I would like to see FIRO remain at the forefront of privacy and security innovation. With the advent of quantum computing, today’s encryption standards would be broken with relative ease. The implications of this is staggering. Projects like Tidecoin are utilizing a “post quantum” encryption algorithm in an attempt to mitigate this future threat. At what point should we start to consider the implementation of such algorithms? At what point would it be too late? Should FIRO start to consider the testing of post quantum algorithms?
Hey FIDO,
Thank you for your question!
Quantum-resistant schemes are definitely on our radar.
The main concern is that while work can be done to implement ‘post quantum’ encryption schemes today there are many factors to be considered.
- Many such schemes are still experimental and there have been cases where previously thought secure quantum-resistant algorithms are shown to be insecure. While you are only POSSIBLY securing yourself against quantum computers of sufficient power which may or may not exist in the next couple of years, you could end up using an algorithm that is found to be broken today.
Here are some examples:
NIST finalist for post-quantum encryption was cracked. NIST Post-Quantum Algorithm Finalist Cracked Using a Classical PC - SecurityWeek. Similarly, the code and libraries of these algorithms have not stood the test of time.
NTRU Prime: NTRU Prime is a lattice-based cryptographic algorithm designed to be resistant to quantum attacks. In 2020, researchers Bai, Galbraith, and Li discovered an attack on NTRU Prime that was able to recover the private key in certain scenarios. This attack exploited the structure of the polynomial rings used in NTRU Prime, which led to the development of NTRU Prime variants with improved security properties. However, the attack did not completely break the security of NTRU Prime, and it remains a viable post-quantum cryptographic candidate. (Source: Reconstructing with Less: Leakage Abuse Attacks in Two-Dimensions)
SABER: SABER is another lattice-based post-quantum encryption scheme that was submitted to the NIST Post-Quantum Cryptography Standardization process. In 2020, researchers Albrecht, Bai, and Ducas showed that SABER was vulnerable to what is called a “reduction attack” that could potentially break the security of the scheme. The attack relied on a weakness in the “Learning With Errors” (LWE) problem used in SABER, but did not completely break the algorithm. The authors provided recommendations for improving the security of SABER, and it remains a promising candidate for post-quantum cryptography. (Source: WBCD: White-box Block Cipher Scheme Based on Dynamic Library)
As you can see, using post-quantum algorithms today poses risks today vs much more well established algorithms that have been battle-tested over years.
- Besides the potential security risks of using new PQ schemes, many of these schemes come with huge drawbacks in performance be it in size or time. For example, STARK proofs can be 20-100x larger than what we use.
So here we are suffering from known drawbacks of scalability and performance at the cost of only potentially protecting against PQ and also being open to potential vulnerabilities of these new schemes.
But we aren’t just twiddling our thumbs and are identifying potential areas of upgrade where quantum attacks are becoming more of a reality and what are candidates to use to replace. For e.g., we currently use Groth one out of many proofs, but there are already lattice-based versions of it which may be more PQ resistant.
I hope this answers your questions!
Note that there have been many other projects that make quantum resistance their entire selling point, but without naming them, they typically have not fared well and predictably so given the trade-offs.
Some post-quantum updates:
Signal messenger is now integrating the quantum resistant algorythm PQXDH in their service. Here is the article.
Monero is researching post quantum strategies.
Yup we are tracking them closely
This could be the indicator that modern encryption standards have been broken and quantum computers are being used to break it.
https://m.youtube.com/watch?v=HWu8cjDiNGU&pp=ygUZYml0b2luIHdhbGxldHMgZ2V0IGFjdGl2ZQ%3D%3D
# Microsoft: New Chip Means Quantum Computing Is ‘Years, Not Decades’ Away (One million qubits).
Quantum resistant encryption needs to be implemented soon.
Here are the coins with quantum-resistant encryption. These quantum-resistant cryptocurrencies are designed to withstand potential attacks from quantum computers, which could break traditional cryptographic algorithms like RSA and ECDSA used by many blockchains. Below is a concise overview of key cryptocurrencies with quantum-resistant encryption, based on current information:
-
Quantum Resistant Ledger (QRL)
- Overview: QRL is a blockchain specifically built to be quantum-resistant, using the eXtended Merkle Signature Scheme (XMSS), a hash-based digital signature scheme approved by NIST. It avoids elliptic curve cryptography, which is vulnerable to quantum attacks.
