1 00:00:00,000 --> 00:00:05,620 there's a 50% chance that by 2033, 2 00:00:06,060 --> 00:00:09,120 you will have a cryptographically relevant quantum computer 3 00:00:09,120 --> 00:00:11,120 that can break Bitcoin. 4 00:00:11,280 --> 00:00:12,780 Whatever entity has the quantum computer 5 00:00:12,780 --> 00:00:16,580 owns all the Bitcoin on the network. 6 00:00:16,820 --> 00:00:18,040 This quantum computer can compute 7 00:00:18,040 --> 00:00:19,120 your algorithm fast enough, 8 00:00:19,200 --> 00:00:21,720 then it's like every Bitcoin is basically at risk. 9 00:00:21,720 --> 00:00:24,220 And that also effectively closes off 10 00:00:24,220 --> 00:00:27,240 any kind of on-chain migration option. 11 00:00:27,420 --> 00:00:28,980 Ownership fundamentally breaks. 12 00:00:28,980 --> 00:00:34,540 once you hit that threshold, you can scale very, very, very, very, very quickly. 13 00:00:35,140 --> 00:00:40,360 The best way to ensure that you're not rushing a change is to ensure that you're not surprised. 14 00:00:40,640 --> 00:00:46,300 We should already be well on our way as the Bitcoin network to having post-quantum cryptography 15 00:00:46,300 --> 00:00:53,380 that's close to being ready to deploy. Don't be bystanders. This is extremely novel and new 16 00:00:53,380 --> 00:00:57,160 cryptography where the stakes are as high as they're going to be anywhere. 17 00:00:58,980 --> 00:01:04,840 Alex, welcome to the show, man. We are going to get into the hot topic of the day, 18 00:01:05,280 --> 00:01:10,740 quantum cryptography, and if it's going to break Bitcoin. Let's start with your background. 19 00:01:10,940 --> 00:01:15,060 The first time you've been on the show, first time I've spoken to you, how did you get here? 20 00:01:16,220 --> 00:01:21,820 Yeah, first off, it's a pleasure to be here. It's a great show. I'm a subscriber. And yeah, 21 00:01:21,820 --> 00:01:27,180 I really appreciate the work you do here. As for my background, I first got interested in Bitcoin 22 00:01:27,180 --> 00:01:28,960 a little over 10 years ago. 23 00:01:30,160 --> 00:01:31,700 At the time, I was in the U.S. Army, 24 00:01:32,240 --> 00:01:35,040 and I was a Green Beret working in the Middle East. 25 00:01:36,140 --> 00:01:39,140 And specifically, I was kind of in and around Syria 26 00:01:39,140 --> 00:01:40,720 and the Syrian civil war. 27 00:01:41,060 --> 00:01:43,100 And I discovered Bitcoin while working in Turkey, 28 00:01:43,600 --> 00:01:46,760 training Syrian rebels to fight the Assad regime and ISIS. 29 00:01:47,760 --> 00:01:51,220 We briefly explored it, you know, conceptually as a way 30 00:01:51,220 --> 00:01:54,200 to basically support financially the guys 31 00:01:54,200 --> 00:01:55,360 that were fighting across the border, 32 00:01:55,360 --> 00:01:57,260 because at the time there were no US troops allowed in Syria. 33 00:01:57,840 --> 00:01:58,780 I never went anywhere. 34 00:01:59,000 --> 00:02:00,520 It was just kind of like a throwaway idea 35 00:02:00,520 --> 00:02:03,140 that one of the Turkish intel guys threw our way. 36 00:02:04,400 --> 00:02:06,420 But the concept stuck with me. 37 00:02:06,500 --> 00:02:10,660 This idea of borderless money that was secured by cryptography 38 00:02:10,660 --> 00:02:13,340 and private keys or seed phrases that you could just put inside your head 39 00:02:13,340 --> 00:02:15,400 and then cross any border in the world. 40 00:02:15,480 --> 00:02:17,200 Let's say you were a refugee filling conflict. 41 00:02:17,340 --> 00:02:18,460 You could just start over again 42 00:02:18,460 --> 00:02:20,300 because a lot of the people that I was around, 43 00:02:20,780 --> 00:02:22,940 as you can imagine on the Syrian-Turkish border, 44 00:02:23,040 --> 00:02:24,600 were people that were refugees from that conflict 45 00:02:24,600 --> 00:02:28,600 and had basically lost everything either because their physical wealth was tied up in real estate 46 00:02:28,600 --> 00:02:33,880 in syria or because their bank account was frozen explicitly or they just couldn't get to it because 47 00:02:33,880 --> 00:02:38,520 you know they were in turkey and their bank was in syria um and that was sort of the moment i was 48 00:02:38,520 --> 00:02:43,640 like wow i knew nothing about technology i knew nothing about finance quite honestly i had gone 49 00:02:43,640 --> 00:02:47,800 to a military academy and studied arabic um but that was the moment where i was like this seems 50 00:02:47,800 --> 00:02:52,200 like really transformational so i left the army later i guess a year after that after i came back 51 00:02:52,200 --> 00:02:56,440 from that deployment and um yeah just try to figure out how to get into the space um i did 52 00:02:56,440 --> 00:03:00,360 what everyone does in their career when they don't know what to do next i went to business school 53 00:03:00,360 --> 00:03:05,640 and so i was fortunate to get into stanford and uh honestly i spent most of my time at stanford 54 00:03:05,640 --> 00:03:10,680 just getting into computer science classes that i had no business being in um i think the 55 00:03:10,680 --> 00:03:14,920 cryptography class that i took which was the first computer science class i took not recommended 56 00:03:14,920 --> 00:03:22,440 starting point but i got a d um uh d is for diploma as they say but uh i just was really passionate 57 00:03:22,440 --> 00:03:26,360 about understanding how everything related to bitcoin worked and so uh you know and the professor 58 00:03:26,360 --> 00:03:31,480 dan bonnet has done a lot of research in crypto currencies and blockchains and bitcoin um so yeah 59 00:03:31,480 --> 00:03:36,600 that was how i got you know more immersed in the space uh i was the co-founder of the stanford 60 00:03:36,600 --> 00:03:41,800 blockchain club uh i then worked at coinbase for a brief stint um and then i ended up actually 61 00:03:41,800 --> 00:03:46,600 getting a role at andreason horowitz when they had a they had a crypto team uh i was standing up 62 00:03:46,600 --> 00:03:51,720 this is 2018 is kind of the very beginning days of their crypto fund and i joined as a you know as 63 00:03:51,720 --> 00:03:55,880 a venture or as a deal partner i was recruited by one of the one of the channel partners there 64 00:03:55,880 --> 00:04:02,360 uh i didn't love venture to be quite honest i just um wasn't really my thing i had a it was 65 00:04:02,360 --> 00:04:05,720 great experience i learned a lot from the smart people that work there but i wanted to be an 66 00:04:05,720 --> 00:04:11,340 an operator. So I went to join a startup that was in the zero knowledge space called Alio. 67 00:04:11,880 --> 00:04:16,880 It was a couple of Zcash co-founders had, yeah, basically had this vision to create 68 00:04:16,880 --> 00:04:22,140 Zcash, but with smart contracts. And I got really excited by that privacy. You know, 69 00:04:22,200 --> 00:04:26,260 as you can imagine, my former world and thinking about Intel and espionage, I was like, oh, 70 00:04:26,260 --> 00:04:30,180 privacy is good and important for a variety of things beyond just those two. But yeah, 71 00:04:30,260 --> 00:04:34,740 I spent four years, well, four and a half years there. I was the first employee, became CEO, 72 00:04:34,740 --> 00:04:40,340 took it from zero launch and uh and then yeah when after launch i kind of stepped back and 73 00:04:40,340 --> 00:04:44,760 handed the reins back over to the coo and cto and uh decided was wondering what to do next and 74 00:04:44,760 --> 00:04:52,320 that's what brought me to this moment as the yeah founding project 11 so i mean there's a lot of 75 00:04:52,320 --> 00:04:56,080 veterans that have come into the bitcoin space but i don't know if there's many that have gone 76 00:04:56,080 --> 00:05:00,000 fully down the cryptography rabbit hole like that's a pretty big step you went straight in 77 00:05:00,000 --> 00:05:05,200 of the deep end there. Yeah. Um, I probably wouldn't recommend going that route. Um, maybe 78 00:05:05,200 --> 00:05:12,160 it's, yeah, my, uh, my misplaced or my, my ego, uh, I was like, oh, I could totally do this, 79 00:05:12,160 --> 00:05:18,980 but, um, I do like, as you know, I, for example, when I was in the middle East, I, I, I spent a 80 00:05:18,980 --> 00:05:22,760 lot of time learning Arabic because I really wanted to be able to have a one-on-one conversation 81 00:05:22,760 --> 00:05:27,160 with the people I was working with. I didn't want a go-between. I didn't want an interpreter. 82 00:05:27,160 --> 00:05:29,340 I wanted to just know exactly what they were saying. 83 00:05:29,420 --> 00:05:33,660 And I spent, I mean, I easily spent 10 times as much time as my colleagues did on average 84 00:05:33,660 --> 00:05:34,560 to do that. 85 00:05:34,620 --> 00:05:35,940 And so I kind of view this as similar. 86 00:05:36,060 --> 00:05:40,560 Like I don't, I'm not very satisfied with kind of the high level answers. 87 00:05:40,760 --> 00:05:42,400 It's both a blessing and a curse, right? 88 00:05:42,400 --> 00:05:47,340 I have to know kind of as deep of a detail as I can stomach how things really work. 89 00:05:49,000 --> 00:05:51,580 Yeah, you know, it's both a good and a bad thing, right? 90 00:05:51,600 --> 00:05:54,280 I think on the one hand, it's my curiosity that's helped, I think, 91 00:05:54,280 --> 00:05:58,740 enable me to kind of have insights that are maybe come earlier than other people might have them 92 00:05:58,740 --> 00:06:03,400 it also i think can be you know it can be easy to get lost in details ultimately the challenge is 93 00:06:03,400 --> 00:06:08,960 figuring out how to synthesize those two things into into kind of yeah uh what is insightful and 94 00:06:08,960 --> 00:06:14,140 what what is impactful so you you left the uh the venture world in the previous start and you've gone 95 00:06:14,140 --> 00:06:19,600 into the quantum side of things like where did that come about yeah so cryptography i mean so 96 00:06:19,600 --> 00:06:26,520 the connection is cryptography. So in cryptography, like I already explained, I studied Arabic. I 97 00:06:26,520 --> 00:06:30,080 don't have like a physics background at all. I mean, I went to a military academy. I took a 98 00:06:30,080 --> 00:06:34,600 physics class. But when I was getting into cryptography, quantum computing is kind of 99 00:06:34,600 --> 00:06:39,960 obliquely referenced as like this doomsday weapon that destroys everything. We think it's 20 years 100 00:06:39,960 --> 00:06:47,480 away, you know, and just like forget about it. So that was my introduction to it. And, you know, 101 00:06:47,480 --> 00:06:52,760 I kind of, in, in, at Stanford and I kind of put it out of my mind for, you know, all 102 00:06:52,760 --> 00:06:54,040 the time I was working in the space. 103 00:06:54,260 --> 00:06:59,460 And then when I had a moment to come up for air and think about other areas of cryptography, 104 00:06:59,800 --> 00:07:01,340 um, that would be relevant. 105 00:07:01,340 --> 00:07:03,480 Cause, you know, Alio was kind of, I argue, right. 106 00:07:03,480 --> 00:07:09,100 I view it as like, um, it was, it was an instantiation of, of kind of some advanced cryptography, 107 00:07:09,200 --> 00:07:09,760 zero knowledge. 108 00:07:09,760 --> 00:07:10,020 Right. 109 00:07:10,020 --> 00:07:11,040 And so I was really into that. 110 00:07:11,080 --> 00:07:14,900 And so I was like, what, what other kind of frontier areas of tech, of, of cryptography 111 00:07:14,900 --> 00:07:16,240 are, are up and coming. 112 00:07:16,240 --> 00:07:18,700 and post-quantum came up again. 113 00:07:18,900 --> 00:07:20,500 I mean, this was actually right around the time 114 00:07:20,500 --> 00:07:23,020 that Google's Willow paper. 115 00:07:23,380 --> 00:07:25,580 So Willow, actually Willow describes both a paper 116 00:07:25,580 --> 00:07:28,280 and a quantum computer that they built, very small scale. 117 00:07:28,580 --> 00:07:30,300 But they had demonstrated this thing 118 00:07:30,300 --> 00:07:32,000 called below threshold error correction. 119 00:07:32,200 --> 00:07:33,640 I had no idea what any of that meant. 120 00:07:34,220 --> 00:07:36,280 But I sort of started doing a little bit of research 121 00:07:36,280 --> 00:07:40,940 and really what, so I concluded that maybe quantum 122 00:07:40,940 --> 00:07:42,840 was moving faster than people were giving credit for. 123 00:07:43,200 --> 00:07:44,840 But to be clear, I wasn't sure at the time. 124 00:07:44,840 --> 00:07:50,900 But the one thing that I was pretty sure of was that blockchains and digital assets generally 125 00:07:50,900 --> 00:07:56,620 and Bitcoin had all seen tremendous adoption in the 10 years that I've been in the space. 126 00:07:56,700 --> 00:08:00,340 Like, I remember getting into the space and there was legitimate talk of Bitcoin being 127 00:08:00,340 --> 00:08:03,120 banned because it was viewed as literally only for criminals. 128 00:08:04,100 --> 00:08:06,500 And I mean, of course, nowadays, we're so far from that. 129 00:08:06,580 --> 00:08:07,760 The adoption is far and wide. 130 00:08:07,900 --> 00:08:08,880 We have stable coins, you know. 131 00:08:08,880 --> 00:08:22,700 But I think the extent to which that adoption has happened also makes the challenge of migrating to a new form of cryptography like post-quantum cryptography quite acute. 132 00:08:23,240 --> 00:08:26,080 And that was sort of the moment where I was like, man, I don't know. 133 00:08:26,120 --> 00:08:28,060 I mean, we don't know if quantum is going to happen necessarily. 134 00:08:28,240 --> 00:08:30,140 I think maybe it could be sooner than we think. 135 00:08:30,200 --> 00:08:33,200 But it's certainly going to be hard to affect this transition. 136 00:08:33,820 --> 00:08:37,200 And so that was really kind of the genesis of the idea that led to Project Alone. 137 00:08:37,200 --> 00:08:42,940 I mean you said that like jokingly this was 20 years away and that's always been the thing that 138 00:08:42,940 --> 00:08:47,320 quantum's always been 20 years away but the timeline seems to have really sped up in the last 139 00:08:47,320 --> 00:08:52,360 I don't know few years really from this the experts working in that field how far do you 140 00:08:52,360 --> 00:08:57,180 think an actual like cryptographically relevant quantum computer how far away from that are we 141 00:08:57,180 --> 00:09:02,920 okay so you know folks who've listened to your prior prior episode uh on this topic and you know 142 00:09:02,920 --> 00:09:07,720 Look, I think I want to kind of maybe just, they'll have the context. 143 00:09:07,800 --> 00:09:11,660 Maybe I want to just make a statement to kind of frame how I'm going to talk about this generally. 144 00:09:12,720 --> 00:09:21,140 Look, I think there are a lot of unknown unknowns around how quantum computing as a frontier technology is going to develop and unfold. 145 00:09:22,600 --> 00:09:27,860 So I actually, you know, I kind of think more in terms of certainty and uncertainty. 146 00:09:27,860 --> 00:09:36,980 Um, I think what has become more uncertain in the last year is that a quantum computer 147 00:09:36,980 --> 00:09:40,100 won't potentially exist within a decade. 148 00:09:40,720 --> 00:09:44,640 Um, so that's like kind of a very non-answer to your question, but I think it's an important 149 00:09:44,640 --> 00:09:51,860 framing because ultimately what's, what, you know, what we care about as Bitcoiners, as, 150 00:09:51,860 --> 00:09:57,160 you know, people that, you know, think about and care about the technology is, is, is the 151 00:09:57,160 --> 00:10:00,200 potential existential threat this represents. 152 00:10:00,200 --> 00:10:02,620 And so when it happens, 153 00:10:02,620 --> 00:10:15,869 obviously there going to be have to be a lot of changes but we also have to prepare for those things in advance And so we have to kind of handicap what the chance that something bad could happen right And a way I like to think about this to illustrate a lot of times is seatbelts 154 00:10:16,209 --> 00:10:21,429 I don't get in my car expecting to crash or getting up in a fatal crash, right? 