Quantum Computing, Blockchain, and the Power of Nodes: Securing the Future of Decentralization (Part 1)
Breaking down the basics of cryptography in blockchain and how quantum computing could change the game.
This article debates the mechanics of cryptography (part 1) in order to assess the impact or threat that quantum computing presents to blockchain (part 2). I should start by saying that I am not an expert in this subject—not even close. In fact, one could say I don’t really know anything about it. However, there are three reasons why I feel writing about quantum computing, despite this fact, is not a bad idea.
First, it’s a popular request—a dedicated reader specifically asked me to cover the subject. So I decided to read up on the details and share an overview of how this cryptography works, presenting it in a way that’s easy to follow, especially since much of the technical writing on this topic can be difficult for generalists to understand.
Second, I believe I can afford the risk of covering an unfamiliar topic because I am a product manager. This means that, even when I know nothing, I somehow know everything (in the capacity as a product manager, of course). If my previous articles haven’t yet convinced you of this fact, I hope this demonstration will not only win you over but also provide some useful insights into how product managers create this impressive effect. In other words, my comments are made from this perspective, rather than from that of an IT or cryptography expert (and I hope my maths is correct).
Finally, I was lucky enough to see (and even touch) a real quantum computer at a research lab, where a professor and several engineers provided a detailed explanation of how it works. Quantum computers are real, and that experience will, I hope, allow me to say something unique, relevant, and practical—unlike, for example, trying to convince you that dark matter exists.
Blockchain and Cryptography
Blockchain, and in particular public blockchain, uses cryptography in a unique way. Traditional systems use encryption for privacy, authentication, and data integrity. Blockchain, on the other hand, uses encryption solely for authentication and data integrity, while aiming to make all maintained data transparent and verifiable, rather than private.
How Passwords Are Secured: A Familiar Analogy
For example, if you type in your password for online banking, the process doesn’t involve sending the password over the internet in its raw form, nor does the bank simply check a list to verify, saying: "Mr. Smith, what was his password? Ah, yes, ‘123.’ Did he type that in?" Instead, the password is typically processed as follows:
Hashing the Password:
When you create a password, the system applies a cryptographic hash function to it, converting it into a fixed-length string (e.g., f1a2b3c4). This hashed password is what’s stored securely on the bank’s servers—not the actual password.Verification at Login:
When you log in, the password you type undergoes the same hashing process on your device. The hashed result is sent to the bank, which then compares it to the hashed password stored in their database. If they match, you’re authenticated. To enhance security, the bank often adds a unique piece of data, known as a "salt," to your password before hashing it. This ensures that even if two users have the same password, their stored hashes will be completely different, making it much harder for attackers to exploit stolen databases.
This process ensures that your password is never transmitted or stored in plain text, significantly reducing the risk of theft. It’s a stark contrast to blockchain systems, where cryptographic methods like digital signatures are used to verify transactions and maintain trust without ever encrypting or hiding the data itself.
Hash Functions in Cryptography
There are various hash functions that turn a given input deterministically into a fixed-size output. For example, the input "123" might always result in the hash f1a2b3c4. One important property of hash functions is that even a small change in the input, like using "124" instead of "123," will (with very high probability) result in a completely different hash output.
In cryptography, hash functions are a specific class of these functions, designed with additional properties to ensure security:
Deterministic Output: The same input always produces the same output.
Pre-Image Resistance: It’s computationally infeasible to reverse-engineer the input from the hash output.
Collision Resistance: It’s highly unlikely to find two different inputs that produce the same hash output.
Avalanche Effect: Any small change in the input produces a drastically different output.
Examples of Cryptographic Methods
Cryptography often goes beyond simple hashing by introducing keys into the process, creating systems like keyed-hash functions (HMAC) or encryption algorithms. These systems transform inputs into outputs that depend on:
Public Keys: Shared openly and used to encrypt or verify data.
Private Keys: Kept secret and used to decrypt or sign data.
Symmetric Encryption:
A shared secret key is used to both encrypt and decrypt data.
