CertiK Logo
CertiK Logo
Products
Company
incident-response
Back to all stories
Blogs
Realizing Post-Quantum Security with Algorand
11/7/2022
Realizing Post-Quantum Security with Algorand

With quantum computers fast becoming a reality, both the web3 ecosystem and the wider tech sphere are having to quickly prepare for what will undoubtedly be a significantly disruptive force in numerous sectors of society.

The benefits of quantum computers are manifold, offering incredibly faster processing, and even providing solutions to an entirely new class of problems. As such, quantum computing is widely expected to significantly advance the fields of AI, chemistry, economics, and, of course, security.

However, with the newly tapped power that quantum computers provide comes an entirely new class of security risk that could trample over existing non-quantum security protocols.

This, understandably, poses a major risk for a web3 ecosystem that is still regularly rocked by eye-watering attacks, and consequently presents a major hurdle that will have to be addressed in the coming years.

Fortunately, some blockchains are beginning to address the realities of post-quantum security, and formulating the necessary technologies and protocols to achieve it. A major player here is Algorand, which has developed standards and technologies which can withstand attacks from malicious quantum computers. This blog post will provide a rundown of how quantum computing can threaten web3, the steps Algorand has taken to protect it, and the continued importance of Algorand smart-contract audits in a post-quantum world.

The Quantum Threat

Quantum computing is widely understood to have the ability to bypass the underlying security of most currently used asymmetric cryptography. It does this by being able to factor into primes much quicker than their classical counterparts.

The theory behind this has been outlined in two algorithms known as Shor’s Algorithm and Grover’s Algorithm, which detail how quantum computing can break asymmetric cryptography and symmetric cryptography respectively.

In Shor’s algorithm, the mathematics professor Peter Shor showed how quantum computers reduce the time it would take to decrypt an asymmetric key from years to hours. This particularly poses a threat for blockchains as, using Shor’s algorithm, a quantum computer can falsify any digital signature and consequently exfiltrate funds.

Deloitte have published a study detailing how this poses a serious threat to the bitcoin blockchain, showing how coins that are stored with p2pkh and reused p2pkh addresses are vulnerable to attacks for quantum computers. With approximately 25% of all bitcoin currently stored in these vulnerable addresses, a quantum attack targeting them would undoubtedly be devastating.

Of course, those who transfer their bitcoin to new p2pkh addresses which are safe from attack are still vulnerable here as their coins will be significantly devalued if others are attacked. Furthermore, even if all bitcoin holders transferred their coins to new addresses, quantum computers are likely to become so powerful that they are able to undermine the bitcoin transaction process and consequently make the entire chain fundamentally irreparable.

In such an instance, the only solution is for the blockchain ecosystem to transition to what is known as ‘post-quantum cryptography’ which is considered to be resistant to quantum attacks. However, such cryptography would have a major impact on usability and other factors that are considered essential to mainstream adoption. Nevertheless, continued research into viable post-quantum cryptographic solutions in blockchain is vital for securing a robust web3 ecosystem and creating blockchains that are future-proof.

Algorand and Post-Quantum Security

Leading the way in this field is Algorand, which is ensuring that its blockchain is equipped to thrive in a post-quantum world.

Central to this is its deployment of State Proofs, which are designed to foster interoperability cross-chain by providing highly secure snapshots of the Algorand state.

In launching State Proofs, Algroand has been keen to stress that the innovative new technology will also serve to fortify cross-chain applications with post-quantum security. This means that state proofs are able to withstand attacks by quantum computers both now and in the future, preventing them from being able to alter the reported state of the blockchain. In doing so, Algorand is showing itself to be serious about fostering an ecosystem that's here to stay, and creating pathways that encourage others in the web3 space to do the same.

Post-Quantum Standards

In the web3 ecosystem, security never exists in isolation but is instead inextricably linked with the health of the whole.

Post-quantum security is no exception, and, rather than individual blockchains facing it alone, it is a challenge that the entirety of web3 must form a consensus on as they move forward into this exciting, yet uncertain new era.

To that end, the U.S. Department of Commerce’s National Institute of Standards and Technology (NIST) set about formulating a series of standards and algorithms that enable quantum-resistant cryptography.

As a thought-leader in the space, and a true believer in the necessity of fostering a quantum secure web3, Algorand engineer Zhenfei Zhang contributed 4 candidate algorithms to the project, in collaboration with a wide cohort of institutional partners and universities.

This kind of collaboration is essential to securing the future of the web3 ecosystem, and it is reassuring to see such talent within Algorand’s team. Moving forward, Algorand will continue to research, test, and implement quantum-proof technologies, and create strong architectures that will be able to withstand the threat posed by quantum computing.

Securing Algorand’s Post Quantum Future with an Algorand Smart Contract Audit

Given the drastic changes to cryptography that post-quantum blockchains will implement, it is vital that Algorand smart-contract audits are able to anticipate and adapt to the various vulnerabilities and attack vectors that this new architecture will entail.

To that end, CertiK’s Algorand smart-contract audit is the best option for projects in the Algorand ecosystem seeking to future-proof their technology. With CertiK’s Algorand smart-contract audit, developers are partnering with a team and technology that has the agility and insight to spot novel attack vectors and vulnerabilities.

As the gold-standard in Algorand smart-contract audits, CertiK’s state-of-the-art technology combines cutting edge in artificial intelligence, combined with painstaking, line-by-line checks from computer science experts to provide the best security possible.

As more and more Algorand projects choose auditing as a best practice, CertiK’s Algorand smart-contract audit has the benefit of being honed through partnerships with projects from across the Algorand ecosystem. This means that each audit brings an intimate understanding of the specific capacities, functionalities, and potential pain points of Algorand’s architecture.

Whilst a Algorand smart-contract audit is foundational to ensuring maximum security before launch, CertiK also offers powerful blockchain analytics tools, through Skynet and SkyTrace, to help Algorand teams stay on top of their on-chain activity after launch. In doing so, CertiK provides Algorand projects with the best possible security posture to anticipate and respond to attacks.

In the push to continually develop better tools for web3 security, CertiK has also recently announced two new services: CertiK KYC and a Bug Bounty Program

CertiK KYC works in conjunction with the Algorand smart-contract audit to provide KYC verification for project teams. In doing so it addresses issues of accountability between project teams and their communities. Ultimately this works to foster trust and security, and strengthens user confidence to invest.

CertiK has also recently launched its bug bounty program, which enlists handpicked white-hat ethical hackers to analyze a project’s code and seek out complex attack vectors and vulnerabilities. This, alongside the Algorand smart-contract audit, allows Algorand development teams to have an unparalleled insight into the security of their smart contracts, and provides a firm foundation from which to achieve their ambitions.