent transactions are vulnerable. If quantum computing progresses to a point where the signature algorithm is in imminent jeopardy, the signature algorithm needs to be updated to a quantum resistant one. Moreover, all owners of unspent transactions need to transfer values to the new scheme. This action also needs to be done before the signature scheme is broken. Further, it will need actions from all owners of value to safeguard their assets. This also applies to other forms of asset ownership assertion using asymmetric or public key cryptography. Some of these considerations can be seen in the plans for Ethereum Serenity upgrades.
Once quantum computing for factorization becomes a reality, all stranded assets; for which private keys are lost due to negligence or their owners’ death will start moving again, into the control of people with enough quantum resources.
Facilities for upgrading systems should be part of the initial architecture of any long-lived system. There are many “throw-away” systems that long outlive the initial horizon, so any system has to be created as if it is going to live a long time.