Vitalik's new article: If a quantum attack comes tomorrow, how will Ethereum solve the problem?

Original author: Vitalik Buterin

Translator: Azuma, Odaily Planet Daily

On March 9, Vitalik Buterin, the co-founder of Ethereum, spoke at Ethereum A short article was published on the research forum, titled "Coping with Sudden Quantum Attacks: Protecting User Funds through Hard Forks."

In the article, Vitalik reviews how Ethereum can minimize the loss of user funds in the event that it may face a quantum attack, and discusses the program changes in emergency situations to deal with quantum threats, thereby ensuring that the system can return to normal run.

The following is the full text of Vitalik, compiled by Odaily Planet Daily.

Suppose a quantum computer becomes available tomorrow, and a bad actor has somehow gained access to it and wants to use it to steal user funds, what should we do?

Quantum-resistant technologies such as Winternitz signatures and STARKs were developed to prevent this from happening. Once the account abstraction is ready, any user can randomly switch to a quantum-resistant one. Signature scheme. But if we don’t have that much time, what should we do if the quantum attack comes more suddenly than everyone thinks?

I think,In fact, we currently have sufficient conditions to solve this problem through a relatively simple recovery fork. With this solution, the Ethereum network will have to undergo a hard fork and users will have to download new wallet software, but only a small number of users may lose their funds.

The main threats of quantum attacks are as follows. The Ethereum address is obtained by operating the keccak(priv_to_pub(k))[12:] function, where k corresponds to the private key and priv_to_pub corresponds to an elliptic curve multiplication used to convert the private key into a public key.

When quantum computing is realized, the above elliptic curve multiplication will become reversible (because this is actually the solution to the discrete logarithm problem), but the hash operation is still safe. If the user has not made any transactions, then only the address information is disclosed, in which case they will still be safe; but as long as the user has made even one transaction, the transaction signature will expose the public key, which is impossible in quantum computers. There is the possibility of exposing the private key. So in this case, most users will be at risk.

But we actually have ways to mitigate this threat. The key point is that in practice, most users’ private keys are generated through a series of hash operations. For example, many private keys are generated using the BIP-32 specification, which is generated through a series of hash operations based on a set of mnemonic words; many non-BIP-32 private key generation methods are almost similar, for example, if the user uses It is a brain wallet, which is usually generated by a series of hash operations (or a moderately difficult key derivation function) of a password.

This means that the solution to deal with sudden quantum attacks through restorative forks will take the following steps:

• First, roll back all blocks after the large-scale attack;
• Second, disable the traditional transaction mode based on EOA addresses;
• Third, ( If it has not been implemented by then) add a new transaction type to allow transactions through smart contract wallets (such as part of RIP-7560);
• Fourth, add new transaction types or operations code, through which users can provide STARK proof. If the proof is passed, the code of the user's address will be switched to a new verified code, and then the user can use the new code address as a smart contract wallet.
• Fifth, for the purpose of saving gas and due to the large amount of data required for STARK proofs, we will support batch STARK proofs to conduct multiple STARK proofs of the above types at the same time.

In principle, tomorrow we could begin development on the infrastructure needed to implement this restorative fork, allowing the Ethereum ecosystem to be prepared in the event of a sudden quantum attack.

The above is the detailed content of Vitalik's new article: If a quantum attack comes tomorrow, how will Ethereum solve the problem?. For more information, please follow other related articles on the PHP Chinese website!