Celebrating Six Years of Post-Quantum Security: The Journey of QRL

Read More

Quantum Resistant Ledger

The future of post-quantum resistant blockchains

The rise of quantum computers poses a world changing threat capable of breaking current blockchain systems, except for QRL, the first full-featured quantum-resistant blockchain protocol.

Facing the facts: Quantum computers are quickly becoming a reality

Quantum computing is finally on the verge of becoming commercially useful12 and is being developed at an accelerating pace3. As of this article, two Chinese teams claim to have reached primacy (first stage of being commercially useful) with quantum computers.

Seven out of the top ten tech giants are either publicly competing for market dominance or involved in some capacity4. This includes Google5, Amazon6, Alibaba7, TSMC8, Tencent Holdings9 IBM10, Intel11, Rigetti12 and Microsoft13. Other notable entrants include GlobalFoundries14, PsiQuantum15, Honeywell16, dMY Technology Group III17, and IonQ18.

Additionally, every single one of the G7 countries are either involved in quantum computing like the USA19, China20, France21, Canada22, Japan23, and the United Kingdom24, or getting involved such as Italy25. Some other notable nation states and groups outside of the G7 include the European Union26, and Russia27.

In-Q-Tel, a corporation that uses Central Intelligence Agency (CIA) supplied funds to make strategic investments in companies focused on producing commercially focused technology that’s of value to the national security for the U.S. and its allies, is also invested in the quantum computing initiatives Rigetti, Q-CTRL, and D-WAVE28.

Why? Quantum computers offer advances that aren’t currently possible with classical computers, or can be otherwise sped up by quantum computers. This class of problems solvable by a quantum computer are known in computational complexity theory as bounded-error quantum polynomial time (BQP). This additional class of new problems that can be solved will lead to the revolutionary advancement for AI29, chemistry30, materials science31, finance32, and security33 sectors, combined worth a total of trillions. Financial motives aside, quantum computers can break current public key cryptography used for the Internet, Banks, Blockchain, and many other systems.

There’s a lot on the line, and the time is really running out to act - at least for blockchain.

The security impact is understood and accepted as real

A look at who’s preparing

NIST has initiated a process to solicit, evaluate, and standardize one or more quantum-resistant public-key cryptographic algorithms, and has put out a recommendation for Stateful hash-based signature schemes, including XMSS, which is what Quantum Resistant Ledger uses.

Other organisations preparing for the quantum threat includes Cloudflare, Google, and others34. Banks fully realise what’s on the line and are preparing as well35.

When will quantum computers be an immediate threat?

This is the million (trillion?) dollar question. It’s estimated to take 2330 logical qubits to break most public key cryptography used today36.

Both PsiQuantum (working with GlobalFoundries) and IBM are vying to have one million qubit computers by the end of this decade37. While these aren’t logical qubits, they can form logical qubits that are close to the numbers above. Adding to the mix, quantum computers can be networked together38.

Experts in the field have weighed in from time to time in evaluating the likelihood of a significant quantum threat to public-key cybersecurity, and 77% think there’s at least a 5% chance of it happening within 10 years.

That might not seem like much, but there’s two key components missing.

  1. The risk assessment of cost. For blockchain, that cost is currently 2.6 Trillion (not including NFT’s).
  2. The time it takes to prepare, otherwise evaluated as Mosca’s Theorem

Why waiting for the immediate threat isn’t enough

This is best explained in a metaphor: If you have a fleet of boats that can handle 5 foot waves, but it’s known that 50 foot waves are coming in a few years, do you wait until those 50 foot waves appear in the wild to try and patch your fleed or prepare ahead of time? If you’re smart, you prepare, which involves research, planning, and development and takes time.

It’s that estimated preparation time that you want to use to work back-words for when those 50 foot waves are expected appear. If it takes an estimated 10 years to update a fleet of boats, and you start in the year 2022, your fleet of boats will be ready in the year 2032 to handle 50 foot waves.

Worth a read on this subject is Allen Walters who broke down Mosca’s Theorem and applied to the blockchain.

For everyone, that preparation time will involve research, development, integration/deployment, and migration. It’s no surprise then that we find Google, Cloudflare and others with deployed test implementations by now taking this seriously, even when the immediate danger might seem so far off34.

Updating centralized vs decentralized systems

There are a lot of critical systems that rely on vulnerable cryptography, but they’re also centralized systems, leading to fast-migrations in the case of a black swan event. This means they don’t face some crucial issues decentralized blockchains do.

For blockchains including Bitcoin, ‘not your keys, not your crypto’ is the golden standard, and most people will individually need to update their keys. Banks, on the other hand, hold and control your keys so can upgrade them at any-point. They can, for example, centrally change their cryptography without compliance of their users and the whole process can be done without user interface.

