Hashing it out: Preparing Web3 for Quantum Resistant Cryptography

May 8, 2024

Remoti recently launched the first episode of its new expert series, featuring renowned figures from the web3 industry. In this episode, we're joined by Tommaso Gagliardoni, a principal cryptographer at Kudelski Security, a Swiss-American cybersecurity company known for its leading position in the industry and thousands of patents worldwide. Kudelski Security specializes in providing customized cybersecurity solutions to global enterprises and public sector institutions.

With a comprehensive background in mathematics and computer security, Tommaso specializes in Cryptography and Quantum Resistant Cryptography Research. Holding a Ph.D. in cryptography, he brings extensive experience, including cryptographic code audits for major clients and research work with IBM. Additionally, he played a pivotal role in enhancing cybersecurity by breaking the security of the Australian smart card protocol.

In this episode, Tommaso provides an in-depth analysis of Quantum Resistant Cryptography, delving into its relevance amid the advancing capabilities of quantum computers. He explores the intricate interplay between cryptographic algorithms and quantum computing, shedding light on the challenges and opportunities presented by this intersection. Additionally, Tommaso clarifies the critical concept of crypto agility, emphasizing its indispensable role in navigating the dynamic digital landscape shaped by cryptographic advancements and quantum computing breakthroughs. This episode offers invaluable insights for those seeking a deeper understanding of Cryptography, Quantum Computing, and Crypto Agility in the rapidly evolving technological landscape.

Web 3 and it's connection to Quantum Computing cryptography

According to Tommaso, quantum computing is an emerging technology that represents a significant leap forward in computation. Although still in an early research phase, it has progressed rapidly in recent years, with prototypes now in existence. These machines exploit quantum phenomena to process information, offering a novel approach to computation that could potentially solve complex problems beyond the reach of classical supercomputers. However, this progress presents a challenge for cryptography, as some mathematical problems solvable by quantum computers are fundamental to cryptographic schemes used for digital security. While quantum computing holds promise for solving industrial problems and benefiting society, it also poses a threat to cybersecurity and blockchain, by potentially compromising widely used cryptographic protocols. This dual nature underscores the pressing need to proactively prepare for the advent of quantum computing in the digital age.

In discussing quantum cryptography, Tommaso highlights its specialized nature in safeguarding information using quantum hardware, distinct from conventional computing devices. While the commonly perceived aspect involves quantum key distribution between two parties through quantum channels, this represents only a narrow facet of quantum cryptography. In reality, quantum cryptography extends to running encryption algorithms on quantum computers, enabling the encryption of quantum data and offering innovative applications such as uncopyable keys and publicly verifiable quantum money. However, these techniques necessitate advanced quantum hardware and networks, which currently exceed existing capabilities. Despite its potential, quantum cryptography remains a futuristic application due to these hardware limitations, promising significant advancements in the future.

Quantum Resistant Cryptography

In his comprehensive analysis of quantum-resistant cryptography, Tommaso Gagliardoni provides valuable insights into its fundamental principles and implications. Unlike traditional cryptography, quantum-resistant cryptography relies on mathematical algorithms specifically designed to withstand attacks from quantum computers. Gagliardoni emphasizes the importance of transitioning to quantum-resistant cryptography sooner rather than later, challenging the common misconception conveyed by the term 'post-quantum cryptography.' He argues that delaying action until quantum computers are readily available poses significant risks to cybersecurity, urging immediate adoption of quantum-resistant cryptographic standards. Gagliardoni's perspective underscores the urgency of addressing cryptographic vulnerabilities in anticipation of future technological advancements. One of the main concerns regarding quantum computing is the fact that the threat could be in gathering the information today and later down the line deciphering the information. This is not relevant for things that are time sensitive and they perish. It is though, for information that never expires like DNA sequences, and others.

Transitioning to quantum-resistant cryptography is essential for safeguarding sensitive information and maintaining cybersecurity in the face of advancing technology. As quantum computers become more powerful and accessible, traditional cryptographic systems will become increasingly vulnerable to attacks. By adopting quantum-resistant cryptographic standards, organizations can proactively mitigate the risks posed by quantum computing capabilities. This proactive approach ensures that sensitive data remains secure and protected against emerging threats, safeguarding both individual privacy and national security interests. Additionally, transitioning to quantum-resistant cryptography fosters innovation and resilience in cybersecurity practices, ensuring that organizations remain adaptable and prepared to address evolving threats in the digital landscape.

“Quantum resistant cryptography is based on mathematical problems that are so hard that not only we don't know how to solve them with a classical computer. But we don't know how to solve them, even with a quantum computer. Which means that in theory this cryptography is going to be resistant even in a world where quantum computers are available to the adversary, and will still be resistant in that scenario”.

Implications of Symmetric and Asymmetric Encryption algorithms

In examining the impact of quantum computing on encryption methods, it's essential to understand the differences between symmetric and asymmetric cryptography. While symmetric encryption, digital signatures, and public encryption serve distinct purposes both theoretically and practically, quantum computing presents unique challenges. Symmetric key cryptography, such as AES block ciphers and SHA-256 hash functions, may face vulnerabilities in theory due to quantum computers' potential edge over classical ones. However, this advantage may not be practically feasible. On the other hand, asymmetric key schemes like RSA and elliptic curve cryptography are more susceptible to quantum attacks, with elliptic cryptography being particularly vulnerable. This distinction highlights the need to update asymmetric cryptography to withstand quantum threats, while symmetric cryptography shows inherent resistance, albeit with some considerations regarding modern schemes and key sizes.

