A Quantum-Resistant Blockchain System: A Comparative Analysis

Abstract

Blockchain transactions are decentralized, secure, and transparent, and they have altered industries. However, the emergence of quantum computing presents a severe security risk to the traditional encryption algorithms used in blockchain. Post-quantum signatures are required to preserve integrity and reliability. Furthermore, combining the InterPlanetary File System (IPFS) with blockchain provides a long-term strategy for data storage and sharing. This study investigates the integration of post-quantum signatures with the IPFS in a blockchain system, which can considerably enhance blockchain system efficiency. We increase security and efficiency by recording hash values of signatures and public keys within the blockchain and storing their actual content using the IPFS. The study compares NIST-recommended post-quantum signatures with the ECDSA in a Bitcoin exchange scheme to show how effective the system is in countering quantum threats while maintaining optimal performance. This research makes an important addition to the long-term viability and dependability of blockchain technology in the face of the growing landscape of quantum computing breakthroughs.

1. Introduction

Blockchain, a decentralized digital ledger technology, has gained widespread popularity due to its inherent traits such as non-tampering, non-forgery, traceability, transparent data, and safety. By leveraging public key cryptography, blockchain enables secure and trustless information sharing among peers, effectively resolving the double-spending problem. As blockchain finds its applications in smart factories, measurement systems, logistics, and e-voting, ensuring the integrity and authenticity of transactions becomes paramount.

However, the rise of quantum computing presents a significant threat to the security of blockchain systems. Communication and trust between dispersed blockchain network nodes must depend on digital signature mechanisms, which principally permit verification of information identity, authenticity, and integrity. Quantum computing’s ability to solve complex mathematical problems efficiently, such as breaking down numbers into their prime factors and solving discrete logarithmic problems, undermines the security of traditional digital signature schemes, like the RSA, ECDSA, ECDH, and DSA. The robustness of blockchain, which relies on these signature schemes for integrity and authentication, faces uncertainty in the face of quantum computing advancements. Current blockchain systems could become obsolete due to quantum attacks on cryptography algorithms, which could lead to fraudulent transactions and unauthorized data access. The capacity of quantum computers to solve complicated mathematical problems may quickly undermine blockchain’s decentralized nature, raising questions about the security and integrity of distributed ledger networks. Consequently, there exists a pressing demand to explore and implement post-quantum signature schemes to ensure the sustained security and resilience of blockchain networks in the quantum era.

Comparing the ECDSA with NIST-recommended post-quantum schemes allows us to weigh the balance between current cryptographic standards and the imperative of future quantum resistance. This evaluation is rooted in established standards with global recognition. Consequently, this paper initiates with a comprehensive exploration of the present landscape of post-quantum cryptography, offering crucial insights for researchers aspiring to construct secure blockchain networks. Subsequently, the paper delves into the practical execution of the most promising post-quantum signature methods in conjunction with the ECDSA within the blockchain context. Given the substantial size of public keys and signatures in post-quantum schemes, they can consume a significant portion of a block’s capacity. To address this, we employ the IPFS for storing public keys and signatures, while only storing their hash values on the blockchain.

This study meticulously examines the challenges in implementing these schemes. Additionally, it extensively compares the performance of post-quantum signature schemes to pinpoint the optimal solutions for constructing robust and quantum-resistant blockchains. This research serves as a valuable contribution to the enduring sustainability and dependability of blockchain technology amid the evolving landscape of quantum computing advancements.

The structure of this paper is outlined as follows: Related research on post-quantum signature techniques for blockchain-enabled systems is covered in Section 2 of this article. Section 3 discusses blockchain-enabled systems, blockchain security, and the IPFS network. Section 4 presents the effects of quantum computing on blockchains and an overview of post-quantum cryptosystems. In Section 5, we present post-quantum signature schemes approved by the NIST. Section 6 includes the comparative study of blockchain performance on the IPFS network, evaluating the effectiveness of post-quantum signatures suggested by the NIST versus the standard ECDSA signatures. Finally, Section 7 provides the conclusions drawn from our study.

2. Related Works

Blockchain transactions that are transparent, safe, and decentralized have changed entire sectors. Two basic strategies—quantum-secured blockchain and quantum-resistant blockchain—have been employed by researchers to protect blockchain in recent years from future quantum computer attacks. Digital signatures derived from quantum-resistant algorithms are used in quantum-resistant blockchain, although their practical applications are still limited, and the problem of long public keys still exists. Numerous industries have adopted blockchain technology, and almost 3000 virtual currencies, including well-known ones like Ethereum [1], Ripple, and Tether, use it for cross-border transactions.

The family of post-quantum algorithms with the highest efficacy in countering quantum attacks, which have garnered a lot of attention recently, is lattice cryptography. A few signature techniques based on lattice cryptography have been proposed in references [2,3,4]. These approaches aim to enhance transaction handling within blockchain systems, yet they prove ineffective for blockchain technologies operating in computationally intricate environments. Gao et.al. unveiled a blockchain-compatible double signing method [3]. The scheme’s security is solely predicated on the SIS assumption. Li et.al. created a technique for digital signatures using the bonsai trees technology [4]. Its security is established within the framework of the random oracle model. The author in [5] explores how blockchain technology is being used in smart cities and suggests a quantum-resistant blockchain platform built upon lattice cryptography. The paper [6] analyzes the most significant cryptocurrencies in the context of quantum risks, ranking them by market capitalization (MC). The author suggests a blockchain design for the Internet of Things (IoT) using the NTRU lattice, along with a cryptographic security validation for the system, in order to build a highly effective post-quantum blockchain infrastructure.