155 00:10:21,429 --> 00:10:26,689 But I wear my seatbelt anyway, because on the off chance that I do get in a crash, I'll 156 00:10:26,689 --> 00:10:28,189 be more likely to survive. 157 00:10:28,269 --> 00:10:29,429 And that's sort of how I think about this. 158 00:10:29,749 --> 00:10:32,989 That all said, my non-answer to your question is complete. 159 00:10:32,989 --> 00:10:34,209 I'll give you my answer now. 160 00:10:35,769 --> 00:10:41,089 I feel confident that there's a 50% chance, 161 00:10:41,489 --> 00:10:42,709 so it's like even odds, 162 00:10:43,229 --> 00:10:44,369 that by 2033, 163 00:10:44,789 --> 00:10:47,869 you will have a cryptographically relevant quantum computer 164 00:10:47,869 --> 00:10:49,869 that can break Bitcoin. 165 00:10:50,089 --> 00:10:51,089 So that is seven years away. 166 00:10:51,749 --> 00:10:55,789 I think it is plausible 167 00:10:55,789 --> 00:10:58,929 that it is even earlier than that, 168 00:10:59,629 --> 00:11:02,169 probably to 2029, 2030 timeframe. 169 00:11:02,989 --> 00:11:07,649 Of course, it could be further than that, but that's what I would say is my base case is 2033. 170 00:11:08,289 --> 00:11:13,449 Could be 2030, 2029. Could be further, but that's sort of how I view it. 171 00:11:14,289 --> 00:11:17,789 If you already self-custody Bitcoin, you know the deal with hardware wallets. 172 00:11:18,189 --> 00:11:22,669 Complex setups, clumsy interfaces, and a seed phrase that can be lost, stolen, or forgotten. 173 00:11:23,449 --> 00:11:24,529 Well, BitKey fixes that. 174 00:11:25,049 --> 00:11:28,549 BitKey is a multi-sig hardware wallet built by the team behind Square and Cash App. 175 00:11:28,549 --> 00:11:36,009 It packs a cryptographic recovery system and built-in inheritance feature into an intuitive, easy-to-use wallet with no seed phrase to sweat over. 176 00:11:36,749 --> 00:11:39,689 It's simple, secure self-custody without the stress. 177 00:11:40,249 --> 00:11:42,849 And time named BitKey one of the best inventions of 2024. 178 00:11:43,789 --> 00:11:47,429 Get 20% off at bitkey.world when you use the code WBD. 179 00:11:47,989 --> 00:11:52,249 That's B-I-T-K-E-Y dot world and use the code WBD. 180 00:11:52,489 --> 00:11:56,609 The thing that keeps me up at night is the idea of a critical error with my Bitcoin cold storage. 181 00:11:56,609 --> 00:11:58,609 and this is where Anchor Watch comes in. 182 00:11:59,009 --> 00:12:00,869 With Anchor Watch, your Bitcoin is insured 183 00:12:00,869 --> 00:12:04,069 with your own A-plus rated Lloyds of London insurance policy 184 00:12:04,069 --> 00:12:07,269 and all Bitcoin is held in their time-locked multi-sig vaults. 185 00:12:07,709 --> 00:12:09,809 So you have the peace of mind knowing your Bitcoin is insured 186 00:12:09,809 --> 00:12:11,109 while not giving up custody. 187 00:12:11,889 --> 00:12:13,489 So whether you're worried about inheritance planning, 188 00:12:13,789 --> 00:12:15,389 wrench attacks, natural disasters, 189 00:12:15,829 --> 00:12:17,129 or just your own silly mistakes, 190 00:12:17,329 --> 00:12:18,709 you're protected by Anchor Watch. 191 00:12:19,569 --> 00:12:22,769 Rates for fully insured custody start as low as 0.55% 192 00:12:22,769 --> 00:12:25,689 and are available for individual and commercial customers 193 00:12:25,689 --> 00:12:26,949 located in the US. 194 00:12:27,609 --> 00:12:28,849 Speak to Anchor Watch for a quote 195 00:12:28,849 --> 00:12:31,589 and for more details about your security options and coverage, 196 00:12:31,989 --> 00:12:33,829 visit anchorwatch.com today. 197 00:12:34,289 --> 00:12:35,869 That's anchorwatch.com. 198 00:12:36,409 --> 00:12:38,709 Do you want to pay less in taxes and stack more Bitcoin? 199 00:12:39,129 --> 00:12:39,849 Of course you do. 200 00:12:40,209 --> 00:12:42,289 Well, by mining Bitcoin with Blockware, you can. 201 00:12:42,849 --> 00:12:45,169 Under section 168k of the US tax code, 202 00:12:45,489 --> 00:12:48,509 Bitcoin mining servers qualify for 100% bonus depreciation. 203 00:12:49,009 --> 00:12:50,629 This means every dollar you spend on miners 204 00:12:50,629 --> 00:12:52,969 can directly offset your income in a single year. 205 00:12:52,969 --> 00:12:55,909 and that's true for both business owners and W2 earners. 206 00:12:56,309 --> 00:12:58,709 If you have $100,000 in ordinary income, 207 00:12:58,869 --> 00:13:00,649 you can purchase $100,000 in miners 208 00:13:00,649 --> 00:13:03,349 and potentially offset your tax liability entirely. 209 00:13:04,269 --> 00:13:06,229 Blockware's mining as a service does all the heavy lifting. 210 00:13:06,489 --> 00:13:08,549 They secure the rigs, they source the low-cost power 211 00:13:08,549 --> 00:13:10,109 and they handle all the day-to-day maintenance. 212 00:13:10,649 --> 00:13:12,709 So you get to stack Bitcoin every single day 213 00:13:12,709 --> 00:13:14,429 while drastically shrinking your tax bill. 214 00:13:14,929 --> 00:13:18,929 Get started today at blockwaresolutions.com forward slash WBD 215 00:13:18,929 --> 00:13:22,109 and use code WBD for $100 off your first miner. 216 00:13:22,109 --> 00:13:25,969 That's blockwaresolutions.com forward slash WBD 217 00:13:25,969 --> 00:13:31,429 Bitcoiners, as you know, with fiat money constantly debasing, wealth preservation isn't optional 218 00:13:31,429 --> 00:13:33,189 That's why I recommend Swan Bitcoin 219 00:13:33,189 --> 00:13:39,409 A team of dedicated Bitcoiners who work with families and businesses to build and secure generational wealth with Bitcoin 220 00:13:39,409 --> 00:13:43,249 Strong relationships with clients are at the center of everything Swan does 221 00:13:43,249 --> 00:13:48,169 A dedicated Swan private wealth representative, which is a real person that you can text and call 222 00:13:48,169 --> 00:13:50,429 will help you build a Bitcoin wealth strategy 223 00:13:50,429 --> 00:13:53,389 using Swan's comprehensive platform of Bitcoin services, 224 00:13:53,869 --> 00:13:55,829 including tax advantage retirement accounts, 225 00:13:56,269 --> 00:13:59,029 advanced Bitcoin cold storage using collaborative self-custody, 226 00:13:59,549 --> 00:14:02,149 inheritance planning with both trust and entity accounts, 227 00:14:02,669 --> 00:14:05,169 tax loss harvesting, asset-backed loans, and more. 228 00:14:05,969 --> 00:14:08,449 Swan have helped over 100,000 clients since 2020. 229 00:14:08,929 --> 00:14:11,009 And if you're serious about acquiring and securing Bitcoin, 230 00:14:11,269 --> 00:14:12,149 I recommend Swan. 231 00:14:12,849 --> 00:14:15,749 Meet the team at swan.com forward slash WBD, 232 00:14:15,749 --> 00:14:23,149 which is swan.com forward slash wbd as i said to you before we started recording i am no quantum 233 00:14:23,149 --> 00:14:27,949 expert but when i hear things like that i have a few like alarm bells going off in my head that 234 00:14:27,949 --> 00:14:31,489 like i have some skepticism but let me hold that for a minute because i think we should get into 235 00:14:31,489 --> 00:14:37,269 what the threat is um which is really do you want to explain the attack vector for bitcoin 236 00:14:37,269 --> 00:14:41,629 what happens with the public keys that are viewable on chain today and both the sort of 237 00:14:41,629 --> 00:14:44,869 sort of short and long range attack that is possible. 238 00:14:44,869 --> 00:14:48,229 Yeah, so a very high level way to think about 239 00:14:48,229 --> 00:14:49,729 the quantum threat to Bitcoin. 240 00:14:49,729 --> 00:14:51,029 First off, what is it not? 241 00:14:51,029 --> 00:14:53,829 It is not a threat to consensus for Bitcoin, right? 242 00:14:53,829 --> 00:14:55,869 Consensus in Bitcoin is done by mining. 243 00:14:55,869 --> 00:14:58,389 Mining is done by hash functions. 244 00:14:58,389 --> 00:15:01,329 I think any serious scientific study of 245 00:15:01,329 --> 00:15:05,169 the quantum attacks on hash functions will tell you that, 246 00:15:05,169 --> 00:15:08,229 to the best of our knowledge today, 247 00:15:08,229 --> 00:15:16,089 Those attacks would require astronomically sized quantum computers that are just infeasible over any time horizon, quite honestly. 248 00:15:17,469 --> 00:15:20,649 The threat is to the digital signatures. 249 00:15:21,029 --> 00:15:24,529 And what's purpose do digital signatures on Bitcoin serve? 250 00:15:24,969 --> 00:15:29,229 They serve as an authentication for payments, right, for transfers, right? 251 00:15:29,229 --> 00:15:33,969 So Bitcoin is effectively a distributed database maintained by this network of miners. 252 00:15:33,969 --> 00:15:39,989 and the database is changed as a result of people sending messages to the network. 253 00:15:40,729 --> 00:15:42,049 And those messages are signed. 254 00:15:42,609 --> 00:15:46,869 And that signature, the message is effectively something along the lines of Alex is sending 255 00:15:46,869 --> 00:15:49,149 one Bitcoin to Dan, signed Alex, right? 256 00:15:49,589 --> 00:15:53,389 So a quantum computer is able to basically force those signatures. 257 00:15:53,389 --> 00:15:53,769 How? 258 00:15:54,449 --> 00:15:59,249 It's, you know, the way public key cryptography works, there's a public key and a private 259 00:15:59,249 --> 00:16:01,369 key, and then it's kind of all in the name. 260 00:16:01,549 --> 00:16:02,669 The public key is meant to be public. 261 00:16:02,669 --> 00:16:04,469 It's kind of your address, broadly speaking. 262 00:16:04,869 --> 00:16:06,169 The private key is meant to be only yours, 263 00:16:06,229 --> 00:16:07,109 and that's what gives the signature. 264 00:16:07,469 --> 00:16:09,089 So it's fine for me to share the public key. 265 00:16:09,569 --> 00:16:11,329 It should be in the classical sense. 266 00:16:11,489 --> 00:16:13,009 It's not fine for me to share the private key. 267 00:16:13,269 --> 00:16:14,389 And if you only have the public key, 268 00:16:14,409 --> 00:16:15,609 you're not supposed to get the private key. 269 00:16:16,489 --> 00:16:18,509 But these things are mathematically related, 270 00:16:18,549 --> 00:16:21,229 but there's a hard math problem in between those two, right? 271 00:16:21,769 --> 00:16:23,209 Turns out that a quantum computer, 272 00:16:23,269 --> 00:16:26,289 actually one of the only known example 273 00:16:26,289 --> 00:16:29,929 of a quantum algorithm that is provably dominant 274 00:16:29,929 --> 00:16:32,149 over its classical alternatives is, 275 00:16:32,149 --> 00:16:36,909 the quantum computer able to compute that math problem that sits in between those two things, 276 00:16:36,949 --> 00:16:40,869 right? So there's variants of this. The one that Bitcoin uses is called the discrete logarithm 277 00:16:40,869 --> 00:16:45,769 problem. Basically, it just lets you go the wrong way down the one-way road, right? You're only 278 00:16:45,769 --> 00:16:48,609 supposed to go one way from private key to public key, and this way lets you go the other way, 279 00:16:49,209 --> 00:16:54,349 right? And so what does that mean? That means that any quantum computer or anyone in possession 280 00:16:54,349 --> 00:16:58,629 of a quantum computer with knowledge of a public key effectively could compute the private key and 281 00:16:58,629 --> 00:17:04,449 therefore sign on your behalf. And what does that mean? Well, in a real sense, it kind of means that 282 00:17:04,449 --> 00:17:10,369 whoever has it, whatever entity has the quantum computer owns all the Bitcoin on the network, 283 00:17:10,369 --> 00:17:16,129 right? Now, of course, there's a nuance here and you highlighted it. You know, Bitcoin addresses, 284 00:17:16,609 --> 00:17:23,509 the things that we send to are not naked public keys. They're hashed public keys, right? And by 285 00:17:23,509 --> 00:17:27,169 the way, the early Bitcoin addresses were naked public keys. And so there's a whole bunch of 286 00:17:27,169 --> 00:17:31,729 satoshi coins that are in those addresses or in the in those utxo types that are exposed but 287 00:17:31,729 --> 00:17:37,109 broadly speaking most people today you know have addresses that are hash public keys so those aren't 288 00:17:37,109 --> 00:17:43,189 necessarily vulnerable to a you know i guess what is called like a slow clock quantum computer tech 289 00:17:43,189 --> 00:17:47,029 this is and the way to think about like slow clock and fast clock is basically is how fast can the 290 00:17:47,029 --> 00:17:52,269 quantum computer compute this algorithm right and it depends it differs based on the architecture we 291 00:17:52,269 --> 00:17:57,689 can get in all that. But like, assuming you have only a slow quantum machine, you only got to worry 292 00:17:57,689 --> 00:18:02,629 about the Bitcoin that is exposed, you know, that is secured underneath an exposed public key. Now, 293 00:18:02,669 --> 00:18:07,609 that could be because it was Satoshi's coins under a, you know, early address type. It could be 294 00:18:07,609 --> 00:18:11,449 because it's on a multisig and, you know, it's a bridge and you have to like send to the multisig 295 00:18:11,449 --> 00:18:17,429 multisig. So there's a signature that's been broadcast already. It could be, yeah, any number 296 00:18:17,429 --> 00:18:21,209 of things. You could have signed a lightning transaction. People were using addresses. People 297 00:18:21,209 --> 00:18:24,669 just signing a message. There's all kinds of ways you can expose the public key because I guess 298 00:18:24,669 --> 00:18:29,449 maybe it's just important. No, signing a message in any form reveals the public key, right? By the 299 00:18:29,449 --> 00:18:35,049 way, for people who kind of are interested in how Bitcoin wallets work, typically good wallet 300 00:18:35,049 --> 00:18:40,009 hygiene is you send it. I send a transaction to Danny and then I send the other half of that 301 00:18:40,009 --> 00:18:44,149 amount to myself in a new address, right? So that way I don't have an exposed public key. 302 00:18:44,689 --> 00:18:49,169 That's, you know, and roughly, I don't know, two thirds of Bitcoin is under these addresses that 303 00:18:49,169 --> 00:18:54,709 are not exposed. Now, in a world where your quantum computer is fast enough, then you could 304 00:18:54,709 --> 00:18:59,009 potentially front run transactions in the mempool. So say I send a message, I'm like, I'm sending you 305 00:18:59,009 --> 00:19:03,569 my Bitcoin, this quantum computer can run, let's say, inside of 10 minutes, then it can just 306 00:19:03,569 --> 00:19:09,569 reverse engineer my private key, send a new transaction as me in the mempool with a higher 307 00:19:09,569 --> 00:19:13,229 fee, and then the miners will buy that and it goes to, you know, quantum adversary, right? 