Olaoluwa Osuntokun, lead developer of the Lightning LND consumer, posted on the Delving Bitcoin discussion board on June 5 an in depth technical evaluation on how quantum computing would have an effect on the Lightning community and what adjustments can be obligatory for the protocol to proceed working.
In response to Osuntokun’s publish, the query will not be whether or not Lightning must adapt, however somewhat the way to do it with out dismantling your structure. The evaluation relies on a exact analysis: all layers of the protocol that relaxation on classical safety assumptions require modifications.
Osuntokun recognized 5 protocol specs identified by the acronym BOLT (Bases of Lightning Expertise) with direct use of elliptic curve cryptography:
- The bill format (BOLT 11/12) that generates and reads cost QR codes.
- Encrypted transport between nodes (BOLT 8), for safe node-to-node communication.
- Community discovery messages (BOLT 7), to search out nodes and channels
- Onion routing (BOLT 4), to ship funds privately
- The channel format (BOLT 2/3/5), to open, shut and replace channels.
The developer maintains that though every of those layers requires adjustmentsthe general hierarchy of the protocol and its flows stay largely unchanged. In that sense, Osuntokun’s evaluation is the primary structured technical response to that exhibition.
Vulnerability will not be theoretical. As CriptoNoticias reported final April, Lightning Community public keys are completely uncovered to 3rd events, which makes them a direct assault vector for a sufficiently highly effective quantum laptop.
Probably the most important structural adjustments proposed by the evaluation is the lack of the common key. In the present day, a single elliptic curve key’s used to signal messages, set up encrypted connections, and authenticate nodes.
Within the post-quantum state of affairs, three totally different cryptosystems will most probably have to be carried out to attain the present base performance: ML-KEM for transport, ML-DSA for off-chain signatures, and SLH-DSA for on-chain signatures.
The opposite central impediment is measurement. A key plus Schnorr/ECDSA signature (at present utilized in Bitcoin) takes up 97 bytes; its equal in ML-DSA-44 reaches 3,732 bytes, and in SLH-DSA-128s it reaches 7,888 bytes.
Such a distinction has concrete penalties. Osuntokun factors out that the QR codes used at the moment to transmit cost invoices don’t may encode any of the post-quantum schemes inside their present limits.
The dilemma of hash-based schemes
A related discovering of the evaluation is the limitation of the scheme SLH-DSA in its decreased variant (SLH-DSA-128-24). This variant imposes a restrict of 16 million signatures per key.
For a node with a thousand channels that broadcasts updates each ten minutes, that restrict can be exhausted in lower than 4 months. For that purpose, Osuntokun guidelines out SLH-DSA-128-24 as a candidate for the community discovery layer and favors ML-DSA, the lattice-based scheme.
Confronted with the dilemma between fully migrating to post-quantum cryptography or preserve a combined strategy, the evaluation leans in direction of hybridization.
Hybrid post-quantum cryptography combines classical and post-quantum schemes in order that if both continues to be safe, your complete system is safe. This logic goes each methods: post-quantum schemes may additionally show susceptible sooner or later.
Osuntokun proposes to introduce the brand new keys as non-compulsory fields in present messages and solely in a later part reject messages that don’t embrace them.
Osuntokun’s evaluation is, in line with the creator himself, the primary concrete doc written on the subject after receiving direct and oblique questions from the neighborhood on the impression of quantum computing on Lightning.
Its place as the primary maintainer of LND—the Lightning consumer with the best utilization share in community nodes—provides technical and operational weight to its conclusions.
The underlying message of the evaluation is that Lightning will not be doomed by the quantum risk, however that the difference course of would require coordinating simultaneous adjustments at a number of layers of the protocol. One thing that has traditionally taken years within the Bitcoin ecosystem and that represents an unprecedented coordination problem within the Bitcoin ecosystem.
