Quantum Blockchain: A Decentralized, Encrypted and Distributed Database Based on Quantum Mechanics

Quantum blockchain can be understood as a decentralized, encrypted and distributed database based on quantum computation and quantum information theory. Once the data is recorded in the quantum blockchain, it will not be maliciously tampered with. In recent years, the development of quantum computation and quantum information theory makes more and more researchers focus on the research of quantum blockchain. In this paper, we review the developments in the field of quantum blockchain, and briefly analyze its advantages compared with the classical blockchain. The construction and the framework of the quantum blockchain are introduced. Then we introduce the method of applying quantum technology to a certain part of the general blockchain. In addition, the advantages of quantum blockchain compared with classical blockchain and its development prospects are summarized.


Introduction
Blockchain [Swan (2015)] is a new application mode of computer technology such as distributed data storage, point-to-point transmission, consensus mechanics, and encryption algorithm. As the underlying technology of Bitcoin, it is essentially a decentralized database. Unlike the general distributed storage, each node in the blockchain stores a copy of the blockchain database. Blockchain has the characteristics of decentralization, openness, and the information stored in it cannot be tampered with, so it has a wide range of applications in digital currency, information security industry, and smart contracts. In the distributed network of blockchain, the communication and trust between nodes need to rely on digital signature technology, which mainly realizes the identification and the authenticity and integrity verification of information. The Elliptic Curves Cryptography (ECC) or the large integer factorization problem (RSA) is the encryption algorithm used in most blockchain digital signature technology. The security of these algorithms is based on the assumption of computational complexity for certain mathematical problems. When adding new data to the blockchain, the proof-of-work algorithm is often used. The main task in this process is to guess a value (nonce) by calculation and solve the prescribed hash problem. However, the development of quantum computation [Nielsen and Chuang (2011)] will pose a potential risk to classical blockchain technology. Some quantum algorithms can effectively solve the problems corresponding to the encryption algorithm, making the digital signature in the blockchain become unsafe. For example, Shor's algorithm [Shor (1994)] can solve the integer factorization problem in polynomial time, which threatens the security of the RSA encryption algorithm. In addition, Grover's search algorithm can speed up an unstructured search problem quadratically, so in the process of mining, the hash value satisfying the conditions can be calculated by the quantum computer in a shorter time. This means that the parties that can acquire the quantum computer have an unfair advantage in obtaining the mining reward. In short, Quantum computers can solve some NP-hard problems faster than classical computers, so many researchers focus on the research of quantum blockchain, which is a combination of quantum technology and blockchain technology. The rest of this paper is organized as follows: In Section 2, we briefly review the classical blockchain including the key technologies used in blockchain and the design of blockchain. In Section 3, the research status and progress of quantum blockchain in recent years is introduced. We briefly analyze the performance of the quantum blockchain and conclude this paper in Section 4.

Key technologies used in blockchain
Hash Algorithm: The hash algorithm can transform an input value of arbitrary length into a binary value of fixed length. This binary value is called hash value, which can be used to verify the integrity of the data. The famous Proof-of-Work algorithm is the application of the hash algorithm. The hash value of the data is stored in the block of the blockchain. In addition, the signature commonly used in blockchains is also generated by hashing the private key and the data that needs to be signed. Proof-of-Work: Proof-of-Work (POW) can be simply understood as a proof that you have done a certain amount of work. In a blockchain system, any node that wants to generate a new block and write it to the blockchain must resolve the POW puzzle in the blockchain network. POW puzzle is an NP-hard problem. Nodes that calculate and solve the POW puzzle can often get cryptocurrency as rewards. The difficulty value in the POW is an important reference for miners in mining, and it determines how many hash operations miners need to run to produce a valid block. During the mining process, the difficulty value can be dynamically adjusted according to the computing power in the whole blockchain network. In the Bitcoin system, the difficulty value is set to rule that the new block generation rate is maintained at 10 minutes regardless of the mining ability. Timestamp: The blockchain system uses the timestamp to prove that the transaction did occur at this moment. Therefore, the ownership of the currency in the transaction has been transferred, and the previous owner cannot use the currency again. In addition, each block is also stamped with the correct timestamp to form a correct linked list in chronological order.