308 00:19:13,489 --> 00:19:18,049 So that's like, there's this threshold for speed that's very relevant, where if this quantum 309 00:19:18,049 --> 00:19:22,549 computer can compute Shor's algorithm fast enough, then it's like every Bitcoin is basically at risk. 310 00:19:22,729 --> 00:19:29,169 And by the way, the important note there is that also effectively closes off any kind of on-chain 311 00:19:29,169 --> 00:19:35,069 migration option. Why? Because I could just mine it. I could front run your transaction when you're 312 00:19:35,069 --> 00:19:41,529 trying to mine it, even if a post-quantum UTXO were to exist. And so, yeah, so I think really 313 00:19:41,529 --> 00:19:47,029 broadly, it's this concept of ownership fundamentally breaks in a world where there is a cryptographically 314 00:19:47,029 --> 00:19:52,089 relevant quantum computer. And there is not any kind of post-quantum cryptography mitigating that 315 00:19:52,089 --> 00:19:58,689 on Bitcoin. Yeah. So I think the, is it around 6 million coins currently have their public key 316 00:19:58,689 --> 00:20:04,989 exposed on chain at the moment? Yeah, roughly. We have a, like, we maintain a database. People 317 00:20:04,989 --> 00:20:10,649 are interested. They can check project11.com. It's with the risk with a queue list. And so I think 318 00:20:10,649 --> 00:20:23,238 it around 6 million You can also enter your address in there If you worried you like Did I actually do six photos My keys You can enter your address and it tell you what UTXO type it is or whether the public keys ever been broadcast But yes roughly 6 million 319 00:20:23,718 --> 00:20:28,718 Okay. And then in that timeline, so in seven years, you think there may be a relevant quantum 320 00:20:28,718 --> 00:20:33,558 computer that can break this cryptography. Is that on the sort of long range attack where it has as 321 00:20:33,558 --> 00:20:37,458 much time as it needs to derive the private key from the public key for things like Satoshi's old 322 00:20:37,458 --> 00:20:41,238 coins? Or is that actually doing the mempool attack where it can do it in quicker than 323 00:20:41,238 --> 00:20:48,398 nine, 10 minutes? My personal view is that the first cryptographically relevant quantum computers 324 00:20:48,398 --> 00:20:58,558 will be too slow to run real-time attacks. I don't know what the gap will be between the slow clock 325 00:20:58,558 --> 00:21:05,598 and the fast clock architectures. And so I don't think that it's a good idea for 326 00:21:05,598 --> 00:21:12,758 stakeholders of Bitcoin to presume that one may predate the other by, you know, 327 00:21:12,858 --> 00:21:19,478 there's a guaranteed window of safety. Okay. So let's get into the skepticisms I have. And like 328 00:21:19,478 --> 00:21:24,338 I say, I'm no quantum expert, but a few things that sort of stand out to me is like, if you look 329 00:21:24,338 --> 00:21:29,078 at what quantum computers can do today in terms of like factorizing numbers, I think the highest 330 00:21:29,078 --> 00:21:36,578 they can do is 21 and i i believe that was done in 2012 so like the why is this not moving faster 331 00:21:36,578 --> 00:21:41,178 and what gives you so much confidence that that is going to go from here to breaking cryptography 332 00:21:41,178 --> 00:21:47,158 in the next seven years yeah um great great question and by the way like skepticism is 333 00:21:47,158 --> 00:21:52,558 totally warranted and welcome in this conversation again we're dealing with an there's fundamental 334 00:21:52,558 --> 00:21:57,278 uncertainty right and this is again to me like the key fact i'm not claiming that a quantum 335 00:21:57,278 --> 00:22:02,618 computer will happen. I'm not claiming to have stone tablets. We don't know. Why do I think we 336 00:22:02,618 --> 00:22:08,758 should worry? I'll answer your question. Okay. Factoring numbers. So technically, yeah, as you 337 00:22:08,758 --> 00:22:13,778 pointed out, I think the record for factoring a number was like 15 or 21. Several problems with 338 00:22:13,778 --> 00:22:22,458 that. One is what secures your Bitcoin is not technically like a number in that it's an integer. 339 00:22:22,458 --> 00:22:25,078 It's a group element inside of an elliptic curve group. 340 00:22:25,278 --> 00:22:28,278 Okay, so like just picking a random integer out of the air 341 00:22:28,278 --> 00:22:30,598 and be like quantum number or quantum computer factor this, 342 00:22:31,018 --> 00:22:34,038 it's already not really what is relevant. 343 00:22:34,558 --> 00:22:34,998 That's thing one. 344 00:22:35,518 --> 00:22:39,638 Thing two is, and by the way, like in terms of like elliptic, 345 00:22:39,798 --> 00:22:41,518 what you said though isn't still wrong 346 00:22:41,518 --> 00:22:43,658 because the biggest elliptic curve group element 347 00:22:43,658 --> 00:22:45,098 or this biggest like, you know, 348 00:22:46,318 --> 00:22:48,098 discrete logarithm problem that's been solved 349 00:22:48,098 --> 00:22:50,018 is somewhere in the order of like six or seven bits 350 00:22:50,018 --> 00:22:50,698 or something, right? 351 00:22:50,998 --> 00:22:51,678 So it's still small. 352 00:22:51,678 --> 00:22:53,498 Okay, so why haven't we gone bigger than that? 353 00:22:53,838 --> 00:22:54,918 I highly recommend it. 354 00:22:54,938 --> 00:22:56,678 I'll share a link to you folks in the show notes 355 00:22:56,678 --> 00:22:58,118 or you can put it in the show notes. 356 00:22:58,338 --> 00:23:00,518 And Bas Westerbond from Cloudflare 357 00:23:00,518 --> 00:23:01,918 wrote a big post about this, 358 00:23:01,958 --> 00:23:03,258 as did Craig Kidney around like, 359 00:23:03,318 --> 00:23:05,018 hey, factory numbers, is this a good metric or not? 360 00:23:05,218 --> 00:23:08,698 The big TLDR is there's effectively a threshold 361 00:23:08,698 --> 00:23:11,758 that you need to reach in terms of quality 362 00:23:11,758 --> 00:23:13,558 for your quantum computer 363 00:23:13,558 --> 00:23:16,478 to be able to factor even small numbers. 364 00:23:16,678 --> 00:23:18,898 But once you hit that threshold, 365 00:23:18,898 --> 00:23:25,558 you can scale very very very very very quickly from a very small number to a very big number 366 00:23:25,558 --> 00:23:29,978 in fact in the google paper that was released last week they actually call this out explicitly 367 00:23:29,978 --> 00:23:35,778 they say you know something to the effect of once you see evidence of a cryptographic 368 00:23:35,778 --> 00:23:42,638 or a quantum computer that could solve the discrete logarithm for a 32-bit number that 369 00:23:42,638 --> 00:23:48,478 effectively implies that you can solve it for a 256-bit number and by the way just to like 370 00:23:48,478 --> 00:23:57,018 context here a 32 bit number roughly the number of people on the planet uh 256 bit number roughly 371 00:23:57,018 --> 00:24:03,418 the number of atoms in the observable universe so like enormous and so this is it and this is 372 00:24:03,418 --> 00:24:08,798 really like why is it like this it's because shore's algorithm is so efficient it's like this 373 00:24:08,798 --> 00:24:14,758 exponential speed up means that like you can run up the you know kind of the size of these numbers 374 00:24:14,758 --> 00:24:16,238 of the number line really, really quickly. 375 00:24:18,238 --> 00:24:19,978 And, you know, so, and by the way, 376 00:24:20,018 --> 00:24:21,978 a 32-bit number, just for everyone's context, 377 00:24:22,098 --> 00:24:24,418 is not hard to factor. 378 00:24:24,598 --> 00:24:26,758 Like classical computers, I think, forget quantum, 379 00:24:26,878 --> 00:24:30,178 a classical computer can compute the factorization 380 00:24:30,178 --> 00:24:31,738 of like, I think up to like 100 bits. 381 00:24:32,598 --> 00:24:33,838 Okay, so like, so, okay, 382 00:24:33,918 --> 00:24:35,458 so in the field of quantum computing, 383 00:24:35,698 --> 00:24:36,898 people recognize this and they're like, 384 00:24:36,958 --> 00:24:40,998 okay, sure, we could maybe build a quantum machine 385 00:24:40,998 --> 00:24:44,138 that factors, you know, a 20-bit number. 386 00:24:44,138 --> 00:24:45,758 But it's like, who cares? 387 00:24:45,938 --> 00:24:47,378 By the way, these things are super expensive. 388 00:24:48,038 --> 00:24:49,578 And by the way, like, you know, 389 00:24:50,118 --> 00:24:52,578 doing that would probably involve a bunch of bespoke things 390 00:24:52,578 --> 00:24:54,218 that wouldn't scale anyway. 391 00:24:54,438 --> 00:24:56,098 And so let's, like, the mentality, 392 00:24:56,378 --> 00:24:57,758 if you talk to any quantum physicist 393 00:24:57,758 --> 00:24:59,218 or any quantum people who are working on this, 394 00:24:59,678 --> 00:25:01,978 they're like, there's no point to demonstrate 395 00:25:01,978 --> 00:25:04,438 any of these number factorizations 396 00:25:04,438 --> 00:25:08,298 until you have this scalable platform 397 00:25:08,298 --> 00:25:10,558 that you could just factor any size number you want 398 00:25:10,558 --> 00:25:12,638 or any size ECDLP problem you want. 399 00:25:12,638 --> 00:25:18,298 okay um so you mentioned the google paper there which has been obviously big news in the last week 400 00:25:18,298 --> 00:25:23,578 or so this is one of the other skepticisms i have because like i'm sure the most brilliant people 401 00:25:23,578 --> 00:25:28,238 are working on this i think the the breakthroughs that they're having i'm sure they're incredible i 402 00:25:28,238 --> 00:25:33,958 can believe that 100 but they're all like paper breakthroughs right and when does the like 403 00:25:33,958 --> 00:25:39,078 theoretical breakthroughs like where do the the lines intersect with the theoretical breakthroughs 404 00:25:39,078 --> 00:25:41,458 and the actual technological breakthroughs, 405 00:25:41,458 --> 00:25:42,878 the engineers building these machines, 406 00:25:42,878 --> 00:25:44,718 like are they capable of building the machines 407 00:25:44,718 --> 00:25:46,378 that they can theorize? 408 00:25:46,378 --> 00:25:48,958 Great, so first off, it's important to note, 409 00:25:48,958 --> 00:25:51,278 because, okay, so the Google paper, 410 00:25:52,478 --> 00:25:53,918 and there was a second paper last week 411 00:25:53,918 --> 00:25:56,178 that I would argue is even more scientifically significant 412 00:25:56,178 --> 00:25:57,338 by a team out of Caltech, 413 00:25:57,338 --> 00:26:00,018 but both of them are the same character. 414 00:26:00,018 --> 00:26:02,618 They are resource estimates, right? 415 00:26:02,618 --> 00:26:03,878 And what is a resource estimate? 416 00:26:03,878 --> 00:26:06,418 It is like, hey, taking some assumptions 417 00:26:06,418 --> 00:26:08,998 around what kind of quantum computer we're building, 418 00:26:09,078 --> 00:26:11,418 What variant of Shor's algorithm we're running? 419 00:26:12,258 --> 00:26:13,998 What kind of error correction we're doing? 420 00:26:14,758 --> 00:26:16,678 What other optimizations we can think of? 421 00:26:17,198 --> 00:26:21,458 How small could we make this problem, right? 422 00:26:22,678 --> 00:26:25,998 The Google paper and the Oratomic, which is this other paper, 423 00:26:26,238 --> 00:26:30,738 are notable because they specifically focus on elliptic curve cryptography. 424 00:26:30,738 --> 00:26:34,138 One of the interesting things around the study of Shor's algorithm 425 00:26:34,138 --> 00:26:37,798 over the past few decades is that quantum physicists, 426 00:26:37,798 --> 00:26:42,558 for whatever reason, we're benchmarking Shor's algorithm against RSA, which is RSA is an older 427 00:26:42,558 --> 00:26:48,538 crypto system that is really not used anymore. But one of the notable facts about it is it has 428 00:26:48,538 --> 00:26:54,798 very long key lengths, 2048 bits. It turns out that Shor's algorithm, I mean, we've known that 429 00:26:54,798 --> 00:27:01,058 Shor's algorithm really kind of runs in time related to the length of key, right? And so 430 00:27:01,058 --> 00:27:07,498 256 bits, which is a Bitcoin key size, is much shorter than 2048 bits. And effectively, 431 00:27:07,498 --> 00:27:11,378 that among many other things, when the Google and or atomic teams looked at this, they're like, hey, 432 00:27:11,478 --> 00:27:15,498 if you actually narrow the problems down to just elliptic curve 433 00:27:15,498 --> 00:27:18,778 cryptography that Bitcoin uses, this gets much easier. 434 00:27:19,258 --> 00:27:23,318 In the case of, so, okay, so these are resource estimates, all right? And we'll talk about what the 435 00:27:23,318 --> 00:27:27,458 resource estimates are in a second, but maybe just to frame it, there's kind of two paths 436 00:27:27,458 --> 00:27:31,498 of progress for quantum. One is, to your point, how do we move forward? 437 00:27:31,658 --> 00:27:35,658 We're here, I don't know, we got however many qubits, I don't know, a thousand superconducting 438 00:27:35,658 --> 00:27:39,438 keep us maybe and how are we getting at 2000 okay so we're walking like imagine walking down a 439 00:27:39,438 --> 00:27:42,578 football field we're walking down the football field i'm at the 10 yard line i'm at 20 year okay 440 00:27:42,578 --> 00:27:46,478 then the the important thing about these resource estimates is they basically set 441 00:27:46,478 --> 00:27:53,178 the how far away the goal is that you have to get to and so by getting clever and you know reducing 442 00:27:53,178 --> 00:27:57,338 the requirements you can kind of move the goal forward and so sometimes i hear people describe 443 00:27:57,338 --> 00:28:03,638 like these google papers is not like progress and it's like true that it's not the quantum computer 444 00:28:03,638 --> 00:28:09,318 being built. But I guess, I mean, does it make a difference if I walk 10 feet towards a goal or the 445 00:28:09,318 --> 00:28:15,218 goal moves 10 feet closer? Not really, right? I mean, it's still arguably closer, right, for all 446 00:28:15,218 --> 00:28:19,838 intents and purposes. Now, that doesn't mean, though, that we should ask questions about progress. 447 00:28:19,838 --> 00:28:27,858 But on that score, in the last five years, it's undeniable, in my opinion, that there has been 448 00:28:27,858 --> 00:28:34,538 significant progress. Okay, so even like Google uses, and to unpack this, we're going to have to 449 00:28:34,538 --> 00:28:39,098 get into a little bit more detail about how quantum computers are built. First thing to note 450 00:28:39,098 --> 00:28:47,318 is that a quantum computer is a concept describing if basically a normal computer that has special 451 00:28:47,318 --> 00:28:53,218 quantum mechanical powers that can be realized in a number of different ways, right? Kind of like a 452 00:28:53,218 --> 00:28:57,258 regular computer can be realized in a few different ways. Like we all use silicon-based semiconductors, 453 00:28:57,258 --> 00:29:01,338 but there's no reason why you couldn't use a bunch of things to build a computer in its abstract form. 454 00:29:02,298 --> 00:29:03,338 So quantum is the same. 455 00:29:03,998 --> 00:29:07,598 What Google, if people are familiar with like Google quantum computer right now, 456 00:29:07,678 --> 00:29:09,898 what you'll find is you'll look for, you'll find an image. 457 00:29:10,018 --> 00:29:11,578 It's like a chandelier looking thing. 458 00:29:12,438 --> 00:29:15,578 By the way, that whole chandelier, there's nothing quantum about it. 459 00:29:15,618 --> 00:29:18,598 It's just a bunch of refrigerators because like the chandelier, 460 00:29:18,978 --> 00:29:22,238 you know, this is called a superconducting qubit modality. 461 00:29:22,438 --> 00:29:27,158 And basically like the way that, and this is like kind of gen one quantum computers. 462 00:29:27,258 --> 00:29:31,458 the way these work is by super, super, super cooling 463 00:29:31,458 --> 00:29:34,218 particles down to like a nano Kelvin. 464 00:29:34,938 --> 00:29:37,038 And so that's what this chandelier thing is. 465 00:29:37,058 --> 00:29:38,938 It's a giant refrigerator to get a couple of qubits 466 00:29:38,938 --> 00:29:41,158 to maybe be able to do something very tiny. 467 00:29:41,898 --> 00:29:44,438 So superconducting qubits, basically a wall 468 00:29:44,438 --> 00:29:50,438 in the early 2020s where we added physical qubits to them. 469 00:29:50,438 --> 00:29:55,278 But unfortunately, with adding scale to those systems 470 00:29:55,278 --> 00:29:59,278 without addressing the errors that would inevitably come up 471 00:29:59,278 --> 00:30:02,718 by virtue of the fact that quantum mechanics is very fragile 472 00:30:02,718 --> 00:30:04,498 and quantum computing, therefore, is very fragile. 473 00:30:04,958 --> 00:30:08,418 Like errors were outrunning the scale, the scaling, right? 474 00:30:08,438 --> 00:30:09,658 So it's like I'm adding physical qubits. 