On March 9th, Ethereum co-founder Vitalik Buterin published a short article on the Ethereum research forum (ethresear.ch) titled “How to Rescue User Funds from Sudden Quantum Attacks through Hard Forks”. In the article, Vitalik outlined how Ethereum could minimize user fund losses in emergency situations in the event of quantum attacks and what procedures should be taken to transition to quantum-resistant forms to restore normal operations.
Here is the full content of Vitalik’s article, translated by Odaily Planet Daily.
Assuming that quantum computers could be achieved tomorrow and malicious actors have somehow gained access to it and want to use it to steal user funds, what should we do? The development of quantum-resistant technologies such as Winternitz signatures, STARKs, etc., is aimed at preventing such scenarios. Once the account abstraction is ready, any user can switch to a quantum-resistant signature scheme at random. But if we don’t have much time, and if quantum attacks come more suddenly than anyone could imagine, what should we do?
I believe that we currently have sufficient conditions to solve this problem through a relatively simple recovery fork. With this solution, the Ethereum network will have to undergo a hard fork, and users will have to download new wallet software, but only a few users may lose their funds.
The main threat of quantum attacks is as follows: Ethereum addresses are derived through the operation keccak(priv_to_pub(k))[12:], where k corresponds to the private key, and priv_to_pub corresponds to an elliptic curve multiplication used to convert the private key to a public key. Once quantum computing is achieved, the elliptic curve multiplication will become reversible (as this is essentially the solving of the discrete logarithm problem), but the hash operation will remain secure. If users have not made any transactions, only the address information is public, so they will remain secure; however, if a user has made even one transaction, the transaction signature will expose the public key, making it possible to expose the private key in front of a quantum computer. Therefore, most users will face risks in this scenario.
However, we have a way to mitigate this threat, with the key point being that most users’ private keys are generated through a series of hash operations in practice. For example, many private keys are generated using the BIP-32 specification, which is based on a set of mnemonic words generated through a series of hash operations; many non-BIP-32 private key generation methods are similar, such as if a user uses a brain wallet, it is usually generated by a password through a series of hash operations (or a moderately difficult key derivation function).
This means that the solution to deal with sudden quantum attacks through a recovery fork will take the following steps:
First, roll back all blocks that occurred after a large-scale attack;
Second, disable the traditional transaction mode based on EOA addresses;
Third, (if not already implemented by then) add a new transaction type to allow transactions through smart contract wallets (part of the content in RIP-7560);
Fourth, add new transaction types or opcodes that allow users to provide STARK proofs; if the proof is successful, the address code of the user will switch to a newly verified code, and the user can then use the new code address as a smart contract wallet.
Fifth, considering Gas savings, since the data size of STARK proofs is large, we will support batch STARK proofs to simultaneously perform multiple types of the above STARK proofs.
In principle, we can start developing the infrastructure needed to implement this recovery fork tomorrow, so that the Ethereum ecosystem can be prepared for sudden quantum attacks.
Join the official Odaily Telegram subscription group:
https://t.me/Odaily_News
Telegram discussion group:
https://t.me/Odaily_CryptoPunk
Official Twitter account:
https://twitter.com/OdailyChina
This article is authorized for reprint by Odaily Planet Daily.