There are no recent data breaches or security breaches in the domain of blockchain using quantum computers, but there are some potential vulnerabilities due to the development of quantum computing, which highlights the urgency for introducing quantum-resistant algorithms. Demonstrations of quantum algorithms like Shor’s have showcased their potential to compromise widely used encryption techniques, placing data security at risk. Additionally, there is a concern regarding historical data encrypted using vulnerable methods, as they could be exposed in the future, posing potential breaches. Quantum computing’s ability to intercept and decrypt secure communications has significant implications for national security. Furthermore, blockchain technology, which relies on public key cryptography for its decentralized trust model, is particularly susceptible to quantum attacks that could expose private keys from public ones. Notably, a recent study reveals that a substantial portion of cryptocurrency holdings, including 25% of Bitcoin and 65% of ether, resides in addresses with publicly known public keys, raising concerns about their vulnerability to theft by powerful quantum computers. To mitigate these risks, it is imperative to expedite the development and adoption of quantum-resistant cryptographic solutions to ensure the continued security of digital systems and assets.

3. Blockchain Basics and IPFS

3.1. Blockchain-Enabled Systems

A technological infrastructure that uses blockchain technology to offer decentralized, open-source, and safe solutions for diverse applications is referred to as a blockchain-enabled system depicted in Figure 1.

At its foundation, blockchain is a decentralized record keeping system that holds transactional data via an unchangeable and impenetrable method. By incorporating blockchain into many systems, it is possible to improve their effectiveness, reliability, and data integrity, giving them distinct advantages over classic centralized systems. Here are some essential traits and illustrations of systems that utilize blockchain technology:

• Decentralization: blockchain removes the necessity for a central governing entity or middleman by operating within a decentralized network of interconnected nodes. By ensuring that no single entity controls the entire system, decentralization increases resilience and lowers the possibility of single points of failure.
• Transparency and immutability: every transaction recorded on the blockchain is openly accessible to the public and is publicly viewable. A transaction becomes immutable once it is added to the blockchain, which means it cannot be changed or removed without network consent.
• Security and data integrity: transactions are securely recorded and verified using cryptographic methods in blockchain technology. Any attempt to tamper with the data would require changing every transaction in the chain of blocks because each transaction is linked to the one before it.

3.2. Blockchain Security

Blockchain systems need to be secure in order to guard against fraud, tampering, and unauthorized access. Here, we explore key cryptographic techniques enhancing blockchain security.

• Digital signatures: a crucial cryptographic tool utilized in blockchain technology is the digital signature. A private key and a public key are the two types of cryptographic keys that each member of the blockchain network has. The matching public key is made available to others in order to validate the legitimacy of the signatures, while the private key is kept secret and utilized to create digital signatures. Digital signatures demonstrate that a transaction has been approved by the holder of the private key, demonstrating the validity and authorization of transactions on the blockchain.
• Hash functions: also known as message digests or hash codes. Hash functions are cryptographic techniques that transform data of any size into fixed-length, singular character strings. Each block in the blockchain contains the data from the preceding block’s hash value, resulting in a chain of blocks that are connected by their hashes. The blockchain’s immutability is ensured by this chaining method. It is simple to spot tampering because any alteration to the data within a block will result in a different hash value.
• Merkle trees: Merkle trees are binary trees, also known as known as hash trees, that make it possible to verify huge datasets of data efficiently. Merkle trees are used in blockchain to arrange and compile the transactions contained in a block. Participants can quickly confirm the existence and integrity of particular transactions within a block without having to process all of the individual transactions thanks to the Merkle tree’s root hash, which is included in the block header.
• Public key infrastructure (PKI): public key infrastructure encompasses a series of protocols and processes responsible for handling the generation, dispersion, and invalidation of digital certificates and public keys. In the blockchain context, PKI enables participants in the blockchain to validate each other’s public keys and confirm the validity of transactions by enabling them to authenticate each other’s public keys.
• Consensus methods: for transaction authentication and the addition of new blocks in a blockchain, proof-of-work (PoW) and proof-of-stake (PoS) consensus mechanisms employ hash functions. This guarantees that only valid transactions are added.
• Quantum-resistant cryptography: as quantum computing advances, established cryptographic techniques employed in blockchain, such RSA and ECC, are at risk of being compromised. Adopting quantum-resistant algorithms is essential to protect blockchain security from quantum threats in the future.

Some actual threats to blockchain technology are double spending, Sybil attacks, smart contract vulnerabilities, privacy concerns, key management, distributed denial of service (DDoS) attacks, and transaction malleability.

It is worth noting that, while quantum-resistant algorithms address the threat of quantum computing, they may not directly solve the other threats listed above. The other threats are typically mitigated through various cryptographic and non-cryptographic techniques. However, quantum-resistant cryptography plays a crucial role in ensuring the long-term security of blockchain networks in the face of quantum advancements.

