banner

Thales Blog

Building a Quantum-Safe Blockchain Today

January 31, 2023

Robert Masterson Robert Masterson | Senior Partner Marketing Manager More About This Author >

Public-key cryptography is used to establish a distributed consensus of trust, which is essential for financial Blockchain solutions. While the chain itself is relatively secure, the “wallets” at the endpoints have already been demonstrated to be "hackable," and quantum computing techniques will further expose the network to fraudsters and criminals.

In the near to medium future, emerging quantum computers aimed at conventional algorithms could disrupt existing digital security standards employing what is known as a storage attack. Storage attacks entail a hostile actor stealing from vulnerable blockchain addresses, such as ones in which the public key of the wallet is displayed on the public ledger.

Solana incident highlights blockchain vulnerabilities

Examining the impact of a recent incident affecting Solana, an increasingly popular blockchain, noted for its quick transactions, reveals the scope of the threat. During this security compromise, Solana users reported that cash was stolen from "hot" wallets connected to the internet. The loss is projected at approximately $8 million.

This hack only affected "hot" wallets, which are always linked to the internet and allow users to store and send tokens effortlessly. The nature of the breach is unknown; however industry professionals have noted that the transactions were correctly signed, indicating that the vulnerability could be a "supply chain attack" that compromised the private keys of users.

Quantum-safe wallets as a mitigation

The solution to the blockchain wallet vulnerabilities problem is to create quantum-safe crypto wallets secured by post-quantum cryptography (PQC) algorithm approved by NIST. On July 27, 2022, 01 Communique announced a Proof-of-Concept (“PoC”) for a quantum-safe blockchain which supports smart contracts while retaining ultra-fast throughput. The IronCAP solution comprises a quantum-safe wallet with QNT (“Quantum Native Token”) as the underlying “quantum-safe coins” running on Solana blockchain.

“We have incorporated our IronCAP into a wallet and, ensuring the endpoint is quantum safe. This technology is independent of the type of blockchain in use and can be easily adapted by other public blockchains such as Bitcoin, Ethereum, as well as private business blockchains,” said Andrew Cheung, CEO of 01 Communique, in a press release.

IronCAP technology is protected in the U.S.A. by its patent #11,271,715. A demo of the solution can be found at https://qnt-demo.ironcap.ca/.

How Thales Luna HSM integrates with IronCAP

Thales Luna Network Hardware Security Module together with the optional Luna Functionality Mode (FM) allows you to customize your Luna Network HSM's functionality to suit the needs of your organization. Functionality Modules consist of your own custom-developed code, loaded and operating within the logical and physical confines of a Luna Network HSM. Custom functionality provided by these FMs can include:

  • new cryptographic algorithms, such as the post-quantum ones selected by NIST
  • security-sensitive code, isolated from the rest of the HSM environment
  • keys and critical parameters managed by the FM, independent from standard PKCS#11 objects, held in tamper-protected persistent storage

IronCAP FM for Luna HSM is designed to allow users of Thales Luna HSM, via industry standard of PKCS#11 interface, to seamlessly utilize IronCAP’s quantum-safe cryptographic functionalities such as key generation, digital signature, signature verification, encryption, decryption, etc. Users of Thales Luna HSMs can take full advantage of the benefits from both worlds allowing Luna HSM’s to safely store private keys while using IronCAP to achieve all the quantum-safety crypto operations.

IronCAP for Luna consists of two main components: IronCAP FM and IronCAP PKCS#11 interface.

  • IronCAP-FM resides in the Luna Network HSM. It contains the IronCAP library for post-quantum cryptography, serving as an extension to legacy cryptography support within the Luna FM.
  • IronCAP’s PKCS#11 interface resides in the client system. This provides an API to crypto functions: key generation, key import/export, data encryption and decryption, data signing and signature verification for both legacy mechanisms, as well as post-quantum mechanisms from IronCAP.

If you want to learn more about how Thales Luna HSM facilitate quantum-safe blockchain today, download the IronCAP case study.