1 00:00:00,000 --> 00:00:01,960 Brandon, welcome to the show, sir. 2 00:00:02,920 --> 00:00:04,040 Thanks. Good to see you, man. 3 00:00:05,180 --> 00:00:13,860 Good to see you. I'm very happy to get you on to talk about quantum, the risk, the perceived risk, the perceived reality. 4 00:00:14,280 --> 00:00:18,020 What is the reality? Maybe that's where we'll start. 5 00:00:18,020 --> 00:00:41,780 And I'll reiterate what I was saying right before I hit record, which is it's hard as somebody who's not a quantum physicist, is not a cryptographer to really get a grasp of what the true reality with advances at quantum computing are and specifically how they relate to Bitcoin's security in the short, medium and long term. 6 00:00:41,780 --> 00:00:49,480 and I've watched you on the front lines of sort of debating the merits of the advancements in 7 00:00:49,480 --> 00:00:53,740 quantum physics over the last year. I actually listened to your podcast that you did with 8 00:00:53,740 --> 00:01:00,840 Gwerdy last year. I thought that was really good and that helped me get a better understanding of 9 00:01:00,840 --> 00:01:06,500 your perspective. But I think starting with this question of how can you be confident 10 00:01:06,500 --> 00:01:08,580 on one side of the other? 11 00:01:08,820 --> 00:01:10,500 How can you be confident that it's not as 12 00:01:10,500 --> 00:01:12,220 big of a risk 13 00:01:12,220 --> 00:01:14,860 quantum computing as to Bitcoin today? 14 00:01:15,040 --> 00:01:15,780 And then conversely, 15 00:01:16,320 --> 00:01:17,340 why do you think 16 00:01:17,340 --> 00:01:20,520 people are saying we need to rush 17 00:01:20,520 --> 00:01:22,220 to become quantum resistant 18 00:01:22,220 --> 00:01:24,320 or as confident as they are right now? 19 00:01:26,020 --> 00:01:26,560 Yeah, I mean, I think 20 00:01:26,560 --> 00:01:28,580 the thing that gives me 21 00:01:28,580 --> 00:01:30,680 confidence, and I said on Guardian, 22 00:01:30,680 --> 00:01:32,180 I think I still stand by it. 23 00:01:33,100 --> 00:01:34,720 You know, I can't, I have an emotional 24 00:01:34,720 --> 00:01:36,100 confidence that we're 25 00:01:36,500 --> 00:01:41,080 50 to 100 to forever years from a quantum computer breaking a meaningful cryptographic system. 26 00:01:41,620 --> 00:01:44,200 But that's not scientific. That's a gut feeling. 27 00:01:44,880 --> 00:01:47,460 Looking more kind of in a scientific lens at it, 28 00:01:48,600 --> 00:01:53,960 we live in a world constrained by the reality of physically building things. 29 00:01:54,680 --> 00:01:57,120 And it's hard to physically build things. 30 00:01:57,120 --> 00:02:00,640 That doesn't make any particular physical building challenge impossible. 31 00:02:00,640 --> 00:02:13,380 But I think the quantum field is full of these, you know, call it if this is possible, then all we have to do is build it kind of perspectives. 32 00:02:13,800 --> 00:02:21,680 And they totally just deny the realities of the difficulty in building physical things that manipulate tiny subatomic particles. 33 00:02:22,000 --> 00:02:28,140 Or in the case of neutral atoms, you know, individual atoms being manipulated by laser tweezers, I think they're called, or optical tweezers. 34 00:02:28,140 --> 00:02:33,940 like these are incredibly difficult things to build and especially difficult to scale right 35 00:02:33,940 --> 00:02:39,220 let's say you can build the first optical tweezer and manipulate one atom okay now you want to build 36 00:02:39,220 --> 00:02:44,740 a grid of thousands of atoms and manipulate all of them with different tweezers at the same time 37 00:02:44,740 --> 00:02:50,440 think about how that that difficulty scales and and so maybe it's possible which is the thing i 38 00:02:50,440 --> 00:02:54,420 have to acknowledge when i'm being reasonable as opposed to emotional about this but the 39 00:02:54,420 --> 00:02:58,740 difficulties are dramatically underplayed. And that's what the evidence shows. I think that's 40 00:02:58,740 --> 00:03:03,880 what people kind of don't acknowledge as the reality. When they look at quantum, they're like, 41 00:03:04,280 --> 00:03:09,240 oh, all we have to do now is scale it up. But we've been working on quantum as a 42 00:03:09,240 --> 00:03:16,260 colony species for 40 years or something, as long as I've been alive. And every time they go to scale 43 00:03:16,260 --> 00:03:21,140 it up, they hit new difficulties that they weren't expecting. That's the evidence we have, 44 00:03:21,140 --> 00:03:24,060 is that it's been over and over and over and over for decades 45 00:03:24,060 --> 00:03:25,940 that scaling up is hard. 46 00:03:26,300 --> 00:03:27,600 That doesn't mean it's impossible, 47 00:03:28,120 --> 00:03:30,160 but the hardness is what gives me that confidence, 48 00:03:30,360 --> 00:03:34,660 is that based on the evidence we have seen for decades, 49 00:03:34,800 --> 00:03:36,300 repeatedly and consistently, 50 00:03:36,960 --> 00:03:38,720 they may find a way to scale it up, 51 00:03:38,720 --> 00:03:40,320 but it's going to be clawed out 52 00:03:40,320 --> 00:03:42,740 by individual small improvements 53 00:03:42,740 --> 00:03:44,660 over years and years and years. 