Blockchain and quantum computing are two major trends that are rapidly moving forward in technology today. Both offer major potential advancements, but when they come into conflict, one may seriously undermine the other.
Many feel that blockchain will make critical data easily accessible while resolving security and data-quality issues (e.g., The Benefits of Blockchain Across Industries).
As a result, there are moves to place a wide variety of critical information, including electronic health records (Blockchain, Bitcoin and the Electronic Health Record) and financial records (e.g., Poland to Become the First Country to Use Blockchain for Financial Records) on blockchain-based systems.
Quantum computing offers the possibility of making some kinds of computation orders of magnitude faster, especially computing jobs that involve selecting from several alternatives.
An obvious application of quantum computing is the breaking of encryption. It will likely take a few years, but according to an article by Nicole Kobie in Wired, “Dr. Michele Mosca, deputy director of the Institute for Quantum Computing at the University of Waterloo, Ontario, is willing to try to put a number on it, estimating a one-in-seven chance that some fundamental public-key crypto will be broken by quantum by 2026, and a one-in-two chance of the same by 2031.” (The quantum clock is ticking on encryption – and your data is under threat)
How will these trends play out? Will blockchain survive the arrival of quantum computing?
Single Point of Failure vs Failsafe Design
Some blockchain advocates argue that, historically, data has been protected by placing it behind a firewall and that this is suboptimal because privileged users can bypass the protections offered by the firewall and directly access critical data (see “The Benefits of Blockchain Across Industries” above). Encrypting individual data records (each with its own encryption key) allegedly makes the need for access protection go away because downloading and retrieving data is not enough to be able to view it. Because the data is encrypted, multiple copies of the data can be spread across the Internet making it impossible to alter and making denial of service attacks far more difficult.
While it may be true that encryption can be more robust than blocking access to data, there is no reason not to have both. Single-point-of-failure systems are generally unacceptable for critical systems, and this is especially the case when technology is rapidly moving towards ensuring that the single point of failure will fail. Failsafe designs, where any component can fail without the entire system failing, are far more robust.
Traditional database systems allow for two separate approaches to protecting sensitive data:
- Put data behind firewalls, and only allow limited access to authorized users.
- Use encryption—both on the database and on data that moves between systems. This means that if someone can bypass the primary protection, it does them no good because they cannot read the data.
Blockchain in its basic form intentionally eliminates the possibility of the first form of protection and puts the entire weight of data protection on encryption. That is, it moves from a system that can be failsafe to one in which encryption provides a single point of failure.
Suppose that society spends the next 10 years aggressively moving sensitive, personal, financial, medical and other data from behind firewalls out into the open with only encryption protecting it, and then quantum computing breaks today’s encryption technologies.
What will be the result? It will likely be a rapid move to bring all the data back behind firewalls. Because blockchain is designed to have multiple copies of data records freely accessible, this attempt will often fail, and the data will fall into the hands of those who are able to break the encryption.
It is also possible that when quantum computing breaks encryption, it will not be publicly known. Obvious potential users of encryption-breaking technology include, among others, the intelligence agencies of a variety of countries. These agencies may feel that their interests are better served by being free to decode the sensitive information of blockchain users rather than letting them know their data is at risk.
A Better Way
It is true that data quality improvements and access in the event of denial of service attacks are real potential benefits of blockchain. However, these benefits will be rendered meaningless if blockchain cannot deliver on its data-protection guarantees.
One way to look at it would be: If you cheat and cut corners, it is easy to accomplish things.
How can blockchain deliver its advertised benefits without the potential catastrophe of widespread violation of the user’s privacy? Blockchain needs to move fully to a model that incorporates data access controls along with encryption. This will likely include application-based limits on who can be a blockchain host for that application. Ideally these protections should be done at the database level as well as at higher levels so that bypassing access controls is difficult or impossible.
Using encryption as the sole method of protecting user privacy is not likely to be a desirable path forward in a world with quantum computing.
Robust database and other systems that include access controls at row and element levels need to be incorporated into future blockchain frameworks.
Not all blockchain approaches are equally affected by the potential rise of quantum computing. Public blockchains like bitcoin are the most exposed while private blockchains offer the potential to create secure systems. But, just because a blockchain is private does not necessarily mean it was created with a failsafe design. For a background understanding of private and public blockchains, see https://en.wikipedia.org/wiki/Blockchain#Blocks.
Blockchain potentially offers significant enhancements in data accessibility and quality. The threat quantum computing poses to blockchain is real and may cause blockchain to be a catastrophe if blockchain design does not take it into account.
For suggestions on how to implement a secure blockchain, read Ken Krupa’s article in Data Center Knowledge, Blockchain and Data Security: Ways to Mitigate Risks.
For some thoughts on how blockchain will affect post-trade processing of financial products, read my earlier blog post, Is Your Firm Ready for Blockchain-Based Trade Processing?