475 00:30:09,778 --> 00:30:11,358 It's actually making my life worse, not better. 476 00:30:11,998 --> 00:30:15,178 This, by the way, is what was the major breakthrough 477 00:30:15,178 --> 00:30:16,858 of the Google Willow paper. 478 00:30:16,858 --> 00:30:32,847 The Google Willow paper demonstrated on a real system that like hey if you set things up in a certain way and you manage the errors in a certain way I can add physical qubits and the errors go down not up And not only do they go 479 00:30:32,847 --> 00:30:39,967 down, they go way down, right? And so now, so before 2024, this was not a settled question. 480 00:30:40,707 --> 00:30:45,767 Could I build a 1 million qubit computer and be able to keep errors under control? 481 00:30:45,767 --> 00:30:52,907 not proven. In 2024, it was proven that at least at small scales, you definitely could. 482 00:30:53,607 --> 00:31:00,327 Now the question remains, can we scale that up and keep that below threshold behavior? Okay. 483 00:31:00,727 --> 00:31:05,107 But ultimately, these chandeliers, and you just look at a picture and be like, okay, well, 484 00:31:05,107 --> 00:31:09,207 that's cool. How do we make this a million times bigger? Complicated engineering problem, 485 00:31:09,627 --> 00:31:15,047 right? So this is why there's been other modalities or approaches to building a quantum 486 00:31:15,047 --> 00:31:21,767 computer that don't suffer from kind of the same challenges. So in particular, there's trapped ions 487 00:31:21,767 --> 00:31:26,007 and neutral atoms that are used as a substrate for quantum computing. Trapped ions, you know, 488 00:31:26,007 --> 00:31:30,167 if you may have heard of a public company, IonQ, that's kind of what they do. And then 489 00:31:30,167 --> 00:31:34,007 the Oratomic team, which wrote this other paper last week, is kind of a, you know, 490 00:31:34,007 --> 00:31:40,247 a pioneer in neutral atom quantum computing. The upshot here is that both the trapped ions 491 00:31:40,247 --> 00:31:45,647 and the neutral atoms are more reliable in terms of their quality. 492 00:31:46,167 --> 00:31:48,467 And they're slightly, they last slightly longer. 493 00:31:49,127 --> 00:31:50,827 And so they have some other trade-offs, 494 00:31:50,947 --> 00:31:55,047 but like arguably if you apply the same error correction techniques 495 00:31:55,047 --> 00:31:58,647 that you apply to the Google demonstration below threshold, 496 00:31:59,047 --> 00:32:01,567 you could take that over to these different kind of approaches 497 00:32:01,567 --> 00:32:03,587 and then scale them up way faster. 498 00:32:04,007 --> 00:32:07,227 And so actually like a terminology that people like to talk about here 499 00:32:07,227 --> 00:32:09,247 is like physical qubits versus logical qubits. 500 00:32:09,247 --> 00:32:15,227 you know effectively it took google you know i don't know well it took the it took the super 501 00:32:15,227 --> 00:32:22,007 conducting field two decades to demonstrate one logical qubit right out of a hundred and in a 502 00:32:22,007 --> 00:32:28,607 relatively short time like the last five years the neutral atom computers have gone from having zero 503 00:32:28,607 --> 00:32:33,067 physical real physical qubits like there were none like two or five years ago people have like 504 00:32:33,067 --> 00:32:41,047 little atomic arrays, not qubits. To today, you actually have hundreds of qubit computers that have 505 00:32:41,047 --> 00:32:47,787 up to 48 logical qubits. And by the way, there have been entangled arrays, kind of like you can 506 00:32:47,787 --> 00:32:54,367 think of these as like proto qubits, all the way up to 6,000 qubits. Now, by the way, why is that 507 00:32:54,367 --> 00:33:00,427 number relevant? Because the Oratomic paper actually describes a slow clock quantum architecture 508 00:33:00,427 --> 00:33:02,587 that could potentially run Shor's algorithm 509 00:33:02,587 --> 00:33:05,827 that only requires 10,000 physical cubits. 510 00:33:06,107 --> 00:33:07,607 So there's still, 511 00:33:07,847 --> 00:33:09,987 and I want to take this pause for a second 512 00:33:09,987 --> 00:33:10,587 and just say like, 513 00:33:11,147 --> 00:33:13,087 everything I just said does not mean 514 00:33:13,087 --> 00:33:16,707 there are not huge engineering challenges remaining. 515 00:33:17,107 --> 00:33:19,887 But I also don't think you can plausibly claim 516 00:33:19,887 --> 00:33:22,007 that there has been no progress. 517 00:33:22,007 --> 00:33:23,787 And I think the question is now, 518 00:33:24,167 --> 00:33:28,147 how quick can these teams run up the ladder, right? 519 00:33:28,147 --> 00:33:31,887 And we just don't know, I think, right? 520 00:33:32,187 --> 00:33:34,387 So that's how I would kind of frame 521 00:33:34,387 --> 00:33:36,547 the state of the world as it is today. 522 00:33:37,407 --> 00:33:39,187 Do you wish you could access cash 523 00:33:39,187 --> 00:33:40,447 without selling your Bitcoin? 524 00:33:40,927 --> 00:33:42,067 Well, Ledin makes that possible. 525 00:33:42,627 --> 00:33:44,587 They're the global leader in Bitcoin-backed lending. 526 00:33:44,907 --> 00:33:47,827 And since 2018, they've issued over $9 billion in loans 527 00:33:47,827 --> 00:33:50,147 with a perfect record of protecting client assets. 528 00:33:50,787 --> 00:33:52,607 With Ledin, you get full custody loans 529 00:33:52,607 --> 00:33:54,787 with no credit checks or monthly repayments, 530 00:33:54,787 --> 00:33:58,187 just easy access to dollars without selling a single sat. 531 00:33:59,007 --> 00:34:00,907 Ledin exclusively offer Bitcoin-backed loans 532 00:34:00,907 --> 00:34:03,007 with all collateral held by Ledin directly 533 00:34:03,007 --> 00:34:04,167 or their funding partners. 534 00:34:04,487 --> 00:34:06,567 Your Bitcoins never lent out to generate interest. 535 00:34:07,147 --> 00:34:08,807 I recently took out a loan with Ledin. 536 00:34:08,987 --> 00:34:10,567 The whole process was super easy. 537 00:34:10,947 --> 00:34:12,807 The application took me less than 15 minutes 538 00:34:12,807 --> 00:34:15,407 and in a few hours I had the dollars in my account. 539 00:34:15,767 --> 00:34:16,667 It was super smooth. 540 00:34:17,307 --> 00:34:19,467 So if you need cash, but you don't want to sell Bitcoin, 541 00:34:19,827 --> 00:34:22,407 head over to ledin.io forward slash WBD 542 00:34:22,407 --> 00:34:24,967 and you'll get 0.25% off your first loan. 543 00:34:25,467 --> 00:34:29,127 That's ledn.io forward slash WBD. 544 00:34:29,587 --> 00:34:31,027 If you haven't tried out Club Orange yet, 545 00:34:31,147 --> 00:34:32,087 then now is the time. 546 00:34:32,287 --> 00:34:34,007 It's my go-to place to find Bitcoiners 547 00:34:34,007 --> 00:34:34,987 whenever I'm traveling. 548 00:34:35,747 --> 00:34:37,767 Club Orange is a social app built for Bitcoiners 549 00:34:37,767 --> 00:34:39,967 where you can find meetups and events in your area 550 00:34:39,967 --> 00:34:41,887 and find merchants that are accepting Bitcoin. 551 00:34:42,567 --> 00:34:44,627 There are over 19,000 Bitcoiners on there 552 00:34:44,627 --> 00:34:46,167 and whether you're at home or traveling, 553 00:34:46,387 --> 00:34:48,327 it's a great place to keep in touch with Bitcoiners 554 00:34:48,327 --> 00:34:49,467 from all over the world. 555 00:34:50,167 --> 00:34:51,187 I've been using Club Orange 556 00:34:51,187 --> 00:34:53,447 since it was Orange Pill App, and it really is awesome. 557 00:34:53,907 --> 00:34:55,787 So if you're on there, drop me a DM and say hi. 558 00:34:56,047 --> 00:34:58,067 And if you want to find out more and download the app, 559 00:34:58,227 --> 00:34:59,927 just search for Club Orange on your app store 560 00:34:59,927 --> 00:35:01,827 or go to cluborange.org. 561 00:35:02,547 --> 00:35:05,767 Okay, so I mean, it gets quite technical here. 562 00:35:05,847 --> 00:35:07,147 And maybe it's worth just explaining 563 00:35:07,147 --> 00:35:08,327 what the difference between a physical 564 00:35:08,327 --> 00:35:10,767 and a logical qubit is before my next question. 565 00:35:11,207 --> 00:35:11,547 Great, yeah. 566 00:35:11,647 --> 00:35:12,587 And I dropped that. 567 00:35:12,847 --> 00:35:15,187 I'm glad you paused so we can explain that to your audience. 568 00:35:15,647 --> 00:35:19,047 Okay, so a physical qubit is a quantum bit. 569 00:35:19,467 --> 00:35:20,467 Okay, a cube, that's what I meant. 570 00:35:20,467 --> 00:35:21,147 I probably should start there. 571 00:35:21,187 --> 00:35:27,187 quantum bit, qubit. Okay, what is the difference between a qubit and a bit? So a bit is the thing 572 00:35:27,187 --> 00:35:31,647 that's inside your computer, and it's zero or a one. But zeros and ones all the way down, right? 573 00:35:31,767 --> 00:35:36,807 It's not zero and one, it's zero or one. Kind of the magic of qubits is they can kind of be zero 574 00:35:36,807 --> 00:35:41,327 and one. And by the way, they can like kind of be entangled in these complicated states. 575 00:35:41,647 --> 00:35:46,527 It's not really important, but the point being is they can represent a much bigger possibility 576 00:35:46,527 --> 00:35:52,187 space than zero and one. That's exactly what makes them powerful. You can just think about 577 00:35:52,187 --> 00:35:56,867 this like factoring a number. How do you factor a number classically? You pretty much just got to 578 00:35:56,867 --> 00:36:00,507 brute force it, right? If I give you a seven-digit number, you're like, all right, well, is it even? 579 00:36:00,827 --> 00:36:05,647 No. Does it divide by three? No, right? So like quantum computers solve this by effectively 580 00:36:05,647 --> 00:36:10,647 exploiting this large possibility space that qubits give them by kind of trying everything at once 581 00:36:10,647 --> 00:36:14,587 and then collapsing the answer back down at the end. 582 00:36:14,947 --> 00:36:16,867 That's very terrible. 583 00:36:17,007 --> 00:36:18,887 If a physicist hears this, they're probably going to kill me. 584 00:36:19,187 --> 00:36:21,067 But that's kind of roughly intuitively how to think about it. 585 00:36:22,287 --> 00:36:24,227 Okay, so those were qubits. 586 00:36:24,387 --> 00:36:27,487 Okay, now physical qubits are kind of the physical way 587 00:36:27,487 --> 00:36:29,387 that this is realized, okay? 588 00:36:29,567 --> 00:36:30,827 And how do you think of this? 589 00:36:30,827 --> 00:36:33,487 Think about particles that are very, very small, 590 00:36:33,727 --> 00:36:36,647 where quantum effects come into play 591 00:36:36,647 --> 00:36:38,727 because quantum computers leverage quantum effects. 592 00:36:38,727 --> 00:36:44,367 The problem is that quantum effects are very fragile, right? 593 00:36:44,427 --> 00:36:48,467 So like, for example, you can have two particles that are entangled, right? 594 00:36:48,487 --> 00:36:55,707 There's this famous physicist, Schrodinger, who he has this kind of, there's this thought experiment on this topic, which is Schrodinger's cat, right? 595 00:36:55,767 --> 00:37:00,247 Actually, sorry, this is like, this is a demonstration, a superposition on entanglement, but it's still useful. 596 00:37:00,467 --> 00:37:07,027 So Schrodinger's, one of the quantum, you know, an aspect of quantum physics is that things can kind of be in two things. 597 00:37:07,027 --> 00:37:10,767 they can be two things at once. And Schrodinger was like, okay, well, if I put a cat in a box, 598 00:37:11,147 --> 00:37:17,487 is it alive or dead? And again, in quantum physics, in that world, you don't really know 599 00:37:17,487 --> 00:37:23,127 if it's alive or dead until you measure it. And it seems ridiculous, right? To consider that 600 00:37:23,127 --> 00:37:27,767 philosophically where you're like, well, the cat definitely must be alive or dead. But in the 601 00:37:27,767 --> 00:37:33,567 quantum physics world, it can be both alive and dead at the same time. Okay. So anyway, these 602 00:37:33,567 --> 00:37:37,547 effects, obviously it doesn't work on cats, right? Because cats are macro scale objects. 603 00:37:37,927 --> 00:37:42,407 But at the very small scales, this is how it works. And by the way, just for everyone may not 604 00:37:42,407 --> 00:37:50,287 know this, but quantum field theory, which is the foundation of particle physics, is the most 605 00:37:50,287 --> 00:37:55,907 accurate physical theory that has ever been created by humanity. It's accurate down to like, 606 00:37:56,167 --> 00:38:01,487 I can't remember, it's like 10 nines, right? And this has been verified. It's like all the 607 00:38:01,487 --> 00:38:05,247 particle accelerators at CERN and everywhere else. Like this is exactly what they study. 608 00:38:05,627 --> 00:38:09,867 And this is every single prediction of quantum field theory effectively has been shown to be 609 00:38:09,867 --> 00:38:17,667 correct. So it's a very reliable theory. Okay. So now we have these physical cubits that, 610 00:38:17,667 --> 00:38:20,567 you know, leverage quantum mechanics, blah, blah, blah, blah. Okay, great. Why don't we just build 611 00:38:20,567 --> 00:38:26,027 a computer? Okay. Well, issue, you know, any kind of little noise that interferes with their 612 00:38:26,027 --> 00:38:30,027 operation or their entanglement or their superposition basically knocks the whole thing 613 00:38:30,027 --> 00:38:34,927 over. So you got to really insulate them from noise. And in fact, it's actually impossible 614 00:38:34,927 --> 00:38:39,107 to insulate these things from noise because how are you going to control the computer? 615 00:38:39,327 --> 00:38:43,647 There needs to be some kind of signal. So like, okay, so there's definitely going to be noise 616 00:38:43,647 --> 00:38:47,367 and it's, you know, bad things are going to happen. So then the question is, how do you mitigate 617 00:38:47,367 --> 00:38:53,427 this? How do you error correct, right? As you're going through the computation. So the concept of 618 00:38:53,427 --> 00:38:57,147 a logical qubit is basically, you can think of like, all right, we're going to get a bunch of 619 00:38:57,147 --> 00:39:03,147 physical qubits together and we're going to do some fancy algorithms to basically make them 620 00:39:03,147 --> 00:39:10,327 redundant. And so the output of these physical qubits is one or more logical qubit that like we 621 00:39:10,327 --> 00:39:15,527 can just think of as a reliable unit of computation without having to worry about is this thing going 622 00:39:15,527 --> 00:39:22,047 to fall over or not. So we think of in terms of like physical qubits versus logical qubits, 623 00:39:22,047 --> 00:39:24,567 these turns get conflated all the time 624 00:39:24,567 --> 00:39:26,027 and so I 625 00:39:26,027 --> 00:39:28,207 think the important thing for people to recognize is that 626 00:39:28,207 --> 00:39:30,027 physical qubits alone 627 00:39:30,027 --> 00:39:32,287 are not what you need. Ultimately you need physical 628 00:39:32,287 --> 00:39:34,167 qubits to be error corrected 629 00:39:34,167 --> 00:39:36,447 and those give you logical qubits 630 00:39:36,447 --> 00:39:37,827 those logical qubits are enabling 631 00:39:37,827 --> 00:39:40,407 basically what the building block is of course 632 00:39:40,407 --> 00:39:42,267 Okay, so 633 00:39:42,267 --> 00:39:43,967 the logical qubits are the thing that matter 634 00:39:43,967 --> 00:39:45,827 what's the largest 635 00:39:45,827 --> 00:39:48,487 quantum computer built so far in terms of 636 00:39:48,487 --> 00:39:49,507 logical qubits? 637 00:39:49,507 --> 00:39:57,587 I think it's, so I believe it's 98 logical qubits on a trapped ion machine from Quentinua. 638 00:39:57,867 --> 00:40:02,627 For a neutral atom machine, it's about 48 logical qubits. 639 00:40:02,767 --> 00:40:08,127 Now, one other important caveat about logical qubits is they're not all created equal. 