Example: This is commonly used in secure web browsing, such as when you establish a connection for online banking (via HTTPS). The browser and the bank’s server agree on a secret key to encrypt the communication, ensuring that no one else can intercept the data.
Asymmetric Encryption:
A public key encrypts the data, while a corresponding private key decrypts it.
Example: RSA (based on the surnames of the people who created the algorithm, Rivest–Shamir–Adleman) iencryption is often used when you connect securely from your laptop, working remotely, to your bank's network (e.g., via a VPN). The bank’s public key encrypts the connection data, and only the bank’s private key can decrypt it.
Digital Signatures:
A private key generates a signature, and a corresponding public key verifies it.
Example: This is the primary cryptographic method used in blockchain (e.g., elliptic curve cryptography). When you create a transaction to send coins to another wallet, your private key signs the transaction. The network uses your public key to verify the authenticity of the transaction, ensuring it was sent by you and not tampered with.
“Key” Difference
RSA Uses Public Key to Encrypt
Public Key: Used to encrypt data (e.g., sending a secure message).
Private Key: Used to decrypt data (e.g., the recipient unlocks the secure message).
Purpose: Ensures confidentiality. The public key can be shared openly, but only the private key holder can decrypt the data.
Ethereum: Private Key to Sign (Cryptographic Signing)
Private Key: Used to create a digital signature. The signature proves the authenticity of the message (e.g., a transaction).
Public Key: Used by others to verify the signature. This ensures the transaction is valid and was created by the private key holder.
Purpose: Ensures authenticity and integrity, not secrecy. The transaction itself (the data) is not encrypted—it’s transparent.
Cryptographic Functions Beyond Digital Signatures
Not all cryptographic functions in Ethereum, for example, are forms of digital signatures (involving private keys). Ethereum also uses hash functions, such as Keccak-256.
Keccak-256 and Its Role in Ethereum
Data Integrity: Ensuring blocks and transactions haven’t been tampered with.
Block Identification: Linking blocks together in a chain.
Proof of Work: Securing the mining process.
Hashing ensures integrity and security in Ethereum, while digital signatures prove identity.
Keccak-256: Resilience Against Quantum Computers
Keccak-256 is fundamentally different from RSA or elliptic curve cryptography because it doesn’t rely on integer factorization or the discrete logarithm problem. Instead, Keccak-256 uses:
Permutations, bitwise operations, and transformations (a process known as the sponge construction).
These operations are computationally efficient but very hard to reverse.
Even quantum computers (if they existed at sufficient scale) would face challenges breaking Keccak-256. The sponge construction used by Keccak-256 is a structured, deterministic process, not probabilistic. So quantum computers can’t directly exploit any probabilistic properties of the function itself. While quantum computers leverage probabilistic behavior to accelerate certain computations, Keccak-256’s deterministic nature means that quantum computers can only make brute-force attacks slightly faster—reducing the effective search space but not fundamentally breaking the hash function. (I will come back to what they are good at.)
Even if a quantum computer could reverse a Keccak-256 hash (e.g., calculate the input data from the hash), this would serve no purpose in blockchain because:
The input data for the hash (e.g., the previous block data) is already publicly known. Recomputing it adds no value.
Similarly, reverse-calculating a public key from an Ethereum address (derived from the public key also via Keccak-256) would serve no obvious purpose. Ethereum addresses are derived for convenience and identification, not for secrecy. Reconstructing the public key doesn’t compromise security.
A 256-bit hash cannot fully "encode" the original input if the input is larger than 256 bits. Keccak-256 reduces the entire block (potentially kilobytes or megabytes of data) into a single 256-bit hash. This compression means there’s no way to reconstruct the original input uniquely from the hash. There are infinitely many possible inputs that could produce the same hash value, but finding even one is infeasible because of pre-image resistance.
Understanding Cryptographic Foundations
So, before explaining how a quantum computer works, let's first look at the problem definition: how does RSA work, and how do elliptic curves work? I find it easier to understand this by first looking at RSA, even though it has nothing to do with blockchain per se. I also want to make it clear that I am not writing this to provide a manual on how to hack bank networks or blockchain systems.
