Blockchain Daily News - ICO, STO, TAO, Blockchain
Blockchain Dail Blockchain Dail

How blockchain can resist the quantum computing security threat

Quantum computing poses a threat to many elements of digital security. Is this the case for blockchain solutions such as Ericsson Data Centric Security? We look at the case.

Cryptography is more or less based on mathematical functions called algorithms. These algorithms are designed in a such way that the data is easy to calculate in one direction but hard to calculate in the other direction. So given x, it is easy to find f(x)= y, but given y it is supposed to be hard to find x.

Quantum computing and insecure functions

However quantum computing changes the equation, making some existing cryptography functions insecure, with a new report from the Global Risk Institute estimating a 50 percent risk that public-key cryptography tools will be broken by 2031.

The solution to this problem is simple: stop using the newly insecure mathematical functions and instead use mathematical functions known to be immune from a quantum computing threat.

So far so good. But what are these secure functions?

Hash functions and security

We can start with a mathematical function called a hash function, which remains secure if faced with a quantum computing threat, as long as it fulfills certain criteria. When these criteria are fulfilled, hash functions are unique and create fixed-sized, irreversible fingerprints of data.

In general, a cryptographic hash function is considered secure if—when fed an arbitrary piece of data—it returns a truly random value for every different query while a repeated query returns the same random value each time. For example, you could feed "Security is important" into the hash function, and the output could be "10." But if you feed “Security is a must," you would get back, say, "13." Then if you return to "Security is important," the hash function must once again return "10."

Today's secure hash algorithms are considered among experts to be SHA-2 and SHA-3.

However, there are certain caveats that a hash function needs to fulfill in order to be perceived secure.

Pre-image resistance

First, the hash function must have "pre-image resistance." In principle, it must not be possible to go backwards from an answer to the related question. This means that if the hash function output is "10," to derive that the original feed was "Security is important" must not be possible.

Second pre-image resistance

Second, the hash function needs to have "second pre-image resistance." In principle, it should not be possible from looking at the feed "Security is important" to determine that the feed " Security is always important" will produce the same result. This means that if a hash function is fed with "Security is always important" it should not return "10"—which is the result from the feed "Security is important."

Collision resistance

Third, the hash function must have collision resistance. This is similar to second pre-image resistance. It must not be possible to easily find two messages that have the same hashed result. Even though collisions will exist simply due to the limited range of outputs versus the infinite range of inputs, it must not be possible to easily derive colliding messages.

If both "Security is important" and "Security is always important" resolve to "10," it must not be possible to conclude this result independently. It must take a tremendously (read, improbable) amount of brute force work to discover that the two inputs resolve to the same hashed output.

Ericsson Data Centric Security and quantum computing

So where does this leave the Ericsson Data Centric Security solution?

This solution is based on a blockchain architecture, with two fundamental and crucial parts that make it immune to quantum computing threats: the cryptographic algorithm (SHA2-256) and the Merkle signature scheme also known as a binary hash tree.

The Merkle signature scheme

The Merkle signature scheme is based on a mathematical hierarchical hash tree structure, which has the shape of a tree in which the lower branches have the largest amount of leaves. The higher in the tree, the smaller the branches and the fewer leaves on each branch, until the top is reached.

Native hash data is fed into the bottom of the tree, as source input. The architectural functionality is then to concatenate all hash data from the lower layers into next layer of branches until the top of the tree is reached, where a root hash is produced. The Merkle tree works in a dedicated and confined time slot of one second. This means that each Merkle tree schema, with the associated concatenation action and the creation of a tree-top root hash, is carried out and processed every second.

Thereafter the Merkle tree schema is torn down, for the next second to become rebuilt again and again—and so on for every second into the future. What is important to acknowledge in context to the Merkle tree is that the hash tree is secure as long as it uses a secure hash function in its architecture that is resistant to pre-images and second pre-images as, for example, SHA2-256 or above.

Unique blockchain security

Another fact that makes the Ericsson Data Centric Security blockchain solution unique is the way the blockchain is securely created and processed every second. Since each root hash is time-stamped and cryptographically interlinked with the previous time slot hash value, the digital blockchain ledger becomes immutable for backwards changes in time, as well as for other general tampering.

So finally, against a quantum computing threat, a "perfect" hash function of output size "n" bits still offers strong resistance as long it is above 128 bits—which means 2 to the (n/2) power or above, for example, with SHA2-256, a 256-bit output. In this case, the best quantum computer would still need 2 to the 128th power of simultaneous operations (that is, with current technology too many to be feasible by a huge margin) to break pre-image resistance. Further a possible attack has to be executed within one second for each leave in the binary hash tree at the same time in order to become close knowing what information is being hashed, concatenated and processed, which is today know to be impossible even for furture quantum computers, which makes Ericsson Data Centric Security the perfect choice for thwarting quantum computing threats.

By Mads Becker Jorgensen, Ericsson.

Mads Becker Jorgensen
Mads works as Technical Product Manager in the security product line at Ericsson in Kista, Stockholm. Mads has a background as an Information Security Specialist with over 15 years field work, both hands on and conceptual, as a consultant via various international security companies. Mads' focus is on the value of holistic security and especially how to prove and measure it by working with people processes and technology. Mads’ favorite question is "If you can´t measure the value of security, how do you really know it works, and how do you prove it when you need it?" The answer is ... you simply don´t.

Les médias du groupe Finyear

Lisez gratuitement :


Le quotidien Blockchain Daily News :
- Blockchain Daily News

Sa newsletter quotidienne :
- Blockchain Daily News Newsletter
Recevez chaque matin par mail la newsletter Blockchain daily News, une sélection quotidienne des meilleures infos et expertises en Blockchain révolution.

Sa lettre mensuelle digitale :
- The Chief Blockchain Officer


Le quotidien Finyear :
- Finyear Quotidien

Sa newsletter quotidienne :
- Finyear Newsletter
Recevez chaque matin par mail la newsletter Finyear, une sélection quotidienne des meilleures infos et expertises en Finance innovation & Digital transformation.

Ses 5 lettres mensuelles digitales :
- Le Directeur Financier
- Le Trésorier
- Le Credit Manager
- The Chief FinTech Officer
- The Chief Digital Officer

Finyear magazine trimestriel digital :
- Finyear Magazine

Un seul formulaire d'abonnement pour choisir de recevoir un ou plusieurs médias Finyear

Mardi 27 Septembre 2016

Nouveau commentaire :

Your email address will not be published. Required fields are marked *
Votre adresse de messagerie ne sera pas publiée. Les champs obligatoires sont indiqués avec *