Celebrating Six Years of Post-Quantum Security: The Journey of QRL

Read More

In celebration of NIST's approval of the XMSS signature scheme, we are proud to present a website and logo refresh.

Today, in celebration of NIST’s approval of the XMSS signature scheme, we are proud to present a website and logo refresh

advocacy enqlave

11th December 2020

A look at NIST’s approval of the XMSS signature scheme

On October 29th, 2020, The National Institute of Science and Technology (NIST) announced the release of Special Publication (SP) 800-208, aptly titled “Recommendation for Stateful Hash-Based Signature Schemes”.

XMSS is a big part of that recommendation, which the Quantum Resistant Ledger (QRL) foresaw by outlining in their QRL whitepaper and bringing their first testnet node online in 2016, four years ago, after discussions with developers, post-quantum cryptographers, and research into the existing roadmap of blockchain technology. Along with this, a core technical team with members that includes core blockchain developer Kaushal Kumar Singh, PhD post-quantum cryptographer Leon Groot Bruinderink, and full-stack developer JP Lomas was assembled.

Fast forward to June 2018, and after 2 years of testing and multiple external audits, mainnet (actinium) was released. This foresight and focus on unparalleled security would cement QRL as a blockchain for visionaries, academics, and enterprises alike.

Outside of the blockchain space, QRL wasn’t alone in recognizing XMSS’s capabilities. PQ-CRYPTO, a consortium lead by a steering committee of post-quantum cryptographers such as Daniel J. Bernstein and Tanja Lange, also recognized this, recommending XMSS as part of their initial recommendations as far back as 2015.

The reasoning for XMSS was multi-fold. First, hash-based cryptosystems are really old, dating back as far as 1979, so are well understood from an implementation perspective. We know how they tick, how to integrate them successfully and what to look for from a security standpoint. Secondly, the primitives that XMSS are built from are minimal and well understood as being post-quantum secure. These things makes XMSS the first provably (forward) secure and practical signature scheme with minimal security requirements.

Finally, XMSS is a stateful signature scheme, and with the blockchain being stateful as well, the fit is natural - though no small feat!

Why acknowledge the threat? Because commercially available quantum computers are here now, and progress is accelerating to bring them to scale

As quantum computing presents revolutionary opportunities for AI1, chemistry2, materials science3, finance4, security5, and more, the USA6, China7, EU8 and other nation states are investing heavily into quantum computing. Beyond that, with 8 out of the top 10 tech giants (by marketshare)9 such as Google10, IBM11, Intel12, Rigetti13 and Microsoft14 are either competing for market dominance or involved in some capacity. Needless to say, quantum computing is finally on the verge of becoming commercially useful1516 and is being developed at an accelerating pace17. The takeaway here is that this is real, and while it presents exciting opportunities, it also brings with it important security considerations and precautions that we should be taking.

And blockchain needs to be ready, early. Period.

The National Institute of Science and Technology (NIST), along with Cloudflare, QRL, and others are preparing in advance18. Banks are preparing as well19, and most services you use have the benefit of being centralized, leading to fast migrations in the case of a black swan event. To put it as a simple metaphor, banks have the keys to their users’ assets, and can update everyone’s keys in a weekend. With blockchain, everyone has their own set of keys that will need updating individually, and that will take years.

All things considered, it’s not likely to be an easy or quick migration for blockchain systems. A closer look at difficulties can be found in our recent video “No! You can’t just Quantum Soft fork Bitcoin! Or can you???”

Risk tolerance, and opportunity, needs to be considered as well. Even if quantum computers can’t break the cryptography of Bitcoin, Ethereum, and other altcoins as they exist today, they will be able to break it someday, and it’s important to apply Mosca’s Theorem20 and work backwards. That is, if it takes 10 years for people to migrate, then blockchain systems need to be ready 10 years before quantum computers can break things, and that’s not including the time to develop and reach consensus. The paper, “Quantum Attacks on Bitcoin and How to Protect Against them”, models that it could be as early as 2027.

Other models exist, such as QCCalc created by a QRL Community member.