3.3. InterPlanetary File System

The InterPlanetary File System (IPFS) revolutionizes online file storage and sharing by establishing a permanent and decentralized method. The IPFS’s primary objective is to offer a distributed file system that guarantees files that may be accessed from various places, removing the possibility of data loss due to server outages or shutdowns. The IPFS enables effective content retrieval and verification over the network by dividing files into smaller portions and giving them distinct cryptographic hashes. This cutting-edge technology has a number of benefits, including improved security, privacy, and user control. Without relying on a centralized authority, users can safely transfer files, lowering the possibility of censorship or unauthorized access to private information. Additionally, the IPFS is perfect for long-term information preservation because of its decentralized design, which permits files to endure forever. With regard to blockchain applications, the IPFS is used to store massive data, such as public keys and signatures, while the blockchain itself just stores the corresponding hash values. By doing this, the storage requirements of the blockchain are drastically decreased, resulting in more scalable and effective blockchain networks.

4. Quantum Computing’s Effects on Cryptosystems and the Need for Post-Quantum Cryptosystems

4.1. Quantum Computing

The cutting-edge discipline of computing known as quantum computing uses the concepts of quantum physics to process and modify data. Quantum computers employ quantum bits, also known as qubits, which can exist in several states at once due to the phenomenon known as superposition. This is in contrast to classical computers, which use bits to encode data as either 0 or 1.

Using quantum Fourier transform [7] to solve problems related to integer factorization and discrete logarithms can be exponentially sped up using Shor’s approach [8]. The searching problem can be quadratically sped up using Grover’s algorithm [9]. It offers a significant speed advantage over the conventional brute force approach, which takes $O\left(N\right)$ time in classical attacks. This method can find the original input corresponding to a function’s output in approximately $O\left(\sqrt{N}\right)$ time. Many widely used encryption systems rely on these intricate mathematical challenges. However, quantum computers are expected to solve these problems within a bounded polynomial time.

The extent to which these quantum benefits can be developed and the duration of the feasibility gap between classical and quantum models are also unknown [10]. The question of whether it is possible to create a large-scale quantum computer is complex and contentious. Many researchers now think that enormous quantum computers are just a very difficult engineering problem, although in the past it was less obvious whether they were a physical reality.

In the next 20 years or so, according to any scientists who still make such predictions [11], powerful quantum computers will be developed that will be able to break all of the current core public key infrastructures quickly. It will take much work to enable a seamless and stable transition from the newest widely used cryptosystems to their counterparts that can withstand quantum computing. Regardless of whether we are able to predict with accuracy when the era of quantum computing will begin, we must continue building more secure communication channels that, for instance, might revolutionize the field of cryptography.

4.2. Post-Quantum Cryptosystems

Due to their reliance on mathematical problems that can be solved effectively by quantum computers, existing cryptographic systems like RSA and ECC may become vulnerable as quantum computing technology develops. A cryptographic system created on alternative mathematical structures and algorithms to survive attacks from quantum computers is known as a post-quantum cryptosystem. With the advent of potent quantum computers, these new cryptographic techniques seek to increase security and guarantee the ongoing preservation of critical data. Post-quantum signatures are known as quantum-resistant signatures or quantum-safe signatures. In the age of quantum computing, post-quantum signature systems are appropriate for secure communications and digital identity verification since they are made to be capable of withstanding assaults from both conventional and quantum computers. Post-quantum signature systems will aid in ensuring the long-term security of digital communications and safeguarding sensitive data from potential quantum attacks once they are widely adopted and put into use. In order to provide a collection of safe post-quantum cryptography algorithms, standardization efforts are still being made. To guarantee these algorithms’ efficacy and compatibility, organizations like the National Institute of Standards and Technology (NIST) are driving the technique of soliciting, assessing, and standardizing them.

Post-quantum signature schemes can be classified into five categories: hash-based, lattice-based, code-based, multivariate polynomial-based, and super-singular isogeny-based schemes.

4.2.1. Code-Based Cryptosystem

Code-based cryptography relies on the difficulty of decoding specific structured linear error-correcting codes. Daniel J. Bernstein proposed Classic McEliece, which is a potential post-quantum public key cryptographic system based on error-correcting codes under consideration by the NIST for global standardisation, in 2017 [12,13,14]. In the McEliece concept, a public key is formed through a combination of the Goppa code and a linear transformation. To encrypt a message, the sender introduces a set level of random noise to the message [15]. Without knowing how to factor in the public key, recovering the message is a computationally difficult job for the attacker. Several code-based cryptographic methods exist, and, among them, certain ones could potentially provide security against quantum attacks: Classic McEliece, BIKE, and HQC.

4.2.2. Hash-Based Cryptosystem

The cryptographic secure hash function used in hash-based signatures is created to exhibit security properties, like being hard to reverse, resistant to finding original inputs, immune to generating similar outputs for different inputs, and robust against collision attacks. Hash-based signature schemes are classified as stateless or stateful based on their implementation approach. They can also be categorized as a one-time signature (OTS), few-time signature (FTS), multi-time signature (MTS), and hierarchical signature (HS). These classifications depend on factors such as how keys are generated, how signatures are generated, and other parameters used in their construction. $SPHINC{S}^{+}$ is a hash-based quantum-safe cryptographic algorithm. It is a signature system with no state and an improved version of SPHINCS, designed to reduce signature size [13].

