In the previous articles of this series, we discussed the most important challenges blockchain must overcome to become mainstream. Energy consumption, privacy issues and the threat of quantum computing are also often cited as challenges. However, they are mostly platform-specific, and not that big of a deal, in our view. In this blog post, we will dive deeper into these challenges. We will also explore how some platforms have addressed them and why others have not.

## Energy consumption

Blockchain platforms are often attacked in the media for their energy consumption. You’ll see articles about how Bitcoin consumes more energy than Switzerland, for example. The truth about this is a lot more nuanced. But even if we agree to the fact that Bitcoin consumes a lot of energy, this is not true for blockchain in general. In fact, there are already many blockchain platforms that don’t spend such huge amounts of energy. Bitcoin’s high energy consumption has largely to do with the “proof of work algorithm” in its blockchain protocol. Therefore, we don’t view energy consumption as a blockchain challenge, but rather as a Bitcoin challenge. On the other hand, proof of work is considered the most robust protocol at the moment, so in that sense, the challenge is finding an alternative that is equally robust but more energy efficient.

## Privacy

Privacy is another topic that tends to earn blockchain some negative press, but the discussion here is often full of contradictions. Some articles claim that Bitcoin is the perfect currency for criminals, because it makes them hard to track. Other articles argue that creating a blockchain solution is very difficult due to constraints posed by GDPR. Like the energy consumption issue, privacy shortcomings are largely platform-specific and not intrinsic to blockchain as whole.

For instance, in Bitcoin’s case there is no real anonymity, only pseudo-anonymity. Every transaction on the Bitcoin blockchain can be tracked and gets logged in a public record. This is not true for every blockchain. For instance, Monero uses stealth addresses, CT ring structures and zero knowledge range proofs to anonymise transactions. Nobody can trace these transactions, unless the person who initiated the transaction shares their view key. Monero’s privacy protections do come at a cost. Transactions typically require more bytes and, as a result, they become slower and more expensive to perform. It’s also harder to program privacy currencies. With Monero, it’s very hard to create so-called colored coins (tokens that can only be spent for specific purposes). There is another significant disadvantage in privacy currencies: if a hacker were to exploit a bug to create fake coins, these would be very hard to track. This is especially true when using zero knowledge proofs (ZKP), which we will cover in more detail in the next paragraph. Regulatory bodies like the SEC are also hesitant to accept privacy currencies. This last point might be viewed as an advantage though, since many early adopters embrace blockchain to distance themselves from the status quo.

## Zero knowledge proofs

At this moment, the platforms that are preferred by the market are those that are not completely anonymous by default, but do have some privacy options built in. There is a growing demand for extra privacy tools, especially in smart contract platforms. Zero knowledge proofs are viewed as the privacy holy grail for blockchain. Zero knowledge proofs are a type of algorithm with a prover and a verifier, as illustrated below:

In this figure, Peggy wants to convince Victor she has a key to open the door between A and B, without showing him the key. To do this, she asks Victor to stay outside and then enters the cave at either A or B. Peggy then asks Victor to go back to the entrance and asks Victor whether she should come out of A or B. If she were to come out from the correct direction, she could either have the key, or have been in that part of the cave to begin with. If they repeat this experiment several times, Victor will be convinced, at some point, that Peggy indeed has the key, since it’s highly unlikely for Peggy to come out at the same side Victor asks her to come out from each time without having the key.

The beauty of zero knowledge proofs is that you can prove ownership of certain data or keys without revealing them. It’s not even required to store that data. Only a mathematical proof is stored. If the ZKP were to be broken, for instance by a quantum computer (which we will cover in the next part of this post), the data would still be secure. The only thing that changes is that the ZKP will no longer convince the verifier anymore because in that case, the prover can fake proofs. This is why ZKPs are viewed as the holy grail for privacy on blockchains. Since blockchain is an immutable and often public ledger, the data on this ledger needs to be protected for eternity and not just against time, like in traditional databases. Encryption will most likely be cracked eventually and that is why, from a GDPR perspective, encrypting data on a blockchain is not enough. The challenge with ZKPs is that these algorithms are very complex, making bugs in the protocol very hard to find and correct.

## Blockchain and GDPR

Speaking about GDPR, many articles claim that it’s hard to build blockchain solutions that comply with laws and regulations. In our experience, these claims are often exaggerated. There are challenges for sure, but there are also many misconceptions about building blockchain solutions and many workarounds that can be applied. As a best practice, you should not store sensitive data on the blockchain directly, but off chain. The blockchain can store hashes to prove that the data has not been tampered with. Do note, however, that hashed personal data is still considered personal data in GDPR, and for good reason. While it’s mathematically impossible to invert a hash function, it is possible to keep guessing a hashed solution until a match is found. For instance, if we were to hash a name and store it on the blockchain, we just have to hash a couple of million names at most until the hashed name matches the stored hash. This would allow us to acquire personal data.