640 00:40:08,407 --> 00:40:13,767 Because ultimately, right, like, you know, it sort of depends on how big of a computation 641 00:40:13,767 --> 00:40:17,907 you want to run as to like what the threshold is for a logical qubit, right? 642 00:40:17,907 --> 00:40:20,127 So you can imagine if I want to run my quantum computer 643 00:40:20,127 --> 00:40:22,647 for 50 years, my logical qubit better 644 00:40:22,647 --> 00:40:24,787 be really damn robust, right? 645 00:40:24,787 --> 00:40:28,287 Which means that I got a lot of physical qubits in there 646 00:40:28,287 --> 00:40:29,847 to make sure, right? 647 00:40:29,847 --> 00:40:32,787 But if I only want to run my quantum computer 648 00:40:32,836 --> 00:40:39,396 like 15 minutes all right well i can i can probably afford to have a more error prone 649 00:40:39,956 --> 00:40:44,836 logical qubit right so this is like a dial and this comes back to shore's algorithm then comes 650 00:40:44,836 --> 00:40:49,876 back to the google paper because one of the things that the google paper showed was like hey turns 651 00:40:49,876 --> 00:40:54,996 out like our calculations show you only need 500 000 physical qubits and i can't remember how many 652 00:40:54,996 --> 00:41:01,476 logical qubits they had in there i think it's 1200. um they but they're importantly they were like 653 00:41:01,476 --> 00:41:05,936 Like you only need these, like this computer to run. 654 00:41:06,316 --> 00:41:12,796 It's basically like a million times, you know, fewer operations than the old record, right? 655 00:41:12,916 --> 00:41:14,416 So now two things happen. 656 00:41:14,576 --> 00:41:19,996 One, you actually needed less physical qubits to make the logical qubits that like you needed 657 00:41:19,996 --> 00:41:20,596 at all, right? 658 00:41:20,616 --> 00:41:21,956 So you need like, there's a minimum width. 659 00:41:21,956 --> 00:41:23,776 So I have to have that many logical qubits at least. 660 00:41:24,176 --> 00:41:27,876 And then you basically lowered the bar for quality because now these qubits don't have 661 00:41:27,876 --> 00:41:28,576 to last forever. 662 00:41:29,056 --> 00:41:31,556 They actually only have to put concrete numbers on this. 663 00:41:31,696 --> 00:41:33,556 It was 100 billion operations before. 664 00:41:34,136 --> 00:41:37,296 And the latest Google paper showed it could be done in 70 million operations. 665 00:41:37,736 --> 00:41:38,616 That is significant. 666 00:41:38,776 --> 00:41:39,596 Four orders of magnitude. 667 00:41:39,596 --> 00:41:44,856 And that means that the threshold of quality is that much lower. 668 00:41:45,636 --> 00:41:45,656 Okay. 669 00:41:45,876 --> 00:41:51,716 So in terms of being a threat to Bitcoin, are we a couple of orders of magnitude off that at the moment? 670 00:41:52,816 --> 00:41:52,976 Yeah. 671 00:41:53,176 --> 00:41:54,216 So I mean, okay. 672 00:41:54,676 --> 00:41:57,236 Well, like most operations that's ever been demonstrated, 673 00:41:57,236 --> 00:42:03,516 thousand maybe few thousand um or in terms of number of physical qubits for a superconducting 674 00:42:03,516 --> 00:42:08,616 machine like google was theorizing 500 000 to a thousand so i don't know two orders of magnitude 675 00:42:08,616 --> 00:42:13,356 even the oratomic paper which is the neutral atom machines which arguably have been advancing the 676 00:42:13,356 --> 00:42:18,336 best and are the best candidate in my view to be cryptographically relevant soonest you're still 677 00:42:18,336 --> 00:42:23,256 looking at a couple orders of magnitude both cubic count and reliability and there's a bunch of 678 00:42:23,256 --> 00:42:27,616 unsolved problems around decoders and connections and all kinds of stuff we're not even talking about 679 00:42:27,616 --> 00:42:38,156 right um so yeah undoubtedly we're not there there is no question about that but so this is really 680 00:42:38,156 --> 00:42:42,896 like the big question i have around the actual like engineering challenges of building this 681 00:42:42,896 --> 00:42:47,476 are they engineering challenges that we understand and it's just a case of scaling up what we already 682 00:42:47,476 --> 00:42:52,116 have or is there going to be new engineering challenges in this look this is the part where 683 00:42:52,116 --> 00:42:54,496 I think, you know, me and your prior guests would differ. 684 00:42:55,896 --> 00:43:01,856 I think, and the majority of physicists that work on quantum computers that are building 685 00:43:01,856 --> 00:43:03,096 them think, right? 686 00:43:03,176 --> 00:43:06,276 And so maybe they're biased because they're building these things and they like to believe 687 00:43:06,276 --> 00:43:07,196 that what they're doing is irrelevant. 688 00:43:07,976 --> 00:43:11,836 They think that this is just an engineering challenge of scaling up what we have. 689 00:43:12,436 --> 00:43:19,696 And I think the view, I think that is the consensus view in the field is that the below 690 00:43:19,696 --> 00:43:26,236 threshold demonstration was really the key thing there, right? Because that was a big theoretical 691 00:43:26,236 --> 00:43:32,816 question. Could you even get below threshold? That was solved. So now I think most people believe, 692 00:43:33,376 --> 00:43:37,376 yes, you could scale these up. Now there is a question that when you scale this up, 693 00:43:37,576 --> 00:43:41,536 like it's not quite so simple of like, okay, we've got one qubit below threshold and now we just 694 00:43:41,536 --> 00:43:45,616 copy and paste that a thousand times, right? That's not how it works, obviously, right? 695 00:43:45,616 --> 00:43:48,756 So there's a question like, all right, if I copy and paste a thousand times, am I still below 696 00:43:48,756 --> 00:43:55,136 threshold? The answer is probably not. And so we got to be a little bit more clever about what we're 697 00:43:55,136 --> 00:44:00,296 doing. How much more clever? It really depends on the type of machine you're building. For the 698 00:44:00,296 --> 00:44:07,016 superconducting qubits, its biggest challenge is one, you have this nano Kelvin dilution 699 00:44:07,016 --> 00:44:12,316 refrigerator that's extremely power hungry, extremely sensitive to any kind of temperature 700 00:44:12,316 --> 00:44:18,216 fluctuations. You have to connect all of the individual qubits physically by wires, right? 701 00:44:18,216 --> 00:44:22,836 So however many qubits you want, that's how many wires you have divided by two, I guess, or minus one. 702 00:44:25,276 --> 00:44:26,976 So that's a big challenge there. 703 00:44:27,576 --> 00:44:29,536 Advantage of that system is that it runs really fast. 704 00:44:29,696 --> 00:44:34,756 So back to the fast clock and you can get all the Bitcoin, that would let you get all the Bitcoin if you could build it. 705 00:44:35,456 --> 00:44:38,656 The neutral atom machines, what's their big advantage? 706 00:44:39,156 --> 00:44:40,796 Or what's their big challenge? 707 00:44:40,796 --> 00:44:46,896 Their big challenge is the paper in particular that was released last week talks about this new form of error correction. 708 00:44:46,896 --> 00:44:48,696 that's way more efficient. 709 00:44:48,916 --> 00:44:50,236 So you're talking about potentially just, 710 00:44:50,616 --> 00:44:53,616 you know, in the Google below-threshold demonstration, 711 00:44:53,736 --> 00:44:56,056 it was 100 physical qubits got you one logical. 712 00:44:56,596 --> 00:44:58,076 In this oratomic paper, they're like, 713 00:44:58,136 --> 00:45:00,056 hey, you could get four physical qubits 714 00:45:00,056 --> 00:45:01,056 to get you one logical. 715 00:45:01,216 --> 00:45:02,156 That's obviously huge. 716 00:45:02,636 --> 00:45:05,636 But this is a newer technique. 717 00:45:05,876 --> 00:45:07,076 There is, it's not as well-developed. 718 00:45:07,096 --> 00:45:09,256 And by the way, you need to have classical decoders 719 00:45:09,256 --> 00:45:11,056 figure out how to apply these error corrections 720 00:45:11,056 --> 00:45:11,756 in real time. 721 00:45:11,756 --> 00:45:14,636 So that was much more speculative there. 722 00:45:14,636 --> 00:45:22,816 Their biggest advantage of the neutral atom machines is that you can actually arbitrarily connect any two qubits together throughout the system. 723 00:45:22,856 --> 00:45:27,736 Because basically the way these things work is like they trap individual neutral atoms with lasers. 724 00:45:28,156 --> 00:45:31,396 And you just keep shooting lasers all over the place as you're going through it. 725 00:45:31,416 --> 00:45:33,036 You're kind of making this laser computer. 726 00:45:33,196 --> 00:45:33,996 It's kind of cool, actually. 727 00:45:35,556 --> 00:45:39,076 So both have significant challenges. 728 00:45:39,696 --> 00:45:42,376 Both have potential pathways to scale. 729 00:45:42,376 --> 00:45:48,876 neither of those have been fully solved i mean neither of them have solved the engineering 730 00:45:48,876 --> 00:45:54,496 challenges though this is one of the really hard things because i i don't understand quantum computers 731 00:45:54,496 --> 00:45:58,996 like i and i think very few people do and probably even fewer people that understand cryptography 732 00:45:58,996 --> 00:46:03,556 actually understand quantum computing and in bitcoin there's an annoying thing that happens 733 00:46:03,556 --> 00:46:08,696 where you have like a group of people that just will say quantum computers nonsense ignore it we 734 00:46:08,696 --> 00:46:12,196 don't need to worry about this. I don't think that's particularly helpful. And you have the 735 00:46:12,196 --> 00:46:15,916 people on the other side who are like, this is going to break Bitcoin in five years, which again, 736 00:46:16,076 --> 00:46:20,516 I don't, and that we need to like rush some kind of change, which I also don't think is useful. 737 00:46:20,636 --> 00:46:26,456 Like rushing a change is not going to be the best solution for this. What is your take on what 738 00:46:26,456 --> 00:46:31,876 Bitcoiners should be doing now? I actually think the way you just framed it is the perfect way 739 00:46:31,876 --> 00:46:36,536 that I think is the way that I think about it. Bitcoin should not rush a change. So we don't 740 00:46:36,536 --> 00:46:41,476 want to be, by the way, no one who's deploying new cryptography should rush a change. That's not, 741 00:46:41,556 --> 00:46:47,536 that's what goes beyond Bitcoin, right? The best way to ensure that you're not rushing a change 742 00:46:47,536 --> 00:46:52,596 is to ensure that you're not surprised, right? And by the way, in case it was people just tuning in, 743 00:46:52,656 --> 00:46:58,936 maybe fast forward to the beginning, Alex Pruden is not a quantum physicist, right? And even quantum 744 00:46:58,936 --> 00:47:04,196 physicists cannot definitively tell you how long it's going to take to make a quantum appear. But 745 00:47:04,196 --> 00:47:06,216 What they can tell you is there has been progress. 746 00:47:06,856 --> 00:47:07,936 The bar has been lowered. 747 00:47:08,416 --> 00:47:10,076 There are now pretty big incentives 748 00:47:10,076 --> 00:47:12,056 to push things to the finish line, 749 00:47:12,116 --> 00:47:14,076 which by the way, a part of those incentives 750 00:47:14,076 --> 00:47:16,736 involve not revealing the latest capabilities 751 00:47:16,736 --> 00:47:17,716 of these various machines. 752 00:47:17,976 --> 00:47:20,336 And that was also part of the Google paper, right? 753 00:47:20,396 --> 00:47:22,796 So you're getting to this world 754 00:47:22,796 --> 00:47:24,576 where things become more and more uncertain. 755 00:47:24,576 --> 00:47:26,976 So just exactly to what you said, 756 00:47:27,356 --> 00:47:29,156 we don't want to rush it. 757 00:47:29,616 --> 00:47:31,116 Therefore, we should just play it safe. 758 00:47:31,276 --> 00:47:33,596 Even in a world where it's only a 1% chance, 759 00:47:33,596 --> 00:47:39,696 in my view that a quantum computer exists by 2029, one of these various attempts to make one, 760 00:47:40,136 --> 00:47:46,096 we should already be well on our way as the Bitcoin network to having post-quantum cryptography 761 00:47:46,096 --> 00:47:52,656 at the very least researched and then tested and hopefully in a world that's close to being ready 762 00:47:52,656 --> 00:47:57,896 to deploy. So that way, there's no risk. Assume a different world where we just kick the can 763 00:47:57,896 --> 00:48:03,336 and it's 2030. By the way, by 2030, all sensitive government systems will have migrated because the 764 00:48:03,336 --> 00:48:08,496 NSA has told the government, you must migrate by 2030. And then boom, out of nowhere comes a quantum 765 00:48:08,496 --> 00:48:12,376 computer in that world. And then we have to rush. Well, that's where you're going to get a rush, 766 00:48:12,456 --> 00:48:15,316 right? Because by the way, if you have a quantum computer, what are you going to do with it? 767 00:48:15,576 --> 00:48:18,736 At least if you're an economically rational actor, you're going to sell it to a government 768 00:48:18,736 --> 00:48:23,196 so they can do espionage. Or you're going to go try and take money on Bitcoin. I mean, 769 00:48:23,216 --> 00:48:26,696 you go look at that risk list. There's 6 million Bitcoin worth a lot of money out there for the 770 00:48:26,696 --> 00:48:34,016 taking. And I think people will have to be naive to think that that's not going to get looked at 771 00:48:34,016 --> 00:48:38,796 as a juicy target. I mean, one of the things you said there is another part of this sort of 772 00:48:38,796 --> 00:48:42,736 discourse that's been frustrating to me is that there's people out there shouting at Bitcoin 773 00:48:42,736 --> 00:48:48,016 developers saying you're not doing anything. And that's just like not true. We have BIP360 where 774 00:48:48,016 --> 00:48:54,856 people are working on this. What's your take on the BIP360 stuff and the at least potential 775 00:48:54,856 --> 00:48:57,176 quantum resistant algorithms that people are working on? 776 00:48:57,756 --> 00:49:01,056 Well, first off, I want to acknowledge that being a Bitcoin developer 777 00:49:01,056 --> 00:49:06,656 and being an open source developer generally is a hard and thankless job. 778 00:49:07,216 --> 00:49:09,956 Okay, so that is without a doubt true. 779 00:49:10,176 --> 00:49:13,836 And I am very appreciative of every Bitcoin developer 780 00:49:13,836 --> 00:49:17,516 that does what they do and maintains the core protocol. 781 00:49:17,516 --> 00:49:20,696 And I don't pretend that their job is easy. 782 00:49:20,696 --> 00:49:29,316 Look, with regard to BIP 360, I think BIP 360 is a step in the right direction, but it's far from sufficient. 783 00:49:30,116 --> 00:49:31,756 What does BIP 360 do? 784 00:49:32,256 --> 00:49:41,716 It disables part of Taproot that effectively revealed your public key on a transaction, right? 785 00:49:41,736 --> 00:49:42,876 So there's the key path spent. 786 00:49:42,876 --> 00:49:59,075 So what BIP 360 does is kind of disables that so you can make your life worse by accidentally exposing your public key But it and it kind of talks about in the future maybe we use Tapscript to do some post quantum stuff but it all very intangible 787 00:49:59,075 --> 00:50:08,755 um look i think i think there's a bit of a risk here that people are a little bit too focused on 788 00:50:08,755 --> 00:50:15,655 kind of ideas and research and people are not focused on enough on just implementing and testing 789 00:50:15,655 --> 00:50:21,195 this post-quantum cryptography because this is extremely novel and new cryptography that we're 790 00:50:21,195 --> 00:50:28,195 talking about um where the stakes are as high as they're going to be anywhere by the way this new 791 00:50:28,195 --> 00:50:33,255 cryptography comes with significant trade-offs in terms of size of signatures, 792 00:50:34,875 --> 00:50:42,095 speed of signing or verifying potentially, size of public keys, size of private keys. 793 00:50:43,215 --> 00:50:48,375 There's no world that we're going to go to where you're going to have what we have today in terms 794 00:50:48,375 --> 00:50:53,715 of elliptic curve level performance. None. And by the way, there's completely new assumptions 795 00:50:53,715 --> 00:50:55,295 that are being baked in all over the place 796 00:50:55,295 --> 00:50:58,195 that could be classically broken for all we know. 797 00:50:59,215 --> 00:51:01,075 So look, I think for that reason, 798 00:51:01,115 --> 00:51:01,935 I think it's just important. 