4.2.3. Lattice-Based Cryptosystems

These cryptographic techniques are constructed using lattices, which are sets of points arranged periodically in multi-dimensional spaces. To find the smallest non-zero point within a lattice, a complex problem known as the shortest vector problem (SVP) is utilized. This problem, which is difficult to solve and falls under the NP-hard category, forms the foundation of security in lattice-based systems. Additional challenges related to lattices, such as the closest vector problem (CVP) and the shortest independent vectors problem (SIVP), as mentioned by [16], are currently beyond the capabilities of quantum computers. The algorithm’s implementation is relatively efficient, and it provides worst-case hardness-based security proofs that are extremely strong. The quantum-resistant algorithms based on the lattice are CRYSTALS-KYBER, SABER, NTRU, FrodoKEM, NTRU Prime CRYSTALS-Dilithium, and FALCON.

4.2.4. Multivariate-Based Cryptosystems

Multivariate system of equations have been demonstrated to be NP-complete or NP-hard, and multivariate-based techniques rely on this complexity [12]. Despite their resilience to quantum assaults, more research is required to increase their decryption speed, decrease their enormous key size, and lower their ciphertext overhead [17]. Rainbow and GeMSS are the potentially quantum-safe cryptographic techniques based on multivariate quadratic equations.

4.2.5. Super Singular Elliptic Curve Isogeny Cryptosystems

These are a novel approach that first appeared in the year 2000. To create public key cryptosystems, isogeny-based cryptography employs mappings between elliptic curves. Isogeny cryptography relies on the security of solving super singular isogeny problems. These problems involve finding the connection (isogeny mapping) between two super singular elliptic curves that have an equal count of points. In comparison with other post-quantum cryptography possibilities, the protocols based on isogeny need a very small key. SIKE is one of the isogeny cryptography family’s putative quantum-safe algorithms [18,19,20].

5. Description of NIST-Recommended Post-Quantum Signature Schemes and ECDSA

The section describes the CRYSTALS-Dilithium, FALCON, and $SPHINC{S}^{+}$ algorithms, which are identified by the NIST for standardisation.

5.1. CRYSTALS-Dilithium

A lattice-based digital signature system called CRYSTALS-Dilithium is renowned for its effectiveness and robust protection against both conventional and quantum adversaries. Algorithms 1–3, respectively, depict the procedures of key creation, signing, and verification, as in [21].

CRYSTALS-Dilithium’s salient characteristics include:

• Efficiency: CRYSTALS-Dilithium is optimized for key generation, signing, and verification efficiency, making it appropriate for contexts with limited resources, including Internet of Things devices and embedded systems.
• Strong security: the system offers a strong level of resilience against several assaults, including those launched by quantum computers.

Algorithm 1 Crystal Dilithium Gen

Input: Security parameters $\rho ,K$  Output: Public key $pk$ and secret key $sk$  $\rho \leftarrow {\{0,1\}}^{256}$  $K\leftarrow {\{0,1\}}^{256}$  $(s_1,s_2)\leftarrow S_{\eta }^l\ast S_{\eta }^k$  $A\in R_q^{k\ast l}=ExpandA\left(\rho \right)$▹ A is stored in NTT Domain Representation  $t=A{s}_1+s_2$  $(t_1,t_0)=Power2Roun{d}_q(t,d)$  $tr\in {\{0,1\}}^{348}=CRH(\rho \Vert t_1)$      ▹ CHR is centered rounding  $return(pk=(\rho ,t_1),sk=(\rho ,K,tr,s_1,s_2,t_0))$

Algorithm 2 Crystal Dilithium Sign

Input: Message M, Secret Key $sk$  Output: Signature $\sigma$  $A\in R_q^{\kappa \ast l}=ExpandA\left(\rho \right)$  $\nu \in {\{0,1\}}^{384}=CRH(tr\Vert M)$  $\kappa =0,(z,h)=\perp$  while  $(z,h)=\perp$  do      $y\in S_{\gamma 1-1}^l=ExpandMask(K\Vert \nu \Vert \kappa )$      $w=Ay$      $w_1=HighBit{s}_q(w,2{\gamma }_2)$      $c\in B_{60}=H(\nu \Vert w_1)$      $z=y+c{s}_1$      $(r_1,r_0)=Decompos{e}_q(w-c{s}_2,2{\gamma }_2)$      if ${\left|\right|z\left|\right|}_{\infty }\ge {\gamma }_1-\beta or\left|\right|r_0{\left|\right|}_{\infty }\ge {\gamma }_2-\beta or{r}_1\ne w_1$ then          $(z,h)=\perp$      else          $h=MakeHin{t}_q(-c{t}_0,w-c{s}_2+c{t}_0,2{\gamma }_2)$          if $\left|\right|c{t}_0{\left|\right|}_{\infty }\ge {\gamma }_{2}orthe\#of{1}^{\prime }sinhisgreaterthanw$ then             $(z,h)=\perp$          end if      end if      $\kappa =\kappa +1$  end while  $return\sigma =(z,h,c)$

Algorithm 3 Crystal Dilithium Verify

Input: Message M, Signature $\rho$, Public Key $pk$  Output: True if the signature is valid, False otherwise  $A\in R_q^{k\ast l}=ExpandA\left(\sigma \right)$     ▹ A is stored in NTT Domain Representation  $\nu \in {\{0,1\}}^{384}=CRH(CRH(\sigma \Vert t_1)\Vert M)$  $w_1^{\prime }=UseHin{t}_q(h,Az-c{t}_1·2^d,2{\gamma }_2)$  ${return\left[\right|\left|z\right||}_{\infty }<{\gamma }_1-\beta ]and[c=H(\nu \Vert w_1^{\prime })]and[\#of{1}^{\prime }sinhis\le w]$

5.2. FALCON

This is also a lattice-based digital signature algorithm called FALCON [22].

