On March 9th, Vitalik Buterin, co-founder of Ethereum, released a short article titled “How to Rescue User Funds from Sudden Quantum Attacks through Hard Fork” on the Ethereum research forum (ethresear.ch).
In the article, Vitalik outlines how Ethereum can minimize user fund losses and redirect towards quantum-resistant solutions in emergency situations if quantum attacks were to occur suddenly.
The development of quantum-resistant technologies such as Winternitz signatures and STARKs aims to prevent such situations. Once the account abstraction is ready, users can switch to quantum-resistant signature schemes. However, if we don’t have enough time and the quantum attack comes more suddenly than anticipated, what can we do?
I believe that we currently have sufficient conditions to solve this problem through a relatively simple recovery fork. With this solution, the Ethereum network will need to undergo a hard fork, and users will need to download new wallet software, but only a few users may lose their funds.
The main threat of quantum attacks lies in the fact that Ethereum addresses are derived through calculations like keccak(priv_to_pub(k))[12:], where k corresponds to the private key and priv_to_pub corresponds to elliptic curve multiplication used to convert the private key to a public key.
Once quantum computing is achieved, the elliptic curve multiplication mentioned above becomes reversible (as it is essentially solving the discrete logarithm problem), while the hash operation remains secure. If a user hasn’t conducted any transactions, only the address information is publicly available, and they remain secure. However, once a user has made even one transaction, the transaction signature exposes the public key, making it possible for the private key to be exposed in the presence of a quantum computer. Therefore, in this scenario, most users will face risks.
However, we have a way to mitigate this threat. The key point is that most users’ private keys are generated through a series of hash operations. For example, many private keys are generated using the BIP-32 specification, which is based on a set of mnemonic words and a series of hash operations. Many non-BIP-32 private key generation methods are similar. For example, if a user is using a brain wallet, it is usually generated from a password through a series of hash operations (or a moderately difficult key derivation function).
This means that the solution to address sudden quantum attacks through a recovery fork will involve the following steps:
1. Rollback all blocks after a large-scale attack occurs.
2. Disable traditional transaction patterns based on EOA addresses.
3. (If not yet implemented) Add a new transaction type to allow transactions through smart contract wallets (e.g., partial content from RIP-7560).
4. Add new transaction types or opcodes that allow users to provide STARK proofs. If the proof passes, the code of the user’s address will switch to a newly verified code, which can then be used as a smart contract wallet.
5. Consider gas savings and support batch STARK proofs for multiple transactions of the aforementioned types simultaneously.
In principle, we can start developing the infrastructure needed to implement this recovery fork tomorrow, thus preparing the Ethereum ecosystem for sudden quantum attacks.
Welcome to join the official Odaily community Telegram subscription group:
https://t.me/Odaily_News
Telegram discussion group:
https://t.me/Odaily_CryptoPunk
Official Twitter account:
https://twitter.com/OdailyChina
This article is authorized for reposting from Odaily.
Successful Conclusion of CoinEx Taiwan’s 7th Anniversary Celebration, Embracing the Arrival of the Web3 Era Hand in Hand with Users
Since its establishment in 2017, CoinEx has been a professional cryptocurrency trading pla…