799 00:51:02,435 --> 00:51:05,215 To me, I'm a big proponent of let's ship stuff. 800 00:51:05,375 --> 00:51:07,495 Let's put something out there and let's see what happens. 801 00:51:07,575 --> 00:51:08,135 Can it get broken? 802 00:51:08,255 --> 00:51:09,515 Can we put it on a SIGnet? 803 00:51:09,615 --> 00:51:10,595 Then let's put it on a testnet. 804 00:51:10,815 --> 00:51:13,715 Let's just implement shrinks or shrimps or SLHGSA, 805 00:51:13,835 --> 00:51:15,435 whatever it is, let's just do it. 806 00:51:15,875 --> 00:51:17,955 And let's fund people who are doing that. 807 00:51:17,955 --> 00:51:21,415 Let's prioritize actual post-chronic cryptography 808 00:51:21,415 --> 00:51:25,975 and deployed in as many contexts as widely as possible, 809 00:51:26,035 --> 00:51:26,815 as soon as possible. 810 00:51:27,155 --> 00:51:29,235 I think the risk is people try and bite shed 811 00:51:29,235 --> 00:51:30,895 over what's the most optimal thing. 812 00:51:30,995 --> 00:51:33,115 And, oh, well, could we do this and optimize this? 813 00:51:33,155 --> 00:51:34,275 And let's write some more papers. 814 00:51:34,835 --> 00:51:36,195 And, you know, it's 2030 and we're like, 815 00:51:36,235 --> 00:51:37,555 oh shit, we haven't done anything yet. 816 00:51:37,595 --> 00:51:38,815 We still have to do all the engineering. 817 00:51:39,955 --> 00:51:41,675 See, that's an interesting take 818 00:51:41,675 --> 00:51:43,995 because my perspective on this has always been 819 00:51:43,995 --> 00:51:46,435 that we'll probably see quantum computing 820 00:51:46,435 --> 00:51:47,395 coming quite far out. 821 00:51:47,515 --> 00:51:48,355 I know you disagree with that 822 00:51:48,355 --> 00:51:49,215 and we should get into that. 823 00:51:49,215 --> 00:51:57,515 But if that was the case, then surely spending time just working on how to make these signatures as efficient as possible is going to be the best option. 824 00:51:57,675 --> 00:52:04,135 Because if we just ship something now, it's not going to be the perfect solution. 825 00:52:04,455 --> 00:52:11,275 Whereas if we spend five years researching it, we might find new ways of doing things that are novel and make Bitcoin a more efficient. 826 00:52:11,415 --> 00:52:15,235 Because the tradeoff here is that it's going to crush throughput, right? 827 00:52:15,675 --> 00:52:17,395 Because signature is going to be way larger. 828 00:52:17,395 --> 00:52:24,095 so is it not worth spending five years researching that to make it the best upgrade we can if we need 829 00:52:24,095 --> 00:52:29,675 to make a quantum resistant change i i think both of these positions are straw men right like on the 830 00:52:29,675 --> 00:52:34,035 one hand it's clearly like we shouldn't like rush to implement something right now that could be 831 00:52:34,035 --> 00:52:39,535 suboptimal that would be probably not ideal also i don't think though like you can always make an 832 00:52:39,535 --> 00:52:43,495 argument for we should spend more time researching and making it more optimal because if i get the 833 00:52:43,495 --> 00:52:49,975 signatures down to 2000 bytes. Well, I've got a new idea. It's like 1999 bytes. You could spend, 834 00:52:50,095 --> 00:52:54,295 I mean, I like, I, I studied at Stanford cryptography. I like worked in a bunch of like 835 00:52:54,295 --> 00:52:59,135 frontier. Like people will do this all day long because people like to do this. It's a fun, 836 00:52:59,235 --> 00:53:02,375 cool thing. But I think, and what do people not like to do generally? 837 00:53:05,635 --> 00:53:10,175 Put these things into practice where the trade-offs become apparent and you just have to 838 00:53:10,175 --> 00:53:15,335 learn to live with them. That is painful. That is uncomfortable. Everyone would much rather think of 839 00:53:15,335 --> 00:53:19,495 a world where they don't have those trade-offs. But I think the risk is you just overshoot them. 840 00:53:20,015 --> 00:53:26,095 So look, I think in my view, it's both. There can be, there's nothing stopping there being four 841 00:53:26,095 --> 00:53:31,695 different post-quantum algorithms being live on various test nets today. And then we can have 842 00:53:31,695 --> 00:53:38,455 real world numbers with potentially real world network activity that can inform what really is 843 00:53:38,455 --> 00:53:41,195 the trade-off or not? Because that's kind of the other thing with research is like, it's always 844 00:53:41,195 --> 00:53:46,535 clean room lab coats. You're like, ah, in ideal conditions, it's this. The real world is not 845 00:53:46,535 --> 00:53:49,695 ideal conditions, right? And so no matter what you come up with, you're going to have to put it 846 00:53:49,695 --> 00:53:54,315 through those paces anyway. Might as well use this as an opportunity to learn and inform the research. 847 00:53:54,415 --> 00:53:58,255 So I'm a big fan of doing both things in parallel. Let's take what we have now. And then worst case, 848 00:53:58,375 --> 00:54:03,555 we're all wrong. Quantum Peter shows up tomorrow. We got something. Or we can keep working on and 849 00:54:03,555 --> 00:54:07,135 iterating on these various algorithms, make them better. And then guess what? We maybe have more 850 00:54:07,135 --> 00:54:10,835 time, great. Now we've all saved ourselves some pain in the future and maybe prevented having to 851 00:54:10,835 --> 00:54:16,015 do a soft fork later. Just on this attack coming from nowhere or having prior warning, 852 00:54:16,975 --> 00:54:20,955 why do you think this will come from nowhere? Because are we not going to see other systems 853 00:54:20,955 --> 00:54:25,575 break before Bitcoin? Surely there are easier things to target. I feel much more confident 854 00:54:25,575 --> 00:54:33,675 about this. I don't think it's a certainty at all that you'll see other things break. 855 00:54:33,675 --> 00:54:40,955 First off, it's important to note that a quantum attack like Shores does not come with like a signature. 856 00:54:41,275 --> 00:54:45,115 There's not like a beacon in the sky that's like, this was a quantum attack. 857 00:54:45,395 --> 00:54:49,115 This is absolutely just going to look like someone lost control of their private key. 858 00:54:49,835 --> 00:54:56,375 Whether it's in the context of military communications or whether it's in the context of an exchange wallet, it's just going to look like something happened. 859 00:54:56,375 --> 00:55:01,175 and only by a lot of back, like reverse engineering, 860 00:55:01,295 --> 00:55:04,755 might you discover that this was actually a quantum computer. 861 00:55:04,755 --> 00:55:09,175 So, you know, and by the way, like, you know, 862 00:55:09,375 --> 00:55:11,855 in the first scenario that I highlighted around military communications, 863 00:55:11,855 --> 00:55:14,575 I mean, you could see there's an obvious reason why governments 864 00:55:14,575 --> 00:55:17,615 that, by the way, are dumping hundreds of billions of dollars in quantum 865 00:55:17,615 --> 00:55:21,275 want this capability to be secret. 866 00:55:21,355 --> 00:55:24,235 Like if I tell, if like you're China and I'm the US, I'm like, 867 00:55:24,275 --> 00:55:24,835 hey, guess what? 868 00:55:24,835 --> 00:55:27,235 I'm going to have a quantum computer that breaks all your cryptography next year. 869 00:55:27,375 --> 00:55:28,175 What are you going to do? 870 00:55:28,355 --> 00:55:29,215 You're going to move everything. 871 00:55:29,615 --> 00:55:33,535 I'd actually way rather you just think that your cryptography is fine for as long as it's 872 00:55:33,535 --> 00:55:35,955 fine, and then I can just read your mail without you knowing, right? 873 00:55:36,275 --> 00:55:38,175 So this is, I think, one of the really tricky things. 874 00:55:38,175 --> 00:55:43,435 A good analogy to this that Scott Aronson, who's a physicist at UT Austin, writes about 875 00:55:43,435 --> 00:55:48,415 on his blog is kind of what nuclear physics was like in the late 30s, early 40s. 876 00:55:48,455 --> 00:55:53,095 Basically, everyone realized that this thing might be possible, and then they realized 877 00:55:53,095 --> 00:55:55,395 that it was very important 878 00:55:55,395 --> 00:55:56,955 to control the information around it 879 00:55:56,955 --> 00:55:59,335 so as not to potentially reveal capability 880 00:55:59,335 --> 00:56:01,495 before the actual bomb dropped. 881 00:56:02,235 --> 00:56:05,095 So I think it's not clear. 882 00:56:05,255 --> 00:56:07,295 A, we'll know when it happens. 883 00:56:07,595 --> 00:56:09,395 And also I think back to like other systems 884 00:56:09,395 --> 00:56:09,975 you could target. 885 00:56:10,455 --> 00:56:11,495 Okay, sure, like, yes, 886 00:56:11,555 --> 00:56:13,035 there could be some espionage type stuff, 887 00:56:13,095 --> 00:56:14,595 but like, okay, let's pick another example 888 00:56:14,595 --> 00:56:15,895 that people often like to straw man. 889 00:56:16,855 --> 00:56:20,235 Swift, the Swift, I could go attack Swift, right? 890 00:56:20,275 --> 00:56:21,575 The interbank transfer system. 891 00:56:21,575 --> 00:56:28,375 look swift is a database effectively run by a consortium big banks if something happens that 892 00:56:28,375 --> 00:56:34,015 they don't agree with that consortium they're just gonna roll it back like it's a it's not like 893 00:56:34,015 --> 00:56:38,335 a decentralized blockchain they're like okay well does everyone agree that we should just delete 894 00:56:38,335 --> 00:56:41,675 that last entry in this database and everyone's gonna be like yes i did not want that to happen 895 00:56:41,675 --> 00:56:46,515 and they're okay it's done and so your attack effectively you've revealed that you have this 896 00:56:46,515 --> 00:56:52,715 capability, you've made no money on it, right? So why is crypto or blockchain or Bitcoin way 897 00:56:52,715 --> 00:56:57,615 more attractive in this way? Well, you could just make money potentially much more immediately. 898 00:56:58,215 --> 00:57:02,835 And there's no easy way to roll these transactions back. In fact, that was the entire point of 899 00:57:02,835 --> 00:57:08,375 Bitcoin, right? Satoshi made Bitcoin as a reaction to like the central banks printing money and like 900 00:57:08,375 --> 00:57:12,355 financial system was rigged and, you know, they control everything. Like that was the whole point 901 00:57:12,355 --> 00:57:18,155 Bitcoin. And that means in this case, it's much more vulnerable to someone that is able to break 902 00:57:18,155 --> 00:57:23,855 the underlying cryptography and potentially profit from it. So Satoshi's coins really are the canary 903 00:57:23,855 --> 00:57:26,935 in the coal mine. I guess if you were a smart attacker, you wouldn't even touch them. 904 00:57:27,395 --> 00:57:31,275 Correct. Because if they've not moved in 17 plus years, like as soon as they move, 905 00:57:31,295 --> 00:57:34,215 you have to assume that's a quantum attack. So really you're going to go after other 906 00:57:34,215 --> 00:57:39,755 addresses where they're publicly exposed. So most fun parlor conversation for Bitcoiners is what 907 00:57:39,755 --> 00:57:43,395 would happen if you had a quantum computer, right? Because there's like a million scenarios. I wrote 908 00:57:43,395 --> 00:57:48,815 a blog post called Quantum War Games. Nick Carter's written as like a short story. They're all kind of 909 00:57:48,815 --> 00:57:53,175 fun thought experiments. I mean, the reality is we don't know. But to your point, any public key is 910 00:57:53,175 --> 00:57:58,835 exposed. One potential way it could play out if you were smart and you didn't want to signal the 911 00:57:58,835 --> 00:58:04,075 canary in the coal mine, you'd go for a second or third tier exchange. Thousands of Bitcoin easily, 912 00:58:04,075 --> 00:58:05,835 maybe hundreds of thousands. 913 00:58:06,375 --> 00:58:07,975 Those things get hacked all the time. 914 00:58:08,635 --> 00:58:10,035 So would anyone really notice? 915 00:58:10,115 --> 00:58:11,755 They're like, ah, those idiots over in like, 916 00:58:11,815 --> 00:58:13,535 I don't know, some countries, you know, 917 00:58:13,615 --> 00:58:14,535 tier three exchange, 918 00:58:14,675 --> 00:58:18,055 lost their private keys again, idiots, you know? 919 00:58:18,155 --> 00:58:19,835 And then, but no one's the wiser, right? 920 00:58:20,295 --> 00:58:21,595 I think that's just as possible 921 00:58:21,595 --> 00:58:22,655 as someone going after Satoshi. 922 00:58:22,755 --> 00:58:25,275 The thing with Satoshi's coins that I think 923 00:58:25,275 --> 00:58:27,895 maybe the unique risk there is that 924 00:58:27,895 --> 00:58:30,015 some of the quantum computing companies 925 00:58:30,015 --> 00:58:31,175 that are building these systems 926 00:58:31,175 --> 00:58:35,035 have expressed to me personally in conversation 927 00:58:35,035 --> 00:58:37,795 that they're like, oh, this is a business opportunity 928 00:58:37,795 --> 00:58:40,615 because Satoshi's coins are lost treasure. 929 00:58:41,035 --> 00:58:42,275 It's like digital salvage. 930 00:58:42,355 --> 00:58:43,935 It's like I have some Spanish galleon 931 00:58:43,935 --> 00:58:45,875 sunk in the Caribbean and I can just go take it. 932 00:58:45,935 --> 00:58:47,755 I can go dive down there and get the gold. 933 00:58:48,915 --> 00:58:50,235 Obviously, they don't really understand 934 00:58:50,235 --> 00:58:52,275 what would happen if they were to do that. 935 00:58:52,575 --> 00:58:55,595 But I don't necessarily think it would stop them from trying 936 00:58:55,595 --> 00:58:57,415 because the attractive thing about Satoshi's coins 937 00:58:57,415 --> 00:59:00,755 is kind of legally, I don't know, it's a gray area. 938 00:59:00,755 --> 00:59:14,174 Is it stealing Is Satoshi alive I don know right So you know that maybe a world in which that not totally off the team So to implement a change here does this need to be a hard fork or can it be a soft fork 939 00:59:16,194 --> 00:59:19,074 I have this argument with people all the time. 940 00:59:19,074 --> 00:59:21,034 I think it's a distinction without a difference. 941 00:59:21,674 --> 00:59:23,554 Technically, it can be a soft fork. 942 00:59:24,134 --> 00:59:29,874 But I think if you're talking about burning, let's say, Satoshi's coins, 943 00:59:29,874 --> 00:59:31,294 if that's an aspect of your solution, 944 00:59:31,594 --> 00:59:34,154 that is quite controversial. 945 00:59:34,654 --> 00:59:37,874 And so it might as well be hard work 946 00:59:37,874 --> 00:59:39,834 in terms of the work that you're going to have to do 947 00:59:39,834 --> 00:59:40,994 to get consensus around it. 948 00:59:42,054 --> 00:59:44,114 So I don't think the distinction between soft work 949 00:59:44,114 --> 00:59:45,074 and hard work here is meaningful. 950 00:59:45,454 --> 00:59:47,314 I think it's going to be extremely controversial. 951 00:59:47,934 --> 00:59:50,734 And so we should just plan our timelines accordingly. 952 00:59:51,734 --> 00:59:55,074 What's your take on the freezing of Satoshi's coins or not? 953 00:59:55,074 --> 01:00:03,834 Look, ultimately, my take is the community ultimately has to decide. 