The convergence of quantum computing and blockchain-based credentials presents significant opportunities and challenges. By proactively addressing the expanded threat vector and implementing robust security measures, we can ensure digital credentialing systems’ continued integrity and trustworthiness in a post-quantum world. How do you perceive the potential risks posed by the convergence of Quantum Computing and blockchain-based credentials in your specific context or industry?  

Implications

Cryptographic Vulnerability

Quantum computing poses a significant threat to blockchain technology’s cryptographic algorithms. Public-key cryptography, which secures blockchain transactions and credentials, is particularly vulnerable. Quantum computers, with their ability to solve complex mathematical problems exponentially faster than classical computers, could break these cryptographic schemes, rendering blockchain-based credentials insecure.

Data Integrity and Trust

The integrity of blockchain-based credentials relies on the immutability and security of the blockchain. Quantum computing threatens this foundation by potentially enabling the alteration of blockchain records. This could undermine trust in the entire credentialing system, as the authenticity and validity of credentials could no longer be guaranteed.

Regulatory and Compliance Challenges

The advent of quantum computing necessitates a reevaluation of regulatory frameworks governing digital credentials. Governments and regulatory bodies will need to establish new standards and protocols to ensure the security of blockchain-based credentials in a post-quantum world. This could involve significant changes to existing laws and compliance requirements, creating a complex and evolving regulatory landscape.

Expanded Threat Vector

Quantum-Enabled Attacks

Quantum computers could facilitate new types of cyber-attacks that are currently infeasible. For instance, Shor’s algorithm, which can factorize large numbers efficiently, could break RSA encryption, a cornerstone of blockchain security. This would enable attackers to forge credentials, manipulate transactions, and compromise the entire blockchain network.

Data Harvesting for Future Decryption

Adversaries may engage in “harvest now, decrypt later” attacks, where they collect encrypted data today intending to decrypt it once quantum computers become powerful enough. This poses a significant risk to the long-term confidentiality of blockchain-based credentials and other sensitive information.

Centralization Risks

The need for quantum-resistant cryptographic solutions could lead to centralization within the blockchain ecosystem. Entities that develop and control these solutions may gain disproportionate power, creating central points of failure and control. This centralization contradicts the decentralized ethos of blockchain technology and introduces new vulnerabilities.

Interoperability and Migration Challenges

Transitioning to quantum-resistant cryptographic algorithms will be a complex and resource-intensive process. Ensuring interoperability between legacy systems and new quantum-resistant systems will be challenging. Organizations will need to manage the migration carefully to avoid disruptions and vulnerabilities during the transition period.

Case Studies and Examples

Google’s Quantum Supremacy?

Google’s announcement of achieving quantum supremacy with its Sycamore processor highlights the rapid advancements in quantum computing. This milestone underscores the urgency of developing quantum-resistant cryptographic solutions to protect blockchain-based credentials and other sensitive data.  At this point in the commercial hype cycle surrounding quantum, however, this announcement should be looked at as still firmly in the early, early stage of the ‘on the rise’ phase of the hype cycle.

NIST’s Post-Quantum Cryptography Project

The National Institute of Standards and Technology (NIST) has been working on standardizing post-quantum cryptographic algorithms. This initiative aims to develop cryptographic solutions that can withstand quantum attacks, ensuring the long-term security of blockchain-based credentials and other critical systems.

Estonia’s e-Residency Program

Estonia’s e-Residency program, which leverages blockchain technology for digital identity, is exploring quantum-resistant cryptographic solutions to safeguard its digital identities against future quantum threats. This proactive approach serves as a model for other nations and organizations looking to secure their digital credentialing systems against emerging quantum risks.

What Next?  Future-Proofing Strategies

1. Adoption of Quantum-Resistant Algorithms:  Organizations must begin integrating quantum-resistant cryptographic algorithms into their blockchain systems. This includes exploring solutions like lattice-based cryptography, hash-based cryptography, and quantum key distribution (QKD) to ensure long-term security.
2. Continuous Monitoring and Threat Assessment:  Regularly assessing the threat landscape and monitoring advancements in quantum computing is crucial. Organizations should engage with external security experts to evaluate their current security posture and implement best practices to mitigate risks.
3. Collaboration and Standardization: Collaboration between industry, academia, and government is essential to develop and standardize quantum-resistant solutions. Initiatives like NIST’s post-quantum cryptography project exemplify the importance of collective efforts in addressing this global challenge.
4. Education and Awareness:  Raising awareness about the implications of quantum computing and the need for quantum-resistant security measures is vital. Stakeholders across various sectors must be educated on the potential risks and the steps required to safeguard their systems.