There is an easy workaround to ward off this type of intrusion. For instance, let's say we want to store a shipping document. All we need to do is remove the personal data, include a pseudonymous identifier and store a hash of that on the blockchain. DIDs are another useful tool invented by some smart people. A DID can be compared with a URL pointing to a person, but can also be used to point to organisations, data models or other objects. The ingenious part of a DID is that it’s different for every relationship. In other words, my DID with, for instance, Rabobank is different from my DID with ING.

So, while we agree that privacy challenges exist on public, permissionless blockchain platforms, these challenges can be addressed. In fact, public blockchains can even be very useful to build trusted identities that preserve privacy, as Sovrin shows. There are many existing solutions that are in line with laws and regulations. It just requires some creative thinking to build them.

## Quantum computing

The last blockchain challenge we want to discuss is quantum computing. Many articles claim it will “end Bitcoin” - the most popular blockchain platform. We, however, are not that pessimistic. First of all, quantum resistant algorithms already exist. So, Bitcoin could update its cryptography to become quantum resistant if need be. Critics will claim that updating Bitcoin takes a long time. But if there is good reason to believe quantum computing has become a serious threat, hardly anyone would oppose an upgrade. This begs the question: why don’t they upgrade the platform now?

The reason for that is that quantum resistant algorithms are typically not as efficient. They would slow down the Bitcoin network and transactions would become more expensive. Quantum computing will most likely not become a threat to encryption for 30-50 years, so there is currently no pressure to update to quantum resistant encryption. The truth is, we may never reach a point where quantum computers will break Bitcoin. Scalable quantum computers only exist in theory so far. Let’s dive a little deeper into quantum computing to further understand this.

At present, there are two quantum algorithms that can be used to break encryption faster than classical algorithms. These algorithms are Grover's algorithm and Shor’s algorithm. We will not cover how these algorithms work in this blog, but we will discuss how they could potentially be used to attack Bitcoin.

To explain this, we first have to delve into security levels. If an algorithm has n bits of security, an attacker needs to take 2^{n }steps to break it. Encryption is considered secure when it has at least 128 bits of security. This doesn’t change in a quantum computer. What changes is the amount of steps a quantum computer has to take in certain situations. The table below explains how Grover’s and Shor’s algorithms affect the bits of security on commonly used encryption algorithms.

On the left side of the table, we see how a quantum computer using Grover’s algorithm affects the amount of bits of security required on AES-256 cryptography, which is similar to that of SHA-256 - the type cryptography used on typical cryptocurrency wallets like Bitcoin. Grover’s algorithm halves the bits of security, meaning that even in the quantum world, Bitcoin wallets (which use sha256) are still considered secure.

On the right side, we see how Shor’s algorithm affects the bits of security on RSA. It reduces the bits of security by a factor of 7.5! Even huge RSA keys with a length of 15,360 are not considered secure in this case. RSA is the type of encryption typically used to log into many traditional services. Bitcoin uses an elliptic curve instead, which sadly will not fare much better in the quantum world. This means that once a Bitcoin wallet has been used in a transaction, it could technically be hacked by a scalable quantum computer. However, most wallets never reuse a Bitcoin keypair, and since there are so many wallets available, it’s possible to be quantum secure on Bitcoin right now! Quantum computers will also affect mining a little bit. This will again be driven by Grover's algorithm, which will provide an advantage of about 40%. In other words, it will not break the security of Bitcoin entirely. Running a quantum computer will most likely require a lot of energy, so it will not be economically viable anyway.

Eventually, Bitcoin may need to change the elliptic curve algorithm to a quantum resistant version. However, to break the elliptic curve you would require a quantum computer with 1500 qubits and thousands of gates. To put that into perspective, the record claimed by Google a while ago was 57 qubits, and unlike traditional computers, where increasing the amount of bits is only slightly more difficult, increasing the amount of qubits increases the complexity exponentially. This is because quantum states typically collapse quickly and this happens much faster with more qubits. As a result, even the best quantum computers available aren’t stable for long, including Google’s. In short, before blockchain faces any kind of trouble from quantum computers, we first need to increase the amount of qubits by a factor of 26 (at least), and prevent those quantum states from collapsing at the same time. This is no easy feat. Many physicists, including myself, are skeptical as to whether this is even possible. Quantum computing is not a real threat to blockchain at present.

## Wrapping up

As we explored in this article, there are many misconceptions surrounding blockchain platforms. Privacy concerns, the threat of quantum computing, and energy consumption are just a handful of them. While some concerns are merited, most are not and many are platform-specific (as we learned in the discussion above). I hope this offered some insight for organisations considering the use of a blockchain solution. If you have any questions or comments, let me know.