954 01:00:04,794 --> 01:00:10,034 And I think it's really tough because philosophically, there's two things in tension here. 955 01:00:10,814 --> 01:00:18,474 There's the integrity of the network and the value that it represents, which is implicitly 956 01:00:18,474 --> 01:00:20,794 like the strength of the digital gold thesis. 957 01:00:20,794 --> 01:00:23,754 and there's the philosophical principles 958 01:00:23,754 --> 01:00:25,374 that motivated the network. 959 01:00:25,574 --> 01:00:26,894 Not your keys, not your crypto. 960 01:00:27,734 --> 01:00:29,334 These things are in complete tension here. 961 01:00:31,074 --> 01:00:33,234 There is not an easy answer. 962 01:00:33,734 --> 01:00:37,194 If you put a gun to my head 963 01:00:37,194 --> 01:00:38,234 and you said, hey, Alex, 964 01:00:38,254 --> 01:00:39,314 you have to answer the question, 965 01:00:39,834 --> 01:00:42,694 I probably would err on the side of Burning Man 966 01:00:42,694 --> 01:00:45,274 because I think at the end of the day, 967 01:00:45,594 --> 01:00:47,774 that's better economically. 968 01:00:48,134 --> 01:00:50,174 I think the real challenge though 969 01:00:50,174 --> 01:00:51,954 is like, it's easy when it's Satoshi's coins. 970 01:00:52,054 --> 01:00:53,134 You're like, ah, whatever, Satoshi's coins. 971 01:00:53,594 --> 01:00:56,494 But there's 15% or so of the network 972 01:00:56,494 --> 01:00:57,654 is estimated to be lost. 973 01:00:57,754 --> 01:00:59,774 And so only two thirds of that or so is Satoshi's coins. 974 01:00:59,894 --> 01:01:02,174 But how do you know you're not, 975 01:01:02,374 --> 01:01:03,954 it's not someone who's just like, 976 01:01:03,994 --> 01:01:05,274 you know, oh, my thumb drives in my, 977 01:01:05,694 --> 01:01:07,194 you know, on my base, then I dig it up one day. 978 01:01:07,234 --> 01:01:08,314 And now my coins are gone. 979 01:01:08,894 --> 01:01:11,194 Who, where's the dev that pressed, 980 01:01:11,494 --> 01:01:13,054 you know, pushed that update? 981 01:01:13,434 --> 01:01:14,174 Where's my lawyer? 982 01:01:14,554 --> 01:01:17,654 Like, it's quite fraught, right? 983 01:01:17,654 --> 01:01:19,614 When you think about kind of on the margin, 984 01:01:19,614 --> 01:01:21,274 what is a lost coin? 985 01:01:22,694 --> 01:01:24,534 I mean, I think that's another aspect 986 01:01:24,534 --> 01:01:25,734 that a lot of people don't consider 987 01:01:25,734 --> 01:01:27,494 is like, how do you deal with it? 988 01:01:27,554 --> 01:01:28,514 I mean, the way that some people 989 01:01:28,514 --> 01:01:29,574 like Jameson Lopper propose 990 01:01:29,574 --> 01:01:30,354 is like, oh, you give people 991 01:01:30,354 --> 01:01:31,774 like a super long window, 992 01:01:32,434 --> 01:01:33,394 you know, 12 years. 993 01:01:33,494 --> 01:01:34,734 But again, if you take that to the extreme, 994 01:01:34,794 --> 01:01:35,914 it's like no different than just 995 01:01:35,914 --> 01:01:38,134 leaving them for the quantum computer, right? 996 01:01:39,034 --> 01:01:40,534 But yeah, I think probably burning them 997 01:01:40,534 --> 01:01:42,914 is right on balance. 998 01:01:43,054 --> 01:01:44,254 But, you know, again, I don't, 999 01:01:44,334 --> 01:01:46,174 I definitely understand and sympathize 1000 01:01:46,174 --> 01:01:47,454 with people that have the opposite view. 1001 01:01:47,454 --> 01:01:52,554 yeah i would definitely have the opposite view there only because like i i understand the idea 1002 01:01:52,554 --> 01:01:57,754 of like the digital gold narrative and if those coins did get stolen by a quantum computer attack 1003 01:01:57,754 --> 01:02:02,034 then it's going to be really detrimental to price if you have six million coins or however many are 1004 01:02:02,034 --> 01:02:06,954 left at that point hitting the market but if you completely undermine the property rights of bitcoin 1005 01:02:06,954 --> 01:02:12,374 by allowing like by essentially stealing someone else's property before who you consider a bad actor 1006 01:02:12,374 --> 01:02:18,334 steals that property. Like, what is the long-term value proposition of Bitcoin then? Like, if the 1007 01:02:18,334 --> 01:02:23,254 property rights are broken, is the long-term value proposition way lower anyway? Because you've proven 1008 01:02:23,254 --> 01:02:27,694 you can do it once. And who's to say there's not going to be a future attack that means you have to 1009 01:02:27,694 --> 01:02:33,454 do it again? Like, I just think those coins have to be stolen by a quantum computer in that situation. 1010 01:02:35,214 --> 01:02:41,494 Yeah, it's hard, right? Like, this is, yeah, it's a trade-off. And by the way, like, maybe just to 1011 01:02:41,494 --> 01:02:46,014 quantify these views. I was at the Presidio Bitcoin conference last year where there's a 1012 01:02:46,014 --> 01:02:50,474 bunch of core developers and supporters of Bitcoin, large holders, miners, developers. 1013 01:02:51,614 --> 01:02:55,814 And they pulled the audience and the question was basically split down the middle. Like, 1014 01:02:55,854 --> 01:03:01,454 what do we do? And so I think just the reality is the community, at least today, there is not 1015 01:03:01,454 --> 01:03:06,074 consensus among either the broader community or the key institutions that represent stakeholders. 1016 01:03:06,074 --> 01:03:12,474 yeah this is another part of uh the debate that's going to be really interesting i think it's a 1017 01:03:12,474 --> 01:03:15,934 really cool sort of philosophical debate but it's going to make the whole thing really messy 1018 01:03:15,934 --> 01:03:19,954 and going back sorry just to quickly just to quickly plug in there it's going to make it 1019 01:03:19,954 --> 01:03:24,814 really messy that means it's going to take longer than we probably expect that means we should start 1020 01:03:24,814 --> 01:03:29,474 sooner because overall like it's going to be a bigger hill to climb than we think it is so that 1021 01:03:29,474 --> 01:03:34,434 really if i could distill the core of my argument it's that yeah that makes sense and if there's any 1022 01:03:34,434 --> 01:03:40,534 if we have both this fast and slow attack so any public key that's on chain now obviously they're 1023 01:03:40,534 --> 01:03:45,994 at risk but if it can also do the mempool attack where it can derive the private key from the public 1024 01:03:45,994 --> 01:03:52,154 key in less than 10 minutes is there any change in the upgrade we need to make to bitcoin for those 1025 01:03:52,154 --> 01:03:59,014 two different attack vectors or is it the same fix fixes both probably i mean like ultimately it 1026 01:03:59,014 --> 01:04:05,054 probably doesn't change that much. Oh, I take it back. It does change quite a bit, right? Because 1027 01:04:05,054 --> 01:04:09,434 if you think, for example, if you let's just take the case where it's like fast clock attack. So 1028 01:04:09,434 --> 01:04:12,614 let's say it's a physics paper comes out tomorrow and be like, all right, quantum computers just 1029 01:04:12,614 --> 01:04:18,094 physically cannot run faster than an hour. It's just impossible. In that world, like, 1030 01:04:18,394 --> 01:04:23,934 as long as you continue using the Bitcoin network, you know, and not reusing your public keys, 1031 01:04:24,294 --> 01:04:28,934 you'll probably find. I mean, I think it would probably impact how practically things like 1032 01:04:28,934 --> 01:04:30,294 all these things are implemented, right? 1033 01:04:30,334 --> 01:04:34,754 You'd have to, I mean, people today just aren't really that diligent about rotating those, 1034 01:04:34,874 --> 01:04:38,974 and it would make infrastructure a pain in the ass, but you could probably live with it. 1035 01:04:39,034 --> 01:04:41,634 You would just have to figure out this question of Satoshi's keys or not. 1036 01:04:42,894 --> 01:04:49,334 I think ultimately, though, you know, there's no, again, to the best of our physics knowledge, 1037 01:04:49,334 --> 01:04:52,934 there's nothing preventing a fast clock computer from existing. 1038 01:04:53,074 --> 01:04:57,774 And by the way, as these, like, one of the things that, you know, both of these papers 1039 01:04:57,774 --> 01:04:59,974 kind of talk about is as you scale these systems, 1040 01:05:00,854 --> 01:05:02,494 you know, you can effectively run this computation 1041 01:05:02,494 --> 01:05:03,494 more and more parallel, 1042 01:05:03,654 --> 01:05:05,134 and it's exponential as an advantage. 1043 01:05:05,634 --> 01:05:07,834 So like, if you even get just a few more qubit, 1044 01:05:07,914 --> 01:05:10,754 logical qubits, you can run this thing way faster. 1045 01:05:11,714 --> 01:05:13,194 That's, again, the best of our knowledge, 1046 01:05:13,454 --> 01:05:14,554 how we think it could play out. 1047 01:05:14,814 --> 01:05:18,114 So ultimately, I don't think we should overly focus on, 1048 01:05:18,754 --> 01:05:20,134 let's deal with the slow cock attacks now 1049 01:05:20,134 --> 01:05:21,114 and talk about Stoic's book. 1050 01:05:21,114 --> 01:05:22,754 I think like, this is a messy issue. 1051 01:05:22,814 --> 01:05:24,254 It's going to be a messy issue no matter what. 1052 01:05:24,554 --> 01:05:26,674 Let's just mash the two messy issues together, 1053 01:05:26,674 --> 01:05:27,934 and let's just deal with it all at once. 1054 01:05:28,054 --> 01:05:29,014 I think that would be better 1055 01:05:29,014 --> 01:05:32,154 than having two very controversial forks 1056 01:05:32,154 --> 01:05:34,114 that potentially have an equal chance 1057 01:05:34,114 --> 01:05:36,174 of splitting the community and the network. 1058 01:05:36,854 --> 01:05:38,174 Yeah, that's something I totally agree with. 1059 01:05:38,254 --> 01:05:40,214 Like we may as well get all the mess out of the way now, 1060 01:05:40,674 --> 01:05:41,714 do one upgrade. 1061 01:05:42,914 --> 01:05:45,314 So you were saying that, was it 2033, 1062 01:05:45,534 --> 01:05:47,934 you were 50-50 on whether a quantum computer 1063 01:05:47,934 --> 01:05:50,174 will be able to break ECDSA. 1064 01:05:50,374 --> 01:05:50,514 Yeah. 1065 01:05:50,614 --> 01:05:51,754 So if that's the case, 1066 01:05:51,994 --> 01:05:54,074 how quickly do we need to implement a change to it? 1067 01:05:54,274 --> 01:05:55,594 Like, and again, in this scenario, 1068 01:05:55,594 --> 01:05:57,914 let's assume they can do the mempool attack. 1069 01:05:58,874 --> 01:06:00,654 How quickly do we need to implement a change 1070 01:06:00,654 --> 01:06:01,894 so enough people can move 1071 01:06:01,894 --> 01:06:04,234 or everyone can move to quantum resistant signatures? 1072 01:06:04,934 --> 01:06:06,734 Okay, so my answer would be, 1073 01:06:06,874 --> 01:06:07,454 even if, you know, 1074 01:06:07,554 --> 01:06:09,314 my answer would be we should start as soon as possible 1075 01:06:09,314 --> 01:06:10,314 and move as quickly as possible 1076 01:06:10,314 --> 01:06:12,274 because my estimate is 1077 01:06:12,274 --> 01:06:14,114 there's plenty of uncertainty to it, right? 1078 01:06:14,194 --> 01:06:15,414 So this is an estimate. 1079 01:06:15,934 --> 01:06:17,354 This is estimate has uncertainty. 1080 01:06:17,574 --> 01:06:18,034 So we should still, 1081 01:06:18,374 --> 01:06:19,794 nothing about that changes. 1082 01:06:20,134 --> 01:06:23,634 So, but how long would it practically take? 1083 01:06:23,634 --> 01:06:25,574 let's just say 2033. 1084 01:06:25,794 --> 01:06:27,294 So let's say we wanted to get in before that. 1085 01:06:27,974 --> 01:06:29,174 I mean, look, I think if we, 1086 01:06:29,334 --> 01:06:31,354 if first off coming to consensus 1087 01:06:31,354 --> 01:06:32,274 that this is a problem, 1088 01:06:32,594 --> 01:06:34,514 which quite frankly has only happened 1089 01:06:34,514 --> 01:06:35,454 in the last couple of weeks, 1090 01:06:35,874 --> 01:06:36,794 I think there have been like, 1091 01:06:36,994 --> 01:06:38,334 and you highlighted Bit360. 1092 01:06:38,914 --> 01:06:40,714 Look, I think the team's done great work there, 1093 01:06:40,814 --> 01:06:42,474 but by and large, 1094 01:06:42,474 --> 01:06:45,474 it was kind of an isolation for a long time. 1095 01:06:45,754 --> 01:06:48,334 And the broad view of many, 1096 01:06:49,054 --> 01:06:50,474 you know, core developers of Bitcoin 1097 01:06:50,474 --> 01:06:52,614 was that this is not a top priority, right? 1098 01:06:52,614 --> 01:06:57,794 And so I think first, probably it's going to take six months to converge around this is actually a problem. 1099 01:06:58,574 --> 01:07:04,314 And then I think, you know, implementing and doing research and getting to a suite of algorithms that we could potentially deploy and then test. 1100 01:07:04,814 --> 01:07:06,314 And that's probably going to be a couple of years. 1101 01:07:06,654 --> 01:07:11,354 Right. And then, by the way, Bitcoin does not exist in isolation. 1102 01:07:11,614 --> 01:07:14,074 You have a wallet. This wallet must support this new cryptography. 1103 01:07:14,394 --> 01:07:16,814 Theoretically, if you want to buy it, that's got to be supported on Coinbase. 1104 01:07:17,274 --> 01:07:21,554 There's all of these things like only at that point can they all start upgrading. 1105 01:07:21,554 --> 01:07:23,414 and then when that's all done, 1106 01:07:23,794 --> 01:07:25,194 let's just say you've got a multisig 1107 01:07:25,194 --> 01:07:25,974 and your keys exposed. 1108 01:07:26,254 --> 01:07:27,234 At the end of all that, 1109 01:07:27,374 --> 01:07:29,534 can you send the UTXO to yourself 1110 01:07:29,534 --> 01:07:31,194 to your new quantum secure multisig, right? 1111 01:07:31,454 --> 01:07:33,054 So look, I think that's seven years. 1112 01:07:33,414 --> 01:07:33,994 What did I say? 1113 01:07:34,074 --> 01:07:34,554 2033? 1114 01:07:35,194 --> 01:07:36,494 Well, maybe just make it, right? 1115 01:07:37,994 --> 01:07:39,834 Look, maybe, obviously, 1116 01:07:40,014 --> 01:07:41,714 both of these things are uncertain timelines, 1117 01:07:41,854 --> 01:07:43,114 quantum computer and migration, 1118 01:07:43,214 --> 01:07:44,114 but let's take an example 1119 01:07:44,114 --> 01:07:45,474 from Bitcoin's history, recent history. 1120 01:07:45,874 --> 01:07:46,174 Taproot. 1121 01:07:46,674 --> 01:07:48,054 So Taproot was implemented 1122 01:07:48,054 --> 01:07:49,014 over the course of around, 1123 01:07:49,094 --> 01:07:50,714 I think, four years, right? 1124 01:07:50,714 --> 01:07:54,714 And by the way, widespread consensus that it was a good upgrade. 1125 01:07:55,154 --> 01:07:56,974 So there was like no argument. 1126 01:07:57,114 --> 01:08:01,414 And there were some, but I mean, there was like relatively few arguments around like we shouldn't have it. 1127 01:08:02,234 --> 01:08:02,894 And even in that. 1128 01:08:03,134 --> 01:08:04,954 Before Taproot, not necessarily post Taproot. 1129 01:08:05,334 --> 01:08:05,774 Yeah, yeah. 1130 01:08:06,274 --> 01:08:06,874 Fair enough. 1131 01:08:06,954 --> 01:08:07,074 Yeah. 1132 01:08:08,734 --> 01:08:09,094 Yeah. 1133 01:08:09,134 --> 01:08:13,094 And even probably during Taproot, I'm sure if, you know, Peter Willow were here, he'd be like, oh, that's not how it went down. 1134 01:08:13,194 --> 01:08:27,773 But you know anyway I think on the spectrum of changes to Bitcoin it was relatively non Certainly I think less controversial than this will be And so I think I don know just pick your multiplier on that Is 2x too much Is 1 1135 01:08:28,093 --> 01:08:28,593 Yeah, I don't know. 1136 01:08:28,653 --> 01:08:33,213 So to me, like the five to seven years probably feels right. 1137 01:08:33,454 --> 01:08:34,954 Maybe five years is aggressive. 1138 01:08:35,213 --> 01:08:35,913 Seven is conservative. 1139 01:08:36,393 --> 01:08:39,673 Again, if you think 2033 is the day, that means it's got to start now. 1140 01:08:40,633 --> 01:08:43,473 But it's not even just a change, you know, like block space is scarce. 