1 00:00:00,000 --> 00:00:06,200 Once there's a fast quantum computer out there, sub 10 minutes, 2 00:00:06,980 --> 00:00:11,600 Bitcoin as we know it today is basically not usable because the coins will just be 3 00:00:11,600 --> 00:00:18,200 stolen by someone else once they try to move. As soon as there is evidence of clear logical 4 00:00:18,200 --> 00:00:25,100 qubit scaling, of progressive factorization, there's a very clear evidentiary standard here. 5 00:00:25,720 --> 00:00:29,380 And as soon as that evidentiary standard is met, we have to start doing stuff. 6 00:00:29,380 --> 00:00:37,140 I can make a very defensible, logically tight claim that there is no way a cryptographically 7 00:00:37,140 --> 00:00:39,520 relevant quantum computer will happen in the next 10 years. 8 00:00:39,940 --> 00:00:41,580 What I think, never. 9 00:00:41,720 --> 00:00:43,780 I think it is never going to happen. 10 00:00:46,960 --> 00:00:48,480 Brandon, how are you doing, man? 11 00:00:49,280 --> 00:00:50,200 I'm doing well. 12 00:00:50,240 --> 00:00:50,600 How are you, Danny? 13 00:00:51,680 --> 00:00:53,200 I am very good, thank you. 14 00:00:53,240 --> 00:00:54,560 I'm really looking forward to this conversation. 15 00:00:54,560 --> 00:00:59,380 So you've been kind of the quantum naysayer for a little bit now. 16 00:00:59,980 --> 00:01:03,900 And I've been going down this rabbit hole more and more over the last few days. 17 00:01:04,520 --> 00:01:08,780 Because maybe I'll frame this by like Nick Carter is someone who I know is controversial 18 00:01:08,780 --> 00:01:09,460 amongst Bitcoiners. 19 00:01:09,560 --> 00:01:10,440 I think he's really smart. 20 00:01:10,540 --> 00:01:12,060 I think he writes some amazing pieces on Bitcoin. 21 00:01:12,940 --> 00:01:16,780 And when I first read his sort of quantum series that he started doing a couple of weeks, 22 00:01:16,880 --> 00:01:21,980 well, maybe a month ago or so, it made me think that quantum might be quite close. 23 00:01:21,980 --> 00:01:33,000 But the more and more I've kind of listened to stuff that you've been talking about and done my own research on this, I'm starting to think that I don't want to call it a scam, but maybe it's much further away than we actually think. 24 00:01:33,380 --> 00:01:39,800 So I want to get into all of that with you today. But you want to start just by introducing yourself. This is the first time you've been on What Bitcoin Did. 25 00:01:40,520 --> 00:01:51,160 Yeah, sure. So yeah, I'm Brandon Black, root in code on the internet. I'm a software engineer. I guess I was a software engineer for 20 years, some of that time in management. 26 00:01:51,980 --> 00:01:54,920 About eight years of that in Bitcoin full time. 27 00:01:56,080 --> 00:02:07,360 In Bitcoin, probably my greatest accomplishments in Bitcoin were when I worked at BitGo, launching the first ever Taproot multi-sig wallet and the first ever Musig2 into production. 28 00:02:07,360 --> 00:02:10,520 So those are things I kind of did in the Bitcoin world. 29 00:02:10,680 --> 00:02:17,660 That was the way I got introduced to talking with people at Bitcoin conferences was doing research to do the Musig2 implementation. 30 00:02:17,660 --> 00:02:22,300 I met Jonas Nick and I was asking him questions about it and got into the implementation and 31 00:02:22,300 --> 00:02:28,080 everything there with him. So I guess that's like the broad strokes of me these days. This year, 32 00:02:28,120 --> 00:02:33,500 I'm launching a Bitcoin consultancy. I'm going to try to help people and businesses with their 33 00:02:33,500 --> 00:02:40,240 Bitcoin scripting needs and just general learning about Bitcoin. So if anyone needs me to come talk 34 00:02:40,240 --> 00:02:45,820 to them about Bitcoin, I do that. And yeah, that's what I'm up to. So when did you get into the 35 00:02:45,820 --> 00:02:51,040 quantum stuff? Because as like a Bitcoin developer, someone who, well, maybe not on like core, but 36 00:02:51,040 --> 00:02:54,760 you've been working on like Bitcoin projects, like when did quantum come into this? Because 37 00:02:54,760 --> 00:02:59,160 this FUD has been around for quite a long time now, but it's really ramped up over the last, 38 00:02:59,260 --> 00:03:07,160 I'd say, 12 months. Yeah, yeah. I would say I am naturally interested in all such things, 39 00:03:07,160 --> 00:03:15,080 whether it's cold fusion or quantum physics or, you know, all impossible things are naturally in 40 00:03:15,080 --> 00:03:19,080 my interest. I think that's how I got into Bitcoin in the first place is that same natural interest 41 00:03:19,080 --> 00:03:23,660 in these things. I was like, oh, magic internet money, that doesn't work until it turned out that 42 00:03:23,660 --> 00:03:30,020 it did. So I've naturally drawn to these kinds of things. And so I've been tracking the progress 43 00:03:30,020 --> 00:03:36,820 of quantum computing, gosh, for most of my professional career, just been watching it, 44 00:03:36,860 --> 00:03:43,720 seeing how things are going. So when the FUD comes up, I think I have a decent background 45 00:03:43,720 --> 00:03:51,240 to know, like, have we made a real step change that makes it now instead of 10 years to never 46 00:03:51,240 --> 00:03:55,700 to suddenly five years? And many people, of course, this year are claiming that we've made 47 00:03:55,700 --> 00:04:01,340 that transition from 10 years to never to within five years. And I just don't see any evidence of 48 00:04:01,340 --> 00:04:06,620 that. Okay. So I want to try and like set the table here because quantum computing to me, 49 00:04:06,620 --> 00:04:10,600 when I try and understand it, it still sounds like this Fugazi thing. Like, I think it's really 50 00:04:10,600 --> 00:04:14,840 hard to actually, like if someone asked me to explain what a quantum computer does, 51 00:04:15,400 --> 00:04:19,560 I'd really struggle. Can we start as basic as that? And can you explain what they're trying 52 00:04:19,560 --> 00:04:27,060 to do with quantum computers? Yeah. So the short idea of what quantum computing can do and what 53 00:04:27,060 --> 00:04:33,420 digital computers struggle to do is that a quantum computer can have its qubits, as they're called, 54 00:04:33,420 --> 00:04:37,720 represent a superposition of possible states 55 00:04:37,720 --> 00:04:39,720 as opposed to a single state. 56 00:04:40,140 --> 00:04:41,120 So in a digital computer, 57 00:04:41,460 --> 00:04:44,360 the binary digital computer is what we all use, 58 00:04:44,400 --> 00:04:45,540 is what we're talking over right now. 59 00:04:45,980 --> 00:04:48,880 Every bit of information is either true or false. 60 00:04:48,920 --> 00:04:51,160 It's one or zero, and that's every single thing. 61 00:04:51,600 --> 00:04:52,780 In a quantum computer, 62 00:04:53,320 --> 00:04:58,000 you can have bits that don't have a defined state yet. 63 00:04:58,460 --> 00:05:00,460 And then what you essentially do 64 00:05:00,460 --> 00:05:04,640 is you try to encode the properties of your real world problem, 65 00:05:04,800 --> 00:05:07,700 whether it's cryptographic problems or chemistry simulations, 66 00:05:07,860 --> 00:05:10,760 whatever the physical thing you want to work on 67 00:05:10,760 --> 00:05:13,140 into the possible states of the quantum computer. 68 00:05:14,020 --> 00:05:19,080 And then the properties of the quantum gate interactions 69 00:05:19,080 --> 00:05:23,660 within the qubits can make the correct answers 70 00:05:23,660 --> 00:05:25,300 have a lower energy state 71 00:05:25,300 --> 00:05:28,900 and therefore become more likely when you read out values. 72 00:05:28,900 --> 00:05:33,600 So then you collapse these possible states into real states and read out the values. 73 00:05:34,660 --> 00:05:38,200 And what you get is the low energy state. 74 00:05:38,320 --> 00:05:39,900 So they call this quantum annealing. 75 00:05:40,080 --> 00:05:46,400 And that's kind of the current state of quantum computing is that it can be used in physics simulations to do this quantum annealing, 76 00:05:46,560 --> 00:05:49,580 where you encode the state of a physical system into the quantum bits. 77 00:05:49,880 --> 00:05:55,860 You kind of shake them up, so to speak, and then you read out the low energy state they come to. 78 00:05:55,860 --> 00:06:02,960 And if you do that a few times, with high likelihood, you get the lowest energy state of that encoded system. 79 00:06:03,780 --> 00:06:09,760 So this is the magic of quantum computing and why it can do things that digital computers can't do. 80 00:06:10,060 --> 00:06:17,760 Because with digital computers, to do that same thing, you basically have to look through all the possible states that your system could get into to find the low energy one. 81 00:06:17,760 --> 00:06:35,820 But with quantum computers, because all of the possible states are encoded across the qubits, it can essentially simulate the combination of inputs and states that gets you to that low energy all in one go, instead of having to iterate through every possible value of every input to get there. 82 00:06:35,820 --> 00:06:50,760 So this very clever guy, Shore, forget his first name, came up with an algorithm that can apply those properties of finding a low energy option out of some encoding to cryptographic systems. 83 00:06:50,760 --> 00:07:05,880 And whether that's factoring or elliptic curves, the low energy state that we're looking for there in both cases relates to, well, in factoring, it's kind of a simpler problem to map. 84 00:07:06,080 --> 00:07:07,900 With factoring, you're like, oh, we got 15. 85 00:07:08,000 --> 00:07:09,220 Let me find three and five. 86 00:07:09,540 --> 00:07:18,320 And you can encode that so that the qubits resolve to lower energy state when you have inputs that multiply to the desired value, right? 87 00:07:18,940 --> 00:07:20,180 And so that's factoring. 88 00:07:20,180 --> 00:07:26,200 And then with elliptic curves, you have to map it into this thing called a period finding problem. 89 00:07:26,560 --> 00:07:31,300 But again, it's the same basic problem where the amount of energy encoded in the bit is lower 90 00:07:31,300 --> 00:07:36,840 when you have found the correct sequence of movements through the elliptic curve 91 00:07:36,840 --> 00:07:42,260 to encode the underlying value of the secret key. 92 00:07:43,540 --> 00:07:44,620 And that's roughly what we're doing. 93 00:07:44,620 --> 00:07:52,800 We're using this quantum annealing process to find the period over which the secret key translates in the elliptic curve realm. 94 00:07:53,460 --> 00:07:56,440 And if you can do that, then you can get the secret key out of a public key. 95 00:07:57,020 --> 00:08:03,540 All right. So I do definitely want to get into the issues with factoring and elliptic curves. 96 00:08:03,760 --> 00:08:07,280 But before we do, these computers are never going to be like a general computer, right? 97 00:08:07,280 --> 00:08:11,660 they're going to be specifically targeted to either like breaking encryption or other like 98 00:08:11,660 --> 00:08:18,300 like chemistry applications and things like that. That seems by far the most likely. Some people 99 00:08:18,300 --> 00:08:23,180 have proposed they could also be very useful for AI where essentially it comes out of the same 100 00:08:23,180 --> 00:08:28,600 thing where you would encode the properties of an LLM, let's say, into the quantum states. And 101 00:08:28,600 --> 00:08:33,940 instead of computing through a neural network, the output, you would quantum anneal to the output of 102 00:08:33,940 --> 00:08:39,300 the LLM. So maybe you could also apply it to something like that. But yes, they're never 103 00:08:39,300 --> 00:08:45,500 going to be able to do the hardcore, just sending bits across the internet type stuff, because 104 00:08:45,500 --> 00:08:52,560 there's a setup and a readout process, and it's all about probabilities. There's not a clear answer. 