NEW YORK – $3 trillion of cryptocurrency assets are, or soon will be, vulnerable to hacking by quantum computers, one of China’s top cryptographers told an Asia Times webinar on November 30.
You won’t know if it’s happening until it’s too late, Professor Jintao Ding of Tsinghua University explained. And the best thing about hacking Bitcoin, he explained, is that it isn’t against the law.
Crypto analysts have worried about the quantum invasion for some time. Motley Fool’s Zhiyuan Sun wrote in September, “The rise of quantum computing may soon give governments a means to crack down on Bitcoin and other types of cryptocurrencies… Governments could potentially decrypt digital currencies or launch hash attacks to take over their network for a regulatory shutdown with these machines.”
“Most governments like Bitcoin as much as we like walking with rocks in our shoes,” Sun added. No government dislikes Bitcoin as much as China, which banned onshore trading of cryptocurrencies in 2019 and forbade Chinese from trading on offshore crypto exchanges last September.
“Our modern information system relies completely on public key cryptography, including Bitcoin,” Ding told the “Data Wars” webinar, co-sponsored by the American Affairs journal and Asia Times. “If we have a quantum computer, our Zoom would be finished, and everything actually—the whole information system, because our fundamental security solution relies on it.”
Public key cryptography based on the RSA standard has been in use since the late 1970s. Each user has a public key for purposes of identification, and a private key—a password—for decryption.
The public key is based on two very large prime numbers, which are secret; only the recipient knows the prime numbers, which are required to decrypt the message. Factoring extremely large numbers into primes, decrypting the private key requires factoring extremely large numbers into primes, something that takes supercomputers a very long time to do.
As computers get faster, cryptography uses bigger numbers. But quantum computers will be able to factor extremely large numbers into primes very quickly. Maybe they already can—but if that’s the case, no one is saying so yet.
Today’s encryption methods “can be broken by quantum computers. We must work together to have a smooth transition from the current situation and find a solution. We have to do it. And the transition process will be very difficult,” Ding added.
Mathematicians have known that quantum computers would be able to break the RSA code quickly since 1994, when Peter Shor published an algorithm for factoring extremely large numbers into primes.
Development of such a quantum computer is inevitable, Ding argues. There are rumors in the tech world that machines capable of using Shor’s algorithm to break RSA already exist.
When will that happen? It might have happened already, but if it has, no-one will let on, Ding explained.
“Watch the movie ‘Imitation Game’ about [Alan] Turing,” the great British mathematician who led the team that broke the German Enigma code during World War II. British signals intelligence (GCHQ) didn’t reveal until the 1970s that it could read German coded messages in close to real time during World War II. “If I can read every message, why wouldn’t I keep quiet about it? I would be in a very good position. I think this is what I would do,” he said.
In 2019, I serialized a spy thriller in Asia Times under the title, The Quantum Supremacy, premised on just such a scenario.
What does that mean for Bitcoin?, I asked Ding during the webinar.
He replied: “That’s a very good question. In my opinion, once you have a quantum computer, blockchain and Bitcoin are finished. Let me expand a bit. You don’t own Bitcoin. The owner is your private key. When they give you the money, they give it to an address. The address is a short form of your public key. They use that to verify the address. Only you have the private key; everyone knows the public key to verify that it is from you.”
“When they give you the money, they give it to an address,” Ding said. “ The address is a short form of your public key. We use that to verify when you give me the coins. But if I don’t know the private part key, if I only know the address. I cannot take anything.”
“But if I have a quantum computer,” Ding continued, “what I would do first is to get all the coins, because there’s no liability there. I wouldn’t attack banks—then there’s a big lawsuit, or you go to jail. But with a quantum computer, I just take the Bitcoin. It’s legal in my opinion. I didn’t do anything; I just see your public key and use your private key and assign the money to my own account.”
That’s the downside of anonymity. Your name and government ID number aren’t linked to a Bitcoin account (as they are to an ordinary bank account). Your proof of ownership is simply the fact that you have the private key (your password). If someone else hacks that, you have no legal recourse.
Bitcoins have another vulnerability, Ding said. “When I do a transaction, there’s 10 minutes delay because we have to confirm the transaction. In this period, if your transaction is delayed, if people have a quantum computer, then they can do a new transaction to replace your transaction, and then they can send it all the funds to themselves. Then you’re finished. They can just take all your Bitcoin right away.”
The professor doesn’t think that the cryptocurrency world’s efforts to enhance security will do much good. “Bitcoin did an update called Taproot,” he said. “This is actually very bad because in this case, because they are very much prone to attack from content within it.” Taproot creates an interface between Bitcoin and ordinary cash transactions, in order to reduce transaction costs.
If quantum computers capable of hacking your crypto account exist, they are in the hands of governments or large corporations with the resources to build them. If and when such quantum computers are functional, their owners won’t draw attention by stealing from individual bitcoin accounts.
If a state actor hacks cryptocurrency transactions, it almost certainly would use that capability to monitor ownership of these assets for intelligence purposes. Knowing who is trying to hide money, or transfer money away from the scrutiny of regulators, would give the intelligence service of any country enormous political leverage.
But if the whole $3 trillion crypto market were to disintegrate, no one would be more pleased than China, which wants to promote its own digital yuan at the expense of anonymously traded Bitcoins.