Design of blockchain
Structure of Bockchain: The blockchain system consists of a number of data blocks, which have neatly arranged records (transaction). Each block contains a timestamp, a hash value of its content and the hash value of the previous block. The blockchain is formed by linking each block with the hash value. Each block is generated after the previous block in chronological order. Once the block is confirmed to be valid, it can hardly be modified. The schematic of the classical blockchain is shown in Fig. 1. Network of Blockchain: Nakamoto has depicted the steps to run the network of blockchain in Nakamoto [Nakamoto (2008)]: Step 1: New transactions are broadcast to all nodes of the network.
Step 2: Each node collects new transactions into a block.
Step 3: Each node runs the POW algorithm for its block.
Step 4: When a node solves POW puzzle, it broadcasts the block to all nodes.
Step 5: Other nodes accepts the block only if all of the transactions are valid and unused.
Step 6: Nodes express their acceptance of the block by working on creating the next block in the chain, using the hash of the accepted block as the previous hash.

Construction of quantum blockchain
In 2018, Rajan et al. [Rajan and Visser (2018)] proposed a construction scheme of a quantum blockchain using entanglement in time [Rajan and Visser (2018)]. Entanglement in time means that microscopic particles such as photons that have never coexisted can also be entangled. Now we are going to introduce the construction of a quantum blockchain.

The construction of quantum chain
The notion of the chain is captured by the inseparability (entanglement) of quantum systems such as photons, and the blockchain is encoded as the GHZ (Greenberger-Horne-Zeilinger) state [Carvacho, Graffitti, D'Ambrosio et al. (2017)] of the photons that have never coexisted. In the conceptual design of this quantum blockchain, the data represented in the classical block is simplified into a string of two bits. The encoding procedure converts the record of each block, say 1 2 r r , into a temporal Bell state generated at a specific time such as t=0: The superscript in kets indicates when the photons are absorbed, which provides a way to make timestamps in the blockchain. In particular, the first photon of a block is absorbed immediately. When records are generated, the system encodes them into a temporal Bell state. These photons are then created and absorbed at their respective times. A specific example of such blocks would be: In order to realize design of the quantum blockchain, the bit strings of the bell state need to be linked together in chronological order using an entanglement in time. This link is implemented using a fusion process [Megidish, Shacham, Halevy et al. (2012)] in which temporal Bell states are recursively projected into a growing temporal GHZ state. The state of the quantum blockchain at t nτ = (starting at t = 0) is given below: Here the subscripts denote the concatenated string of all the blocks and superscripts refer to the time stamps. As an example of dynamic linking, let us now consider the first two .. n r r r from the state (3) can be extracted during the decoding process. It was shown that the decoding process could be accomplished without measuring the full photon statistics or even detecting them in Megidish et al. [Megidish, Halevy, Pilnyak et al. (2017)].

Quantum blockchain network
In the quantum blockchain network, each node stores a copy of the blockchain. As in the classical blockchain, the aim of this stage is to add valid blocks in a decentralized manner. To construct the quantum blockchain network, the problem is that the network may consist of dishonest nodes and the generated blocks may come from a dishonest source. The θ-protocol [McCutcheon, Pappa, Bell et al. (2016)] can be taken in the quantum network to verify the block generated from the untrusted source. The case studied by Rajan et al. [Rajan and Visser (2018)] of the verification protocol here is that the newly generated blocks are spatial bell states, and converting this to the related temporal case needs further study. More importantly, this is achieved in a decentralized manner by using other network nodes, which can also be dishonest. First, we can use a quantum random number generator to pick a randomly chosen verifier node. Then the untrusted source shares a possible valid block, an n-qubit state. The untrusted source distributes each of the qubits to each node, j for verification. Now the verifying node generates random angles angles are distributed to each node, including the verifier. Then they measure their qubit respectively in the basis, The results of each node is sent to the verifier. The necessary condition is satisfied with probability 1 if the n-qubit state was a valid block, i.e., a spatial GHZ state. The verification protocol can effectively verify whether the newly generated block is valid.

Framework of quantum blockchain
In quantum blockchain, the process from the creation of transactions to the recording of information into the blockchain is important. Here, we mainly introduce the transaction process in the quantum blockchain by combining the framework of quantum-enhanced logic-based blockchain (QLB) proposed by Sun et al. ].