105 00:08:52,720 --> 00:08:55,100 And of course, for sending bits across the internet, you want to have a clear 106 00:08:55,100 --> 00:08:59,540 one or zero on each bit you send, and quantum computers aren't super well suited for that. 107 00:09:00,220 --> 00:09:03,060 Do you wish you could access cash without selling your Bitcoin? 108 00:09:03,060 --> 00:09:07,560 Well, Ledin makes that possible. They're the global leader in Bitcoin-backed lending and 109 00:09:07,560 --> 00:09:12,460 since 2018 they've issued over $9 billion in loans with a perfect record of protecting client 110 00:09:12,460 --> 00:09:17,580 assets. With Ledin, you get full custody loans with no credit checks or monthly repayments, 111 00:09:17,740 --> 00:09:24,020 just easy access to dollars without selling a single sat. As of July 1st, Ledin is Bitcoin only, 112 00:09:24,220 --> 00:09:28,880 meaning they exclusively offer Bitcoin-backed loans with all collateral held by Ledin directly 113 00:09:28,880 --> 00:09:33,120 or their funding partners. Your Bitcoin is never lent out to generate interest. 114 00:09:33,900 --> 00:09:38,240 I recently took out a loan with Ledin. The whole process was super easy. The application took me 115 00:09:38,240 --> 00:09:42,820 less than 15 minutes and in a few hours I had the dollars in my account. It was really smooth. 116 00:09:43,440 --> 00:09:48,860 So if you need cash but you don't want to sell Bitcoin, head over to ledin.io forward slash WBD 117 00:09:48,860 --> 00:09:54,900 and you'll get 0.25% off your first loan. That's ledin.io forward slash WBD. 118 00:09:54,900 --> 00:09:57,480 Privacy was never a priority for mobile networks. 119 00:09:57,860 --> 00:10:00,600 For companies like AT&T, T-Mobile, and Verizon, 120 00:10:00,920 --> 00:10:03,120 data collection and monetization is the default. 121 00:10:03,560 --> 00:10:04,640 But Cape is changing that. 122 00:10:05,180 --> 00:10:06,900 Cape is a premium US mobile carrier 123 00:10:06,900 --> 00:10:09,340 with nationwide coverage designed from the ground up 124 00:10:09,340 --> 00:10:11,300 with privacy and security at the core. 125 00:10:12,080 --> 00:10:12,840 When you sign up, 126 00:10:12,940 --> 00:10:14,880 Cape collects the absolute minimum data required, 127 00:10:15,120 --> 00:10:16,500 stores it for the shortest time possible, 128 00:10:16,680 --> 00:10:17,620 and never sells it. 129 00:10:18,080 --> 00:10:19,560 They also make you significantly harder 130 00:10:19,560 --> 00:10:20,860 to track at the network level 131 00:10:20,860 --> 00:10:22,520 and protect against SIM swap attacks, 132 00:10:22,520 --> 00:10:24,440 which are becoming one of the biggest security risks 133 00:10:24,440 --> 00:10:29,400 out there, especially for Bitcoiners. Cape's SIM swap protection is fundamentally different. 134 00:10:29,760 --> 00:10:34,180 Instead of usernames and passwords, your account is secured by a 24-word passphrase similar to how 135 00:10:34,180 --> 00:10:39,040 Bitcoin wallet works. No one can initiate a SIM swap or take control of your phone number except 136 00:10:39,040 --> 00:10:44,160 you. This isn't a burner phone or a workaround, it's a normal mobile service built properly. 137 00:10:44,760 --> 00:10:49,280 If you care about privacy and security, there is no better mobile carrier. To learn more and get 138 00:10:49,280 --> 00:10:56,200 33% off your first six months, head to cape.co slash WBD and use code WBD at checkout. That's 139 00:10:56,200 --> 00:11:02,160 cape.co slash WBD. With fiat money constantly debasing, wealth preservation isn't optional. 140 00:11:02,680 --> 00:11:07,180 That's why I recommend Swan Bitcoin, a team of dedicated Bitcoiners who work with families and 141 00:11:07,180 --> 00:11:12,180 businesses to build and secure generational wealth with Bitcoin. Strong relationships with clients 142 00:11:12,180 --> 00:11:16,480 are at the center of everything Swan does. A dedicated Swan private wealth representative, 143 00:11:16,480 --> 00:11:18,760 which is a real person that you can text and call, 144 00:11:19,100 --> 00:11:21,020 will help you build a Bitcoin wealth strategy 145 00:11:21,020 --> 00:11:23,980 using Swan's comprehensive platform of Bitcoin services, 146 00:11:24,520 --> 00:11:26,400 including tax-advantaged retirement accounts, 147 00:11:26,760 --> 00:11:29,540 advanced Bitcoin cold storage using collaborative self-custody, 148 00:11:30,000 --> 00:11:32,580 inheritance planning with both trust and entity accounts, 149 00:11:33,020 --> 00:11:35,500 tax loss harvesting, asset-backed loans, and more. 150 00:11:36,320 --> 00:11:38,700 Swan have helped over 100,000 clients since 2020, 151 00:11:39,180 --> 00:11:41,380 and if you're serious about acquiring and securing Bitcoin, 152 00:11:41,540 --> 00:11:42,260 I recommend Swan. 153 00:11:42,820 --> 00:11:45,840 Meet the team at swan.com forward slash WBD, 154 00:11:45,840 --> 00:11:54,320 which is swan.com forward slash wbd. Okay, so let's talk about factoring and elliptic curves, 155 00:11:54,420 --> 00:11:59,640 because factoring isn't really applicable to Bitcoin, but it is to other cryptographic systems. 156 00:11:59,680 --> 00:12:04,420 Is that right? Yeah, so RSA is the famous one that's based on large prime numbers that are 157 00:12:04,420 --> 00:12:09,500 difficult to factor. Okay, and so this is where, like, I don't want to call it a scam, but this is 158 00:12:09,500 --> 00:12:14,040 something that when I was looking at really shocked me, is that the highest number that a 159 00:12:14,040 --> 00:12:19,400 quantum computer can factor right now is 21, I believe. And the bit that really surprised me is 160 00:12:19,400 --> 00:12:24,940 they actually did that in 2012. So all the talk over the last few years of this really accelerating, 161 00:12:25,060 --> 00:12:28,120 they still can't factor a number bigger than that. Do you know why? 162 00:12:29,560 --> 00:12:35,840 So what I observe, and I think many others have made the same observations, I'm not alone on this, 163 00:12:35,840 --> 00:12:42,280 is that the basic properties of quantum of qubits 164 00:12:42,280 --> 00:12:45,420 are pretty well understood at this point. 165 00:12:45,600 --> 00:12:47,240 We can produce some qubits, 166 00:12:47,360 --> 00:12:48,920 we can map some state onto them, 167 00:12:48,940 --> 00:12:52,180 and we can resolve them into a desired state 168 00:12:52,180 --> 00:12:53,400 that we want to measure. 169 00:12:53,760 --> 00:12:55,940 And that enables factoring very small numbers, 170 00:12:56,040 --> 00:12:57,720 because if you can get a couple of qubits together, 171 00:12:58,080 --> 00:13:00,340 you can factor a small number using a quantum computer. 172 00:13:01,620 --> 00:13:03,640 And so what the quantum researchers have been doing 173 00:13:03,640 --> 00:13:04,640 over the last decade 174 00:13:04,640 --> 00:13:09,860 has been trying to make that scale to larger numbers of qubits. 175 00:13:10,760 --> 00:13:13,940 And that turns out to be very, very difficult. 176 00:13:14,200 --> 00:13:17,000 And we've seen hundreds of millions or billions of dollars 177 00:13:17,000 --> 00:13:19,340 poured into trying to get that to scale. 178 00:13:20,280 --> 00:13:23,160 And what seems to happen is that 179 00:13:23,160 --> 00:13:26,720 as you increase the number of qubits you're working with, 180 00:13:27,180 --> 00:13:31,680 the difficulty of correcting the errors in the qubits 181 00:13:31,680 --> 00:13:32,920 goes up exponentially. 182 00:13:32,920 --> 00:13:49,500 And so every time they come up with new technologies that seem to have lower error rates, and they've gotten much, much lower error rates on their individual qubits, but when they start trying to put more qubits together, they keep on seeing that the error rates rise exponentially as they go to more and more qubits. 183 00:13:50,280 --> 00:14:01,500 And so this is something we saw very clearly with the recent Microsoft Majorana announcement where they have built a very cool, very low error rate, single qubit device. 184 00:14:01,500 --> 00:14:07,560 and and so this is this is like oh we can manufacture lots of these single qubit devices 185 00:14:07,560 --> 00:14:12,380 and that's very cool and maybe there are applications for those but what they haven't 186 00:14:12,380 --> 00:14:16,260 demonstrated with all of these new announcements that have been made is no one has been able to 187 00:14:16,260 --> 00:14:20,820 demonstrate the ability to tie a whole bunch of qubits together on a single device and not have 188 00:14:20,820 --> 00:14:24,200 the error rates go up exponentially and so that's that's how we got to this state where 189 00:14:24,200 --> 00:14:28,920 they did this thing many years ago and it hasn't really advanced the the closest to an advancement 190 00:14:28,920 --> 00:14:35,080 we've seen was someone used a quantum computing device to solve a six-bit elliptic curve key. Now, 191 00:14:35,120 --> 00:14:42,420 six bits is ever so slightly larger than 21, but it's still like, I joked that literally a child 192 00:14:42,420 --> 00:14:47,600 can solve a six-bit elliptic curve key. It's not something that requires great computing power. 193 00:14:47,600 --> 00:14:50,340 So it's in a similar realm of those 21-bit factorizations. 194 00:14:51,880 --> 00:14:55,100 Let's give them their dues, right? Let's say they are making breakthroughs, 195 00:14:55,120 --> 00:14:58,220 things are going well in quantum computing world, they're putting billions of dollars in, 196 00:14:58,220 --> 00:15:12,018 What are they excited about Like why are they thinking that this is progressing so fast So a few things I seen that are interesting One is like I said better manufacturability 197 00:15:12,118 --> 00:15:14,018 of individual qubit devices. 198 00:15:14,098 --> 00:15:15,298 That was the Majorana announcement. 199 00:15:15,398 --> 00:15:20,138 So they went from, you know, it takes us like super customized, 200 00:15:20,238 --> 00:15:23,538 like hand-built, we get one working qubit out of 100 attempts, 201 00:15:23,638 --> 00:15:25,598 that level of difficulty of building qubits. 202 00:15:25,678 --> 00:15:27,238 With Majorana, they're like, this is a qubit, 203 00:15:27,298 --> 00:15:29,378 we can produce this qubit in a factory. 204 00:15:30,278 --> 00:15:34,598 Like everything that it takes to build this are things that we know how to put into factories. 205 00:15:34,837 --> 00:15:36,697 So that's a cool innovation right now. 206 00:15:36,738 --> 00:15:43,258 Instead of it being like hand building in labs, individual qubits and getting them to work sometimes, now it's manufacturable. 207 00:15:43,358 --> 00:15:44,998 So that's a big step. 208 00:15:45,478 --> 00:15:53,598 We've also seen pretty big breakthroughs in error correction where for a given error rate in the qubits, 209 00:15:53,598 --> 00:16:05,158 the classical computing or digital computing needed to correct the errors has become a couple order of magnitude faster. 210 00:16:05,678 --> 00:16:07,998 So that's another big breakthrough they've made. 211 00:16:09,298 --> 00:16:17,697 And then another one that we've seen is some folks have made innovations in what they've called gate-based quantum computing, 212 00:16:17,697 --> 00:16:20,618 where they build quantum gates 213 00:16:20,618 --> 00:16:22,678 that are a handful of qubits. 214 00:16:22,758 --> 00:16:23,658 I don't know the exact numbers, 215 00:16:23,758 --> 00:16:26,197 but like less than 10 qubits on a device. 216 00:16:26,438 --> 00:16:27,678 And then they interconnect them, 217 00:16:28,058 --> 00:16:30,158 which is kind of similar 218 00:16:30,158 --> 00:16:31,358 to how we build digital computers. 