Consider the polynomial $\varphi =x^n+1$, where n is a power of two denoted by $n=2^{\kappa }$, and let q be a positive integer. In the NTRU cryptography context, a set of NTRU secrets comprises four polynomials: $f,g,F$, and G, all of which are elements of the polynomial ring $\mathbb{Z}\left[x\right]/\left(\varphi \right)$. These polynomials are chosen to satisfy the NTRU equation: $fG-gF=\mathrm{mod}\varphi$. Algorithms 4–6, respectively, depict the procedures of key creation, signing, and verification, as in [22].

The key creation, signing, and verification steps are represented in Algorithms 4–6, respectively. FALCON’s salient features include:

• High performance: FALCON is ideal for a variety of applications since it is built to strike a balance between security and performance.
• Small signature sizes: FALCON has smaller signature sizes than certain other lattice-based schemes, which is helpful in situations when bandwidth is limited.
• Compact key generating: the speedy setup for users is made possible by FALCON’s effective key-generating procedure.

Algorithm 4 FALCON Key Generation

Input: Security parameter n  Output: Public key $pk$ and secret key $sk$  $A\in Z_q^{m\times n}$  $T\in Z_q^{m\times m}$ invertible modulo q  $s\in Z_q^n$  $b=As\mathrm{mod}q$  $pk$ = $(A,b)$  $sk$ = $(T,s)$  $return(pk,sk)$

Algorithm 5 FALCON Sign

Input: Message $msg$, Secret key $sk$  Output: Signature $\sigma$  $r\in Z_q^m$  $R=Ar\mathrm{mod}q$  $e=\mathrm{SHA}3\left(\mathrm{concat}(R,msg)\right),e\in Z_q^n$  $y=s+e\mathrm{mod}q$  $c=\mathrm{SHA}3\left(\mathrm{concat}(R,y,msg)\right),c\in Z_q^m$  $z=r+Tc\mathrm{mod}q$  $\sigma$ = $(R,z)$  $return\sigma$

Algorithm 6 FALCON Verify

Input: Message $msg$, Signature $\sigma$, Public key $pk$  Output: True if the signature is valid, False otherwise  $\sigma$ = $(R,z)$  $pk$ = $(A,b)$  $c=\mathrm{SHA}3\left(\mathrm{concat}(R,Az-R)\right),c\in Z_q^m$  $W=Az-R+c\mathrm{mod}q$  $v=b-W\mathrm{mod}q$  $e^{\prime }=\mathrm{SHA}3\left(\mathrm{concat}(R,z,msg)\right),e^{\prime }\in Z_q^n$  if  $v=e^{\prime }$  then      return False  end if  return True

5.3. $SPHINC{S}^{+}$

Modern hash-based signature technology, such as $SPHINC{S}^{+}$ using $WOT{S}^{+}$ and FORS (hash-based signatures), provides strong security against both classical and quantum adversaries [13]. It addresses some of the flaws in the original SPHINCS system and is an enhanced version of it.

For clarity and a more in-depth look into the algorithm and its parameters, and on $WOT{S}^{+}$ and FORS, refer to [13]. Algorithms 7–9, respectively, depict the procedures of key creation, signing, and verification, as mentioned in [23].

Algorithm 7 $SPHINC{S}^{+}$ Key Generation

Input: Security parameter n  Output: $SPHINC{S}^{+}$ key pair $(SK,PK)$  $SK.\mathrm{seed}\leftarrow \sec \_\mathrm{rand}\left(n\right)$  $SK.\mathrm{prf}\leftarrow \sec \_\mathrm{rand}\left(n\right)$  $PK.\mathrm{seed}\leftarrow \sec \_\mathrm{rand}\left(n\right)$  $PK.\mathrm{root}\leftarrow \mathrm{ht}\_\mathrm{PKgen}(SK.\mathrm{seed},PK.\mathrm{seed})$  return  $\left((SK.\mathrm{seed},SK.\mathrm{prf},PK.\mathrm{seed},PK.\mathrm{root}),(PK.\mathrm{seed},PK.\mathrm{root})\right)$

$SPHINC{S}^{+}$’s salient attributes include:

• Quantum resistance: $SPHINC{S}^{+}$ is built to withstand Shor’s algorithm and other quantum attacks, making it secure with quantum computers.
• Fast signing and verification: $SPHINC{S}^{+}$ strives for fast signing and verification while retaining excellent security.
• Hash-based security: $SPHINC{S}^{+}$ is built on hash functions, which have received much attention and are commonly regarded as being quantum resistant.

