This is the reference code for quantum-safe-crypto-note blockchain protocol.
It is a platform based on CryptoNote; with a goal of providing privacy against quantum computers.
It aim to enable blockchain developers to work on various projects with minimum exposure of quantum-safe cryptography.
In a sense it should be called lattice-based blockchain since I am only considering lattice-based cryptography at the moment. Other quantum-safe crypto, such as hash-based signatures, may be introduced later.
It is NOT an implementation of any cryptocurrency.
If you searched for quantum-safe blockchain and have read thus far, I would assume you are already convinced about the inevitable arrival of general purpose quantum computers. What remains to be said, is how it is going to affect blockchain technologies.
Blockchain technology may rely on the following cryptographic primitives:
Level 1 Basic functionality: A basic blockchain only requires cryptographic hash functions for integrity;
Level 2 Authenticity: Requires digital signature schemes, such as ECDSA: Elliptic Curve Digital Signature Algorithm;
Level 3 Anonymity: Enabling anonymity and authenticity simultaneously requires ring signatures;
Level 4 Linkability: In some use cases, such as cryptocurrency, it is desirable to track double spenders via linking two anonymous blocks; this requires one-time linkable ring signatures.
The above techniques, except for hash functions, are vulnerable to quantum computers. That is, if one uses discrete log or pairing based linkable ring signatures, for example Monero, then there will be two threats:
when a general purpose quantum computer is available (say, 2025), an attacker will be able to impersonate other users;
an attacker may also be able to link all previous transactions (say, between 2017 and 2025) that de-anonymize the whole use base.
The first threat is not so severe as we still have time between now and then to deploy quantum-safe countermeasures. The second, however, requires us to act right now.
You may have heard of the terminology unconditional anonymity. There are classical linkable ring signatures that are unconditional anonymous, which makes them vulnerable against threat #1 while robust against threat #2. Unfortunately, those schemes are not deployed. If we have to transit from existing linkable ring signatures to another one, we might as well do it once for all - move onto quantum-safe primitives.
A few schemes are under considerations.
- Key exchange/encapsulation methods - phase I
- An R-LWE based solution TBD
- need to consider the IP around reconciliation mechanism
- Backup plan: NTRUEncrypt
- Patent expired 2017
- An R-LWE based solution TBD
- Digital Signature scheme - phase I
- Linkable Ring signature scheme - phase II
- Lattice based zero knowledge proof - phase III
- no implementable candidate exists
- Leveled homomorphic encryption schemes - phase IV
- To be decided later
- Use case: privacy preserving smart contract
The above quantum-safe cryptography primitives will be added to the underlying CryptoNote's crypto library. It will not replace the existing ECDH and ECDSA schemes. Rather, those new primitives will run in parallel, in a so-called hybrid mode, to get the best of the two world. In case either ECC or the new primitive fails, the security is still backed by the other cryptosystem. To read more on this, here are a few academic papers on hybrid solutions QSH-TOR, Hyrbid-Cert and as well as some Internet Drafts: QSH-TLS, QSH-IKE.
This is a spare time project of mine that may or may not change in future. You should expect a very slow development on this project. Pull requests are more than welcome.
- Email: quantum dot safe dot blockchain at gmail dot com
- Forum / Google group