219 00:16:31,457 --> 00:16:32,038 In digital computers, 220 00:16:32,158 --> 00:16:33,598 we have essentially gates, 221 00:16:33,738 --> 00:16:35,058 you know, NAND, NOR, XOR, 222 00:16:35,158 --> 00:16:36,837 the binary operations. 223 00:16:38,138 --> 00:16:39,738 And we interconnect them on a chip. 224 00:16:40,158 --> 00:16:42,238 So maybe we can do something interesting 225 00:16:42,238 --> 00:16:43,798 with quantum computing in a similar way, 226 00:16:44,298 --> 00:16:45,258 where instead of trying to get 227 00:16:45,258 --> 00:16:47,158 a whole bunch of qubits all tied together, 228 00:16:47,158 --> 00:16:48,598 in a single device, 229 00:16:49,317 --> 00:16:50,398 you build gates 230 00:16:50,398 --> 00:16:52,778 where each gate is a kind of a quantum unit 231 00:16:52,778 --> 00:16:54,138 interconnected to other gates. 232 00:16:54,678 --> 00:16:56,717 And so we've seen developments in that area. 233 00:16:57,478 --> 00:16:59,717 The problem, as far as I understand it, 234 00:16:59,918 --> 00:17:02,158 and I'm not an expert on this, 235 00:17:02,217 --> 00:17:03,577 so maybe someone can correct me, 236 00:17:04,057 --> 00:17:05,797 call in and tell me I'm wrong, essentially, 237 00:17:06,057 --> 00:17:09,378 but I don't think that gate-based quantum computing 238 00:17:09,378 --> 00:17:12,018 can ever break cryptographic systems. 239 00:17:12,598 --> 00:17:14,098 Because if I understand correctly 240 00:17:14,098 --> 00:17:15,618 from reading Shor's algorithm, 241 00:17:15,618 --> 00:17:20,237 you need to have a certain number of qubits 242 00:17:20,237 --> 00:17:22,697 all in a single device working together 243 00:17:22,697 --> 00:17:26,438 to do the one step, 244 00:17:26,638 --> 00:17:28,477 kind of this critical step in the Shor's algorithm 245 00:17:28,477 --> 00:17:30,697 has to have all those qubits together. 246 00:17:30,818 --> 00:17:32,618 It can't be separated across gate boundaries. 247 00:17:33,297 --> 00:17:34,557 Again, someone could correct me if I'm wrong, 248 00:17:34,618 --> 00:17:37,498 but I don't think that's something you can map 249 00:17:37,498 --> 00:17:38,118 between A and B. 250 00:17:38,197 --> 00:17:40,918 So there are other problems in physics and chemistry and stuff 251 00:17:40,918 --> 00:17:43,338 where the gate-based quantum computers may be very useful, 252 00:17:43,557 --> 00:17:45,498 but I don't think they apply to cryptosystems. 253 00:17:45,618 --> 00:17:49,037 So anyway, that's the things that I've heard where they've made major steps in the last 254 00:17:49,037 --> 00:17:50,037 decade or so. 255 00:17:50,037 --> 00:17:54,737 Okay, so one last piece of sort of table setting before we get onto Bitcoin and what this potentially 256 00:17:54,737 --> 00:17:56,217 means for it. 257 00:17:56,217 --> 00:18:01,178 When you say qubits, are you talking about logical qubits or just normal qubits? 258 00:18:01,178 --> 00:18:03,498 And what's the difference between those two? 259 00:18:03,498 --> 00:18:05,178 Yeah, great clarification. 260 00:18:05,178 --> 00:18:07,678 I was wondering if we're going to get into that. 261 00:18:07,678 --> 00:18:10,418 It's important, so you're right. 262 00:18:10,418 --> 00:18:19,918 So because qubits are these kind of flaky, difficult to deal with things, if you take 263 00:18:19,918 --> 00:18:24,598 a single qubit, which essentially a qubit is often a single electron or a single, I think, 264 00:18:24,598 --> 00:18:30,717 muon or kind of other subatomic particles or a single photon, it's very hard to get 265 00:18:30,717 --> 00:18:38,658 any kind of reliable setting and reading with a single physical qubit in one of those subatomic 266 00:18:38,658 --> 00:18:39,658 particles. 267 00:18:39,658 --> 00:18:42,678 is to do actual computation. 268 00:18:43,078 --> 00:18:45,178 They take a whole bunch of physical qubits 269 00:18:45,178 --> 00:18:49,358 and they actually within the physical, 270 00:18:50,578 --> 00:18:52,457 interconnecting the physical qubits 271 00:18:52,457 --> 00:18:55,237 in a physical kind of device, let's say, 272 00:18:55,797 --> 00:18:58,557 they make it so that a bunch of physical qubits 273 00:18:58,557 --> 00:18:59,858 represent one state 274 00:18:59,858 --> 00:19:04,057 and they essentially self-correct each other within that 275 00:19:04,057 --> 00:19:06,018 so that there's a reliable state 276 00:19:06,018 --> 00:19:07,678 instead of a flaky, 277 00:19:07,818 --> 00:19:09,197 we can't really read it or write it state. 278 00:19:09,658 --> 00:19:25,758 So by putting a whole bunch of physical qubits together, they're able to create a somewhat stable, we're talking in many cases stability over microseconds, but somewhat stable qubit state where the physical qubits reinforce each other to create a stable logical state. 279 00:19:25,758 --> 00:19:28,178 And that's what gives rise to the idea of a logical qubit. 280 00:19:28,178 --> 00:19:44,398 Now, there's a lot of nuance and debate about this, and I was having a discussion on X with someone who works in this area where some people have said that doing this whole thing of mapping physical qubits into logical qubits is not necessary, and it's actually wrong-headed. 281 00:19:44,898 --> 00:19:47,518 Basically, if you're doing a whole bunch of work 282 00:19:47,518 --> 00:19:50,118 to take, let's say, tens or hundreds of physical qubits 283 00:19:50,118 --> 00:19:51,778 to make one logical qubit, 284 00:19:52,438 --> 00:19:55,098 and then you're going to try and tie a bunch of logical qubits together 285 00:19:55,098 --> 00:19:57,297 to get a low error rate output, 286 00:19:57,697 --> 00:19:58,998 that's the wrong way to approach it. 287 00:19:59,038 --> 00:20:01,457 And the right way to approach it is to take all those physical qubits, 288 00:20:02,118 --> 00:20:04,457 map your problem directly onto those physical qubits, 289 00:20:04,737 --> 00:20:08,278 and then deal with the fact that they're flaky 290 00:20:08,278 --> 00:20:09,878 kind of internally to your algorithm. 291 00:20:09,878 --> 00:20:19,338 So basically make almost like one giant logical quantum device rather than making a bunch of logical qubits and then tying those together. 292 00:20:19,838 --> 00:20:26,217 So it's not totally clear to me kind of which one of these approaches is going to bear fruit if either of them ever will. 293 00:20:26,658 --> 00:20:32,217 But that's the difference is that a logical qubit is a single stable quantum state represented by a bunch of physical qubits. 294 00:20:32,217 --> 00:20:34,638 and that may be necessary 295 00:20:34,638 --> 00:20:37,118 in order to build computing devices 296 00:20:37,118 --> 00:20:39,457 out of quantum bits 297 00:20:39,457 --> 00:20:41,418 because the physical qubits 298 00:20:41,418 --> 00:20:42,998 are just too flaky to deal with on their own. 299 00:20:44,358 --> 00:20:46,178 Okay, I said last bit of table setting 300 00:20:46,178 --> 00:20:47,338 but I actually have one more question. 301 00:20:47,898 --> 00:20:49,697 Like in classical computing 302 00:20:49,697 --> 00:20:50,758 we have Moore's Law 303 00:20:50,758 --> 00:20:52,418 which I actually don't know the exact definition. 304 00:20:52,578 --> 00:20:54,217 Does it get everything gets twice as fast 305 00:20:54,217 --> 00:20:55,697 and half the price every few years? 306 00:20:56,318 --> 00:20:58,197 It's actually the number of transistors 307 00:20:58,197 --> 00:20:59,977 in the same physical space 308 00:20:59,977 --> 00:21:01,498 doubles every 18 months. 309 00:21:02,217 --> 00:21:17,398 Okay. And that's, you know, over the history of computing, that's probably been accurate. In quantum computing, they have, is it Nevin's law? And can you explain what that is and what they, you know, if you believe in this? 310 00:21:17,398 --> 00:21:46,018 Yeah, yeah. So first, I have to make one important distinction on Moore's Law. It really should have been called Moore's Observation, right? This wasn't Moore saying, oh, I predict that we're going to see a doubling of transistors on a device every 18 months. It was an observation. He looked back at computing, starting with the very early integrated circuits, and noticed that we're seeing a doubling of transistors every 18 months, and said, this may continue for some time into the future, and it got called Moore's Law. 311 00:21:47,398 --> 00:21:59,797 So in quantum computing, they're saying there's Nevin's law, which would, and they talk about this interesting thing where they call it a double exponential in computing power is what the, I believe the claim of Nevin's law. 312 00:21:59,797 --> 00:22:03,838 and the claim is that because 313 00:22:03,838 --> 00:22:07,557 and this is if quantum computing can scale 314 00:22:07,557 --> 00:22:09,078 there is truth to this first part 315 00:22:09,078 --> 00:22:13,038 because quantum computing represents a complete 316 00:22:13,038 --> 00:22:16,957 possible state space in its entangled bits 317 00:22:16,957 --> 00:22:20,998 your equivalent digital computing 318 00:22:20,998 --> 00:22:23,118 goes up exponentially 319 00:22:23,118 --> 00:22:25,697 with the linear increase in qubits 320 00:22:25,697 --> 00:22:28,098 and that's an important thing about quantum computing 321 00:22:28,098 --> 00:22:32,178 and I think why people get excited or scared about it, right? 322 00:22:32,438 --> 00:22:34,138 If we can get quantum computing to work, 323 00:22:34,197 --> 00:22:37,237 it's absolutely true that the equivalent digital computing 324 00:22:37,237 --> 00:22:39,118 that you get out of a quantum device 325 00:22:39,118 --> 00:22:41,538 goes up exponentially with a linear increase 326 00:22:41,538 --> 00:22:43,598 in the number of functional qubits. 327 00:22:44,197 --> 00:22:44,938 That's very important. 328 00:22:46,217 --> 00:22:48,338 Then the claim comes that we will see 329 00:22:48,338 --> 00:22:54,217 a similar exponential rise in the number of useful qubits 330 00:22:54,217 --> 00:22:57,318 as we saw with useful transistors in a device. 331 00:22:58,098 --> 00:23:06,678 So that's a prediction right now, which has no historical justification. 332 00:23:06,678 --> 00:23:12,217 And so unlike Moore's law, Nevin's law is making a prediction, not an observation. 333 00:23:13,018 --> 00:23:15,538 And that's why I am highly skeptical of it. 334 00:23:15,838 --> 00:23:22,378 And I keep saying on X and elsewhere, I'm waiting to see a couple of cycles of, you know, 335 00:23:22,378 --> 00:23:26,338 true scaling of quantum device complexity, 336 00:23:26,338 --> 00:23:29,038 where we see, oh, they factored 21, 337 00:23:29,178 --> 00:23:30,498 they factored 125, 338 00:23:30,977 --> 00:23:32,697 they factored bigger and bigger numbers 339 00:23:32,697 --> 00:23:34,138 over, let's say, five years, 340 00:23:34,477 --> 00:23:36,098 and then we'll be able to know 341 00:23:36,098 --> 00:23:38,298 what the correct rate of growth is for Nevin's Law. 342 00:23:38,898 --> 00:23:40,438 Maybe it's doubling every 10 years. 343 00:23:41,217 --> 00:23:42,638 Maybe it's actually linear. 344 00:23:42,778 --> 00:23:44,758 Maybe it's not exponential the way transistors were. 345 00:23:44,858 --> 00:23:45,938 We just don't know yet 346 00:23:45,938 --> 00:23:47,138 because we don't have the observations. 347 00:23:47,538 --> 00:23:49,258 Moore made a prediction based on observations. 348 00:23:49,818 --> 00:23:51,898 So I don't believe in Nevin's Law as of right now. 349 00:23:52,377 --> 00:23:57,138 I mean, anything that claims a double exponential, I'm immediately skeptical of. 350 00:23:57,938 --> 00:24:03,377 But so in terms of like quantum computing for such a long time has always been this thing that's like a 30 year away problem. 