The Gordian Developer Meeting on March 5, 2025 focused on Post-Quantum Cryptography, including a presentation from Foundation on their QuantumLink communications protocol, built into Passport Prime and a presentation from Blockchain Commons Lead Researcher Wolf McNally on the Post-Quantum Cryptography incorporated into the Blockchain Commons stack to support Foundation’s work.
This meeting also includes a short discussion of the ZeWIF project and its importance.
Media
|
Video:
|
Presentation Slides
Meeting Overview:
|
QuantumLink:
|
PQC @ Blockchain Commons:
|
For more, also see the rough summary and the raw transcript.
Key Quotes
Quotes are drawn from the raw transcript and may not be entirely precise as a result, but convey many of the major themes of the meeting. See the video for more.
Quantum Computing Overview
What is Quantum Computing? “Quantum computers take advantage of the superposition and entanglement of very small particles.”
Are Quantum Computers Real? “Quantum computers do really exist. This isn’t science fiction, but there are some limitations.”
When Will Quantum Computers Break Crypto? “Practical crypto-attacks by major funded, say, sovereign governments are still probably five to ten years off, but we really don’t know. Thus, in order to be proactive, we need post-quantum cryptography.”
Is all Cryptography Endangered? “Even with quantum attacks, ChaCha20Poly1305 remains secure for the foreseeable future. … But public-key cryptography, RSA, ECC, Diffie-Hellman, is completely broken by Shor’s algorithm.”
QuantumLink
What’s the basis of QuantumLink? “I wanted to talk today about a protocol that we’ve been implementing called QuantumLink, and it’s based on a lot of underlying Blockchain Commons protocols and specifications.”
Why was QuantumLink needed as a new communication method? “We started to work on the design of [Passport Prime], and we realized this QR code scanning is not really going to scale to the next billion people that are going to onboard to Bitcoin … we wanted a protocol that would provide sort of all the benefits of air gap security, but with a lot of improvements to the user experience.”
How does QuantumLink work? “QuantumLeak works by using out of band key exchange to establish initial trust. … Then we create an encrypted tunnel between two devices [over Bluetooth], and when a message is sent, every message is signed with a cryptographic signature. So every message is both encrypted and digitally signed.”
How are devices identified? “In addition to some of the metadata, it includes something called a XID document, which is another Blockchain Commons standard, where there’s an extensible identifier, which is a unique ID for each of the parties.”
Why use Bluetooth? “The bandwidth on Bluetooth is high enough that we can do firmware updates or downloads of new apps over the air. The other thing is now Passport could be kept up to date, so it can have the current Bitcoin price, it can have blockchain status info, it can have UTXO data, it can know which addresses have been used.”
Is the Bluetooth chip secure? “The main MCU and the Bluetooth MCU are separate chips. So it’s not possible to compromise the Bluetooth chip and have that affect the main MCU.”
How is Quantum Link quantum resistant? “For QuantumLink, we chose ML-KEM for encryption. This is the module lattice-based key encapsulation mechanism. … It’s not actually used for asymmetric encryption of the payload, but instead it’s used to encrypt a symmetric encryption key like ChaCha20POLY1305 or AES256. And for the digital signatures, we chose ML-DSA, which is Module Lattice-Based Digital Signature Algorithm.”
How hard is quantum resistance to implement? “We were able to essentially drop in the post-quantum encryption over top of the GSTP version we were already running.”
What Blockchain Commons protocols were used? “All the protocols we mentioned, all the standards are open source. So GSTP, UR, Envelope, XID. These are all provided by Blockchain Commons, I think almost all under the BSD2 clause plus patent license.”
Post-Quantum Cryptography at Blockchain Commons
What Cryptographic Algorithms Are Available in Blockchain Commons’ Reference Libraries? “You can basically choose between classical algorithms and quantum algorithms just by changing essentially one line of code. … we don’t consider this to be crypto agility as is used by some standards organizations, but we are crypto agnostic.”
How Hard Is It To Use? “Part of one of our guiding principles is that average engineers, like myself in many ways, should not have to be cryptographers. So we choose best of breed kind of algorithms and try to make it very hard to do the wrong thing with our APIs.”
What Are the Disadvantages of Quantum-Resistant Algorithms? “quantum signatures and encapsulated keys are significantly slower and larger.”
Quantum Keys and Signatures Are Bigger? “Schnorr, ECDSA, and ED25519 have 32-byte keys and 64-byte signatures … but that’s dwarfed by the size of the ML-DSA keys and signatures.”
The ZeWIF Project
See the ZeWIF pages for more on the ZeWIF project.
What is Blockchain Commons Working with Zcash? “Our goal is to protect everybody. So if you’re doing self-sovereign digital wallets, we want you to use our kind of layer zero standards to make sure that your customers do not have losses or are vulnerable to various kinds of attacks.”
Why Is an Interchange Format Important? “Interchange allows people to freely move their funds. We don’t want people to be locked into a single wallet. We want to encourage cooperation between wallets so that they can do things, but we also want to make sure that users don’t get locked in.”
How Does This Relate to Blockchain Commons’ Vision? “These are fundamental Gordian principles of openness, independence and resilience. These are fundamental to self-sovereign management of digital assets.”
Key URLs
Presentation Links
- Quantum Link
- Blockchain Commons Standards
- Blockchain Commons Reference Libraries
- ZeWIF
Sponsors
Thanks to our sponsor Foundation for their presentation and their support of our PQC work.
