TY - JOUR
T1 - On the insecurity of quantum Bitcoin mining
AU - Sattath, Or
N1 - Funding Information:
This research was supported by ERC Grant 280157, by the Israel Science Foundation (ISF) Grant Nos. 682/18 and 2137/19 and by the Cyber Security Research Center at Ben-Gurion University. Acknowledgements
Publisher Copyright:
© 2020, Springer-Verlag GmbH Germany, part of Springer Nature.
PY - 2020/6/1
Y1 - 2020/6/1
N2 - Grover’s algorithm confers on quantum computers a quadratic advantage over classical computers for searching in an arbitrary data set, a scenario that describes Bitcoin mining. It has previously been argued that the only side effect of quantum mining would be an increased difficulty. In this work, we argue that a crucial argument in the analysis of Bitcoin security breaks down when quantum mining is performed. Classically, a Bitcoin fork occurs rarely, i.e., when two miners find a block almost simultaneously, due to propagation time effects. The situation differs dramatically when quantum miners use Grover’s algorithm, which repeatedly applies a procedure called a Grover iteration. The chances of finding a block grow quadratically with the number of Grover iterations applied. Crucially, a miner does not have to choose how many iterations to apply in advance. Suppose Alice receives Bob’s new block. To maximize her revenue, she should stop and measure her state immediately in the hopes that her block (rather than Bob’s) will become part of the longest chain. The strong correlation between the miners’ actions and the fact that they all measure their states at the same time may lead to more forks—which is known to be a security risk for Bitcoin. We propose a mechanism that, we conjecture, will prevent this form of quantum mining, thereby circumventing the high rate of forks.
AB - Grover’s algorithm confers on quantum computers a quadratic advantage over classical computers for searching in an arbitrary data set, a scenario that describes Bitcoin mining. It has previously been argued that the only side effect of quantum mining would be an increased difficulty. In this work, we argue that a crucial argument in the analysis of Bitcoin security breaks down when quantum mining is performed. Classically, a Bitcoin fork occurs rarely, i.e., when two miners find a block almost simultaneously, due to propagation time effects. The situation differs dramatically when quantum miners use Grover’s algorithm, which repeatedly applies a procedure called a Grover iteration. The chances of finding a block grow quadratically with the number of Grover iterations applied. Crucially, a miner does not have to choose how many iterations to apply in advance. Suppose Alice receives Bob’s new block. To maximize her revenue, she should stop and measure her state immediately in the hopes that her block (rather than Bob’s) will become part of the longest chain. The strong correlation between the miners’ actions and the fact that they all measure their states at the same time may lead to more forks—which is known to be a security risk for Bitcoin. We propose a mechanism that, we conjecture, will prevent this form of quantum mining, thereby circumventing the high rate of forks.
KW - Bitcoin
KW - Cryptocurrencies
KW - Grover’s algorithm
KW - Post-quantum cryptography
KW - Proof of work
KW - Quantum computing
KW - Quantum cryptography
KW - Security
UR - http://www.scopus.com/inward/record.url?scp=85082704378&partnerID=8YFLogxK
U2 - 10.1007/s10207-020-00493-9
DO - 10.1007/s10207-020-00493-9
M3 - Article
AN - SCOPUS:85082704378
VL - 19
SP - 291
EP - 302
JO - International Journal of Information Security
JF - International Journal of Information Security
SN - 1615-5262
IS - 3
ER -