351 00:24:03,678 --> 00:24:12,678 And then in the last couple of years, people think this is becoming more and more imminent to the point where we have people working on quantum proof addresses on Bitcoin, like Hunter Beast doing Bit360. 352 00:24:13,358 --> 00:24:16,118 Nick Carter's saying that this is an imminent threat. 353 00:24:16,618 --> 00:24:17,778 Where are you on that scale? 354 00:24:17,778 --> 00:24:21,358 Do you think it will ever be a threat or how far out do you think it is? 355 00:24:22,377 --> 00:24:25,578 I have two answers to that question. 356 00:24:25,578 --> 00:24:29,197 I think I can make a very defensible, 357 00:24:29,697 --> 00:24:31,858 like logically tight claim 358 00:24:31,858 --> 00:24:33,498 that there is no way 359 00:24:33,498 --> 00:24:35,758 a cryptographically relevant quantum computer 360 00:24:35,758 --> 00:24:37,098 will happen in the next 10 years. 361 00:24:38,118 --> 00:24:40,957 It just requires too much increase 362 00:24:40,957 --> 00:24:43,138 in the number of logical qubits on a device. 363 00:24:43,778 --> 00:24:46,278 There's no way from a kind of human, 364 00:24:46,438 --> 00:24:49,538 even with AI enhancement development process, 365 00:24:49,758 --> 00:24:51,818 the industrial production ability 366 00:24:51,818 --> 00:24:57,358 it can't be developed in less than 10 years. So that's a defensible, I think there's a strong 367 00:24:57,358 --> 00:25:03,858 logical claim of that. My personal emotional, like what I think, never. I think it is never 368 00:25:03,858 --> 00:25:08,717 going to happen. I suspect that there are physical laws that prevent it from happening, 369 00:25:08,957 --> 00:25:13,758 but that's an emotional thing, not something I can like do a scientifically rigorous study of 370 00:25:13,758 --> 00:25:19,438 or anything. Okay, so let's go with the 10-year prediction then. It's at least 10 years off. 371 00:25:19,438 --> 00:25:22,618 is still worth talking about as of maybe now. 372 00:25:23,158 --> 00:25:24,818 10 years isn't that long a time. 373 00:25:24,957 --> 00:25:26,838 And we know that changes take a long time 374 00:25:26,838 --> 00:25:28,298 to be implemented in Bitcoin. 375 00:25:28,858 --> 00:25:31,318 Let's get into what the actual threat to Bitcoin is 376 00:25:31,318 --> 00:25:34,138 if we get a quantum computer that can break cryptography. 377 00:25:34,278 --> 00:25:36,438 So what will happen first? 378 00:25:37,918 --> 00:25:39,178 Yeah, so the relevant thing, 379 00:25:39,237 --> 00:25:40,758 as I mentioned earlier, is Shor's algorithm. 380 00:25:41,278 --> 00:25:44,118 And Shor's algorithm would enable the quantum attacker 381 00:25:44,118 --> 00:25:46,278 with a cryptographically relevant quantum computer 382 00:25:46,278 --> 00:25:48,457 to take our public keys 383 00:25:48,457 --> 00:25:49,877 and turn them into secret keys. 384 00:25:51,298 --> 00:25:52,578 And if they could do that, of course, 385 00:25:52,638 --> 00:25:54,038 then they could spend anyone's Bitcoin. 386 00:25:54,457 --> 00:25:55,717 And so that's the threat. 387 00:25:56,098 --> 00:25:59,217 And so we don't know exactly how that would play out 388 00:25:59,217 --> 00:26:00,717 because it's very hard to game out. 389 00:26:01,558 --> 00:26:03,217 Let's say you are the first person 390 00:26:03,217 --> 00:26:04,877 that develops a cryptographically relevant 391 00:26:04,877 --> 00:26:05,457 quantum computer. 392 00:26:06,318 --> 00:26:07,538 What are you going to do first? 393 00:26:07,778 --> 00:26:09,078 Are you going to go for Satoshi's coins? 394 00:26:10,078 --> 00:26:11,798 Are you going to try and hack into North Korea? 395 00:26:11,938 --> 00:26:12,957 Are you going to try to hack into Russia? 396 00:26:13,058 --> 00:26:14,457 Are you going to try to hack into the US government? 397 00:26:15,197 --> 00:26:17,237 What's the first target if you get that device? 398 00:26:17,237 --> 00:26:41,178 And it's very hard to know because there's different game theoretical reason to do each of those things. You know, a certain entity might find just kind of slowly siphoning Bitcoin away to be the best use of that device. But another entity with the exact same device might think that infiltrating the president of, I don't know, the Ukraine even might be their first target. Like, we just don't know. 399 00:26:41,178 --> 00:26:44,278 and so I don't know what happened first 400 00:26:44,278 --> 00:26:46,098 what I do know is that Bitcoin's 401 00:26:46,098 --> 00:26:48,298 public keys would become 402 00:26:48,298 --> 00:26:49,737 vulnerable to such a device 403 00:26:49,737 --> 00:26:52,178 and this is where we get into then this like 404 00:26:52,178 --> 00:26:54,158 long exposure versus short exposure that 405 00:26:54,158 --> 00:26:56,098 everyone likes to talk about and so 406 00:26:56,098 --> 00:26:58,338 if you are someone whose public 407 00:26:58,338 --> 00:27:00,178 keys are just as secret as your secret 408 00:27:00,178 --> 00:27:02,178 keys meaning you've never used 409 00:27:02,178 --> 00:27:04,118 an address you've never exposed your x 410 00:27:04,118 --> 00:27:05,818 pub you've never exposed your descriptor 411 00:27:05,818 --> 00:27:08,158 you've never you've not used a taproot address 412 00:27:08,158 --> 00:27:10,217 or a pay to pub key address you've only used 413 00:27:10,217 --> 00:27:15,618 address is ending in H, as Hunter likes to call them, and you've been absolutely perfect about 414 00:27:15,618 --> 00:27:19,898 your key discipline, your public keys are as secret as your secret keys, the quantum attacker 415 00:27:19,898 --> 00:27:25,158 cannot steal your Bitcoin at rest because your public keys are not known. And the only thing that 416 00:27:25,158 --> 00:27:30,178 a quantum computer is likely to be able to do when it's first developed, a relevant quantum computer, 417 00:27:30,518 --> 00:27:38,078 is to reverse public keys into secret keys. At some point, and if this happens, it's hard to know 418 00:27:38,078 --> 00:27:39,078 exactly the timeline here, 419 00:27:39,158 --> 00:27:39,898 but at some point 420 00:27:39,898 --> 00:27:41,278 after the first cryptographically 421 00:27:41,278 --> 00:27:42,178 relevant quantum computer, 422 00:27:42,638 --> 00:27:43,358 there will come a time 423 00:27:43,358 --> 00:27:44,578 where such a device 424 00:27:44,578 --> 00:27:46,818 can take a public key 425 00:27:46,818 --> 00:27:47,798 and develop a secret key 426 00:27:47,798 --> 00:27:49,138 in the 10 minutes it takes 427 00:27:49,138 --> 00:27:50,018 to find a Bitcoin block. 428 00:27:50,778 --> 00:27:51,818 And when that happens, 429 00:27:51,877 --> 00:27:52,778 then even those of us 430 00:27:52,778 --> 00:27:54,078 that maybe have perfect 431 00:27:54,078 --> 00:27:55,298 public key security, 432 00:27:55,798 --> 00:27:56,477 our public keys are 433 00:27:56,477 --> 00:27:58,158 absolutely secret from everybody, 434 00:27:58,518 --> 00:27:59,538 are then vulnerable 435 00:27:59,538 --> 00:28:00,658 to the quantum computer as well, 436 00:28:00,697 --> 00:28:02,118 because they can see our transaction, 437 00:28:02,558 --> 00:28:03,258 maybe even see it 438 00:28:03,258 --> 00:28:04,237 after it gets confirmed 439 00:28:04,237 --> 00:28:05,638 and have a deal with a miner 440 00:28:05,638 --> 00:28:07,158 to mine an alternate block 441 00:28:07,158 --> 00:28:09,858 that takes those coins to themselves instead, right? 442 00:28:10,178 --> 00:28:12,737 Once there's a fast quantum computer out there, 443 00:28:12,818 --> 00:28:13,598 if sub 10 minutes, 444 00:28:14,438 --> 00:28:17,398 Bitcoin as we know it today is basically not usable 445 00:28:17,398 --> 00:28:19,877 because the coins will just be stolen by someone else 446 00:28:19,877 --> 00:28:21,638 once they try to move. 447 00:28:22,398 --> 00:28:24,018 So that's the threat to Bitcoin is, yes, 448 00:28:24,078 --> 00:28:24,798 with Shor's algorithm, 449 00:28:24,977 --> 00:28:27,118 a sufficiently powerful quantum computer 450 00:28:27,118 --> 00:28:28,858 can start taking people's coins. 451 00:28:29,558 --> 00:28:31,697 Okay, I think it's worth diving into that a bit deeper 452 00:28:31,697 --> 00:28:35,078 because there's, I think, in Payt's PubKey, 453 00:28:35,158 --> 00:28:36,457 which is a very old address format, 454 00:28:36,457 --> 00:28:40,158 I think there's about 2 million coins that we know of in that address format. 455 00:28:40,338 --> 00:28:45,398 So those ones are essentially gone immediately for the reason being that you can see those 456 00:28:45,398 --> 00:28:47,538 public keys on chain at any one time. 457 00:28:47,598 --> 00:28:48,018 Is that right? 458 00:28:48,538 --> 00:28:51,678 Yeah, they're at risk immediately because the public keys are readily available. 459 00:28:51,877 --> 00:28:51,977 Yep. 460 00:28:52,658 --> 00:28:52,898 Okay. 461 00:28:52,977 --> 00:28:57,457 And then for anyone else who's using like SegWit addresses, the public key isn't exposed 462 00:28:57,457 --> 00:28:58,737 until you actually make a transaction. 463 00:28:58,918 --> 00:29:02,778 So as long as the quantum computer can't break the cryptography in less than 10 minutes, 464 00:29:02,858 --> 00:29:05,038 less than it takes to get in a block, you're going to be okay. 465 00:29:05,038 --> 00:29:08,578 if you've had perfect public key security 466 00:29:08,578 --> 00:29:10,078 and you've never leaked your XPUB 467 00:29:10,078 --> 00:29:12,298 and never leaked your public key 468 00:29:12,298 --> 00:29:13,858 and never leaked your descriptor, 469 00:29:13,998 --> 00:29:16,078 which I've said this in a few other places, 470 00:29:16,078 --> 00:29:20,438 this is a really strange security assumption. 471 00:29:20,818 --> 00:29:23,957 So I like to say there's really no difference 472 00:29:23,957 --> 00:29:25,737 that Bitcoin is broken 473 00:29:25,737 --> 00:29:28,377 once there's even a slow quantum computer, 474 00:29:28,658 --> 00:29:30,258 because to me, the idea 475 00:29:30,258 --> 00:29:31,758 that we're going to hang our hats 476 00:29:31,758 --> 00:29:39,598 on people having perfect public key security is very, very strange. I don't accept that as a 477 00:29:39,598 --> 00:29:45,758 security claim for Bitcoin. No, I totally agree with that. I think I would probably say the 478 00:29:45,758 --> 00:29:51,658 majority of my Bitcoin addresses will be fine, but I bet there's one in there that's not. I wouldn't 479 00:29:51,658 --> 00:29:58,158 be sure. But so why do people focus so much on Bitcoin with quantum computing? Because if quantum 480 00:29:58,158 --> 00:30:03,598 computers do break this cryptography, then there's a wide array of things they can go after. 481 00:30:03,598 --> 00:30:17,435 Why is Bitcoin the focus here So I think there is a legitimacy there in that Bitcoin is hard to change And so you know we saw with the Y2K you know well at least I did 482 00:30:17,475 --> 00:30:19,135 I don't know if you're as old as I am. 483 00:30:19,655 --> 00:30:23,515 But with Y2K, everyone said the world's going to end, but then it didn't. 484 00:30:23,675 --> 00:30:26,495 Why? Because a bunch of software engineers busted ass and made it not end. 485 00:30:26,875 --> 00:30:28,835 And that's true for all the other systems. 