It import to start with the Stellar Soroban pass key protocol, [CAP-0051 in the Stellar protocol](https://github.com/stellar/stellar-protocol/blob/master/core/cap-0051.md), introduces support for secp256r1 verification in Soroban contracts. This capability is aimed at facilitating the use of Webauthn and passkeys within the Stellar network.
Current State:
The secp256r1 curve, as implemented in CAP-0051, is based on elliptic curve cryptography (ECC), specifically ECDSA. At present, this curve is not inherently resistant to quantum computing attacks. Quantum computers could potentially use Shor’s algorithm to break the discrete algorithm problem that underpins the security of ECC.
Future Considerations:
The document itself does not explicitly address quantum resistance. However, there are ongoing efforts in the broader cryptographic community to develop and standardize quantum-resistant algorithms, often referred to as post-quantum cryptography (PQC).
Potential for Quantum Resistance:
Post-Quantum Cryptography (PQC): If Soroban were to integrate PQC algorithms in future updates, it could enhance its resistance against quantum computing threats. However, this would require additional CAPs or protocol changes beyond what’s described in CAP-0051.
Hybrid Schemes: One approach might be to combine classical and quantum-resistant schemes in a hybrid system until PQC algorithms are more widely adopted and tested.
Implementation: To make Soroban passkeys quantum computing resistant, Stellar would need to either:
– Implement a PQC algorithm for key generation, signing, and verification alongside or instead of secp256r1.
– Employ a hybrid approach where both classical and quantum-resistant signatures are used for enhanced security.
Given the current information in CAP-0051, Soroban passkeys as described are not explicitly designed with quantum resistance in mind. However, the foundation laid by introducing secp256r1 could be expanded in future protocol versions to address quantum threats by integrating or transitioning to PQC methods. For now, the potential for quantum resistance in Soroban’s passkey implementation lies in future updates or additional security layers not covered in this specific CAP.
Quantum computers pose a significant threat to classical cryptographic systems due to their ability to solve certain mathematical problems much faster than classical computers. Here’s why quantum computers might not easily crack multiple Stellar wallets, especially considering aspects of Stellar’s cryptographic setup:
1. Cryptographic Algorithms Used by Stellar:
Ed25519 for Signing: Stellar primarily uses the Ed25519 signature scheme for account keys, which is based on elliptic curve cryptography (ECC). While quantum computers can theoretically break ECC using Shor’s algorithm, this requires a significant number of coherent qubits (hundreds or thousands for practical attacks).
Hash Functions: Stellar also employs hash functions like SHA-256 for various purposes. Grover’s algorithm on a quantum computer gives a quadratic speedup for finding hash collisions, but this doesn’t break the fundamental security of the hash function; it merely makes it slightly less secure (e.g., doubling the key length would compensate for this speedup).
2. Key Management and Use
Address Reuse: If users follow best practices by not reusing addresses, each transaction would use a unique key pair, making it harder for a quantum computer to compromise multiple wallets simultaneously since each wallet would require a separate attack.
Private Key Security: Stellar wallets, like many crypto wallets, are designed to keep private keys offline or in secure enclaves, reducing the exposure time to attacks. For quantum computers to crack these keys, they would first need access to or knowledge of the public keys involved.
3. Quantum Resistance Considerations:
Post-Quantum Cryptography (PQC): While Stellar doesn’t currently employ PQC algorithms by default, there’s research and discussion about integrating quantum-resistant cryptography into blockchain platforms. If Stellar were to transition to or incorporate PQC methods (like lattice-based cryptography, hash-based signatures, etc.), this would directly counter quantum threats.
4. Practical Limitations:
Scale of Attack: Cracking one wallet might be feasible with a sufficiently powerful quantum computer, but doing this for multiple wallets would require scaling resources exponentially or at least proportionally to the number of wallets. Quantum computers with enough qubits to break many ECC keys concurrently are not currently feasible.
Time and Resources: Even if a quantum computer could theoretically break ECC keys, the actual implementation involves dealing with noise, error rates, and the management of quantum states, which are significant practical challenges. This would limit how many keys could be broken in a given time frame.
5. Quantum Computer Development:
Current Limitations: As of now, quantum computers are still in the experimental phase with limited qubit counts, high error rates, and short coherence times. The technology to scale up to the level needed for mass decryption of ECC keys is not yet available.
Time as a Factor
The time it would take for a quantum computer to crack an elliptic curve cryptography (ECC) key like those used in passkeys on Stellar’s Soroban platform depends on several factors, including:
Key Size: The bit length of the elliptic curve key. For instance, a 256-bit key is often considered for ECC.
Algorithm Used: Primarily, this involves Shor’s algorithm for quantum computers, which can solve the discrete logarithm problem efficiently on elliptic curves.
Quantum Computer Capabilities: The number of logical qubits, the error rate of these qubits, and the speed at which quantum gates can be applied.
Estimation Based on Research:
1. Number of Qubits Required:
For 256-bit ECC: Research indicates that it would require approximately 2,330 logical qubits to break a 256-bit elliptic curve key using Shor’s algorithm, with an estimated need for 126 billion Toffoli gates for the computation.
2. Physical Qubits for Error Correction:
Error Correction: Current quantum computers need error correction, which significantly increases the number of physical qubits required. For instance, one study estimates:
Within One Hour: Breaking 256-bit ECC would require around 317 million physical qubits using the surface code with specific error rates and timing parameters.
Within One Day: This reduces to about 13 million physical qubits.
3. Time Frame:
Current Capabilities: As of the latest updates, no quantum computer currently exists with anywhere near the number of qubits needed for such an attack. The largest superconducting quantum computer by IBM has 127 qubits as of reported data, far below what’s needed.
4. Future Projections:
Post on X: Some posts suggest that practical quantum computers capable of breaking ECC might still be 10-20 years away, with others estimating even longer timelines like 50 years due to the immense scaling challenges.
Conclusion
Immediate Threat:
There is no immediate threat to ECC keys from quantum computing because the technology is not yet at the required scale or reliability.
Long-term Risk: Over the next couple of decades, if quantum computing progresses at an unexpected pace, this timeline could shorten, but current estimates suggest we are far from the necessary quantum capabilities.
Uncertainty: These are broad estimates, and the actual timeline could vary based on breakthroughs in quantum hardware, error correction, and algorithm optimization.
Therefore, while exact times are speculative, the consensus is that quantum computers capable of breaking a 256-bit elliptic curve in a practical timeframe (hours to days) are not expected within the next few years, with many experts placing this capability well into the future, likely beyond 2030s or even into the 2050s, given current technological limitations.
Realising The Economical Implications as a Conclusion.
Assuming the quantum computer and expert team are already available and paid for at cost of billions , the direct cost to crack one Stellar Soroban passkey wallet would primarily involve:
Energy Costs: Likely in the tens to hundreds of thousands of dollars, given the energy consumption for quantum operations.
Operational Time: Depending on the efficiency of the quantum computer, this could range from hours to days, adding to electricity costs.
Total Estimated Cost: For one operation, you might be looking at a ballpark figure of $100,000 to $500,000, considering only energy and minor operational overhead.
Let’s say a user has an unrealistic hundred thousand dollars worth of assets accessible via these passkeys
Given that scenario alone Realising the cost to crack one Stellar Soroban passkey wallet it’s just not viable and if quantum computing were to get anywhere near that state, it would take decades.
I’m assuming we reached that place when we talk about time as a factor. Swapping. Cryptographic keys. To move value from one keypair to another is easily programmable. To operate within 5-10min intervals with relatively low cost as opposed to hours & days.