Regarding elliptic curve cryptography (ECC) within blockchain technology and the challenges posed by the emergence of quantum computing, it's essential to note ECC's historical prominence. ECC rose to prominence due to its robust security and performance benefits compared to traditional RSA encryption. Its resistance to sub-exponential attacks and efficient key generation made it the preferred choice for blockchain applications like Bitcoin, where fast arithmetic and small signature sizes are crucial. However, the widespread adoption of ECC has led to a dependency that presents a significant obstacle to quantum resistance. Unlike RSA, ECC is highly susceptible to quantum attacks, necessitating a transition to quantum-resistant cryptography. This shift brings formidable challenges as quantum-resistant schemes currently trail ECC in performance, raising concerns about the scalability and efficiency of future blockchain systems.

When asked about security challenges posed by quantum computing in blockchain technology, Tommaso emphasized the need to address vulnerabilities at the foundational layers. Quantum attacks target the underlying cryptography rather than smart contracts directly, primarily impacting either Layer 1 or Layer 3, depending on one's perspective. The focal point lies in transitioning from elliptic curve cryptography (ECC), widely employed for its efficiency, to quantum-resistant schemes. While certain quantum-resistant schemes offer faster key generation and verification, they often come with larger signal sizes. Therefore, the approach must be tailored on a case-by-case basis to balance performance with enhanced quantum security. Ultimately, securing blockchain applications against quantum threats necessitates meticulous research and the strategic integration of compatible building blocks across layers, ensuring comprehensive quantum resilience.

Impacts of Quantum Computing on Blockchains and Web 3 applications

While acknowledging cryptography as a foundational pillar for blockchain, Tommaso highlights quantum computing's broader implications. Tommaso explains that the primary threat from quantum computers to web applications lies in the cryptography layer. However, he also suggests that scenarios involving the integration of quantum infrastructure into blockchain systems present a paradigm shift, where traditional rules no longer apply. He illustrates this with examples of challenges in exchanging quantum data between nodes, such as the inability to log quantum packets without destroying them and the necessity to encrypt quantum states. Tommaso emphasizes the emergence of new problems and solutions in this scenario, suggesting a divergent path from current interests and practices.

Following on that topic, he addresses the timeline and uncertainty surrounding the development of quantum computers and their potential impact on cryptography. He cautions against providing precise estimates due to the complexity of the technology and its evolving nature. Tommaso emphasizes the need for a proactive approach to adopting quantum-resistant cryptography, regardless of the timeline for quantum computer development. He stresses that the urgency stems from the necessity to safeguard sensitive information, such as genetic data in healthcare, from future quantum threats. Furthermore, he discusses the challenges in standardizing quantum-resistant cryptographic schemes, highlighting the trade-offs between security and performance. Tommaso explores various cryptographic approaches, including lattice-based cryptography and collision-resistant hash functions, while underscoring the importance of thorough scrutiny to ensure their effectiveness.

Crypto Agility and Its Crucial Role in Modern Cryptography

When prompted about contemporary encryption methods for blockchain projects, Tommaso elaborated on the concept of crypto agility, underscoring its pivotal role in modern cryptography applications. He describes it as a versatile approach that enables developers to seamlessly integrate various cryptographic schemes based on their specific functionalities. This flexibility ensures that cryptographic systems can adapt to evolving security requirements and emerging threats, making it a highly desirable feature in cryptographic design.

“That's the Holy Grail for most cryptography applications. Actually, it's called crypto agility. So that's a mix of techniques and design choices that allow you to plug and play different cryptographic schemes according to their functionality. That would be the best way to design a cryptographic application nowadays.”

However, when discussing its implementation in blockchain applications, Tommaso highlights the intricate balance between security and performance. He illustrates this point with an example of blockchain block size limitations, where the size constraints may hinder the adoption of certain cryptographic schemes, especially those with larger signature sizes. This challenge underscores the need for careful consideration and engineering efforts to ensure that crypto agility is effectively integrated into blockchain systems without compromising their performance or scalability.

Despite these challenges, Tommaso remains optimistic about the future of crypto agility in the Web 3 ecosystem. He predicts a gradual transition towards crypto agile solutions as the impact of quantum threats becomes more pronounced. This transition, he suggests, will likely begin with the proliferation of quantum-resistant blockchains or Web 3 applications before eventually evolving into more comprehensive crypto agile systems. Ultimately, Tommaso views crypto agility as the most promising long-term solution for addressing the dynamic security landscape of blockchain technology.

Empowering Web3 Companies: Our Impact in Talent Acquisition

At Remoti, we pride ourselves on our expertise in web3 talent recruitment. Over the past 5+ years, we've been dedicated to sourcing top-tier talent in areas such as cryptography, blockchain, smart contracts development, engineering, operations, marketing, and sales. Our specialization in web3 technologies has allowed us to become a trusted partner for companies seeking to build exceptional teams in this rapidly evolving space.

Explore Our Success Story with Node Capital

Discover our case study with Node Capital, showcasing how Remoti's tailored global solutions have revolutionized talent acquisition for Node Capital's portfolio companies. Through strategic partnerships, we've empowered these firms to overcome talent acquisition challenges, fostering innovation and driving growth within the web3 ecosystem.

Contact us today to explore how we can support your talent needs and propel your web3 initiatives to new heights.