Algorithm 8 $SPHINC{S}^{+}$ Signing Algorithm

Input: Message M, Private key $SK$  Output: $SPHINC{S}^{+}$ signature $SIG$  $ADRS\leftarrow \mathrm{toByte}(0,32)$  $opt\leftarrow \mathrm{toByte}(0,32)$  if  $RANDOMIZE$  then      $opt\leftarrow \mathrm{rand}\left(n\right)$  end if  $R\leftarrow \mathrm{PRF}\_\mathrm{msg}(SK.\mathrm{prf},opt,M)$  $SIG\leftarrow SIG\left|\right|R$  $digest\leftarrow H_{\mathrm{msg}}(R,PK.\mathrm{seed},PK.\mathrm{root},M)$  $tmp\_md\leftarrow \mathrm{first}\mathrm{floor}\left(\right(ka+7)/8)$ bytes of $digest$  $tmp\_idx\_tree\leftarrow \mathrm{next}\mathrm{floor}\left(\right(h-h/d+7)/8)$ bytes of $digest$  $tmp\_idx\_leaf\leftarrow \mathrm{next}\mathrm{floor}\left(\right(h/d+7)/8)$ bytes of $digest$  $md\leftarrow \mathrm{first}ka\mathrm{bits}\mathrm{of}tmp\_md$  $idx\_tree\leftarrow \mathrm{first}(h-h/d)\mathrm{bits}\mathrm{of}tmp\_idx\_tree$  $idx\_leaf\leftarrow \mathrm{first}(h/d)\mathrm{bits}\mathrm{of}tmp\_idx\_leaf$  $ADRS.\mathrm{setLayerAddress}\left(0\right)$  $ADRS.\mathrm{setTreeAddress}(idx\_tree)$  $ADRS.\mathrm{setType}\left(\mathrm{FORS}\_\mathrm{TREE}\right)$  $ADRS.\mathrm{setKeyPairAddress}(idx\_leaf)$  $SIG\_FORS\leftarrow \mathrm{fors}\_\mathrm{sign}(md,SK.\mathrm{seed},PK.\mathrm{seed},ADRS)$  $SIG\leftarrow SIG\left|\right|SIG\_FORS$  $PK\_FORS\leftarrow \mathrm{fors}\_\mathrm{pkFromSig}(SIG\_FORS,M,PK.\mathrm{seed},ADRS)$  $ADRS.\mathrm{setType}\left(\mathrm{TREE}\right)$  $SIG\_HT\leftarrow \mathrm{ht}\_\mathrm{sign}(PK\_FORS,SK.\mathrm{seed},PK.\mathrm{seed},idx\_tree,idx\_leaf)$  $SIG\leftarrow SIG\left|\right|SIG\_HT$  return  $SIG$

Algorithm 9 $SPHINC{S}^{+}$ Verification Algorithm

Input: Message M, Signature $\sigma$, Public key $pk$  Output: True if the signature is valid, False otherwise  $ADRS\leftarrow \mathrm{toByte}(0,32)$  $R\leftarrow \mathrm{SIG}.\mathrm{getR}\left(\right)$  $SIG\_FORS\leftarrow \mathrm{SIG}.\mathrm{getSIG}\_\mathrm{FORS}\left(\right)$  $SIG\_HT\leftarrow \mathrm{SIG}.\mathrm{getSIG}\_\mathrm{HT}\left(\right)$  $digest\leftarrow H_{\mathrm{msg}}(R,PK.\mathrm{seed},PK.\mathrm{root},M)$  $tmp\_md\leftarrow \mathrm{first}\mathrm{floor}\left(\right(ka+7)/8)$ bytes of $digest$  $tmp\_idx\_tree\leftarrow \mathrm{next}\mathrm{floor}\left(\right(h-h/d+7)/8)$ bytes of $digest$  $tmp\_idx\_leaf\leftarrow \mathrm{next}\mathrm{floor}\left(\right(h/d+7)/8)$ bytes of $digest$  $md\leftarrow \mathrm{first}ka\mathrm{bits}\mathrm{of}tmp\_md$  $idx\_tree\leftarrow \mathrm{first}(h-h/d)\mathrm{bits}\mathrm{of}tmp\_idx\_tree$  $idx\_leaf\leftarrow \mathrm{first}(h/d)\mathrm{bits}\mathrm{of}tmp\_idx\_leaf$  $ADRS.\mathrm{setLayerAddress}\left(0\right)$  $ADRS.\mathrm{setTreeAddress}(idx\_tree)$  $ADRS.\mathrm{setType}\left(\mathrm{FORS}\_\mathrm{TREE}\right)$  $ADRS.\mathrm{setKeyPairAddress}(idx\_leaf)$  $PK\_FORS\leftarrow \mathrm{fors}\_\mathrm{pkFromSig}(SIG\_FORS,md,PK.\mathrm{seed},ADRS)$  $ADRS.\mathrm{setType}\left(\mathrm{TREE}\right)$  return  $\mathrm{ht}\_\mathrm{verify}(PK\_FORS,SIG\_HT,PK.\mathrm{seed},idx\_tree,idx\_leaf,PK.\mathrm{root})$

5.4. ECDSA

The equation $y^2=x^3+7$ defines the Secp256k1 curve as a prime-order elliptic curve over a finite field for use in cryptographic techniques. A popular cryptographic algorithm is the elliptic curve digital signature algorithm (ECDSA), which uses the secp256k1 curve for generating digital signatures.

