Quantum computers today can’t do anything practical. But maybe, say in five to ten years, they will be able to make calculations beyond anything humans have invented. For example, they will make mincemeat of today’s current security arrangements around digital tokens and anything else that’s meant to be cryptographically secure.
Enterprise quantum providers like IBM have been touting this for several years, telling governments and businesses to begin securing sensitive information now in ‘quantum safe’ ways. The idea is that once a competitor or an enemy strikes tech gold, they will see all of your secrets, and it will be too late to start building quantum-secure files.
In the world of fintech, it’s a different story. As blockchain enables people or companies to move value just like the internet moves data, then those tokens – which today sit behind cryptographic safeguards – will be exposed. Bad actors will see all the details of your transactions, assets and liabilities. And your tokens will be there for the plucking.
The industry is starting to wake up to this possibility. From the banking side, HSBC has taken new steps to make digital assets quantum-safe. And a crypto startup, Abelian, is building a new layer-1 blockchain that it says will be safe.
Quantum computers operate off the laws of quantum mechanics, which take over from our familiar, Newtonian reality when things get really, really small. At that ultra-tiny scale, the universe is weird. One of the weird things is that when we observe something, say an electron, we can’t be sure it’s in a given place, or not. Whereas I can point to a drink on my bar counter and it’s either there or it isn’t. The Newtonian world is binary: drink yes or drink no. But in quantum space, it’s probabilities that the drink is there. Instead of zero or one, the way our normal machines compute, it’s zero to one.
Quantum computers are supposed to calculate all the possibilities, zero to one, at the same time, making them incredibly more versatile. They can theoretically crunch algorithms so sophisticated that they can easily find, say, the 12-word phrase that’s your private key to your bitcoin stash.
The hardware, let alone the algorithms, to enable such feats is a ‘work in progress’. The crude quantum computers that we’ve built so far are still pretty useless. But the theory is sound, and big labs around the world are making progress. Even if the industry is in its own hype cycle, the idea that someone, sometime, will crack it is enough to suggest a little preparation is a good idea.
The bank
HSBC grabbed headlines earlier this year when it issued a token pegged to a store of gold bullion, for both institutional investors and for Hong Kong retail investors.
The bank was experimenting with more than just tokenizing real-world assets: it teamed up with technology company Quantinuum to apply quantum-secure tech to the token’s distribution.
The experiment also achieved three other things, according to a white paper the bank has just published.
First, it showed that there are cost-effective ways to protect existing distributed-technology layers without having to completely reinvent the underlying architecture.
Second, it supported interoperability, enabling HSBC’s gold tokens to convert into ERC-20 fungible tokens, which operate across applications based on Ethereum’s settlement layer.
Third, more broadly, it showed the importance of ‘cryptographic agility’, that is, the ability to quickly change the cryptographic algorithms and keys, in case of compromise or if technology develops faster than expected. HSBC shows that it can work in a live environment.
Post-quantum computing for DLTs
Developers in the distributed-ledger tech space have relied on decentralization to provide security. In the post-quantum world, that security no longer exists. But post-quantum cryptography (PQC) involves massively bigger algorithms and key sizes (hashes). That’s bad for performance, which is already a problem for blockchains such as Ethereum.
HSBC’s solution was twofold. First, the bank applied a ‘PQC-VPN tunnel’. The white paper doesn’t explain the tunnel but points to more technical sources, which DigFin will leave to you, dear reader, to enjoy.
Secondly, the bank leveraged Quantinuum’s ability to introduce pure randomness into hash generation (or, ‘quantum-computing-hardened entropy’). Just building more sophisticated encryption hashes won’t fool a quantum computer: the hashes for a wallet must be determined with pure randomness, as only found in nature.
From what DigFin can tell, this is still theoretical, but Quantinuum makes extra-sophisticated hashes with the idea that it’s safe enough for the next few years, until better defenses emerge.
The startup
While HSBC is keen to backstop existing DLT, such as Ethereum, others are looking to create a new generation of quantum-safe blockchains and digital assets.
Duncan Wong is founder of Abelian, a Hong Kong-based tech startup that is building its own layer-1 blockchain, with its own token, Abel.
Wong has been involved in blockchain for trade finance for many years, having run another local startup, CryptoBLK, that provided apps and tooling for Contour, a DLT company for letters of credit, backed by a consortium of banks.
He and teams of researchers have been working on PQC since 2018 but the breakthrough only came in 2022, when his company released the Abelian blockchain.
A simple way to explain this was that Wong took the signature scheme behind Monero, a privacy coin, and applied some advanced mathematics that he says makes it quantum-secure.
In other respects, Abel is similar to bitcoin. It is meant to be decentralized, open source, operating on a proof-of-work consensus method, with a hard cap of tokens (210 million, or 10 times that of bitcoin), and a halving process (every three years), so that all the coins will be mined in about three decades.
The difference is that whereas anyone following a given address on the blockchain can see the transactions, the Abelian system hides wallet balances.
Post-quantum payments
He says the main use case for Abelian is as a payments system, especially for cross-border transactions. Wong argues Bitcoin, which was also conceived as a payments network, stopped being so do by design choices among the developer community. The future of Abelian should also be up to the community; Wong says he will set up a not-for-profit foundation to operate the system that will evolve into a DAO, a decentralized autonomous organization, for making decisions.
Abelian is making a play for the future of B2B cross-border payments, by making pairs against US dollar-based stablecoins (Circle’s USDC and Tether’s USDT). He says the privacy conditions can be tweaked to meet various regulatory requirements, including any KYC laws – but designed so that only the necessary people can view the transaction details.
But Wong envisages a broader use case. The next focus for investment will be layer-two chains and applications, to support DeFi and decentralized exchanges. This involves building post-quantum smart contracts (hard!), which would serve as bridges to other L2s. The idea is that by integrating Abelian smart contracts, other L2s would be gradually making themselves also quantum-secure.
How PQC is Abelian? Wong says there are three components to becoming quantum-safe: the signature scheme which determines your private keys, the wallet itself (the hash function), and the consensus protocol. Another factor is how these three components are put together.
Putting the -ography back in crypto
DigFin can’t tell to what extent Abelian is truly post-quantum, or if it is adding sophistication to push the timeline out, so that defenses can be upgraded as quantum computers evolve. Wong notes, for example, that bitcoin could probably be safe for practical purposes by upgrading the algos it uses in its consensus process.
He hopes the developers of other blockchains will share details about their architecture, design and algorithms, so that Abelian can consult on how they can integrate and step up their own security.
So far, he says Cardano is the only one that makes such information available; Vitalik Buterin, the co-founder of Ethereum, is also discussing the need for going post-quantum, but has yet to release new code. It could be several years before the ERC protocol is post-quantum safe.
Other development teams, however, have not engaged with this question, Wong says. Delay too long, and they and their tokenholders run the risk of waking up one day, and…poof!