Quantum Day (aka “Q-Day”) is a Gray Rhino Stridently Galloping Straight at Your Organization:  “Q-Day” is a scenario where “no more secrets” becomes a reality, as previously secure communications and data could be vulnerable to decryption by entities wielding quantum computational power (also known as “Quantum Supremacy”).  Find a breakdown, analysis, and future scenarios here.

The OODA Loop Digital Self-Sovereignty Research Initiative:  Digital self-sovereignty is the new “build”  as legacy systems get swapped out in a sometimes violent, always exponential fashion. To be clear, we are positioning digital self-sovereignty as a solution to our current problem set that will “still stand” even if this current geopolitical, exponential technology-driven inflection point manifests  – for a prolonged period  – as dark age-esque global societal systemic failure (per The Ministry of the Future). Ironically, this same uncertainty, chaos, and violence are the primary drivers (and new incentive structure) behind this new system’s development.  In this post, we “set levels” and offer working definitions for our forthcoming Q324 (going right into OODAcon 2024) series of posts as part of our Digital Self-Sovereignty Research Initiative.

The e-Estonia Digital Residency Program, also known as e-Residency, is a pioneering initiative launched by the Estonian government in December 2014. This program allows individuals from anywhere in the world to apply for a digital identity issued by the Estonian government, enabling them to access a variety of online services provided by Estonia.  The program allows non-residents to access a variety of Estonian public services and conduct business within the European Union without physically being in Estonia as part of the country’s broader strategy to leverage digital technology to enhance governance and economic activity.

Additional OODA Loop Resources

For our News Briefs and Original Analysis research efforts to date on this topic, go to OODA Loop | Digital Self-Sovereignty

Related topics include:   OODA Loop | Quantum   OODA Loop | Blockchain    OODA Loop | Trust      OODA Loop | Zero Trust    OODA Loop | Trustworthy AI

Reorient Your Organization: Scenarios Exploring a Quantum Attack on Critical U.S. Power Grid Infrastructure:  The Hudson Institute report on “Risking Apocalypse? Quantum Computers and the US Power Grid” highlights the significant threat posed by potential quantum computer attacks on the US power grid. It emphasizes the grid’s vulnerability to such attacks, which could decrypt existing encryption systems and cause catastrophic outcomes. As we navigate the complexities of the quantum era, we used this scenario to formulate additional scenarios for your strategic consideration, including recommendations and insights for your organization (garnered from applying scenario planning and systems thinking methodologies).

From Quantum Foundations to Universal Insights: Embracing First Principles Thinking for Better Understanding Of How Things Work:  If you believe in first principles thinking, you need to know some basic facts about the quantum world.

Quantum Computing and Quantum Sensemaking: Quantum Computing, Quantum Security, and Quantum Sensing insights to drive your decision-making process. Quantum Computing and Quantum Security

Digital Self-Sovereignty: Securing and Developing a National Strategy for Web3: Last year, OODA CTO Bob Gourley spoke with MITRE Futurist Charles Clancy on our Quantum Enabled Future. During that conversation, Clancy also shared some MITRE research efforts on Web3 and the Future of the Internet, which dovetailed into our Digital Self-sovereignty thematic research efforts.  Following is another valuable contribution from the MITRE reseach team germaine to the theme.

The Future of the Internet, Trust and Web3: Data and Digital Sovereignty Versus Digital Self-Sovereignty: Charles Clancy, Chief Futurist at MITRE, and his co-authors of a recent report –  “Democratizing Technology: Web3 and the Future of the Internet” – provide the best framing of a “robust and decentralized, democratized alternative to the existing technology stack” and “the establishment and advancement of alternative technological paradigms to protect the public interest by making authoritarian misuse difficult or impossible.”

