Developer and researcher Woody Wertheimer warns that the Lightning Network has structural problems with quantum computing that no amount of good user practices can solve.
For the Lightning Network to work, Both sides of the payment channel need to exchange public keys. That exchange does not remain on the blockchain, but in the hands of the service provider that manages the channel. Once a quantum computer with sufficient capacity (CRQC) has obtained the public key, it can calculate the private key, which the developers claim will give it full access to the user’s balance.
Powered by platforms such as Coinbase, Binance, and Cash App, the Lightning Network currently moves over 5,000 Bitcoins in locked capacity distributed across over 50,000 active nodes.
You don’t need speed, just time.
The developers emphasize that unlike quantum attacks on Bitcoin’s memory pool, it intercepts transactions in the minutes it takes to confirm them. Lightning attack vectors don’t need to operate in real-time. The public key is already saved. It should only be processed if quantum capacity allows. Google estimates paper It was recently reported that CRQC was able to decrypt a key in transit in just 9 minutes, but with Lightning, you don’t need that speed.
Udi points out that the standard “don’t reuse addresses” defense doesn’t apply here. Lightning public keys are shared by design, not inadvertence. This problem extends to other points in the ecosystem: hardware wallets that were connected to compromised devices, users who handed over their public keys to tax accounting platforms for automated tracking of their wallets, and customers of suppliers.
However, Wertheimer points out that the potential for danger is even greater with Ethereum and Solana. Many smart contracts come with a key that gives you full control over your locked funds.. An attacker with CRQC does not need weeks of social engineering or oracle manipulation. The attacker simply obtains the contract’s public key, calculates the private key, and empties the funds.
Last week’s Drift Protocol hack resulted in $285 million in losses and required weeks of preparation. With quantum capabilities, that process can be reduced to a few hours.
Proposals such as BIP-360, which have been presented as a solution to Bitcoin’s quantum risk, do not consider the Lightning case. According to Wertheimer, this problem can only be solved by incorporating post-quantum cryptography into the fundamental layers of the protocol. Until then, Lightning developers don’t have the tools to protect users, and once Bitcoin’s technical debates are finally resolved, the transition, which involves research, software redesign, implementation, and mass adoption, could take years.
