R3 publishes a new post-quantum signature algorithm tailored to blockchains
You might have noticed a few external tweets and reddit posts mentioning that the Corda team has recently announced a new digital signature scheme that unlike RSA and ECDSA, it will remain secure even against a powerful quantum computer. Indeed, our protocol, BPQS, has been published and presented to the IEEE Blockchain 2018 conference which was held in Halifax, Canada a week ago. You can find a copy of the paper in this IACR link.
Note that this post is as less technical as possible and it mainly focuses on:
a) presenting why quantum computers pose a threat to classical cryptography
b) showing why we need to explore quantum resistant algorithms before it’s too late
c) highlighting the false impression that a hashed key policy is immune against quantum attacks
d) explaining why BPQS is a great candidate protocol for post-quantum secure blockchains
* Please read and study the BPQS paper if you want to dive into the cryptographic details on how it actually works and feel free to contact any of the authors for clarifications and potential research collaboration opportunities.
It is also true that this work gained the attention of many researchers, blockchain engineers, industry leaders and HSM (hardware wallet) vendors from all over the world and I got really happy, when after our presentation, and especially the following day, I received more than 50 questions for which I had to draw multiple diagrams and modified Merkle-trees on notebooks and whiteboards in order to explain how BPQS works to excited academics and software developers. Well, this is just the beginning of a new collaboration era for R3 with strong connections to academia and probably joint industry research on “hot” cryptographic topics.
So, how it all begun and what is the secret recipe that makes the BPQS paper unique? To make it clear, it’s not the first scheme that provides post-quantum guarantees, we didn’t even invent a new cryptographic hardness assumption. So what’s the trick? I will just quote three of the reviewers’ comments:
“the idea is fresh and interesting in particular with respect to blockchain applications”, “amazingly, the blockchain structure itself can be used to minimise signature size” and “worth referencing when consider how to improve the blockchain to be quantum resistant”.