Blockchain-enabled Digital Self-Sovereignty – Patients will be Able to Sell Healthcare Data via Blockchain-based Exchange:  We recently took a look at a plan to build a SaaS-based marketplace where patient information is structured for sale to researchers by way of a blockchain exchange.  Our reporting and analysis are based on an initial report by Lucas Mearian over at Computerworld, as well as direct announcements and project details from the companies that have partnered on the project. 

Maintaining Societal Trust During Technological Disruption: How do we maintain societal trust as individuals migrate from platform to platform, identities get impersonated, and technologies like ChatGPT and Midjourney produce conversations and images indistinguishable from the truth through malicious prompts or hallucinations?  This topic was examined at length OODAcon 2023, exploring the trust threats and emerging trust wars and looking to identify solutions that help alleviate these risks.  The following captures insights from a discussion between Heather McMahon, UMD Applied Research Lab for Intelligence and Security and SJ Terp, Cognitive Security Expert.  For the program description for this session, see OODAcon 2023 – Zero Trust Societies and Disruptive Technologies.

Building Trust Into Blockchain:  What is the future of blockchain innovation? And how might blockchain technologies enable new models for business and governance?  The topic of building trust back into the blockchain was examined at length at OODAcon 2023.  The following captures insights from a discussion between Angela Dalton, CEO and Founder, Signum Growth; David Ackerman, CCO MobileCoin; and Mohsan Farid, Co-Founder, LedgerOps. For the program description for this session, see Building Trust Back into Blockchain.

Blockchain Security: National Security, Cybersecurity, and Health Security:  The OODA Loop Blockchain Series includes case studies of blockchain security initiatives and cybersecurity incidents.  We tracked down the best-in-class research efforts and subject matter experts to explore how they are “framing and naming” the formative issues around blockchain security, including the national security, cybersecurity, and health security promise and peril.

Innovative Blockchain Technology Case Studies (by Industry Sector):  Over the course of 2022 and 2023, The OODA Loop Blockchain Series has explored blockchain disruption in the market and new opportunities created by blockchain technologies in both the public and private sectors.  Innovative blockchain technology efforts (by industry sector)  – with a focus on how the blockchain enables new business models, opportunities for innovative value proposition design, and decentralized governance – are listed here.  Industry sectors include: The Financial Sector and Monetary System; The Technology Sector (Semiconductor Subsector); The Automotive Sector and the Future of Mobility; and The Bioeconomy, Biotechnology, and Healthcare.

On Trust and Zero Trust: New Paradigms of Trust, Designing Trust into Systems, and Trustworthy AI:  The future of trust is a broad research theme at OODA Loop, overlapping with topics like the future of money (ie. the creation of new value exchange mechanisms, value creation and value storage systems – and the role trust will play in the design of these new monetary systems). Likewise, notions of trust (or lack thereof) will impact the future of Generative AI, AI governance (i.e. Trustworthy AI) and the future of autonomous systems and exponential technologies generally.  This post is a compilation of OODA Loop Original Analysis and OODAcast conversations concerned with trust, zero trust and trustworthy AI.

Embracing Corporate Intelligence and Scenario Planning in an Uncertain Age: Businesses also confront unpredictable external threats besides traditional competitive challenges. This environment amplifies the significance of Scenario Planning. It enables leaders to envision varied futures, thereby identifying potential risks and opportunities. Regardless of size, all organizations should allocate time to refine their understanding of the current risk landscape and adapt their strategies. See: Scenario Planning

Bitcoin’s Momentum: Bitcoin seems unstoppable due to solid mathematical foundations and widespread societal acceptance. Other cryptocurrencies like Ethereum also gain prominence. The Metaverse’s rise is closely tied to Ethereum’s universal trust layer. See: Guide to Crypto Revolution

Geopolitical-Cyber Risk Nexus: The interconnectivity brought by the Internet has made regional issues affect global cyberspace. Now, every significant event has cyber implications, making it imperative for leaders to recognize and act upon the symbiosis between geopolitical and cyber risks. See The Cyber Threat

Track Technology Driven Disruption: Businesses should examine technological drivers and future customer demands. A multi-disciplinary knowledge of tech domains is essential for effective foresight. See: Disruptive and Exponential Technologies.

Networked Extremism: The digital era enables extremists worldwide to collaborate, share strategies, and self-radicalize. Meanwhile, advanced technologies empower criminals, making corruption and crime interwoven challenges for global societies. See: Converging Insurgency, Crime and Corruption