However, this is exactly the kind of thinking we need right now: how do these encryption mechanisms work, and what would it take to break them? This then provides the right framework to instruct a quantum computer on what it needs to achieve to pose a threat to existing networks by breaking through their encryption. And even if that's possible, is that enough, or what else would be required to successfully pull off this "super heist"?
So, two large prime numbers are chosen randomly and are of a sufficiently big size. Modern web connections using HTTPS certificates most likely use 2048-bit RSA keys (256 bytes). This means:
p and q are each 1024 bits.
p and q are massive numbers, with around 308 decimal digits each.
There is a prime number theorem, independently proven by two mathematicians Jacques Hadamard and Charles Jean de la Vallée-Poussin in 1896, that allows us to approximate the number of prime numbers up to a number with 308 digits: approximately 1.41×10^305. That is an extremely high number. The story goes Gauss conjectured the relationship later proven in the theorem when he was just 15 years old (born in 1792). Speaking of prime numbers, Gauss tends to steal all the glory, but there’s another name worth knowing: Sophie Germain born in 1776. She wasn’t allowed formal education because of her gender, so she taught herself by secretly borrowing books and corresponding with other mathematicians under the pseudonym ‘M. LeBlanc.’ Germain primes—named after her—play a role in number theory, which is foundational to cryptography.
Prime numbers are defined as numbers that can only be divided by 1 or themselves—no other whole numbers. They also have another important characteristic: we have no reliable way to predict the next prime number, even though their distribution is not entirely random.
When two prime numbers p and q are multiplied, they produce a product N=p⋅q, and there is only one unique pair of factors that generates this N. For example, the number 20 could be expressed as 2⋅10 or 4⋅5, but security requires numbers where there is a unique relationship between N (=20) and a pair of prime factors p and q ensure this property.
Many explanations of RSA focus on the idea that factoring N (the product of two primes, p and q) is computationally infeasible. However, this is true not only for prime numbers but also for any large composite number (e.g., the product of p and q+1). The infeasibility of factoring comes from the sheer size of N, not purely from the fact that it is a product of primes.
The reason primes are used is that they introduce specific mathematical properties that make encryption and decryption efficient. For instance:
The Euler totient function (hold your horses, I will explain this in a second), used to calculate the private key d, is straightforward to compute when N is the product of two primes.
Using non-prime factors (like p+1 and q+2) complicates the mathematics of RSA, but it doesn’t necessarily make factoring easier or harder for an attacker.
How RSA Works
In most RSA implementations, the public key is not kept secret—it is deliberately shared so that anyone can encrypt messages for the recipient. For example, websites using HTTPS publish their public keys as part of their digital certificates, which are accessible to anyone.
The public key is created as follows:
Two large prime numbers, p and q, are multiplied to calculate a modulus N=p⋅q
This modulus N, along with a smaller number called the public exponent e, forms the public key.
The public key consists of two numbers:
N: A number with 2048 bits (approximately 617 decimal digits), called the modulus.
e: A smaller number, typically 65537, chosen as the public exponent for practical and historical reasons.
For example, Public Key (N=3233,e=17)
As stated before, this key is shared publicly and used to encrypt messages by the sender.
Public key: (N=3233, e=17)
Message: M=65 (so we want to send ‘65’ as the secret info). Each letter, character, or symbol has a numeric representation in encoding schemes like ASCII or Unicode. The letter "A" corresponds to the number 65.
Ciphertext C = 65^17 divided by mod 3233, the remainder is 2790.
The remainder becomes the ciphertext ‘2790’ and is sent to the recipient.
This is not as straightforward as it seems. So here is how this works:
Start with 65^1 mod 3233 = 65
This means 65 divided by 3233 = 0 i.e. 3233 fits zero times into 65. Here, the remainder is just the 65 itself because nothing further needs to be done.
65^2 mod 3233 = 992
This means 65⋅65 (4225) mod 3233, so 4225 divided by 3233 = 1 leaving a rest, in this case, 992.
If the product (65 * 65 = 4225) is larger than N (3233), this means N fits 1 into the calculated product (65^2 or 4225) and we leave a rest that doesn’t fit in (992).