54 00:03:45,200 --> 00:03:45,940 And at some point, 55 00:03:46,020 --> 00:03:48,240 they might hit on a technology that will work. 56 00:03:48,680 --> 00:03:49,480 And when they do, 57 00:03:49,480 --> 00:03:57,380 we'll see that technology go from five logical qubits in coherence for a while to 10 in coherence 58 00:03:57,380 --> 00:04:02,680 for a similar length of time to 20 to 40, et cetera. We'll see doublings, like we saw with 59 00:04:02,680 --> 00:04:07,960 transistors, of the same technology progressing through a scaling roadmap. And then we'll be able 60 00:04:07,960 --> 00:04:15,120 to say, oh, now it's doubled three times. It took 2.5 years each time to double the number of logical 61 00:04:15,120 --> 00:04:20,840 qubits in this technology. Okay. So at that rate, we'll get to a cryptographically relevant computer 62 00:04:20,840 --> 00:04:27,260 in Y years. But until we see a roadmap like that, that's the successful scaling in one technology, 63 00:04:27,480 --> 00:04:31,680 the evidence is it's going to be just hard fought, tiny wins, new technologies. 64 00:04:32,280 --> 00:04:36,080 And there's just no evidence that it's going to come anytime in the next decade or really any 65 00:04:36,080 --> 00:04:41,640 time in the next 20 years. So that's where my confidence comes from. On the flip side, 66 00:04:41,640 --> 00:04:45,660 can you ask the other side of the question too? I think the other side gets their confidence from 67 00:04:45,660 --> 00:04:54,180 the, let's say the impressiveness of the wins they do get. These are incredibly difficult, 68 00:04:54,740 --> 00:05:01,460 mathematically challenging algorithms and designs. And the folks working on them are some of the 69 00:05:01,460 --> 00:05:07,780 most brilliant people in the world. And they go through the fundamental physics of our world. 70 00:05:07,780 --> 00:05:10,220 They go down to the very smallest subatomic particles. 71 00:05:10,380 --> 00:05:11,900 They figure out how things work. 72 00:05:12,740 --> 00:05:25,280 And then they say, oh, my God, I figured out that we can do this in this easier way or in this faster way or this new method of manipulating subatomic particles. 73 00:05:25,820 --> 00:05:28,620 And those discoveries are absolutely amazing. 74 00:05:28,620 --> 00:05:32,360 And they're the cutting edge of humans understanding our own world. 75 00:05:32,500 --> 00:05:34,840 Like there's nothing more impressive than that. 76 00:05:35,520 --> 00:05:40,560 And so it's a reality that these are the most brilliant people doing incredible work to understand our world. 77 00:05:40,980 --> 00:05:43,140 And people get really excited about that. 78 00:05:44,300 --> 00:05:48,740 And so that's where they get their confidence is that the most brilliant people are working on that problem. 79 00:05:48,920 --> 00:05:50,460 But that doesn't change. 80 00:05:50,580 --> 00:05:57,600 Like there's still this separation between it's probably literally possible, which is their perspective. 81 00:05:57,680 --> 00:05:58,300 I don't think it is. 82 00:05:58,380 --> 00:06:01,120 But in their world, it's probably possible. 83 00:06:01,120 --> 00:06:05,360 and these fundamental understandings of the universe give them confidence that it's going 84 00:06:05,360 --> 00:06:14,600 to be solved in the real world in physical devices. And that's the, so the way I understand it, 85 00:06:14,720 --> 00:06:20,040 let me know if I'm wrong. Cause I did see you retweet my understanding of it the other day, 86 00:06:20,040 --> 00:06:26,840 which is like, Hey, I think it's very obvious that in the theoretical realm of like, what is 87 00:06:26,840 --> 00:06:33,240 possible. They are making advancements. And the biggest chasm that exists in reality, 88 00:06:33,240 --> 00:06:38,640 which I think you just described, but trying to distill it down for an ELI-5 for people listening, 89 00:06:39,320 --> 00:06:42,440 is that yes, we're making these theoretical advancements of what we can do. 90 00:06:43,620 --> 00:06:47,260 However, there is a chasm between what we can do and the physical reality of 91 00:06:47,260 --> 00:06:54,540 building machines that can actually sustain an uptime and persistence to make that theoretical 92 00:06:54,540 --> 00:07:02,940 advancement a applicable reality yeah exactly and i think that in quantum there's this like extra 93 00:07:02,940 --> 00:07:11,840 well there's extra detail to it which is um it's often possible to build call it the toy example 94 00:07:11,840 --> 00:07:16,140 of something where you know that we've seen super connecting qubits we've