1141 01:08:43,473 --> 01:08:45,853 Will people be able to move their Bitcoin in that time? 1142 01:08:45,853 --> 01:09:06,693 Yeah. So actually, we've done some research around this. I mean, if you shut down the Bitcoin network for everything except for migration transactions, it would take just based on the number of UTXOs and the block time and the block size on the order of 75 to 100 days to migrate everything. 1143 01:09:06,693 --> 01:09:10,193 Now, of course, maybe you're not going to shut down the whole blockchain. 1144 01:09:10,193 --> 01:09:16,193 Maybe you're just going to reduce it to, you know, you're going to limit it to 10% of all transactions or migration transactions. 1145 01:09:16,454 --> 01:09:18,113 And that gives you a year. Right. 1146 01:09:18,113 --> 01:09:21,533 So, you know, that we have to account for that. Right. 1147 01:09:21,533 --> 01:09:24,413 We have to give people time to migrate. So probably a year is minimum. 1148 01:09:24,413 --> 01:09:26,753 I mean, you're not going to shut down the whole blockchain, I don't think. 1149 01:09:27,933 --> 01:09:29,633 But, you know, maybe you could in an emergency. 1150 01:09:29,633 --> 01:09:35,173 I don't know. But yeah, broadly speaking, I think a year a year is probably a good planning factor to give people enough time. 1151 01:09:35,173 --> 01:09:37,653 I mean, miners are going to be very happy. 1152 01:09:38,334 --> 01:09:38,933 Oh, yeah. 1153 01:09:39,153 --> 01:09:40,953 Think about the fees you're willing to pay, right? 1154 01:09:41,334 --> 01:09:42,533 Yeah, exactly. 1155 01:09:43,173 --> 01:09:43,773 Think about the fee. 1156 01:09:44,693 --> 01:09:45,673 Miners are going to be happy, 1157 01:09:45,773 --> 01:09:46,953 especially if there's a quantum computer 1158 01:09:46,953 --> 01:09:47,753 lurking in the corner. 1159 01:09:48,073 --> 01:09:48,973 Because think about the fees 1160 01:09:48,973 --> 01:09:49,773 you're willing to pay then. 1161 01:09:50,113 --> 01:09:51,553 You're like, oh, I got to make sure 1162 01:09:51,553 --> 01:09:52,834 my transaction gets through 1163 01:09:52,834 --> 01:09:53,993 and the quantum computer is like, 1164 01:09:54,073 --> 01:09:55,213 I'm going to front run it. 1165 01:09:55,793 --> 01:09:56,993 And so then the miners are going to be like, 1166 01:09:57,053 --> 01:09:58,253 yes, pay me the fee. 1167 01:09:58,373 --> 01:09:59,533 I guess until then they get hacked 1168 01:09:59,533 --> 01:10:00,293 by the quantum computer 1169 01:10:00,293 --> 01:10:00,953 and then they're screwed. 1170 01:10:01,073 --> 01:10:01,834 But, you know, I don't know. 1171 01:10:02,893 --> 01:10:04,773 That's when all the miners 1172 01:10:04,773 --> 01:10:06,353 that have moved to AI come back to Bitcoin. 1173 01:10:07,413 --> 01:10:09,773 But it's going to be a real mess. 1174 01:10:10,033 --> 01:10:12,993 I think I'm maybe still skeptical 1175 01:10:12,993 --> 01:10:14,973 on sort of those really short timelines, 1176 01:10:15,173 --> 01:10:16,933 but I'm very willing to accept 1177 01:10:16,933 --> 01:10:18,233 that this is probably an issue 1178 01:10:18,233 --> 01:10:19,533 we are going to have to deal with in the future. 1179 01:10:20,033 --> 01:10:22,093 And I think I agree with you 1180 01:10:22,093 --> 01:10:23,933 that probably more work needs to be done. 1181 01:10:24,013 --> 01:10:25,253 Although I do think there's some 1182 01:10:25,253 --> 01:10:26,793 interesting stuff happening there. 1183 01:10:26,893 --> 01:10:28,513 And I think I also believe that, 1184 01:10:28,653 --> 01:10:30,013 like you said, 1185 01:10:30,053 --> 01:10:31,633 this is becoming more of an issue 1186 01:10:31,633 --> 01:10:32,893 amongst the sort of developer community. 1187 01:10:32,893 --> 01:10:33,834 I think it's going to accelerate. 1188 01:10:34,773 --> 01:10:36,153 It's going to be interesting, man. 1189 01:10:36,773 --> 01:10:36,973 Yeah. 1190 01:10:37,153 --> 01:10:40,113 And I think it's, I mean, we'll end on an optimistic note. 1191 01:10:40,693 --> 01:10:43,133 There's no reason why Bitcoin can't lead the charge here. 1192 01:10:43,433 --> 01:10:44,153 No reason at all. 1193 01:10:44,373 --> 01:10:48,213 I mean, Bitcoin is a financial innovation unlike almost any that's ever existed. 1194 01:10:48,933 --> 01:10:52,433 It is compared to most uses of cryptography. 1195 01:10:52,553 --> 01:10:57,693 I think this is how, you know, one of the most important deployments of cryptography in the world. 1196 01:10:58,153 --> 01:11:02,213 And it's been maintained by an open source community of developers throughout its entire life. 1197 01:11:02,213 --> 01:11:04,453 The founder was totally anonymous, right? 1198 01:11:04,453 --> 01:11:05,433 We don't even know who they are. 1199 01:11:06,334 --> 01:11:08,273 And it's look at look at us now, right? 1200 01:11:08,593 --> 01:11:11,353 The ETFs are issued on this trillions in market cap. 1201 01:11:11,993 --> 01:11:18,834 No reason why Bitcoin can't continue to be, you know, effectively the torch in the darkness 1202 01:11:18,834 --> 01:11:26,713 showing how a decentralized open source community can affect a very complex cryptographic migration. 1203 01:11:26,953 --> 01:11:27,773 All it takes is will. 1204 01:11:28,273 --> 01:11:29,373 All it takes is awareness. 1205 01:11:29,373 --> 01:11:34,573 and I think the last thing I would say new to your listeners is don't be bystanders. 1206 01:11:35,133 --> 01:11:37,493 Be advocates for what you think is right. 1207 01:11:37,573 --> 01:11:38,413 You've heard two views. 1208 01:11:38,513 --> 01:11:42,033 You've heard multiple views on this show around whether this is a near-term threat or a long-term threat. 1209 01:11:42,413 --> 01:11:43,413 I think be involved. 1210 01:11:43,533 --> 01:11:44,073 Be an advocate. 1211 01:11:44,293 --> 01:11:50,813 I think one of the biggest risks that I see potentially affecting Bitcoin in the face of the quantum threat 1212 01:11:50,813 --> 01:11:52,433 is not so much the quantum computer itself. 1213 01:11:52,693 --> 01:11:55,733 It's the apathy, the reverse bystander effect. 1214 01:11:55,733 --> 01:11:59,133 I'm like, ah, well, some core developers I heard are working on it. 1215 01:11:59,233 --> 01:12:00,293 And so I'm good. 1216 01:12:00,973 --> 01:12:04,373 And look, I mean, ultimately, the strength of this network comes in our collective belief 1217 01:12:04,373 --> 01:12:05,093 in its longevity. 1218 01:12:05,393 --> 01:12:09,793 And that perversely is directly correlated to how much each person is willing to invest 1219 01:12:09,793 --> 01:12:10,813 in that, right? 1220 01:12:10,834 --> 01:12:16,793 And part of that investment is being involved, being informed, and advocating as a member 1221 01:12:16,793 --> 01:12:19,993 of this community, as a holder of Bitcoin, for what you think is right. 1222 01:12:21,093 --> 01:12:23,673 I think to me, that is the most important thing. 1223 01:12:23,673 --> 01:12:25,593 if people take away nothing else from this podcast, 1224 01:12:25,793 --> 01:12:27,153 that's what I would leave them with. 1225 01:12:28,113 --> 01:12:30,153 I mean, Alex, that would have been the perfect way to end the show, 1226 01:12:30,233 --> 01:12:31,453 but I have one more question for you. 1227 01:12:31,613 --> 01:12:32,313 All right, cheers. 1228 01:12:33,113 --> 01:12:36,033 Do we know that quantum-resistant signatures 1229 01:12:36,033 --> 01:12:37,993 will actually remain quantum-resistant? 1230 01:12:38,793 --> 01:12:39,033 No. 1231 01:12:39,373 --> 01:12:40,253 Short answer, no. 1232 01:12:41,773 --> 01:12:46,013 There are two categories of quantum-resistant signatures 1233 01:12:46,013 --> 01:12:49,493 that are standardized today, and standardized by that, 1234 01:12:49,573 --> 01:12:50,733 I mean standardized by NIST, 1235 01:12:50,933 --> 01:12:52,233 the National Institute of Standard Technology. 1236 01:12:52,233 --> 01:12:59,953 Broadly speaking, they're based on hash functions, which we believe are quite safe, or something 1237 01:12:59,953 --> 01:13:00,953 called lattices. 1238 01:13:00,953 --> 01:13:03,853 Lattices is a bit more speculative. 1239 01:13:03,853 --> 01:13:07,173 Everyone likes the hash functions because we already know they're probably going to be 1240 01:13:07,173 --> 01:13:08,834 safe in a quantum world. 1241 01:13:08,834 --> 01:13:13,493 The main challenge there is their size and performance. 1242 01:13:13,493 --> 01:13:14,493 So a lot of effort. 1243 01:13:14,493 --> 01:13:17,913 In fact, Blockstream Research and Jonas Nick have published some work called Shrinks and 1244 01:13:17,913 --> 01:13:23,293 shrimps, which attempts to address the size issue by making these signatures effectively 1245 01:13:23,293 --> 01:13:24,293 limited use. 1246 01:13:24,293 --> 01:13:29,594 So you can only sign a million times instead of effectively infinite times. 1247 01:13:29,594 --> 01:13:32,973 And you know that there's optimizations like that that are interesting to explore. 1248 01:13:32,973 --> 01:13:33,973 It does change. 1249 01:13:33,973 --> 01:13:37,913 I mean, it is still different than the way that signatures work today, because if you 1250 01:13:37,913 --> 01:13:45,233 re importantly, if you reuse, you know, the same nonce in the signing process, you leak 1251 01:13:45,233 --> 01:13:49,153 your public key or you leak your private key and then anyone can steal your bitcoin not just the 1252 01:13:49,153 --> 01:13:54,094 quantum computer anyone and so you know there's things like that that have to be considered on 1253 01:13:54,094 --> 01:13:59,693 the lattice side lattices are what broadly speaking the internet is going to so ml chem 1254 01:13:59,693 --> 01:14:05,733 which is not signatures it's key exchange for tls connections ml chem is using a lattice based 1255 01:14:05,733 --> 01:14:10,513 it's a lattice based key exchange mechanism and that's what nist has said to like google and 1256 01:14:10,513 --> 01:14:16,173 Cloudflare and banks, hey, this is your primary algorithm because of its performance characteristics. 1257 01:14:16,893 --> 01:14:24,153 But look, I think broadly, we need to be prepared for a world where the cryptography continues to 1258 01:14:24,153 --> 01:14:33,613 be broken because there is no mathematical guarantee that the cryptography that we're 1259 01:14:33,613 --> 01:14:36,973 going to invent in the future, even though that based on hash functions, couldn't also be broken 1260 01:14:36,973 --> 01:14:42,153 in some way. And so I think this really calls for what's, I guess there's like the term in the 1261 01:14:42,153 --> 01:14:47,193 industry is crypto agility. Like people need to bake into the system, the fact that the crypto 1262 01:14:47,193 --> 01:14:52,133 that they're deploying may not live forever. And there needs to be ways in which to easily migrate 1263 01:14:52,133 --> 01:14:55,693 to new stuff. I mean, the quantum computing threat is just kind of the most in your face 1264 01:14:55,693 --> 01:15:01,133 version of this. It's like, everyone's got to move, but there's absolutely no guarantee that 1265 01:15:01,133 --> 01:15:04,793 a quantum computers can't turn out to break other things that we thought were secure or even 1266 01:15:04,793 --> 01:15:10,394 classical computers or by the way, AI that maybe leverages both quantum and classical 1267 01:15:10,394 --> 01:15:12,854 beaters comes up with new approaches that we had never seen coming. 1268 01:15:13,513 --> 01:15:15,094 So yeah. 1269 01:15:15,193 --> 01:15:19,213 And I guess like maybe one cool thing since I, you know, I gave my big speech and now 1270 01:15:19,213 --> 01:15:21,094 I've got to give people something else to end on. 1271 01:15:21,614 --> 01:15:25,233 What one cool thing to note about quantum is I think a lot of times, you know, the discourse 1272 01:15:25,233 --> 01:15:28,713 around it is really negative, but look, there's actually really cool stuff with cryptography 1273 01:15:28,713 --> 01:15:29,334 that you can do too. 1274 01:15:29,334 --> 01:15:33,253 because quantum physics is physical 1275 01:15:33,253 --> 01:15:35,594 and kind of like the most fundamental way that we know, 1276 01:15:35,933 --> 01:15:39,894 you can leverage it to create new forms of cryptography 1277 01:15:39,894 --> 01:15:40,953 and encryption and various things. 1278 01:15:41,013 --> 01:15:42,013 Like one cool thing, 1279 01:15:42,053 --> 01:15:43,253 it's like a theory from several, 1280 01:15:43,374 --> 01:15:44,653 many years ago that's been refined, 1281 01:15:44,733 --> 01:15:45,733 but just in simple terms, 1282 01:15:45,733 --> 01:15:48,354 you can share key material 1283 01:15:48,354 --> 01:15:51,813 by entangling effectively quantum particles. 1284 01:15:52,633 --> 01:15:54,693 And that sharing of key material 1285 01:15:54,693 --> 01:15:57,374 happens not on a classical channel, right? 1286 01:15:57,374 --> 01:15:58,834 So there's no possible way 1287 01:15:58,834 --> 01:16:01,973 that an adversary could intercept the transmission 1288 01:16:01,973 --> 01:16:02,834 because in effect, 1289 01:16:02,953 --> 01:16:05,733 it uses this weird quantum effective entanglement 1290 01:16:05,733 --> 01:16:08,773 such that like your side and my side 1291 01:16:08,773 --> 01:16:10,354 automatically are the same 1292 01:16:10,354 --> 01:16:11,753 no matter what I do to my side. 1293 01:16:12,173 --> 01:16:13,773 And that's amazing. 1294 01:16:13,993 --> 01:16:14,354 Like it's like, 1295 01:16:14,394 --> 01:16:16,453 it's something that's fundamentally new and cool 1296 01:16:16,453 --> 01:16:18,493 and could honestly be the foundation 1297 01:16:18,493 --> 01:16:20,173 for, you know, 1298 01:16:20,193 --> 01:16:21,253 how we use Bitcoin 1299 01:16:21,253 --> 01:16:22,993 or other forms of cryptography in the future. 1300 01:16:23,114 --> 01:16:23,753 And there's, and again, 1301 01:16:23,753 --> 01:16:24,673 this is just the surface. 1302 01:16:24,793 --> 01:16:25,913 We don't even know what's below that. 1303 01:16:25,973 --> 01:16:27,533 Maybe there's many, many other cool things 1304 01:16:27,533 --> 01:16:28,753 that we could do with quantum computing 1305 01:16:28,753 --> 01:16:31,253 that pushes forward the frontiers of cryptography 1306 01:16:31,253 --> 01:16:32,693 and Bitcoin as well. 1307 01:16:33,913 --> 01:16:34,573 Very cool. 1308 01:16:34,693 --> 01:16:35,713 Alex, I've really enjoyed this. 1309 01:16:35,813 --> 01:16:36,673 Thank you for coming on. 1310 01:16:37,793 --> 01:16:39,273 The next few years are going to be a mess 1311 01:16:39,273 --> 01:16:40,573 and I'm going to be here for the ride. 1312 01:16:40,973 --> 01:16:41,173 Yeah. 1313 01:16:41,573 --> 01:16:42,793 But yeah, I appreciate your time, man. 1314 01:16:43,394 --> 01:16:43,573 Cool. 1315 01:16:43,673 --> 01:16:44,413 Thank you very much. 1316 01:16:44,633 --> 01:16:45,533 Yeah, appreciate being here. 1317 01:16:45,653 --> 01:16:45,913 Thanks a lot for the idea. 1318 01:16:45,913 --> 01:16:47,153 Actually, Alex, before we close out, 1319 01:16:47,233 --> 01:16:49,533 where do you want anyone to go to follow you or your work? 1320 01:16:50,233 --> 01:16:50,594 Yeah. 1321 01:16:50,973 --> 01:16:53,613 If you want to yell at me for my views on quantum computing, 1322 01:16:53,613 --> 01:16:58,073 you can find me at apruden08 on X. 1323 01:16:58,073 --> 01:16:59,533 I spend most of my time there. 1324 01:17:00,713 --> 01:17:04,233 And also Project 11, if you want to check out the risk list, 1325 01:17:04,313 --> 01:17:06,594 or we've written a bunch of blog posts about various things 1326 01:17:06,594 --> 01:17:12,753 related to this topic, Project11, spelled out, E-L-E-V-E-N.com. 1327 01:17:13,293 --> 01:17:15,953 That's where you can find more info about what we do. 1328 01:17:17,153 --> 01:17:19,073 Awesome. Thank you for the time, man. It's been great. 1329 01:17:19,673 --> 01:17:21,293 Yeah, this was a lot of fun. Really appreciate it. 1330 01:17:28,073 --> 01:17:58,053 Thank you.