Post-Quantum Security of the Bitcoin Backbone and Quantum Multi-Solution Bernoulli Search
share
Bitcoin and its underlying blockchain protocol have recently received significant attention in the context of building distributed systems as well as from the perspective of the foundations of the consensus problem. At the same time, the rapid development of quantum technologies brings the possibility of quantum computing devices from a theoretical conception to an emerging technology. Motivated by this, in this work, we revisit the formal security of the core of the Bitcoin protocol, called Bitcoin backbone, in the presence of quantum adversaries – i.e. adversaries equipped with quantum computers. We show that the security of the bitcoin holds as long as the quantum computational hashing power of the adversary in the Quantum Random Oracle model is appropriately bounded. We analyze the quantum query complexity of a Chain-of-Proofs-of-Work search problem, problem that is at the core of the blockchain protocol, which in turn is related to the complexity of a multi-solution Bernoulli search problem. The query complexity of the latter is performed using a modification of the Zhandry's recording technique (Crypto '19) and can be of independent interest. Our analysis indicates that the security of the Bitcoin backbone protocol is guaranteed provided that the number of adversarial quantum queries is bounded, such that each quantum query is worth O(p^-1/2) classical ones, where p is the probability of success of a single classical query to the protocol's underlying hash function. Perhaps surprisingly, the wait time for safe settlement in the case of quantum adversaries matches (up to a constant) the safe settlement time in the setting of classical adversaries and thus does not result in any further overhead.
READ FULL TEXT