Lightning payment channels require sharing public keys with service providers.
BIP-360, the most discussed anti-quantum proposal, does not solve the Lightning problem.
Lightning Network has a structural problem with quantum computers that no amount of good user practice can solve, warns developer and researcher Udi Wertheimer
For the Lightning network to work, both parties of a payment channel must exchange their public keys. That exchange does not remain in the blockchain, but it does remain in the hands of the service provider that manages the channel. A quantum computer with sufficient capacity (CRQC) can calculate the private key if it acquired the public key, which would give it full access to the user’s balance, such as argues the developer.
The Lightning network, adopted by platforms such as Coinbase, Binance and Cash App, currently moves more than 5,000 bitcoin in locked capacity distributed across more than 50,000 active nodes.
No need for speed, just time.
The developer highlights that unlike the quantum attack on the Bitcoin mempool—intercepting a transaction in the minutes it takes to confirm—, the attack vector in Lightning does not require acting in real time. The public keys are already stored. They only need to be processed when quantum capacity allows it. Google estimated at a paper recent that a CRQC could decrypt a key in transit in just 9 minutes, but in the case of Lightning that speed is not even needed.
Udi points out that the standard “don’t reuse addresses” defense doesn’t apply here. Public keys in Lightning are shared by design, not by inadvertence. The problem also extends to other points in the ecosystem: hardware wallets that were once connected to compromised devices, users who handed over their public keys to tax accounting platforms for automatic wallet tracking, and supplier clients.
However, Wertheimer points out that in Ethereum and Solana the exposure is even greater. Many smart contracts have keys with full control over locked funds. An attacker with a CRQC would not need weeks of social engineering or oracle manipulation: he would simply take the public keys of the contract, calculate the private ones, and empty the funds.
The hack of Drift Protocol last week, which resulted in losses of $285 million, required weeks of preparation. With quantum capabilities, that process would be reduced to hours.
Proposals such as BIP-360, presented as a solution to quantum risk in Bitcoin, do not consider the case of Lightning. According to Wertheimer, the problem can only be solved by incorporating post-quantum cryptography into the base layer of the protocol. Until then, Lightning developers have no tools to protect their users, and the migration—which involves research, software redesign, deployment, and mass adoption—could take years once the technical debate in Bitcoin is finally resolved.