Vitalik posted a post on the Ethereum Research forum discussing "How Ethereum should use hard forks to protect user assets under quantum computer attacks." He advocated using hard forks to roll back transactions and immediately upgrade the signature mechanism, which will effectively protect user assets.

What if a quantum attack happened tomorrow?

Buterin stated that he assumed that tomorrow’s quantum computer would be controlled by a malicious attacker and be able to use it to steal users’ funds.

Preventing this from happening is the goal of quantum-resistant cryptography, and once the account abstraction technology is in place, any user can switch to a quantum-resistant signature scheme at their own pace. But what if you don’t have that much time?

Vitalik believes that Ethereum is ready to make a very simple recovery fork and wallet upgrade to deal with quantum attacks.

Although the blockchain will have to hard fork transactions back, and users will have to download new wallet software to improve signature strength, few users will lose funds as a result.

The battlefront between blockchain and quantum computers: the fight for private keys

Which link does quantum computing break?

An Ethereum address is defined as:

keccak (priv_to_pub(k)) takes the last 20 bytes

where k is the private key, priv_to_pub is the elliptic curve multiplication used to convert the private key to the public key, and keccak is the hash function. The process of Ethereum address generation is:

  1. Generate a private key from a random source.

  2. Generate a public key from an elliptic curve and a private key.

  3. The address is generated by the Keccak-256 hash function.

With quantum computers, elliptic curve multiplication will become reversible (because it is a discrete logarithm problem), but the hash function will still be safe.

This means that if only the address is public, it will be difficult to push back the public key and private key; but if the public key is public, it will be very easy to obtain the private key under quantum computing.

If a user has not made any transactions using their account, then only the address is publicly visible, and these users' wallets are safe even with quantum computing.

But if a user ever makes any transaction, the signature of that transaction will reveal the public key, which in a post-quantum world will reveal the private key, so most users are vulnerable.

How to respond if a quantum attack occurs

Buterin said that the private keys of most users are themselves the result of a bunch of hash calculations. Many keys are generated using BIP-32, which generates each address through a series of hashes starting from a master seed phrase. Many non-BIP-32 key generation methods work similarly: for example if the user has a brain wallet, it is usually a series of hash values ​​(or a KDF of medium difficulty) applied to some password.

This means that the natural structure of EIP can be recovered from quantum emergencies through hard forks of the chain. The fork process is as follows:

  1. Restore all blocks after the first block where large-scale theft was evident

  2. Traditional EOA-based transactions are deactivated

  3. New transaction types have been added to allow transactions from smart contract wallets (such as part of RIP-7560),

  4. If the third step is still technically unavailable: You can add a new transaction type or opcode to EVM, thereby providing STARK proof to introduce a private preimage, an approved hash function ID and a public address, STARK accepts this The hash value of the account's new verification code as a public input. If the proof passes, the user's account code will be switched to a new verification code, enabling them to use it as a smart contract wallet.

For the sake of fuel efficiency (after all, STARK proof capacity is very large), STARK can be used as a batch proof to prove N STARKs of the above type at one time (must be STARK-of-STARK, instead of directly proving multiple statements, because each statement Each user's information needs to be kept confidential from the aggregator).

In principle, the infrastructure to implement such a hard fork could begin building immediately tomorrow, fully preparing the Ethereum ecosystem in case the quantum emergency does occur.

This article What to do if a quantum attack occurs on Ethereum? Vitalik: Don’t worry appeared first on Chain News ABMedia.