On March 9th, Vitalik Buterin, the co-founder of Ethereum, released a short article on the Ethereum research forum (ethresear.ch) titled “How to Rescue User Funds from Sudden Quantum Attacks through Hard Forks”. In the article, Vitalik outlined how Ethereum could minimize user fund losses and transition to quantum-resistant forms through certain procedures in the event of an imminent quantum attack, in order to restore normal operations.
Assuming that quantum computers become a reality tomorrow and malicious actors gain access to them to steal user funds, what should we do? The development of quantum-resistant technologies such as Winternitz signatures and STARKs is designed to prevent such scenarios. Once the account abstraction is ready, any user can switch to a quantum-resistant signature scheme. But what if we don’t have enough time and the quantum attack comes suddenly?
In my opinion, we currently have sufficient conditions to solve this problem through a relatively simple recovery fork. This solution would require a hard fork in the Ethereum network, and users would need to download new wallet software, but only a few users would likely lose their funds.
The main threat of a quantum attack lies in the fact that Ethereum addresses are derived through a calculation of keccak(priv_to_pub(k))[12:], where k represents the private key and priv_to_pub represents an elliptic curve multiplication used to convert the private key into a public key. Once quantum computing is realized, the elliptic curve multiplication mentioned above becomes reversible, as it is essentially solving the discrete logarithm problem. However, the hash operation remains secure. If a user has not conducted any transactions, only the address information would be publicly available, and they would still be secure. But as soon as a user has made even a single transaction, the transaction signature exposes the public key, which could potentially lead to the exposure of the private key in the presence of a quantum computer. Therefore, in such a scenario, most users would face risks.
However, we can mitigate this threat by recognizing that the private keys of most users are generated through a series of hash operations. For example, many private keys are generated using the BIP-32 specification, which involves a set of mnemonic words and a series of hash operations. Many non-BIP-32 private key generation methods are similar, such as when users use brain wallets, which are typically generated by a password undergoing a series of hash operations (or a moderately difficult key derivation function).
This means that a solution to address sudden quantum attacks through recovery forks would involve the following steps:
1. Rollback all blocks after a large-scale attack.
2. Disable traditional transaction patterns based on EOA addresses.
3. Add a new transaction type (if not yet implemented) to allow transactions through smart contract wallets (e.g., partial content from RIP-7560).
4. Add new transaction types or opcodes that allow users to provide STARK proofs. If the proof is successful, the code of the user’s address will switch to a newly verified code, and the user can use the new code address as a smart contract wallet.
5. Consider supporting batch STARK proofs for multiple transactions of the aforementioned types, taking into account gas savings due to the larger data size of STARK proofs.
In principle, we can start developing the infrastructure needed to implement this recovery fork tomorrow, allowing the Ethereum ecosystem to be prepared for sudden quantum attacks.
Feel free to join the official Odaily Telegram subscription group:
https://t.me/Odaily_News
Telegram discussion group:
https://t.me/Odaily_CryptoPunk
Official Twitter account:
https://twitter.com/OdailyChina
This article is authorized to be reprinted from Odaily.