Divide to Find the Quotient:
4225 ÷ 3233 = 1 remainder 992Subtract to Find the Remainder:
4225 − 3233 = 992
Since we are given e as 17, we are interested in 65^17 (65 being the secret) mod 3233.
Computing 65^17 results in a huge number: 76624777043294442917917351362565
Dividing this gigantic number by 3233 to find the remainder is computationally impractical without optimization.
What Is Modular Arithmetic?
Modular exponentiation is then used, which reduces numbers step-by-step to avoid dealing with excessively large values based on the simple fact that 65^17 = 65^16 * 65^1, for instance, and you can calculate 65^2 as an intermediate step because it leads to 65^4, 65^8,…etc., but you don’t explicitly need 65^3, 65^5.
So if we want to decipher 2790, we need the private key.
The private key is made of two numbers as well: (N=3233, d = private component).
D needs to be calculated so that e (17) * d mod ϕ (3233) = 1. This condition ensures that d is the modular multiplicative inverse of e. In modular arithmetic, this relationship allows the encryption and decryption processes to be reversible.
In this example, the private key is N=3233 and d=2753.
And we need to calculate 2790^2753 mod 3233 if we want to decrypt, which is the same calculation done to encrypt before. Instead of calculating 2790^2753 outright (which would create an astronomically large number with circa 9400 decimal digits and could not be managed even by supercomputers), we repeatedly reduce intermediate results modulo N. This keeps the numbers manageable because the modulo operation confines the result to a fixed range (less than N=3233). So C=2790 decrypts back to the plaintext M=65, representing the letter "A."
This requires some not-so-complicated math using the Extended Euclidean Algorithm so that the private key becomes: (N=3233, d=2753). In this case, it's also very old math. The Euclidean algorithm is an ancient method for finding the greatest common divisor of two numbers. It was first described in Euclid's Elements around 300 BCE, making it one of the oldest known algorithms still in use today. Ancient Chinese mathematicians also solved modular arithmetic problems. But the Greeks didn’t invent RSA, and neither did the Chinese—we needed Euler’s totient (from the Latin word "totus," meaning "whole" or "entire”) function as well, which measures the "relative primeness" of numbers within a given set. He was a Swiss polymath who spent most of his career in St. Petersburg, Russia, and Berlin, Prussia, before returning to Russia because Catherine the Great appreciated his talent far more than Frederick the Great ever did. During the last 12 years of his life, Euler was completely blind following complications from cataract surgery. Despite this, he dictated an enormous number of papers, books, and letters to a tailor who had initially worked as his servant in Berlin and followed him back to Russia. Remarkably, this scribe reportedly had no mathematical skills at all.
The German mathematician Carl Friedrich Gauss laid the foundations of modular arithmetic as we use it today in his Disquisitiones Arithmeticae (published 1801). In other words, you owe the secure connection of your laptop to your employer’s network ultimately to German ingenuity (as it is often, if not always, the case) and some Swiss help. I should mention that RSA is slow and therefore rarely used for encrypting large amounts of data directly. Instead, RSA is primarily used to securely transmit shared symmetric keys which are then used for data encryption because this is much faster. This hybrid approach is standard in protocols like TLS/SSL, which secure internet traffic (e.g., HTTPS) mentioned at the beginning. RSA and symmetric key algorithms are not equally vulnerable to quantum computers by the way, so knowing the specific implementation is critical for a correct assessment of the impact or vulnerabilities.
The extended Euclidean Algorithm is a refinement of Euclid’s method. Gauss expanded on Euler’s work in the early 19th century with his modular arithmetic framework and demonstrated how many number theory problems, including solving equations like 76624777043294442917917351362565 divided by 3233, could be reduced to modular arithmetic.
If we want to hack into this secure message, we know N = 3233, e = 17, and we have a copy of C = 2790. But what we need is d = 2753, which we don’t have. This must meet the condition that 17 * d mod ϕ (3233) = 1.