- Key Features:
- Status: Fully quantum-resistant and operational since 2018.
-
- Overview: A third-generation blockchain designed with quantum safety in mind, using post-quantum cryptographic algorithms like NIST-approved Kyber 512 and Dilithium.
- Key Features:
- Status: Actively developed, with a focus on quantum-secure applications.
-
- Overview: IOTA’s Tangle technology previously used Winternitz One-Time Signatures (W-OTS), which were considered quantum-resistant. However, after its Chrysalis update (IOTA 1.5) in 2021, it shifted away from prioritizing quantum resistance due to practical issues with W-OTS, such as address reuse vulnerabilities.
- Key Features:
- Status: Not fully quantum-resistant post-Chrysalis, but exploring future upgrades.
-
- Overview: Algorand uses Falcon, a post-quantum digital signature scheme, to sign its blockchain history every 256 blocks, securing past transactions against quantum threats.
- Key Features:
- Status: Partially quantum-resistant, with ongoing development for future-proofing.
-
- Overview: Claims to be an upgrade of Bitcoin’s algorithm, incorporating the Falcon-512 algorithm, which is NIST-selected for post-quantum security.
- Key Features:
- Transitions Bitcoin’s framework to quantum-resistant cryptography.
- Limited information on adoption and network maturity.
- Status: Emerging project, less established than QRL or Cellframe.
Additional Notes:
- Why Quantum Resistance Matters: Quantum computers, using algorithms like Shor’s, could break elliptic curve cryptography (used by Bitcoin and Ethereum) by deriving private keys from public keys. Grover’s algorithm could also weaken hash-based systems, though less severely.
- Challenges: Quantum-resistant algorithms often require more computational power, impacting scalability and transaction speed. Transitioning existing blockchains (e.g., Bitcoin, Ethereum) to quantum-safe systems may involve hard forks or social consensus, which can be contentious.
- Future Outlook: The National Institute of Standards and Technology (NIST) has standardized post-quantum algorithms like CRYSTALS-Kyber, CRYSTALS-Dilithium, and SPHINCS+ (August 2024), which are being adopted by quantum-resistant projects.
- Other Projects:
- Investment Consideration: Quantum-resistant coins like QRL and Cellframe are seen as safer long-term bets due to their proactive security measures, but their market adoption and utility remain critical factors.
Recommendations:
- For Security: QRL and Cellframe are leading in implemented quantum-resistant cryptography.
- For Monitoring: Keep an eye on Algorand and emerging projects like TideCoin for future developments.
- For Legacy Coins: Bitcoin and Ethereum may adopt quantum-safe algorithms via forks, but this is not guaranteed in the near term.
FIRO needs to be on this list!
Asking GROK how long would it take for a quantum computer with one million qubits to break the encryption currently used in Bitcoin and FIRO:
Conclusion
A 1,000,000-qubit quantum computer could theoretically break Bitcoin’s ECDSA encryption for a single exposed public key in ~1–2 seconds using Shor’s algorithm, assuming optimal conditions. However, breaking unspent addresses (protected by hashes) or the entire network would take significantly longer and is currently impractical. Bitcoin’s long-term security depends on adopting quantum-resistant cryptography before such quantum computers become reality.
Firo is not currently quantum-resistant due to its reliance on 256-bit ECC, which a 1,000,000-qubit quantum computer could break in ~1–2 seconds per exposed private key using Shor’s algorithm. However, Firo’s roadmap includes plans to explore quantum-resistant upgrades for Lelantus Spark, indicating proactive awareness. Compared to fully quantum-resistant cryptocurrencies like QRL or Cellframe, Firo is behind but could catch up through future protocol upgrades. For now, its privacy features (Lelantus, Dandelion++) remain its core strength, but quantum vulnerabilities mirror those of Bitcoin and other ECC-based blockchains.