486 00:30:28,835 --> 00:30:35,535 You know, if quantum computers look like they're around the corner, you know, governments, most governments and most computers, 487 00:30:35,555 --> 00:30:40,535 operating systems and all that stuff can change to other cryptography in the timeframe necessary 488 00:30:40,535 --> 00:30:45,695 to protect their users. It's less clear that Bitcoin can do that. I think that's where Nick 489 00:30:45,695 --> 00:30:51,975 is kind of doing this like, oh, because of this slowness, we have to act now, even though quantum 490 00:30:51,975 --> 00:30:58,155 is only maybe a thing. It's like, yes, Bitcoin's hard to change. And so that's why the real focus 491 00:30:58,155 --> 00:31:02,475 on Bitcoin is that it might take five years to make a change to Bitcoin, and that might be too 492 00:31:02,475 --> 00:31:07,595 long. So there's a legitimacy there. Yeah, I guess the other thing being there's no recourse with 493 00:31:07,595 --> 00:31:11,755 Bitcoin. So if someone, you know, if you own the private key, you own the Bitcoin. It's not like 494 00:31:11,755 --> 00:31:16,255 you're able to claw back money through the banking system or however it might be. There's no insurance 495 00:31:16,255 --> 00:31:22,315 here. Like this, if you own the private key, you own the Bitcoin. So there are obviously, there are 496 00:31:22,315 --> 00:31:26,655 things we can do to mitigate this attack. But when do you think the conversation really needs to ramp 497 00:31:26,655 --> 00:31:30,715 up from something that is like cool for developers to be working on? We should be thinking about this. 498 00:31:30,715 --> 00:31:34,375 But when does it get to the point where you're like, oh shit, something needs to happen now? 499 00:31:35,135 --> 00:31:39,495 Yeah, so I've said this on the internet before, but I think it's really worth saying in many 500 00:31:39,495 --> 00:31:40,815 different forums over and over. 501 00:31:41,235 --> 00:31:48,835 As soon as there is evidence of clear logical qubit scaling, of progressive factorization 502 00:31:48,835 --> 00:31:55,715 or reversing of electric curve keys that gets greater bit counts reversed with sub-exponential 503 00:31:55,715 --> 00:32:01,635 scaling of energy input, right? There's a very clear evidentiary standard here. 504 00:32:02,055 --> 00:32:05,935 And as soon as that evidentiary standard is met, we have to start doing stuff. 505 00:32:06,955 --> 00:32:14,415 But as of right now, no one has gone from, you know, reversing a 6-bit EC key to a 10-bit EC key 506 00:32:14,415 --> 00:32:19,735 using sub-exponential increases in time and energy. And until there's a sub-exponential 507 00:32:19,735 --> 00:32:24,615 increase in the difficulty of doing that, we still have the exact security model we've always 508 00:32:24,615 --> 00:32:29,175 promised with elliptic curves, which is that it is exponentially difficult to break elliptic curve 509 00:32:29,175 --> 00:32:35,595 keys of a certain size. And as long as it's scaling exponentially with energy input, we still have 510 00:32:35,595 --> 00:32:42,415 that. So it's very easy to change my mind. The evidence can be just put out, hey, look, someone 511 00:32:42,415 --> 00:32:48,215 made a quantum device that for a 6-bit key takes X energy and for a 12-bit key takes Y energy and 512 00:32:48,215 --> 00:32:52,935 that's sub-exponential scaling. Oh, okay, shit, we got to do something. If you're already self-custody 513 00:32:52,935 --> 00:32:57,195 your Bitcoin, you know the deal with hardware wallets. Complex setups, clumsy interfaces, 514 00:32:57,555 --> 00:33:02,875 and a seed phrase that can be lost, stolen, or forgotten. Well, BitKey fixes that. BitKey is a 515 00:33:02,875 --> 00:33:07,595 multi-sig hardware wallet built by the team behind Square and Cash App. It packs a cryptographic 516 00:33:07,595 --> 00:33:12,655 recovery system and built-in inheritance feature into an intuitive, easy-to-use wallet with no 517 00:33:12,655 --> 00:33:18,735 seed phrase to sweat over. It's simple, secure self-custody without the stress. And Time named 518 00:33:18,735 --> 00:33:25,715 Bitkey one of the best inventions of 2024. Get 20% off at bitkey.world when you use the code WBD. 519 00:33:26,235 --> 00:33:33,295 That's B-I-T-K-E-Y dot world and use the code WBD. This episode is brought to you by Anchor Watch. 520 00:33:33,595 --> 00:33:37,955 The thing that keeps me up at night is the idea of a critical error with my Bitcoin cold storage 521 00:33:37,955 --> 00:33:42,315 and this is where Anchor Watch comes in. With Anchor Watch your Bitcoin is insured with your 522 00:33:42,315 --> 00:33:47,615 own A-plus rated Lloyds of London insurance policy and all Bitcoin is held in their time-locked 523 00:33:47,615 --> 00:33:51,915 multi-sig vaults. So you have the peace of mind knowing your Bitcoin is insured while not giving 524 00:33:51,915 --> 00:33:56,255 up custody. So whether you're worried about inheritance planning, wrench attacks, natural 525 00:33:56,255 --> 00:34:01,515 disasters or just your own silly mistakes, you're protected by Anchor Watch. Rates for fully insured 526 00:34:01,515 --> 00:34:06,795 custody start as low as 0.55% and are available for individual and commercial customers located 527 00:34:06,795 --> 00:34:11,875 in the US. Speak to Anchor Watch for a quote and for more details about your security options and 528 00:34:11,875 --> 00:34:16,615 coverage. Visit anchorwatch.com today. That is anchorwatch.com. 529 00:34:17,075 --> 00:34:20,395 What if you could lower your tax bill and stack Bitcoin at the same time? 530 00:34:20,835 --> 00:34:23,475 Well, by mining Bitcoin with Blockware, you can. 531 00:34:24,055 --> 00:34:28,255 New tax guidelines from the Big Beautiful Bill allow American miners to write off 100% 532 00:34:28,255 --> 00:34:33,095 of the cost of their mining hardware in a single tax year. That's right, 100% write-off. 533 00:34:33,735 --> 00:34:38,395 So if you have $100,000 in capital gains or income, you can purchase $100,000 of miners 534 00:34:38,395 --> 00:34:43,595 and offset it entirely. Blockware's mining as a service enables you to start mining Bitcoin right 535 00:34:43,595 --> 00:34:48,395 now without lifting a finger. Blockware handles everything from securing the miners to sourcing 536 00:34:48,395 --> 00:34:53,435 low-cost power to configuring the pool, they do it all. You get to stack Bitcoin at a discount 537 00:34:53,435 --> 00:34:58,715 every single day while also saving big come tax season. Get started today by going to 538 00:34:58,715 --> 00:35:04,395 mining.blockwaresolutions.com forward slash wbd. Of course none of this is tax advice, 539 00:35:04,395 --> 00:35:08,155 speak to your accountant or tax advisor to understand how these rules apply to you 540 00:35:08,395 --> 00:35:12,675 And then head over to mining.blockwaresolutions.com forward slash WBD. 541 00:35:12,855 --> 00:35:17,095 And you'll get one week of free hosting and electricity with each hosted miner purchased. 542 00:35:18,095 --> 00:35:23,095 I mean, it's funny because like I probably buy some of the stuff that Nick's saying. 543 00:35:23,175 --> 00:35:27,795 Like I can believe that there's plenty of people who would willingly allocate money to Bitcoin 544 00:35:27,795 --> 00:35:33,255 that see the quantum computer threat, think that this is real and is closer than it may be in 545 00:35:33,255 --> 00:35:37,755 reality, and then be cautious of ever like touching Bitcoin because of that. 546 00:35:38,135 --> 00:35:39,335 I think that probably exists. 547 00:35:39,475 --> 00:35:41,115 I think it's probably a small minority at the moment, 548 00:35:41,115 --> 00:35:42,515 but it's probably going to grow as well 549 00:35:42,515 --> 00:35:44,235 as the hype around quantum computing grows. 550 00:35:44,595 --> 00:35:47,355 So we do have people working on solutions. 551 00:35:47,935 --> 00:35:49,155 What are those solutions? 552 00:35:49,235 --> 00:35:51,335 So quantum proof cryptography, 553 00:35:51,515 --> 00:35:53,435 like maybe explain how that works 554 00:35:53,435 --> 00:35:55,055 and why it's not an ideal solution, 555 00:35:55,155 --> 00:35:55,895 at least right now. 556 00:35:57,195 --> 00:35:59,795 Yeah, so there's two major camps 557 00:35:59,795 --> 00:36:02,235 of quantum resistant cryptography out there 558 00:36:02,235 --> 00:36:03,955 being proposed for Bitcoin at least right now. 559 00:36:04,135 --> 00:36:06,475 And those are hash-based and lattice-based. 560 00:36:06,475 --> 00:36:08,435 I understand hash-based mostly. 561 00:36:08,555 --> 00:36:10,275 I don't understand lattice-based mostly. 562 00:36:11,115 --> 00:36:18,055 But they, for the moment at least, have somewhat similar problems, which is that they require 563 00:36:18,055 --> 00:36:23,955 much more data to prove ownership and validate signatures than elliptic curves. 564 00:36:24,355 --> 00:36:30,715 Elliptic curves were chosen for a lot of cryptosystems because they have a really, even compared 565 00:36:30,715 --> 00:36:35,055 to RSA, which was a previous cryptosystem that has similar properties in many ways to 566 00:36:35,055 --> 00:36:41,755 elliptic curves. They have much smaller keys and signatures. So like a Bitcoin key is 32 bytes, 567 00:36:41,955 --> 00:36:48,135 33 bytes, depending on things. And a Bitcoin signature is 64 to 70 bytes. These are very 568 00:36:48,135 --> 00:36:52,295 small amounts of data to prove the ownership of something. Really, if you think about what you're 569 00:36:52,295 --> 00:36:56,855 doing and the ability to move Bitcoin and prove ownership with a total of 100 bytes is just 570 00:36:56,855 --> 00:37:03,035 shockingly efficient. And quantum resistant algorithms, whether hash-based or lattice-based, 571 00:37:03,035 --> 00:37:05,155 are many kilobytes. 572 00:37:05,455 --> 00:37:06,935 So not many, several kilobytes at least, 573 00:37:07,015 --> 00:37:08,895 many kilobytes for kind of simple systems 574 00:37:08,895 --> 00:37:10,975 to do that same job of proving ownership 575 00:37:10,975 --> 00:37:11,915 and transfer of Bitcoin. 576 00:37:12,595 --> 00:37:14,015 So that's the big problem right now. 577 00:37:14,655 --> 00:37:17,095 Recent research has made great strides 578 00:37:17,095 --> 00:37:18,755 in reducing the cost of these things, 579 00:37:18,795 --> 00:37:19,795 especially the compute cost. 580 00:37:19,875 --> 00:37:21,535 So there's been some posts going back and forth 581 00:37:21,535 --> 00:37:22,675 on the Bitcoin dev mailing list 582 00:37:22,675 --> 00:37:25,295 about these post-quantum schemes 583 00:37:25,295 --> 00:37:27,295 and how they've really gotten 584 00:37:27,295 --> 00:37:29,015 the signature verification, 585 00:37:29,375 --> 00:37:30,535 which is probably the most important 586 00:37:30,535 --> 00:37:32,635 to optimize portion of the Bitcoin process, 587 00:37:32,635 --> 00:37:36,395 to about the same compute cost as elliptic curve verification. 588 00:37:36,595 --> 00:37:37,655 So that's like a huge innovation 589 00:37:37,655 --> 00:37:39,675 and great progress has been made there. 590 00:37:40,835 --> 00:37:43,435 And so we're just really, I would say in the Bitcoin world, 591 00:37:43,655 --> 00:37:46,195 we're looking for a sufficiently developed 592 00:37:46,195 --> 00:37:47,855 post-quantum crypto system 593 00:37:47,855 --> 00:37:50,635 that doesn't have major downsides for the system 594 00:37:50,635 --> 00:37:52,375 like multi-kilobyte keys. 595 00:37:53,495 --> 00:37:55,775 And the issue there, like in layman's terms, 596 00:37:55,875 --> 00:37:58,375 is it takes Bitcoin from being, I don't know, 597 00:37:58,715 --> 00:38:00,035 do you know how many transactions a second? 598 00:38:00,195 --> 00:38:01,995 I even hate that metric, but how many transactions? 599 00:38:01,995 --> 00:38:03,775 Seven transactions per second is often cited. 600 00:38:03,975 --> 00:38:07,835 Okay, but then it's going to go down to probably less than one if we go to these larger signatures. 601 00:38:08,335 --> 00:38:08,975 Yep, exactly. 602 00:38:08,975 --> 00:38:16,455 And so if we have 10 years, how small do you think we can make those signature sizes? 