Overview of quantum-enhanced logic-based blockchain
In fact, QLB is an improvement and application of quantum-secured blockchain (QB) [Kiktenko, Pozhar, Anufriev et al. (2018)]. Improvements to the quantum-secured blockchain are achieved by replacing the classical Byzantine agreement protocol with the quantum honest-success Byzantine agreement protocol and incorporating quantum protection and quantum certificates into the syntax of transactions. The cryptocurrency created and transmitted in this blockchain is called qulogicoin. The quantum-secured blockchain developed by Kiktenko et al. [Kiktenko, Pozhar, Anufriev et al. (2018)] is the starting point of the research. Because of the use of quantum technology, QB is safer in a sense and can be immune to quantum computer attacks. A new quantum Byzantine agreement (QBA) protocol was developed to replace the classical Byzantine agreement in QB to improve the efficiency of the blockchain. In order to make the blockchain more powerful, quantum protection and quantum certificates will be embedded in the transaction syntax of QLB.
A new transaction is created by a node that wishes to transmit cryptocurrency to another node. A transaction x T that says, " i sends qulogicoins obtained from another transaction to j" has the following form: Here x is the hash value of this transaction. Hash function can map a string of arbitrary length to a fixed length string. As in the QB, the Toeplitz hashing [12] is used, and the Toeplitz matrix is generated by key distribution through the quantum channel. certificates, respectively. Here β is some classical data, and ψ is quantum data, which are regarded as certificates.
In a transaction, the quantum certificate is sent through the quantum channel, and other information is sent through the classic channel. Each miner checks whether the new transaction is consistent with the copy of his local ledger and forms an opinion on the admissibility of the transaction.
Here consistency checking for All miners then apply the honest-success quantum Byzantine agreement protocol (we will introduce in the next section) to the new transaction, arriving at a consensus regarding the correct version of the transaction and the admissibility of the transaction. The QLB researchers also considered applying QLB to quantum bit commitment protocols. Bit commitment protocols are widely used in cryptographic protocols. They found that the mandatory punishment in the cheat-sensitive quantum bit commitment protocol (CSQBC) was completely ignored in the literature, so QLB was mainly used to execute the punishment. The basic idea is that in CSQBC, people who are detected to be cheating will not be able to obtain qulogicoin.

Quantum honest-success byzantine agreement
Definition (honest-success Byzantine agreement protocol (HBA)) A protocol among n agents in which a distinct agent (sender) holds an input value s x D ∈ , and all other agents (the receivers) eventually decide on an output value in D is said to achieve honestsuccess Byzantine agreement if the protocol can guarantee the following: 1. If the sender is honest, then all honest agents decide on the same output value s y x = .
2. If the sender is dishonest, then, either all honest agents terminate the agreement, or all honest agents decide on the same output value y D ∈ .
A HBA protocol is p-resilient ( 0 1 p < < ) if the protocol still works when less than a fraction of p receivers is dishonest. The quantum honest-success Byzantine agreement (QHBA) protocol described here is be a pair of encryption/decryption keys. The detailed steps of quantum three-pass protocol for a sender (agent 1) to send a sequence of bits to a receiver (agent 2) are shown in Fig. 2.
Input: a string of binary numbers Agent 1 has a private key Agent 2 has a private key  , more than n θ agents report that the lists distributed by i P do not satisfy the specification, i P is classified as a dishonest distributor. Similar to Bitcoin, those honest distributors will receive qulogicoins as rewards, while those who are dishonest will not.

Phase 2 (List formation by sequential composition):
After Phase 1, 1 { , , } n P P … use a simply sequential composition procedure to form a unique list to be used in the next phase. Assume there are h list distributors who are classified to be honest. Without loss of generality, we can use

Phase 3 (Achieving consensus):
In the previous phase, the correlated lists ε has been formed. Assuming that at least a half of the agents are honest. Then the agents 1 , , n P P … run the following steps to achieve consensus. , we can say the consensus is achieved. In this case, those agents whose output is the same as v are rewarded with some qulogicoins.

Quantum algorithm for a certain part of blockchain
Many other researchers have considered to applying the quantum algorithm to a certain part of the general blockchain. Here we mainly introduce the idea of using the analog Hamiltonian optimizers as a basis for the POW protocol and the method of applying Grover algorithm to the general blockchain for the process of mining.

