Protecting Quantum Procrastinators with Signature Lifting: A Case Study in Cryptocurrencies (2303.06754v2)

Abstract: Current solutions to quantum vulnerabilities of widely used cryptographic schemes involve migrating users to post-quantum schemes before quantum attacks become feasible. This work deals with protecting quantum procrastinators: users that failed to migrate to post-quantum cryptography in time. To address this problem in the context of digital signatures, we introduce a technique called signature lifting, that allows us to lift a deployed pre-quantum signature scheme satisfying a certain property to a post-quantum signature scheme that uses the same keys. Informally, the said property is that a post-quantum one-way function is used "somewhere along the way" to derive the public-key from the secret-key. Our constructions of signature lifting relies heavily on the post-quantum digital signature scheme Picnic (Chase et al., CCS'17). Our main case-study is cryptocurrencies, where this property holds in two scenarios: when the public-key is generated via a key-derivation function or when the public-key hash is posted instead of the public-key itself. We propose a modification, based on signature lifting, that can be applied in many cryptocurrencies for securely spending pre-quantum coins in presence of quantum adversaries. Our construction improves upon existing constructions in two major ways: it is not limited to pre-quantum coins whose ECDSA public-key has been kept secret (and in particular, it handles all coins that are stored in addresses generated by HD wallets), and it does not require access to post-quantum coins or using side payments to pay for posting the transaction.

• The paper introduces signature lifting that transforms existing digital signatures into quantum-resistant forms without altering pre-existing key pairs.
• The study applies the method to cryptocurrencies, enhancing security even when keys are public and mitigating risks from emerging quantum threats.
• It proposes quantum canaries as early-warning puzzles and explores quantum-cautious spending methods, paving the way for scalable post-quantum solutions.

Protecting Quantum Procrastinators with Signature Lifting

The paper "Protecting Quantum Procrastinators with Signature Lifting" addresses the significant issue of transitioning from pre-quantum cryptographic protocols to post-quantum schemes to mitigate potential quantum computing threats. Specifically, it focuses on a subset of users termed "quantum procrastinators," who have not migrated to quantum-resistant cryptographic solutions by the time quantum adversaries have emerged. This paper proposes a novel technique called "signature lifting" to secure digital signatures used in cryptocurrencies without necessitating changes from pre-existing key pairs.

The work highlights the inadequacy of current cryptographic infrastructures against future quantum attacks. The rise of quantum computing could render widely used cryptographic protocols, such as ECDSA and Schnorr signature schemes, vulnerable, emphasizing the need for transitioning to post-quantum cryptographic architectures. There are underlying factors leading to this procrastination, including organizational inertia and the allure of waiting for more efficient, futureproof post-quantum solutions.

Key Contributions

1. Signature Lifting: The principal innovation lies in the development of a technique where existing pre-quantum signature schemes can be transformed into post-quantum secure schemes using the same key pairs. By leveraging the properties of the Picnic signature scheme— a leading contender for post-quantum cryptographic protocols— the authors have devised a method to integrate post-quantum one-way functions during the signature key derivation phase. This procedure ensures that quantum vulnerabilities present within standard signature schemes can be effectively managed without altering the existing setup.
2. Application in Cryptocurrencies: The primary focus of the case paper is applying signature lifting within the cryptocurrency domain. Cryptocurrencies that utilize key-derivation functions or hash public keys instead of public keys themselves particularly benefit from this method. The paper suggests modifications to achieve quantum security in the presence of adversaries, emphasizing that the solution is robust even when the keys become public, provided no transactions were previously signed using non-lifted schemes.
3. Quantum Canaries: To signal the onset of quantum threats, a mechanism called quantum canaries is proposed. This innovative concept involves deploying puzzles that are soluble by quantum computers but remain intractable for classical counterparts. Solutions to these canaries act as alerts, triggering enhanced security protocols within the network. These signals could also facilitate seamless policy enforcement across systems, guiding the transition process for procrastinating users.
4. Quantum-Cautious Spending Methods for Cryptocurrencies: The paper elaborates on several spending methods that incorporate their proposed schemes. Notably, it discusses FawkesCoin and Lifted FawkesCoin, which ensure users can securely manage their digital transactions through commitment and reveal processes, thus preventing quantum adversaries from intercepting unprotected coins. These frameworks offer varied operational modes catering to different types of users and their specific security requirements.

Implications and Speculation

The methodology suggested in this paper holds practical promise and serves as a foundation for ensuring cryptographic security in imminent quantum-empowered environments. The techniques introduced are not just confined to theoretical applications but have direct implementations in real-world systems— particularly cryptocurrency networks, which are susceptible to enormous risks due to public ledger transparency.

Given the multiplicity of digital assets and the profound reliance of contemporary financial systems on cryptographic protections, the adoption of such lifting mechanisms could mark a significant stride in both theoretical and practical aspects of post-quantum cryptography. Future advancements could focus on optimizing the efficiency of these transformations, reducing the computational overhead, and formulating more scalable quantum puzzles for use as canaries.

In moving forward, further research and community collaboration will be crucial to implement these solutions at scale. Exploring the interplay between user habituation, the technical deployment of signature lifting, and the implications under an evolving quantum threat landscape will define the subsequent trajectory of cryptographic resilience and innovation.