603 00:38:16,735 --> 00:38:19,375 And how close to what we're working with now? 604 00:38:20,955 --> 00:38:24,695 I am not a cryptographer, so I'm hesitant to even put a prediction on it. 605 00:38:24,695 --> 00:38:42,695 What I would guess is that over 10 years, we can make sufficient developments in kind of layered Bitcoin technologies, whether that's ARCs or Lightning or BitVMs or whatever else people are working on. 606 00:38:43,815 --> 00:38:51,035 So that we can work with the larger signatures, however big, however small we can get them in the same time. 607 00:38:51,095 --> 00:38:53,055 So let's kind of attack it from two sides, right? 608 00:38:53,055 --> 00:38:57,295 make Bitcoin more efficient with layering and reduce the size of the signatures sufficiently 609 00:38:57,295 --> 00:39:01,515 over the course of the time so that we can build a system that really works for people 610 00:39:01,515 --> 00:39:06,635 by the time we need to. It's one of those funny things where I guess the ideal solution here, 611 00:39:06,715 --> 00:39:10,475 if you assume quantum computing is real and it's going to be able to break cryptography at some 612 00:39:10,475 --> 00:39:15,415 point in the future, you want to make the change as late as possible so you have the best solution 613 00:39:15,415 --> 00:39:22,015 possible. But to get that, you do need people working on today, which we do have. But if we 614 00:39:22,015 --> 00:39:26,675 do get there and we need to make a change to Bitcoin, is this a soft fork or a hard fork? 615 00:39:27,895 --> 00:39:31,295 Soft, yeah. Everything here can be done in a soft fork. And I think there'd be a really 616 00:39:31,295 --> 00:39:36,435 interesting discussion on the same way that segregated witness was a soft fork that technically 617 00:39:36,435 --> 00:39:42,895 added block space. If we've made significant strides in the validation cost and we've seen 618 00:39:42,895 --> 00:39:50,055 increases in storage capacity on typical devices and stuff, it might make sense to do another thing 619 00:39:50,055 --> 00:39:56,695 like SegWit where, okay, we get post-quantum and we make a special quantum signature block 620 00:39:56,695 --> 00:40:00,315 that lets us keep about the same transaction throughput. So there's a lot of conversations 621 00:40:00,315 --> 00:40:05,175 to be had here when the time comes. In the meantime, as you said, the right thing to do 622 00:40:05,175 --> 00:40:08,335 right now is to continue developing these post-quantum signature schemes, making them 623 00:40:08,335 --> 00:40:10,655 better and better and better over time so that we're ready. 624 00:40:12,235 --> 00:40:17,955 One of the most interesting things I've heard you say on this is that you think regular computers 625 00:40:17,955 --> 00:40:20,295 might break cryptography before quantum computers. 626 00:40:21,055 --> 00:40:21,875 Explain that. 627 00:40:21,935 --> 00:40:22,375 What do you mean? 628 00:40:24,575 --> 00:40:25,835 As many as people have said, 629 00:40:26,715 --> 00:40:28,115 crypto systems have a shelf life. 630 00:40:28,515 --> 00:40:31,115 You know, RSA 1024-bit was secure 631 00:40:31,115 --> 00:40:32,795 when I first started using cryptography, 632 00:40:33,035 --> 00:40:35,735 but soon after I had to upgrade my RSA keys to 2048, 633 00:40:35,875 --> 00:40:38,295 and then I upgraded further to 4096-bit keys. 634 00:40:39,955 --> 00:40:41,295 SHA-1 is no longer secure. 635 00:40:41,395 --> 00:40:42,415 MD5 is no longer secure. 636 00:40:43,035 --> 00:40:45,255 You know, crypto systems have a shelf life. 637 00:40:45,255 --> 00:40:47,455 and elliptic curves. 638 00:40:48,195 --> 00:40:50,735 The nice thing about modern cryptography, 639 00:40:50,855 --> 00:40:52,395 like we're kind of several generations in, 640 00:40:52,475 --> 00:40:53,535 obviously, of cryptography, 641 00:40:53,915 --> 00:40:59,275 is that we have pretty strong proofs of security. 642 00:40:59,495 --> 00:41:00,615 Like we have, here's the assumption. 643 00:41:01,075 --> 00:41:02,395 If you don't break this assumption, 644 00:41:02,535 --> 00:41:03,415 this system is secure. 645 00:41:05,155 --> 00:41:09,135 But there's still new math being discovered every year. 646 00:41:09,635 --> 00:41:12,535 And there's no way to know for sure 647 00:41:12,535 --> 00:41:17,155 that some genius working in a university somewhere 648 00:41:17,155 --> 00:41:21,735 doesn't come up with a way to basically attack 649 00:41:21,735 --> 00:41:25,375 the underpinnings of the very elliptic curve system. 650 00:41:25,855 --> 00:41:30,615 You know, the SCCP-256K1 curve that we use in Bitcoin 651 00:41:30,615 --> 00:41:32,915 has a specific formula that describes 652 00:41:32,915 --> 00:41:34,555 the shape of the elliptic curve. 653 00:41:35,635 --> 00:41:38,475 And then on that curve, our whole cryptosystem 654 00:41:38,475 --> 00:41:40,955 revolves around moving a point around on that curve 655 00:41:40,955 --> 00:41:42,595 based on secret keys and public keys, right? 656 00:41:44,435 --> 00:41:46,335 What if there's a vulnerability in that curve 657 00:41:46,335 --> 00:41:48,155 and the points on the curve can be predicted 658 00:41:48,155 --> 00:41:49,535 based on the public key? 659 00:41:50,935 --> 00:41:51,835 That's a possibility. 660 00:41:52,175 --> 00:41:53,015 I don't think so. 661 00:41:53,075 --> 00:41:54,075 It's been around for long enough, 662 00:41:54,255 --> 00:41:57,335 but to me, that's a more likely attack vector 663 00:41:57,335 --> 00:41:59,095 for Bitcoin than quantum computing 664 00:41:59,095 --> 00:42:01,295 because we've seen that happen many times. 665 00:42:01,775 --> 00:42:03,435 You'll hear, I kind of go with evidence. 666 00:42:03,935 --> 00:42:05,415 And the evidence is that crypto systems 667 00:42:05,415 --> 00:42:08,815 are broken by innovations in mathematics and cryptography. 668 00:42:08,815 --> 00:42:12,295 they're not broken by like brand new types of computers. 669 00:42:12,295 --> 00:42:13,375 They're broken by math. 670 00:42:13,575 --> 00:42:14,375 And that's what I would think 671 00:42:14,375 --> 00:42:15,555 is the most likely vulnerability. 672 00:42:16,235 --> 00:42:17,195 Now, the great thing is that 673 00:42:17,195 --> 00:42:19,095 the solution to both of these is the same thing. 674 00:42:19,235 --> 00:42:21,295 We should keep developing other crypto systems 675 00:42:21,295 --> 00:42:22,475 that might be suitable for Bitcoin. 676 00:42:22,755 --> 00:42:24,455 And we should implement one in Bitcoin 677 00:42:24,455 --> 00:42:25,375 when the time is right. 678 00:42:25,795 --> 00:42:26,775 Oh, great, we'll do that. 679 00:42:28,155 --> 00:42:31,375 I mean, I imagine AI is gonna also, 680 00:42:31,575 --> 00:42:33,015 like people talk about the breakthroughs 681 00:42:33,015 --> 00:42:34,715 that may come in math and physics through AI. 682 00:42:34,915 --> 00:42:36,955 Like that is probably one of the most realistic ways 683 00:42:36,955 --> 00:42:39,315 that current cryptography is broken. 684 00:42:39,675 --> 00:42:40,055 It's funny. 685 00:42:40,135 --> 00:42:42,495 I was actually talking to AI the other day 686 00:42:42,495 --> 00:42:42,855 and I was like, 687 00:42:42,895 --> 00:42:43,935 how would you break ECDSA? 688 00:42:44,155 --> 00:42:44,915 And it won't tell you. 689 00:42:45,035 --> 00:42:46,655 Like it just refuses to answer that question 690 00:42:46,655 --> 00:42:47,695 or it did for me at least. 691 00:42:48,655 --> 00:42:50,615 I mean, not that I was going to understand 692 00:42:50,615 --> 00:42:51,635 anything that it said anyway. 693 00:42:52,195 --> 00:42:54,095 But so, okay, if we need to soft fork, 694 00:42:55,135 --> 00:42:57,715 then that's one of the really interesting parts 695 00:42:57,715 --> 00:42:58,595 of this conversation is like, 696 00:42:58,595 --> 00:43:00,295 what do we do with the old coins 697 00:43:00,295 --> 00:43:02,315 that will otherwise be stolen? 698 00:43:02,755 --> 00:43:03,795 And there's going to be like 699 00:43:03,795 --> 00:43:04,795 part of the Bitcoin community 700 00:43:04,795 --> 00:43:06,935 that think that those should be confiscated 701 00:43:07,435 --> 00:43:09,055 I, at least as of right now, 702 00:43:09,115 --> 00:43:10,635 I'm very strongly against that. 703 00:43:10,715 --> 00:43:12,575 Like one of the key principles in Bitcoin to me 704 00:43:12,575 --> 00:43:13,275 is property rights. 705 00:43:13,335 --> 00:43:15,335 And I don't think we should steal someone's coins, 706 00:43:15,435 --> 00:43:17,955 just the threat that a bad actor steals the coins later. 707 00:43:18,455 --> 00:43:19,895 Where do you fall on that whole thing? 708 00:43:21,755 --> 00:43:24,515 Yeah, I found people arguing with me on both sides of this 709 00:43:24,515 --> 00:43:25,935 because I'm in the middle. 710 00:43:27,755 --> 00:43:29,955 If there is a sudden quantum break, 711 00:43:29,955 --> 00:43:32,015 let's say tomorrow we find out 712 00:43:32,015 --> 00:43:35,195 that there's actually already a quantum computer 713 00:43:35,195 --> 00:43:36,875 active stealing coins, right? 714 00:43:36,935 --> 00:43:52,295 So I think it's never happening, but tomorrow someone proves, hey, look, I'm doing it right now. Here's your secret key. Then we should confiscate the coins because there was no opportunity for anybody to retain their ownership. And so the entire system's ownership has just been invalidated suddenly. 715 00:43:52,295 --> 00:44:07,975 So in that case, we confiscate the coins and we create some kind of a claim system where some people can reclaim their ownership, but we don't just leave it vulnerable to the quantum attacker because everyone's ownership was simultaneously ruined, essentially. 716 00:44:07,975 --> 00:44:22,735 On the other hand, if what is, I think, a much more reasonable expectation, we see a gradual progression and let's say in five years, quantum computers start factoring 20-bit numbers and we say, okay, it's time to do something. 717 00:44:22,735 --> 00:44:38,395 So a year later, we activate a soft fork that has quantum-resistant cryptography in it. And then that year, they factor 32-bit numbers and they keep progressing. Then people have time from the time we deploy that quantum-resistant soft fork to move their coins to quantum-resistant addresses. 718 00:44:38,395 --> 00:44:40,395 and at some point down the road, 719 00:44:40,855 --> 00:44:42,815 that quantum attacker is going to first break 720 00:44:42,815 --> 00:44:44,115 a meaningful Bitcoin key. 721 00:44:44,215 --> 00:44:45,915 They're going to factor a 256-bit number 722 00:44:45,915 --> 00:44:47,775 and break a Bitcoin key. 723 00:44:48,335 --> 00:44:50,215 But by then, everybody who was active in Bitcoin 724 00:44:50,215 --> 00:44:52,095 has already started using the new soft fork. 725 00:44:52,195 --> 00:44:53,015 So then we just say, fine, 726 00:44:53,055 --> 00:44:53,855 they can have such these coins, 727 00:44:53,915 --> 00:44:54,995 they can have all the dead coins. 728 00:44:55,495 --> 00:44:57,495 It's going to be a race between different quantum actors 729 00:44:57,495 --> 00:44:58,515 who gets which coins. 730 00:44:58,935 --> 00:45:01,055 And as you said, we enforce the ownership and say, 731 00:45:01,115 --> 00:45:03,095 no, whoever gets those keys is the owner 732 00:45:03,095 --> 00:45:04,955 because that's the only thing we know in Bitcoin. 733 00:45:06,035 --> 00:45:08,215 So mostly I'm with you. 734 00:45:08,395 --> 00:45:23,653 unless it a sudden thing where tomorrow someone starts stealing quantum coins or quantum vulnerable coins See I don know if I even agree with that part Like it just it feels very like Ethereum DAO type situation where you not happy with an 735 00:45:23,653 --> 00:45:23,953 outcome. 736 00:45:24,093 --> 00:45:27,232 So therefore you kind of roll back the chain and give people their Bitcoin back. 737 00:45:27,512 --> 00:45:32,673 Like, I don't know if I can ever get on board with that because like one of the issues that 738 00:45:32,673 --> 00:45:36,313 I think people will have here is they'll see that, you know, I don't know, 2 million coins 739 00:45:36,313 --> 00:45:39,633 or whatever it is in paid pub key addresses are going to hit the market. 