Proof-of-work based on analog Hamiltonian optimizers
To shorten the transaction time and possibly increase the decentralization of the existing blockchain, Kalinin et al. [Kalinin and Berloff (2018)] proposed to use the analog Hamiltonian optimizers as a basis for the POW protocol [Kalinin and Berloff (2018)]. The quantum-computing platform used is called "analog Hamiltonian simulator/optimizer" (AHO) to distinguish it from quantum computer/quantum simulators that rely on entanglement and quantum superposition. Although the development of blockchain technology has been relatively mature and has been applied in some digital currency systems such as bitcoin, it is still difficult for digital currency to replace some existing payment systems such as alipay and other payment systems. This is mainly because it takes too long to solve the POW puzzle when adding new blocks, so the transaction authentication time is too long. If the processing time is shortened, it will inevitably lead to the centralization of computing, which goes against the idea of decentralization at the beginning of the design of blockchain. Therefore, Kalinin et al. [Kalinin and Berloff (2018)] proposed moving the POW in the blockchain to the analog Hamiltonian optimizer, which would reduce transaction time and not result in centralized computing power. The optimal solution for finding a sufficiently large n-vector model is taken as the basic content of the POW protocol. They considered two of these problems: the quadratic unconstrained binary optimization (QUBO) problem and the quadratic continuous optimization (QCO) problem. Quadratic unconstrained binary optimization (QUBO) problem: for the Ising model). Therefore, Simulators that minimize Ising Hamiltonian such as D-Wave, Coherent Ising Machine can solve the QUBO problem very well and Simulators that minimize XY Hamiltonian such as Gain-Dissipative Simulator on polariton condensates, Gain-Dissipative Simulator on photon condensates and Gain-Dissipative Simulator on quantum electro-dynamics are suitable for handling QCO problems. The schematic of the POW protocols that can be based on solving QUBO or QCO problems using the currently available analog Hamiltonian simulators is shown in Fig. 3. Although this research only considered using the analog Hamiltonian optimizers as a basis for the POW protocol, it can shorten the transaction time and potentially increase the decentralization of the existing blockchain.

Modified Grover algorithm for the mining process of blockchain
The Grover algorithm [Grover (1996)] is used to search a target item in an unstructured data set of size N. Compared with the classical search algorithm, Grover algorithm provides a quadratic speedup. The detailed steps of the Grover quantum search algorithm are as follows: Step 1: Use Hadamard transform to initialize the system to the uniform superposition Step 2: Apply the operator w U where Moreover, ( ) 1 f x = means that the target state is searched while 0 means not. This transformation changes the amplitude in front of the target state to negative, which means that the average amplitude is reduced.
Step 3: Apply the Grover diffusion operator 2 1 s U x x = − , this operator makes the amplitude of the state to be searched higher than that of other states.
Since it is necessary to find a conditional nonce value in the mining process of the general blockchain, some researchers have suggested that the Grover quantum search algorithm can be applied to the mining process in the blockchain [Sapaev, Bulychkov, Ablayev et al. (2018)]. The mining process in Bitcoin is to substitute different nonce values, and then mix it with the transaction information in the block, the hash value of the previous block, the timestamp and other data, and then run the hash algorithm to get the hash value of the current block until the hash value of the current block meets a certain condition. As mentioned above, the Grover algorithm realizes the quadratic acceleration of unsorted database search, and applying it to the blockchain mining process can greatly improve the mining speed. First, the quantum register is divided into serval parts: nonce, hash, service qubits for implementing basic operations and a functional qubit for the Grover's algorithm. The basic steps of the mining process using the modified Grover Algorithm are as follows: Step 1: Convert the state of the nonce register to a uniform superposition state by applying a Hardman conversion.
Step 2: The hash values of all nonce values are calculated by quantum parallelism and the result is stored in the hash register.
Step 3: Apply the oracle function to the hash register to find out which nonce values give a hash value below a certain threshold.
Step 4: Apply the reverse hash calculation process to "unwind" all qubits except the nonce qubits and functional qubits to the initial basis state.
Step 5: The Grover diffusion operator is applied to the nonce register.
Step 6: Repeat Steps 2-5 as needed. The length of the nonce register in bitcoin is 32 bits, and the hash register is 256 bits long.
Since the power of a set of nonce values is many times smaller than a set of hash values, it may happen that a hash value that satisfies the condition cannot be found after traversing all the nonce values, so the length of the nonce register is extended to 48 bits. It takes about 40 million seconds for a classic computer to handle the 48-bit nonce, which is 11,000 hours or 465 days. For quantum computers, this only takes 2 seconds. Therefore, the advantage of Quantum-Assisted Blockchain is obvious when compared with the classical Blockchain.

