Entanglement for Byzantine fault problem

Question

In "Proof of Work"-Blockchains, the block is added by the member who first solves a hard problem. That's very expensive. But if all blockchain-members get an entangled dice, that randomly selects one of them, there would be consensus. They all would have the same measurement outcome. So my idea. Is there some research going on? And is quantumcomputing a threat or chance for blockchaintechnology? Sorry, for my bad english. I'm just a layman & enthusiast.

Answer 1

There are two questions here:

1. Is there some king of protocol which would allow to mine a block and ensure consensus using an entangled state?
2. What will be the impact of quantum computing on the blockchain technology?

---

Using an entangled state for the mining process

There are some concerns regarding this. First of all, the fact that the process of mining is expensive is what makes PoW system secure. Putting miners in competition against each others is what guarantees that no single miner can rewrite the blockchain. Measuring a quantum state is no hard task as far as I know, not to mention that it would be quite fast. Some research showed that a too fast mining process isn't secure, as stale blocks become very frequent, which leads to double-spending attacks.

You also have to take into account that in order to create an entangled state, a local operation must be performed at some point, which means you have to trust someone, which defeats the very principle of the blockchain. This however may be solved by asking several nodes to perform an operation and assuming at least one of them is honest, which is what's done in Bitcoin (you have to assume that at least one node which one downloads the blockchain from is honest). Furthermore, if you want your measurement outcome to be synchronized between all participants, a single quantum state must go through every miner in the network so that their local state is entangled with every other miner in the network, which is very inefficient.

Finally, how does one prove that a miner indeed got the right result and spent time getting it? In Bitcoin, the answer is: "I have $y$ such that $H(x\|y)<T$ and I could not have found $y$ without spending computational resource. If you want to verify it, simply compute $H(x\|y)$, as $x$ is public". In your scheme, not only must the mining process be expensive, but it also has to be verifiable once it is over. That is, it is mandatory that one can say "Given the previous chain $x$, a quantum state $|\psi\rangle$ and a string $y$ provided by a miner, I can compute $V(x,|\psi\rangle,y)$ which ensures that this miner spent computational resource in order to find $y$".

---

On the impact of Quantum Computing on the Blockchain

Concerning Bitcoin alone, two things immediately comes to mind:

1. Grover's algorithm (or some other hash-related algorithms, but they're based on Grover as far as I know) may help mining blocks faster.
2. Shor's algorithm may help break the private keys of accounts so that they can steal their coins.

The former is actually not an issue, a PoW blockchain is secure if its Target DIfficulty function has some desirable properties, which is the case for Bitcoin. In particular, the target will decrease since some blocks will be mined using Grover's algorithm in $\mathcal{O}\left(2^{\frac{T}{2}}\right)$ instead of $\mathcal{O}\left(2^{T}\right)$, where $T$ is the number of zeroes the hash you're looking for must begin with. Once settled, the mining process will continue without any perturbations, though miners using quantum computers may be seen as having an unfair advantage comparing to other miners. As long as this advantage does not allow them to mine more than $50\%$ of the blocks, the system remains secure.

The latter isn't really an issue either. Sooner or later, a hard fork will be adopted for adding an OPCODE that allows the verification of post-quantum signatures. There will then be a transition where all users would have to create a private key associated to this post-quantum signature scheme and transfer their funds to this account before their private key gets attacked by Shor's algorithm.

Though this was focused on Bitcoin, I think the same reasoning can be applied to other blockchain systems. Grover's algorithm can still be applied to Verifiable Delay Functions if I'm not mistaken, and can surely be applied to all PoW system which require a bruteforce attack to find a solution. There is no quantum advantage that comes to my mind concerning Proof of Stake systems, and the fact that private keys could be attacked using Shor's algorithm directly depends on the signature scheme that is used.

---

Of course, don't hesitate to point out any mistake I could have made, I'm no expert in that field!