740 00:45:39,633 --> 00:45:41,813 that's going to have a massive impact on Bitcoin price. 741 00:45:41,992 --> 00:45:43,732 And therefore they're like, that's a bad thing. 742 00:45:44,232 --> 00:45:47,453 But if you completely remove or invalidate 743 00:45:47,453 --> 00:45:48,893 one of the value propositions of Bitcoin, 744 00:45:49,012 --> 00:45:50,052 which is property rights, 745 00:45:50,413 --> 00:45:53,073 like what does the long-term value actually become? 746 00:45:53,373 --> 00:45:55,573 Like, I think the number is far lower in the long-term, 747 00:45:55,673 --> 00:45:58,573 even if you have a short-term huge impact on price. 748 00:45:59,052 --> 00:45:59,673 I don't know. 749 00:45:59,732 --> 00:46:03,453 I feel like confiscating coins at any point is wrong, 750 00:46:03,453 --> 00:46:05,332 whether it's tomorrow or it's in 10 years. 751 00:46:07,373 --> 00:46:08,873 No, I love that perspective. 752 00:46:08,873 --> 00:46:14,273 I mean, I think it's a very kind of baller perspective to take, essentially. 753 00:46:15,012 --> 00:46:22,332 I think realistically, and this is the plain reality of Bitcoin, and I was talking about 754 00:46:22,332 --> 00:46:25,613 it actually on Tone Vase Show the other day, it's a market question. 755 00:46:26,413 --> 00:46:28,532 And neither of us knows what the market will do. 756 00:46:29,453 --> 00:46:34,212 I would bet that if we do see there's a sudden quantum adversary where no one knew it was 757 00:46:34,212 --> 00:46:38,972 coming and suddenly all the coins were starting to move, we would see a chain split rather. 758 00:46:39,472 --> 00:46:43,332 So a chain split would happen. There'd be the one that retains ownership, exactly as you said, 759 00:46:43,393 --> 00:46:47,712 it's just, it's Bitcoin. We add quantum resistance and people start kind of fighting each other to 760 00:46:47,712 --> 00:46:52,153 get their coins quantum resistant. And like, we just kind of YOLO, it's, we're baller, 761 00:46:52,212 --> 00:46:57,352 we're going to go with it. And on the other hand, we have people where we cut off the quantum 762 00:46:57,352 --> 00:47:02,653 vulnerable cryptography and we make some kind of a claim process. And we try to preserve ownership 763 00:47:02,653 --> 00:47:05,252 the best we can within that scenario. 764 00:47:05,732 --> 00:47:08,093 And I have no idea really which one would have more value. 765 00:47:08,193 --> 00:47:09,832 I know that I prefer one of them, 766 00:47:10,212 --> 00:47:12,653 but I'm only one market actor with a small number of coins. 767 00:47:12,953 --> 00:47:14,512 I don't know what the future would hold 768 00:47:14,512 --> 00:47:15,732 on either one of those two coins, 769 00:47:15,813 --> 00:47:17,093 but I think we'd have a clear chain split. 770 00:47:18,133 --> 00:47:19,712 Yeah, and the funny thing is like, 771 00:47:19,773 --> 00:47:21,773 even though I feel quite strongly 772 00:47:21,773 --> 00:47:25,153 that you can't ever confiscate coins under any circumstances, 773 00:47:25,573 --> 00:47:27,073 I also could see a world, 774 00:47:27,153 --> 00:47:29,173 like if you do take the Ethereum DAO analogy, 775 00:47:29,552 --> 00:47:31,832 where I would be on the side of like the Ethereum classic, 776 00:47:31,832 --> 00:47:33,332 which fades into insignificance. 777 00:47:33,552 --> 00:47:34,773 That would definitely be a chain split 778 00:47:34,773 --> 00:47:36,453 where I'd never sell the coins on either side. 779 00:47:37,153 --> 00:47:37,613 Right, exactly. 780 00:47:37,813 --> 00:47:38,752 And I think a lot of people do that. 781 00:47:39,693 --> 00:47:41,972 Yeah, but I do think it's probably 782 00:47:41,972 --> 00:47:43,832 one of the most interesting sort of dilemmas 783 00:47:43,832 --> 00:47:46,052 that may occur if we do actually get this. 784 00:47:47,433 --> 00:47:49,972 If that happens, so if we have a soft fork, 785 00:47:50,193 --> 00:47:53,492 so let's say we know quantum computing is coming, 786 00:47:53,693 --> 00:47:54,832 we've seen the progress, 787 00:47:55,032 --> 00:47:56,573 like it's an imminent threat, 788 00:47:56,653 --> 00:47:58,393 we make a change, we have a soft fork, 789 00:47:58,752 --> 00:48:01,732 would everyone then have to migrate keys 790 00:48:01,732 --> 00:48:03,893 to a quantum proof address. 791 00:48:05,093 --> 00:48:06,512 Yeah, everyone have to move their coins, 792 00:48:06,633 --> 00:48:08,693 which would be a big privacy impact for many people. 793 00:48:09,913 --> 00:48:10,813 Huge privacy impact. 794 00:48:10,873 --> 00:48:13,373 And also it would take a very, very long time, right? 795 00:48:13,413 --> 00:48:14,532 Like block space is limited. 796 00:48:14,712 --> 00:48:16,532 Like how long would that process take? 797 00:48:17,873 --> 00:48:19,972 I think it's like for all the UTXOs, 798 00:48:20,052 --> 00:48:21,732 it's like three or four years right now. 799 00:48:22,913 --> 00:48:23,633 No, not that much. 800 00:48:23,633 --> 00:48:23,873 Okay. 801 00:48:24,212 --> 00:48:24,893 I'm not exaggerating. 802 00:48:25,133 --> 00:48:26,032 It's a good while, 803 00:48:26,032 --> 00:48:28,492 but it's measured in years, not decades for sure. 804 00:48:29,893 --> 00:48:30,093 Okay. 805 00:48:30,093 --> 00:48:35,532 So you basically then are in that situation where you need to move your coins as quickly 806 00:48:35,532 --> 00:48:42,752 as possible because the idea is if the quantum computing progress is so fast that not only 807 00:48:42,752 --> 00:48:46,273 can it break cryptography, but it can now do it in less than 10 minutes, then those 808 00:48:46,273 --> 00:48:48,593 coins are also going to be lost forever, essentially. 809 00:48:50,052 --> 00:48:50,492 Yep. 810 00:48:51,212 --> 00:48:52,852 So miners are going to be happy. 811 00:48:52,992 --> 00:48:54,712 Fees are going to go through the absolute roof. 812 00:48:56,173 --> 00:48:58,212 Yeah, I think that's right. 813 00:48:58,212 --> 00:49:04,773 Does it have any other impacts apart from the, like, does it have any impacts in mining quantum 814 00:49:04,773 --> 00:49:11,732 computing? Very unlikely. There's an algorithm out there called Grover's algorithm that can reduce 815 00:49:11,732 --> 00:49:19,653 the difficulty of finding a SHA-256 collision by a square root factor, basically. But the reality 816 00:49:19,653 --> 00:49:24,212 is that Bitcoin's difficulty adjustment can handle that. So if quantum miner is square root faster, 817 00:49:24,212 --> 00:49:31,133 it's okay it doesn't matter um as far as anyone researching has has figured out so far there's not 818 00:49:31,133 --> 00:49:35,832 really a problem for mining because we have a difficulty adjustment and so as quantum miners 819 00:49:35,832 --> 00:49:41,252 start to roll out like we've seen bigger improvements in mining already in the cpu gpu 820 00:49:41,252 --> 00:49:47,893 asic migration than you would see from a quantum device okay so if anyone listening to this has 821 00:49:47,893 --> 00:49:52,593 been panicking about quantum you think they can relax for a good a good deal of time right now 822 00:49:53,352 --> 00:49:58,492 Yeah, I mean, like I said, I can only say with confidence, like serious confidence, it's going to be more than 10 years. 823 00:49:59,012 --> 00:50:01,373 And so we should watch and we should look for the evidence. 824 00:50:01,773 --> 00:50:11,492 And I think even to go further than that, it makes sense to start taking whatever steps toward improving Bitcoin's resistance to an EC break. 825 00:50:12,593 --> 00:50:17,732 We can take the day that are clearly good steps for Bitcoin, that they don't have downsides, whatever. 826 00:50:17,832 --> 00:50:18,573 We should just do them. 827 00:50:19,273 --> 00:50:21,313 I mentioned, I think, Hunter Beast once in this already. 828 00:50:21,313 --> 00:50:29,352 He developed a BIP with some other folks called BIP360, which adds a taproot type address, but without an exposed public key. 829 00:50:30,273 --> 00:50:32,793 And that would give options for quantum resistance in the future. 830 00:50:33,012 --> 00:50:36,832 It also would reduce the cost of certain types of on-chain contracts that people want. 831 00:50:37,293 --> 00:50:38,613 And so it's like, oh, that's a good thing regardless. 832 00:50:38,793 --> 00:50:39,413 Let's just do it. 833 00:50:39,793 --> 00:50:49,953 I think it makes great sense to take concrete steps today that we know are good steps and keep watching the quantum computing and the post-quantum cryptography in the meantime. 834 00:50:49,953 --> 00:50:57,153 And last question on Bitcoin, well, on this side of Bitcoin, I do want to get into how contentious 835 00:50:57,153 --> 00:51:02,192 a soft fork may be in this scenario, but does it have any impact on mining? Obviously, to open a 836 00:51:02,192 --> 00:51:05,313 channel, you have to do a transaction, so it has an impact there. Is there anything else? 837 00:51:07,153 --> 00:51:13,473 Definitely. Things are so complicated here, right? So we've been developing Bitcoin with 838 00:51:13,473 --> 00:51:20,173 with elliptic curve keys in mind for a decade and a half already. 839 00:51:20,653 --> 00:51:23,712 And so we have hierarchical deterministic wallets 840 00:51:23,712 --> 00:51:27,813 use elliptic curve key transformations to derive the keys. 841 00:51:29,873 --> 00:51:33,473 Musig2 and Frost are elliptic curve key aggregation protocols. 842 00:51:34,453 --> 00:51:38,393 We've got lightning point time lock contracts being worked on. 843 00:51:38,453 --> 00:51:39,173 Those are key based. 844 00:51:39,173 --> 00:51:40,532 We've got silent payments, 845 00:51:40,532 --> 00:51:44,492 which is a very elliptic curve specific method of doing more private addresses. 846 00:51:45,273 --> 00:51:47,732 We've got all this stuff that's all based on elliptic curves. 847 00:51:49,032 --> 00:51:51,552 And so absolutely, it impacts everything about Bitcoin. 848 00:51:51,933 --> 00:51:56,732 You know, DLCs, like all these technologies that we rely on for Bitcoin 849 00:51:56,732 --> 00:51:58,393 are based on the elliptic curve math. 850 00:51:58,512 --> 00:52:00,712 And we would have to kind of redevelop them 851 00:52:00,712 --> 00:52:03,192 for whatever type of post-quantum signature we build. 852 00:52:04,492 --> 00:52:05,613 So there's a lot of work coming up. 853 00:52:06,093 --> 00:52:10,413 Okay, so let's get into the juicy topic of an actual softball. 854 00:52:10,413 --> 00:52:15,973 happening like the idea of a soft fork happening to just improve bitcoin or change bitcoin in a way 855 00:52:15,973 --> 00:52:20,913 that you might get like i don't know ctv or whatever it might be these have become already 856 00:52:20,913 --> 00:52:26,113 like really hot button topics like it seems like i don't think bitcoin's ossified but it's it's 857 00:52:26,113 --> 00:52:29,813 always trending more and more towards ossification like these are getting more and more contentious 858 00:52:29,813 --> 00:52:33,453 do you think this would be an easy soft fork to actually implement 859 00:52:33,453 --> 00:52:55,752 I think that the ossification kind of narrative is largely an artifact, I would say, of the past, of the block-size war and of other things. 