By Jason Nelson
4 min read
Quantum computers are still far from breaking modern cryptography, but Zcash developers are treating the possibility as an active threat. The privacy coin’s engineers have been building contingency plans for a future machine powerful enough to sift through old blockchain data and expose years of user activity.
For a privacy-focused network, a “Q-Day” quantum attack would strike at the heart of its design. A successful attack could expose past activity, disrupt basic safeguards, and force developers to respond under pressure as the network reevaluates its security model, according to Zcash contributor and engineer Sean Bowe.
“In Bitcoin, the main risk is that someone could steal your money, but Zcash faces two risks,” Bowe told Decrypt. “Because it’s a privacy-focused system, there’s the danger that a quantum computer could break the cryptography and let someone counterfeit coins. There’s also the risk that a quantum machine could unwind users’ privacy by digging back through years of blockchain transactions.”
Those concerns have shaped how Zcash evolved over the years. The cryptocurrency launched in 2016 under the Electric Coin Company and Zooko Wilcox-O’Hearn, drawing on academic work from Johns Hopkins, MIT, and Tel Aviv University.
It shares Bitcoin’s fixed supply of 21 million coins, its proof-of-work algorithm, and its four-year halving schedule, but upgrades require community approval, which keeps control distributed among independent organizations. That structure and the community’s focus on the network’s overall health, Bowe said, make it easier to coordinate security decisions as the threat model changes.
“Privacy and quantum resistance are things we have thought about for a long time,” he said. “We are willing to make major protocol changes over a year or two if needed, and we can get everyone onboard, even across different organizations in the community.”
Industry attention to the threat of quantum computers has continued to grow. Ethereum co-founder Vitalik Buterin recently warned that, using Shor’s Algorithm, a powerful quantum computer could break the elliptic-curve cryptography used by Bitcoin and Ethereum as early as 2028. His comment reignited debate about how quickly major networks should prepare.
One of Zcash’s most developed responses so far is a proposal known as quantum recoverability. Instead of waiting for a full suite of quantum-secure cryptographic tools, the idea is to build a system that can withstand a quantum attack long enough for developers to upgrade the network.
“Quantum recoverability, sometimes called quantum robustness, is the idea of designing a system that can withstand a future quantum attack even if it is not quantum-secure today,” Bowe said. “The goal is to structure the protocol so that if powerful quantum computers ever emerge, the network can be paused, upgraded, and users can still access and spend their funds afterward.”
Without a mechanism like that in place, Bowe said, a quantum attacker would be able to seize private keys and drain accounts before any upgrade could take effect. With quantum recoverability in place, users would have a path to preserve control over their funds even if elliptic-curve cryptography failed.
Zcash—which has been back in the spotlight recently following a roughly 15x price surge since September 1—is not quantum-resistant today, Bowe acknowledged, but much of the protocol work required for quantum recoverability has already been completed. The remaining steps involve wallet software rather than changes to the consensus rules.
“We should be able to have quantum recoverability support in our wallets next year,” Bowe said. “It does not require a protocol change anymore. Now it involves changes to the wallets, and we can ship those a lot easier.”
Looking ahead, Bowe said he believed quantum computers capable of breaking elliptic-curve cryptography remain further away than some predictions suggest. He added that the real challenge will be how well a network can organize a response once the threat becomes tangible.
“With Bitcoin, even if the quantum risk is low, its ability to respond is poor. Panicking now is probably healthy, because getting everyone onboard with the changes needed will be slow and difficult,” he said. “In Zcash, we have been thinking about this for so long, and we have been addressing it as we go, that the remaining changes do not feel daunting. We can implement and ship them without much concern.”
He said the two communities face the same existential threat; their readiness differs.
“We are in a different position and do not have the same reason to panic,” he said. “It really comes down to perspective.”
Decrypt-a-cookie
This website or its third-party tools use cookies. Cookie policy By clicking the accept button, you agree to the use of cookies.