Conclusion and disscussion
In this paper, we review the research status of quantum blockchain in recent years. The construction and framework of the quantum blockchain are introduced. Then we introduce the method of applying the quantum algorithm to a certain part of the general blockchain. In addition, we will briefly discuss the performance advantages of quantum blockchain in this part. Like the classical blockchain, the quantum blockchain also has some features such as decentralization and decentralization. The main characteristics of quantum blockchain are safety and efficiency. The security in quantum blockchain needs to be ensured. The way to guarantee the communication security between nodes is to use quantum secure direct communication (QSDC) [Kiktenko, Pozhar, Anufriev et al. (2018)] or quantum key distribution (QKD) [Gerhardt, Liu, Lamas-Linares et al. (2011); Bennett and Brassard (2014)]. Therefore, the authentication in the network is guaranteed by the properties of quantum physics. In addition, the digital signature can be used to verify that the owner possesses the bitcoin in classical blockchain. However, as mentioned above, the classical encryption algorithms used in digital signature such as RSA may become unsafe in the face of attacks from quantum computers. To solve this problem, the quantum digital signature scheme [Gottesman and Chuang (2001)] can be used in quantum blockchain. Therefore, the quantum blockchain has the characteristics of quantum security. Even the quantum blockchain can be immune to the attacks from quantum computers. The blockchain with quantum technology also has the characteristics of fast transaction processing speed. As mentioned above, the POW based on Analog Hamiltonian Optimizers can shorten the transaction time. This work will greatly promote the development of cryptocurrency. In addition, applying the Grover algorithm to the general blockchain can also improve the efficiency of mining process. However, in fact, anything is a double-edged sword. Before universal quantum computers can be widely available, the parties that have access to them have an unfair advantage in winning the mining awards. In all, compared with classical blockchain, the performance advantage of quantum blockchain mainly lies in its security and efficiency. Finally, because quantum blockchain has the characteristics of faster processing speed and safer transaction based on quantum mechanics, it will have a very wide range of applications and many research directions in the future.
(1) Application of quantum blockchain. In the field of quantum digital currency, quantum blockchain has a good development prospect. Although many researchers have come up with some ideas for the quantum currency such as Quantum Bitcoin [Jogenfors (2016)] and qBitcoin [Ikeda (2017)], it is still very possible to improve these quantum currency systems with quantum blockchain. For instance, Quantum Bitcoin still uses a classical blockchain, just like the Bitcoin protocol. Therefore, we can consider using quantum blockchain to replace the classical blockchain used in Quantum Bitcoin. In addition, the method of creating a new, safer and more efficient currency system using quantum blockchain also deserves further study. Nevertheless, the use of blockchain is not only limited to quantum digital currency, those technologies based on distributed storage and consensus mechanisms all may benefit from quantum blockchain. Therefore, research can be carried out to apply quantum blockchain in other tasks such as electronic voting, online auction and multiparty lotteries.
(2) An easy construction scheme of quantum blockchain. Rajan et al.'s [Rajan and Visser (2018)] construction scheme of a quantum blockchain (see Section 3.1) is a bit hard to implement in the sense that the entanglement in time is not easy to realize on a large scale. Thus, a new and more easily implemented construction scheme is now in demand to promote the development of quantum blockchain.
(3) Experimental test of quantum blockchain. Kiktenko et al. [Kiktenko, Pozhar, Anufriev et al. (2018)] have experimentally tested their quantum blockchain protocol by means of a three-party urban fibre network QKD in Moscow [Kiktenko, Pozhar, Anufriev et al. (2018)]. There are four nodes in their quantum blockchain network, and they use an urban fiber QKD network to procure authentication keys for two of the links connecting three nodes. Therefore, it is also a meaningful thing to expand the scale of the experiment. In addition, if other quantum blockchain protocols such as quantum-enhanced logicbased blockchain can also be tested experimentally, the feasibility of these protocols can be compared based on these test results. This work may provide a reference for constructing a real quantum blockchain platform in the future.