How quantum-safe is Libra?

I did have a look into the crypto algorithms listed on https://developers.libra.org/docs/crates/crypto . If I understand the architecture correctly, the security of all transactions is based on the cryptographic strength of the Ed25519 curve. To my knowledge the underlying discrete logarithm problem is not strong against quantum computers. How do you handle this topic? I did a cross check of the https://developers.libra.org/docs/assets/papers/the-libra-blockchain.pdf and didn’t find this topic mentioned.

7 Likes

Thank you for the question. Post-quantum cryptography is an area that we are thinking about and would like to explore (especially tradeoffs in performance and size). Hopefully we’ll be able to provide an update on this topic in the near future.

2 Likes

Thank you for replying to my question so fast, Avery! First I have to say, that I’m neither an expert for crypto currencies nor for block chain implementations. I understand that you have the intention that Libra will come to stay for a long time. Therefor if I were you, I would try to design the cryptographic part of Libra in a way, that it is possible to replace the used crypto algorithms over the life cycle of Libra without breaking changes because there is a very high possibility that the initially chosen algorithms will be broken over the time - either by classical crypto analysis or by improvements in computing power (e.g. quantum computers or simply by Moore’s Law).

Btw.: Are you aware about this paper: https://blog.cryptographyengineering.com/2015/10/22/a-riddle-wrapped-in-curve/ ? Maybe you should reconsider using EdDSA at all.

3 Likes

I agree that in the long term Libra needs to be able to support changing the cryptography technology easily. This is an important goal for our cryptography team and we intend to push API changes in the coming months towards supporting this.

3 Likes