The bottom line is, with a total marketcap of over $500 Billion as of this post and something most of us wish to be much higher, risk tolerances needs to be much lower and security needs to be paramount.

At QRL, we’re not willing to wait around.

Introducing project enQlave: Securing Ethereum Crypto Assets and Saving Blockchain

Outside of the threat of governments, quantum computers remain the second biggest perceived risk to Bitcoin.

The Quantum Resistant Ledger is ready. Today.

For the rest of the blockchain space, earlier this year we announced enQlave: The quantum safe for your crypto assets, an initiative that integrates the XMSS signature scheme and our experience to help protect any users digital assets of any blockchain with expressive enough smart contracts. The blockchain we’re starting with is Ethereum, and when Ethereum 2.0 enables expressive enough smart contracts (like we’re sure they will), then you’ll be able to protect your Ethereum 2.0 assets as well.

This will be possible through a simple UI using a non-custodial hybrid post-quantum secure multisig Ethereum wallet. EnQlave is complete and is presently under an audit through x41 D-Sec, though will undergoing further improvements before release. Be sure to check out our introduction post or take a deeper dive.

While enQlave will allow people to protect their Ethereum digital assets from the quantum threat, the most efficient and complete ecosystem built from the ground up with security as a foundation will always be QRL.

Enter the Quantum Resistant Ledger: A feature rich visionary blockchain for digital asset security with continuous progress

With a quantum secure foundation, mainnet (actinium) was completed with a full suite of functionality that has formed the bedrock for additional features down the road. That included:

  • A 100% post-quantum secure address space
  • GUI wallets for Mac, Windows, and Linux
  • Quantum Resistant Tokens (QRT’s)
  • Quantum Resistant Notarisation, and
  • Crypto-agility with an extensible address format

This year QRL has seen the release of Bromine, which added:

  • Quantum Secure Multi-signature addresses & transactions
  • Ephemeral Messaging LatticeTX - Project Mercury
  • An upgraded consensus protocol to RandomX

And looking ahead, future forks such as Cesium and Dysprosium are slated to include:

  • Full Ephemeral Messaging System functionality
  • Proof-of-Stake, and
  • Smart Contracts

Where we’ve been and where we’re heading can be seen on our refreshed roadmap page, and none of this would be possible without the support of open-source contributors from our community. As of the date of this post, we’ve had a total of 8540 contributions between 48 contributors over 29 public MIT open-sourced repositories.

The refresh

For our branding and refresh, we worked closely with cryptogang, a design agency that specializes in defining the design brand and identity of blockchain projects. We’d say the results speak for themselves.

For media/press outlets, or for some inspired creativity, our new Press Kit page is an easy place to quickly grab these QRL brand assets.

We hope you enjoy the update.

Stay informed with our QRL newsletter

With the launch of the new website, we’re bringing back our QRL email newsletter.

To abide by the new GDPR regulations, for those that are subscribed to our previous newsletter and would like to keep hearing from us, you’ll need to opt in again.

If you haven’t done so already, be sure to subscribe to stay informed on the latest QRL news.

References


  1. Machine Learning & AI

     ↩︎
  2. Chemistry & Biology

     ↩︎
  3. Materials Science

     ↩︎
  4. Quantum Computing in Finance

     ↩︎
  5. Quantum Computing and Security

     ↩︎
  6. The USA

     ↩︎
  7. China

     ↩︎
  8. EU

     ↩︎
  9. TOP 10 tech companies by marketcap and their involvement with quantum computing

     ↩︎
  10. Google

     ↩︎
  11. IBM

     ↩︎
  12. Intel

     ↩︎
  13. Rigetti

     ↩︎
  14. Microsoft

     ↩︎
  15. Commercialization

     ↩︎
  16. Noisy Intermediate-Scale Quantum (NISQ) Computers

     ↩︎
  17. Quantum computing pace of development

     ↩︎
  18. Industry preparedness

     ↩︎
  19. Quantum Security in Banks

     ↩︎
  20. Mosca’s Theorem

     ↩︎

Jack Matier

WRITTEN BY

Jack Matier