860 00:52:55,752 --> 00:52:56,813 and 861 00:52:56,813 --> 00:53:00,332 I don't know 862 00:53:00,332 --> 00:53:02,052 I can't predict the future of course 863 00:53:02,052 --> 00:53:04,433 but I think there is 864 00:53:04,433 --> 00:53:06,232 a memetic shift that will happen 865 00:53:06,232 --> 00:53:08,113 when the right combination 866 00:53:08,113 --> 00:53:10,032 of proposal and person 867 00:53:10,032 --> 00:53:11,752 and timing happens 868 00:53:11,752 --> 00:53:13,933 maybe it's this quantum 869 00:53:13,933 --> 00:53:16,332 narrative right now 870 00:53:16,332 --> 00:53:17,893 that creates that shift 871 00:53:17,893 --> 00:53:19,893 so that we see 872 00:53:19,893 --> 00:53:22,512 BIP360 as the kind of best example 873 00:53:22,512 --> 00:53:24,332 right now being implemented as a soft fork 874 00:53:24,332 --> 00:53:29,953 and people seeing kind of a different viewpoint on Bitcoin softworks, 875 00:53:30,052 --> 00:53:33,633 where instead of Bitcoin softworks being the big SegWit change 876 00:53:33,633 --> 00:53:36,593 that added more block space or the big taproot change 877 00:53:36,593 --> 00:53:42,093 that took away certain kind of weird restrictions 878 00:53:42,093 --> 00:53:43,752 in how Bitcoin could be used, 879 00:53:44,153 --> 00:53:48,953 we see instead, oh, Bitcoin is improving in a slow and steady, 880 00:53:49,093 --> 00:53:51,352 responsible way to mitigate future risks 881 00:53:51,352 --> 00:53:53,252 that maintain the security of the system. 882 00:53:53,992 --> 00:53:58,873 And so I think the whole narrative will change at some point because everything is driven on memes. 883 00:53:59,052 --> 00:54:02,352 That's the fundamental learning of our lives on the internet and of Bitcoin. 884 00:54:03,133 --> 00:54:05,373 And the memes will shift at some point. 885 00:54:05,492 --> 00:54:10,832 And instead of there being this ossification narrative, there'll be just the natural thing of, oh, yeah, we're going to solve quantum gradually. 886 00:54:10,832 --> 00:54:12,293 We're going to do BIP 360 today. 887 00:54:12,552 --> 00:54:14,673 We're going to do some other thing tomorrow. 888 00:54:14,673 --> 00:54:18,232 And we're going to add quantum-resistant signatures at some point later when they're ready. 889 00:54:18,593 --> 00:54:20,413 And that's just the obvious natural thing. 890 00:54:20,413 --> 00:54:22,012 So I do think it'll happen. 891 00:54:22,012 --> 00:54:26,633 I don't know if it's going to be easy, but I think we'll just see a shift in memetics and it'll just happen. 892 00:54:27,992 --> 00:54:31,133 So I'm going to put you on the spot and make you do a prediction. 893 00:54:31,332 --> 00:54:34,832 Do you think a quantum soft fork will be the next soft fork? 894 00:54:41,752 --> 00:54:47,873 If we count BIP 360 as a quantum soft fork, which is how it was originally built, I'm going to go with yes. 895 00:54:48,032 --> 00:54:50,712 I would say yes, that is the most likely next soft fork. 896 00:54:50,712 --> 00:54:56,093 I think the other option that's really out there for our next soft work is probably the consensus cleanup. 897 00:54:56,873 --> 00:54:58,552 And I think that's also a good change. 898 00:54:58,593 --> 00:54:59,893 I think it will go at some point. 899 00:55:00,973 --> 00:55:03,992 But it has much more to talk about. 900 00:55:04,252 --> 00:55:06,293 Not even that any of it is wrong or weird. 901 00:55:06,473 --> 00:55:07,913 It's just got more stuff. 902 00:55:08,232 --> 00:55:14,692 Whereas Bit360 is a very focused, very single change that I think makes sense for a whole bunch of reasons. 903 00:55:15,212 --> 00:55:18,433 And so it's going to be easier to have the conversation about Bit360. 904 00:55:18,433 --> 00:55:21,593 So I think it's more likely to be the one that shifts the memetics. 905 00:55:23,273 --> 00:55:26,593 The funny thing with that one would, if there was a huge breakthrough in quantum computing, 906 00:55:27,012 --> 00:55:32,893 and we thought we didn't have three years or two years, however long it takes to migrate 907 00:55:32,893 --> 00:55:37,473 all of these coins, and we needed to put a block size increase in it as well. 908 00:55:37,712 --> 00:55:39,893 Like, that's how this could get really contentious. 909 00:55:41,793 --> 00:55:42,953 Man, that'd be a mess. 910 00:55:43,492 --> 00:55:43,593 Yeah. 911 00:55:43,673 --> 00:55:45,673 And there's so many messy things out there. 912 00:55:45,673 --> 00:55:48,673 because James and Lott proposed confiscation 913 00:55:48,673 --> 00:55:50,393 and we should start confiscating soon. 914 00:55:51,173 --> 00:55:52,573 And that, of course, was like, whoa. 915 00:55:53,093 --> 00:55:56,173 So there's a lot of controversy to be had. 916 00:55:56,273 --> 00:55:58,953 And I think that's why Bit360 is very appealing 917 00:55:58,953 --> 00:55:59,673 as a next software 918 00:55:59,673 --> 00:56:02,252 because it basically dodges all the controversy. 919 00:56:02,532 --> 00:56:04,113 It's just a stepwise improvement. 920 00:56:04,552 --> 00:56:06,673 It's better for certain contracts today. 921 00:56:06,752 --> 00:56:08,212 It's better for both Quantum in the future. 922 00:56:08,773 --> 00:56:11,093 It has support from all different circles. 923 00:56:11,293 --> 00:56:13,113 Lightning developers like it for certain things. 924 00:56:13,332 --> 00:56:14,573 Arc developers like it for certain things. 925 00:56:14,573 --> 00:56:15,433 Everyone likes it. 926 00:56:15,673 --> 00:56:18,913 So I think, yeah, I'll go with yes. 927 00:56:18,973 --> 00:56:20,692 A quantum change, BIP 360 in particular, 928 00:56:20,933 --> 00:56:21,773 is the next soft fork. 929 00:56:22,613 --> 00:56:23,893 That might be bearish on CTV. 930 00:56:24,293 --> 00:56:26,752 Why does Jameson think we should start confiscating coins now? 931 00:56:26,793 --> 00:56:27,492 I've not seen that. 932 00:56:28,832 --> 00:56:35,832 So I think the idea was that we should deploy post-quantum crypto, 933 00:56:36,413 --> 00:56:37,573 and as soon as it's deployed, 934 00:56:37,933 --> 00:56:42,393 we should start a clock that includes confiscation 935 00:56:42,393 --> 00:56:44,332 X, Y, or Z years 936 00:56:44,332 --> 00:56:46,593 after, like, it stops the 937 00:56:46,593 --> 00:56:48,732 creation of new quantum vulnerable coins after three years 938 00:56:48,732 --> 00:56:50,552 and then stops the spending of quantum 939 00:56:50,552 --> 00:56:52,273 vulnerable coins after five years, something like that. 940 00:56:52,852 --> 00:56:54,692 So it wasn't, like, immediate conversation, 941 00:56:54,813 --> 00:56:56,573 but it was, like, as soon as we can do a post-quantum 942 00:56:56,573 --> 00:56:58,532 fork, we should, and as soon as that's done, we should start a 943 00:56:58,532 --> 00:57:00,552 clock. And I think you and I would agree that 944 00:57:00,552 --> 00:57:02,893 we should not do that. If we have a post-quantum 945 00:57:02,893 --> 00:57:04,613 fork, people can voluntarily move their coins, 946 00:57:04,673 --> 00:57:06,393 and the other coins are the quantum attackers. 947 00:57:06,552 --> 00:57:07,873 That's part of the definition of the system. 948 00:57:08,352 --> 00:57:10,712 But at least, it's not as crazy as I first made it out 949 00:57:10,712 --> 00:57:11,373 to be. Sorry, Jameson. 950 00:57:12,393 --> 00:57:17,712 I think when you, if you look at Satoshi's coins, like, I don't know, people estimate 951 00:57:17,712 --> 00:57:22,933 it has a million. They're in a ton of different PacePub key addresses. He talked about quantum 952 00:57:22,933 --> 00:57:28,893 computing, I think. He must have known that this was a potential future thing and he still 953 00:57:28,893 --> 00:57:32,933 left his keys vulnerable. Like, I think you just have to accept that decision that he made. 954 00:57:34,012 --> 00:57:34,893 I don't disagree. Yeah. 955 00:57:35,673 --> 00:57:39,953 It's going to be interesting. Is there anything else on the quantum side that you're like 956 00:57:39,953 --> 00:57:41,453 really paying attention to at the moment? 957 00:57:42,393 --> 00:57:53,673 Well, the one thing I mentioned already of the idea of maybe we don't need logical qubits and maybe that we should be building logical devices rather than logical qubits and then tying those together. 958 00:57:55,732 --> 00:57:57,332 That's something I'm definitely following. 959 00:57:57,852 --> 00:58:08,192 The particular person I was talking to was not totally compelling on that topic, but if that were to be the case, it could reduce one more hurdle in the way of quantum computing ever working. 960 00:58:08,192 --> 00:58:14,773 So, yeah, I think people who know me know I'm open to having my mind changed, but it 961 00:58:14,773 --> 00:58:15,313 takes evidence. 962 00:58:15,552 --> 00:58:20,752 As of now, there's no evidence that quantum is a kind of a current threat. 963 00:58:21,913 --> 00:58:25,852 Yeah, I mean, I've really liked both listening to your work and seeing what you've been putting 964 00:58:25,852 --> 00:58:29,773 on Twitter, because like I said, I was just kind of going along with the narrative that 965 00:58:29,773 --> 00:58:31,473 a load of changes were happening in quantum. 966 00:58:31,593 --> 00:58:32,613 It was getting really close. 967 00:58:33,252 --> 00:58:37,712 And I think listening to you has made me far less worried about this. 968 00:58:37,712 --> 00:58:41,393 I don't think it's a never problem, but I think it's a long way away. 969 00:58:42,352 --> 00:58:43,933 So Bitcoin's going to be fine. 970 00:58:44,052 --> 00:58:46,093 We're going to make changes if we need to. 971 00:58:46,712 --> 00:58:48,313 And it's going to be interesting. 972 00:58:48,413 --> 00:58:49,613 We'll have a lot of content out of it. 973 00:58:51,373 --> 00:58:53,532 The podcast industrial complex will survive. 974 00:58:54,953 --> 00:58:55,273 Exactly. 975 00:58:55,973 --> 00:58:56,992 Brandon, this has been awesome. 976 00:58:57,133 --> 00:58:57,673 Thank you, man. 977 00:58:57,873 --> 00:59:00,832 Is there any way you want to send anyone if they want to check out everything that you're doing? 978 00:59:01,532 --> 00:59:02,313 Yeah, follow me on X. 979 00:59:02,473 --> 00:59:05,732 I'm mostly, as Robin Linus likes to call me, I'm an addict of X. 980 00:59:05,852 --> 00:59:06,712 I'm there all the time. 981 00:59:07,212 --> 00:59:10,992 I post about Bitcoin stuff and other topics there. 982 00:59:11,832 --> 00:59:14,232 As I said earlier, I'm starting a consulting business this year. 983 00:59:14,293 --> 00:59:16,633 So if you need help with anything Bitcoin related, hit me up. 984 00:59:16,773 --> 00:59:22,373 I'm happy to talk about how we can help with your Bitcoin questions and do Bitcoin stuff. 985 00:59:23,332 --> 00:59:24,252 So what are you doing? 986 00:59:24,373 --> 00:59:27,012 Are you targeting like startups and businesses that might need help? 987 00:59:29,453 --> 00:59:30,212 That's the thought. 988 00:59:30,212 --> 00:59:35,552 Mostly, yeah, is if you're writing a new Bitcoin wallet or a new Bitcoin script, I have expertise 989 00:59:35,552 --> 00:59:38,232 in scripting and kind of security modeling 990 00:59:38,232 --> 00:59:39,732 for Bitcoin applications. 991 00:59:40,073 --> 00:59:42,413 So if someone needs some help, 992 00:59:42,473 --> 00:59:44,212 they're either building it or reviewing it. 993 00:59:45,212 --> 00:59:46,352 I want to make myself available. 994 00:59:47,752 --> 00:59:48,153 Awesome. 995 00:59:48,273 --> 00:59:49,393 If you're vibed coding an app 996 00:59:49,393 --> 00:59:50,813 and you actually can't read code, 997 00:59:51,032 --> 00:59:51,532 speak to Brandon. 998 00:59:52,793 --> 00:59:53,653 This has been awesome. 999 00:59:53,773 --> 00:59:54,352 Thank you, man. 1000 00:59:54,752 --> 00:59:56,953 I will definitely follow up with this. 1001 00:59:57,133 --> 00:59:58,153 Hopefully it's in 10 years 1002 00:59:58,153 --> 00:59:59,273 and it's still 10 years away. 1003 00:59:59,953 --> 01:00:01,433 But appreciate the time, man. 1004 01:00:01,453 --> 01:00:01,873 It's been cool. 1005 01:00:03,012 --> 01:00:03,413 It's been great. 1006 01:00:03,473 --> 01:00:03,732 Thanks, Danny. 1007 01:00:05,552 --> 01:00:07,613 you