Algorithms 10–12, respectively, depict the procedures of key generation, signing, and verification, as in [24].

Algorithm 10 ECDSA Key Generation

Input: Elliptic curve parameters $a,b,p,G,n$  Output: Public key Q and private key d  $K\in \{1,2,...n-1\}$  $Q=kG$  $d\in \{1,2,...n-1\}$

Algorithm 11 ECDSA Sign

Input: Message $msg$, Private key d, Elliptic curve parameters $a,b,p,G,n$  Output: Signature $(r,s)$  $K\in \{1,2,...n-1\}$  $P=kG$  $r\equiv x_P\left(\mathrm{mod}n\right)$, where $x_P$ is the x-coordinate of P  if  $r=0$  then      go to Step 1  end if  $e=\mathrm{HashToNumber}\left(\mathrm{SHA}3\left(msg\right)\right)\in {\mathbb{Z}}_n$  $s\equiv (e+dr)·k^{-1}\left(\mathrm{mod}n\right)$  if  $s=0$  then      go to Step 1  end if

Algorithm 12 ECDSA Verify

Input: Message $msg$, Signature $(r,s)$, Public key Q, Elliptic curve parameters $a,b,p,G,n$  Output: True if the signature is valid, False otherwise  $e=\mathrm{SHA}3\left(msg\right)\in {\mathbb{Z}}_n$  $w\equiv s^{-1}\left(\mathrm{mod}n\right)$  $u_1\equiv ew\left(\mathrm{mod}n\right)$ and $u_2\equiv rw\left(\mathrm{mod}n\right)$  $P=u_{1}G+u_{2}Q$  if $P=\infty$ or $r\equiv x_P\left(\mathrm{mod}n\right)$ then      return False  end if  return True

The ECDSA’s salient characteristics include:

• Based on the discrete logarithm problem for elliptic curves, security.
• Efficient key sizes, suitable for constrained environments.
• Widely used in various cryptographic applications due to its practicality and effectiveness.
• Potential vulnerability to quantum attacks in the future.

The performance metrics of the post-quantum signature schemes Dilithium3, $SPHINC{S}^{+}$ + SHAKE256s, Falcon1024, and $SPHINC{S}^{+}$ + SHA256s are depicted in Figure 2.

6. Experiment, Analysis, and Results

To provide complete security, the system makes use of quantum-resistant digital signatures. We will examine the system’s performance and efficiency in this section. Ten alternative blockchain systems are examined in the same simulation scenario:

• Falcon1024, Dilithium3, $SPHINC{S}^{+}$ + SHA256s, and $SPHINC{S}^{+}$ + SHAAKE256s are used in blockchains with the IPFS network, since the ECDSA, which is not quantum resistant, is excluded from this comparison.
• Falcon1024, Dilithium3, $SPHINC{S}^{+}$ + SHA256s, $SPHINC{S}^{+}$ + SHAKE256s, and the ECDSA are used in blockchains without an IPFS network.

Efficiency:

• For blockchains that do not employ the IPFS, the performances of key sizes, signature sizes, signature time, key generation time, and signature verification time are compared, and specific variations of the algorithms are chosen accordingly. The parameters of the algorithms are chosen to obtain the same level of security 256 across every algorithm.
• The same parameters are used to compare blockchains using the IPFS. Every aspect of the algorithms is evaluated 1000 times to establish the average duration of key generation, signing, and verification.

Table 1. In terms of key generation time, algorithms are compared.

System	Falcon-1024	Dilithium3	${\mathit{SPHINCS}}^{+}$ -sha2-256s	${\mathit{SPHINCS}}^{+}$ -shake-256s	ECDSA
Key Generation Time (ms)	56.23675776	0.092273235	63.23413348	143.3466232	0.8477787971

,

Table 2. Algorithms are compared with respect to secret key size (bytes).

System	Falcon-1024	Dilithium3	${\mathit{SPHINCS}}^{+}$ -sha2-256s	${\mathit{SPHINCS}}^{+}$ -shake-256s	ECDSA
Secret key size (bytes)	1281	4000	128	128	32

,

Table 3. Algorithms are compared with respect to public key size (bytes).

System	Falcon-1024	Dilithium3	${\mathit{SPHINCS}}^{+}$ -sha2-256s	${\mathit{SPHINCS}}^{+}$ -shake-256s	ECDSA
Public key size (bytes)	897	1952	64	64	32
Public key size + IPFS (bytes)	32	32	32	32	32

,

Table 4. Algorithms are compared with respect to signature size (bytes).

System	Falcon-1024	Dilithium3	${\mathit{SPHINCS}}^{+}$ -sha2-256s	${\mathit{SPHINCS}}^{+}$ -shake-256s	ECDSA
Signature size (bytes)	666	3293	29,792	29,792	64
Signature size + IPFS (bytes)	32	32	32	32	32

,

Table 5. Algorithms are compared with respect to signature time (ms).

System	Falcon-1024	Dilithium3	${\mathit{SPHINCS}}^{+}$ -sha2-256s	${\mathit{SPHINCS}}^{+}$ -shake-256s	ECDSA
Signing time (ms)	13.05418944	0.329608202	864.1555767	1695.145414	1.154619694

and

Table 6. Algorithms are compared with respect to verification time (ms).