What does this mean for blockchains like Bitcoin?

Most blockchains (including all in the top 10 on CMC) use either Elliptic Curve Digital Signature Algorithm (ECDSA) for public key cryptography, or some variant of it vulnerable to quantum computers39. Using a quantum computer, Shor’s algorithm40 can be used to break ECDSA40.

A paper by Deloitte Netherlands found that 25% of all Bitcoin are potentially vulnerable to a quantum attack, while some estimate that to be higher at 36%.

Anytime you make a transaction, your public key is revealed to the network. At that point, if the quantum computer is fast enough, or the network is congested, a private key can be derived and a new transaction with a higher fee can be made which will process sooner, and empty the persons assets.

More can be read in the paper “quantum attacks on bitcoin, and how to protect against them”.

How Quantum Resistant Ledger comes in

As we’ve found in creating our own blockchain, the process of making a blockchain quantum secure wasn’t merely matter of dropping in another signature scheme and opening a github repository.

We first needed to consult with experts in the field of post-quantum cryptography and begin work on the structure of our codebase, which was first released to github in 2016 and later released as mainnet after a long testnet period in 2018.

And we’re safe from future threats too. The QRL includes the possibility to upgrade signature schemes and cryptographic hash functions, and indicate so through an address format. This brings forward the capability of being crypto-agile, something no blockchain should be without.

This space needs secure, impenetrable blockchain systems more than ever. Right now, cryptocurrency and blockchain’s entire security model rests on the assumption that quantum computers will not exist for at least another decade. When they do emerge and bring with them the ability to break existing protocols, we will be left in a dangerous, high-risk state. We need to address this threat now before it becomes too late.

The Quantum Resistant Ledger is a brand new blockchain system that is post-quantum secure and employs post-quantum computing technologies in its design for absolute security, audited by red4sec and x41 D-sec.

Current features are:

Along with several methods to interact with the foundation to further expand the ecosystem.

  • QRL API: Organized around GRPC which uses protocol buffers for serializing structured data. If you’re working on an integrated application, this is what you want.
  • Explorer API: Great for quickly getting QRL address balances, population, and other such data.
  • Wallet API (requires node): If you’re working with wallets (ie. exchanges and other services), this is recommended.
  • qrl command line (requires node): Comes equipped with the python node, offers simpler functionality to the wallet API.
  • qrl-cli: Executable with mac, linux, and osx binaries, for interacting with the QRL blockchain via scripts and applications without requiring a full node.
  • Suitable documentation and API sites.

On the horizon we have smart-contracts and proof-of-stake which are ending their period of research and entering development along with a UAE developer hub that aims to triple our development output.

This will position QRL as the most secure and feature rich blockchain project that can be counted on for secure digital assets into the future.


  1. Commercialization

  2. Noisy Intermediate-Scale Quantum (NISQ) Computers

  3. Quantum computing pace of development

  4. Top 10 tech companies by marketcap and their involvement with quantum computing

  5. Google

  6. Amazon

  7. Alibaba

  8. TSMC

  9. Tencent

  10. IBM

  11. Intel

  12. Rigetti

  13. Microsoft

  14. GlobalFoundries

  15. PSIQuantum

  16. Honeywell

  17. dMY Technology Group III

  18. IonQ

  19. The USA

  20. China’s involvement with Quantum Computers

  21. France

  22. Canada’s involvement with Quantum Computers

  23. Japan

  24. United Kingdom

  25. Italy

  26. EU

  27. Russia

  28. In-Q-Tel quantum computing investments

  29. Machine Learning & AI

  30. Chemistry & Biology

  31. Materials Science

  32. Quantum Computing in Finance

  33. Quantum Computing and Security

  34. Industry preparedness

  35. Quantum Security in Banks

  36. Qubits needed

  37. Million qubit initiatives

  38. Qubit network

  39. Top blockchain cryptosystems

    • See: http://ethanfast.com/top-crypto.html
    • Bitcoin, ECDSA (secp256k1): Not quantum secure
    • Ethereum, ECDSA (secp256k1): Not quantum secure
    • Binance Coin, ECDSA: Not quantum secure
    • Tether: Ethereum ERC20 token: Not quantum secure
    • Solana: EdDSA (curve25519): Not quantum secure
    • Cardano: EdDSA (curve25519): Not quantum secure
    • XRP: ECDSA, EdDSA (curve25519, secp256k1): Not quantum secure
    • Polkadot: ECDSA, Schnorr, EdDSA (curve25519, ristretto25519, secp256k1): Not quantum secure
    • Shiba Inu: Ethereum ERC20 token: Not quantum secure
  40. Shor’s algorithm