Here comes the trick: to compute ϕ(N), you need the prime factors p and q of N, because:
ϕ(N)=(p−1)(q−1)
So without knowing p and q, you cannot compute ϕ(N), and thus you cannot determine d.
ϕ(N), or phi (N), is a function that counts the number of coprime integers.
Let’s say 10, which means looking for coprime numbers among numbers less than 10: 1, 2, 3, 4, 5, 6, 7, 8, 9
Coprime numbers are: 1, 3, 7, 9 (since these numbers share no factors with 10 other than 1).
For example, there are no numbers for x and y that make the following formula true: 2 * x = 3 and 2 * y = 10.
So, ϕ(10) = 4
To generate the private key d, we need to find two prime numbers p and q such that N=p⋅q. Using these primes, we calculate ϕ(N)=(p−1)⋅(q−1), Euler’s totient function, which allows us to compute d using the equation e⋅d mod ϕ(N)=1.
And there is no method other than trial and error. Given the number of possibilities, factoring 2048-bit RSA moduli would take thousands of years with current computing power.
Elliptic Curve Cryptography: A Modern Alternative
Bitcoin and Ethereum use elliptic curve cryptography (ECC) for public and private keys instead of relying on the factoring of two prime numbers, as is the case with RSA. However, there are some conceptual similarities between the two approaches, and the security of both ECC and RSA is affected by the potential of quantum computing.
Key Concepts in ECC
Private Key: A randomly generated number that must remain secret.
Public Key: Derived mathematically from the private key using elliptic curve multiplication, a one-way function that is easy to compute but hard to reverse.
What is an Elliptic Curve?
An elliptic curve is a set of points that satisfy a specific type of mathematical equation using constants that define the shape of the curve. The points on this curve, along with a special "point at infinity," form a mathematical group used in cryptographic operations. For laymen and laywoman, seeing an elliptic curve plotted on a graph may look rather surprising since the points of the elliptic curve look like dots on a grid, creating something visually similar to a scatter plot. The points are discrete and not connected. However, these points still form a structured mathematical group over a finite field, and thus meet the formal definition of a curve (they just don’t look like it to the untrained eye).
Elliptic curves have deep historical roots, with applications in solving equations over rational numbers (numbers that can be expressed as a quotient of two integers, like 2/3; by contrast, irrational numbers, like π, cannot be expressed this way). Elliptic curves also played a key role in the proof of Fermat’s Last Theorem, which was postulated in 1637 and finally proven by Andrew Wiles in the 1990s.
Historical Origins of Elliptic Functions
Early mathematicians, such as Fermat, Euler, and later Poincaré, studied such equations (y^2=x^3+ax+b). They can have:
No solutions,
A finite number of solutions, or
An infinite number of solutions.
Hence, when studying ellipses and their arc lengths they discovered that the integrals involved (called elliptic integrals) couldn’t be solved using elementary functions. This work laid the foundation for elliptic functions, which have since been applied to many areas of mathematics and physics.
Applications of Elliptic Curves
Take, for example, a planet moving around the sun in an elliptical orbit. For a long time, astronomers noticed a slight deviation in Mercury’s orbit that couldn’t be explained using Newtonian physics. Einstein’s theory of general relativity eventually resolved this anomaly, and the mathematics of elliptic functions played a role in these calculations. Elliptic functions, much like elliptic curves, have proven to be remarkably versatile and have applications far beyond cryptography.
Elliptic curves were studied to handle infinite or complex systems in a structured, finite way
Mathematicians were grappling with problems like the strange behavior of elliptic functions and periodicity. Elliptic curves "stepped in" and said:
“Let’s organize this.”
They provided a finite, well-defined group structure and a systematic way to handle solutions.
They handle number theory problems (e.g., rational points on a curve) but
serve real-world practical needs like securing digital communications and cryptocurrencies. Just like a true product manager handles both vision and execution!They Bring Diverse Teams Together since Elliptic curves unite Geometry, Algebra, Number theory and Cryptography.
They’re scalable, efficient, and built to last. And, like all good product managers, they quietly sit in the background, doing their job without demanding the spotlight. Truly one of math’s unsung heroes!