System	Falcon-1024	Dilithium3	${\mathit{SPHINCS}}^{+}$ -sha2-256s	${\mathit{SPHINCS}}^{+}$ -shake-256s	ECDSA
Verification time (ms)	0.13752412	0.09768486	1.18665814	2.40083479	3.692177057
Verification time + IPFS (ms)	1.285585641	0.273122786	2.277437449	3.61640429	4.23109493

present a comparative analysis of five signature schemes: ECDSA, $SPHINC{S}^{+}$ + SHA256s, $SPHINC{S}^{+}$ + SHAKE256s, Dilithium, and Falcon, which are represented in Figure 3, Figure 4, Figure 5, Figure 6, Figure 7 and Figure 8, respectively. The parameters for each algorithm are selected appropriately to attain the same security level of 256 bits, which results in a range of key lengths. The comparisons are based on various factors, including key generation time, signing time, verification time, and sizes of the secret key, public key, and signature. The results indicate that the ECDSA stands out as the most efficient algorithm, although its vulnerability to quantum attacks is a significant drawback.

Given the ECDSA’s susceptibility to quantum threats, the focus shifts to the remaining four quantum-resistant algorithms: $SPHINC{S}^{+}$ + SHA256s, $SPHINC{S}^{+}$ + SHAKE256s, Dilithium, and Falcon. When evaluating the same criteria as above, it becomes evident that Dilithium3 emerges as the most efficient alternative.

However, a closer examination of Table 3, which compares the public key sizes of the quantum-resistant algorithms and is depicted in Figure 5, reveals that Dilithium3 has the largest public key size. This aspect becomes a notable drawback in blockchain technology, as each transaction in the network incorporates the public key, leading to an increase in the transaction data size.

To gauge the impact of quantum-resistant algorithms on the network, we constructed a UTXO model. This model facilitated a comparison of block mining time, transaction size, and overall network efficiency. Throughout all operations, including mining and transaction creation, the difficulty level of zeros was fixed at 3. In assessing key generation, signing, and verification times, we conducted these operations 1000 times to obtain averaged timing results.

On Using IPFS

A comparison is made with the same algorithms but with the addition of IPFS (InterPlanetary File System) storage for reducing signature/public key sizes. The proposed method adds extra time for verification for all algorithms, but drastically reduces the size of the public key and the size of the signature. In Table 1, Table 2, Table 3, Table 4, Table 5 and Table 6, the results show that the time for key generation, time for signing, and time for verification are increased marginally for all schemes. The signature/public key sizes are significantly reduced, with only 32 bytes required for each of those values. Dilithium remains the fastest signature scheme after applying the IPFS-based approach. Another interesting inference is that the signature size of $SPHINC{S}^{+}$ is reduced by more than 99%. In

Table 7. Comparison of mining time (ms).

System	Falcon-1024	Dilithium3	${\mathit{SPHINCS}}^{+}$ -sha2-256s	${\mathit{SPHINCS}}^{+}$ -shake-256s
Mining time (ms)	409.2272282	653.0937672	2219.734669	3405.236483
Mining time + IPFS (ms)	176.66924	329.6942472	2198.122358	2405.548263

, the results divulge a considerable reduction in block mining times through the utilization of the IPFS which is shown in Figure 9. This reduction can be attributed to the diminished public key size facilitated by the IPFS, consequently leading to a reduction in the transaction size as well.

7. Conclusions

The blockchain system requires digital signatures for authenticity and integrity. Despite the fact that the ECDSA is still in use today in the blockchain system, it is not advised because the security will be undermined after quantum technology. We added the NIST-recommended post-quantum signatures Dilithium, FALCON, and $SPHINC{S}^{+}$ to the blockchain and analysed their performance compared with the widely used ECDSA. The Falcon and Dilithium-based systems are recommended for applications that prioritize strong performance in key generation, signing, and verification times, especially when utilizing the suggested IPFS for managing large keys. If the IPFS is not preferred, then Falcon is a suitable choice. Block capacity as well as the issue of quantum attack are both resolved in this manner. Overall, the proposed IPFS-based approach successfully reduces the signature/public key sizes for all signature schemes evaluated, which can greatly improve the efficiency of blockchain systems. The paper primarily delves into the UTXO model, primarily utilized in Bitcoin systems. Nonetheless, it is worth emphasizing that these quantum-resistant algorithms could be extended to various other blockchain models, including those employed by Ethereum, Polygon, Cosmos, and similar platforms, but mention applicability to Ethereum, Polygon, and similar platforms. While Bitcoin systems primarily facilitate transactions, Ethereum and related systems allow users to include data other than transactions in the blockchain. This key distinction introduces variability in block sizes, thus rendering the problem more intricate. Consequently, it imposes additional constraints on the calculation of mining times. These aforementioned areas represent promising avenues for future research in the realm of quantum-resistant blockchain systems.

Open Problem: More research into establishing better post-quantum signature schemes that provide reduced key and signature sizes and faster key generation, signatures, and verification times would be one of the main open problems in this domain. Another area of attention would be strengthening the IPFS component of the system.