seen neutral atom qubits 95 00:07:16,140 --> 00:07:20,720 we've seen uh shooting the other technology that's kind of commonly pushed right now but there's a 96 00:07:20,720 --> 00:07:25,040 bunch of different technologies that where they've built a built a few useful qubits and done 97 00:07:25,040 --> 00:07:31,520 something interesting with it um but again the the specific thing that happens is is that taking that 98 00:07:31,520 --> 00:07:36,500 and going to the next step and building twice as many qubits or four times as many qubits and and 99 00:07:36,500 --> 00:07:41,660 they keep running into problems there um so so that i think that's also where they get their 100 00:07:41,660 --> 00:07:48,080 confidence is oh we built that thing the physics described it we built it but then they tried to 101 00:07:48,080 --> 00:07:52,300 build a slightly bigger one and they hit a brick wall. And we even saw like the way these things 102 00:07:52,300 --> 00:07:58,780 are published, the Majorana paper from Microsoft kind of glossed over that. And when you dig deeper, 103 00:07:59,120 --> 00:08:03,960 the physical device that they were publishing about had a single, I think a single physical 104 00:08:03,960 --> 00:08:08,360 qubit or something of that, like tiny, tiny nature. It's like, oh, they built the first 105 00:08:08,360 --> 00:08:13,440 qubit of this type. That's the tech I wanted to mention, using a Majorana particle. Okay, 106 00:08:13,780 --> 00:08:14,540 Super cool. 107 00:08:14,720 --> 00:08:16,340 You got one bit of that. 108 00:08:16,680 --> 00:08:18,080 Now, what happens when you try to scale up? 109 00:08:18,120 --> 00:08:24,400 And why has it now been almost a year since that result with no one building a two-Majorana qubit device? 110 00:08:24,540 --> 00:08:25,480 Like, what's the deal? 111 00:08:27,540 --> 00:08:38,420 Well, I think this is an important detail to dive into, too, is the difference between a logical qubit and a physical qubit and the relationship between the two. 112 00:08:38,420 --> 00:08:43,380 Because from what I understand, logical comes down to the math and what you can do. 113 00:08:43,480 --> 00:08:49,380 And then physical is like, all right, how do you organize all that and make it a computer, an operating software, whatever it may be? 114 00:08:50,780 --> 00:08:53,640 Yeah, you're right. 115 00:08:53,720 --> 00:09:03,320 And it's a complicated thing where depending what your physical underlying technology is, that affects the relationship between the physical and the logical qubit. 116 00:09:03,320 --> 00:09:08,640 So there's like different avenues of research happening in quantum. 117 00:09:08,840 --> 00:09:16,440 There's the mathematical research, which is assuming we have logical qubits mathematically, how do we apply that to solving real world problems? 118 00:09:16,540 --> 00:09:18,520 That's what Google published about this week, right? 119 00:09:18,520 --> 00:09:25,460 They published a paper that says, here's some new mathematics we could apply to running Shor's algorithm on logical qubits. 120 00:09:25,460 --> 00:09:30,360 that makes it take fewer logical qubits to execute Shor's algorithm. 121 00:09:30,360 --> 00:09:33,400 And in this case, also fewer steps of computation. 122 00:09:34,920 --> 00:09:37,360 That's the math side, but that all runs on logical qubits. 123 00:09:37,960 --> 00:09:41,840 And then the question is, how do you organize some physical device 124 00:09:41,840 --> 00:09:44,420 into logical qubits on which you can run math? 125 00:09:44,760 --> 00:09:46,680 And that's where the physical qubits come in. 126 00:09:47,240 --> 00:09:50,140 So the other paper that came out this week on neutral atoms 127 00:09:50,140 --> 00:09:55,820 was a new way of error correcting physical qubits 128 00:09:55,820 --> 00:09:57,980 to make useful mathematical logical qubits. 129 00:09:58,680 --> 00:10:03,360 They, within the context of this neutral atoms architecture 130 00:10:03,360 --> 00:10:05,740 that uses the optical tweezers to move atoms around, 131 00:10:06,100 --> 00:10:08,620 because they can physically move the qubits around, 132 00:10:08,720 --> 00:10:11,820 they can grab a physical atom that's a qubit 133 00:10:11,820 --> 00:10:13,980 and has been entangled in some way with some other qubits 134 00:10:13,980 --> 00:10:16,720 and they can move it to another part of the chip or the device. 135 00:10:17,420 --> 00:10:19,160 That's the cool thing about it. 136 00:10:20,000 --> 00:10:22,720 Because of that, they can do what's called non-local error correction. 137 00:10:23,480 --> 00:10:28,700 And the theory described in this paper is that because they can do non-local error correction, 138 00:10:28,820 --> 00:10:31,240 because the physical qubits can be moved by optical tweezers, 139 00:10:31,580 --> 00:10:34,640 they can do what they call high-rate error correction, 140 00:10:35,240 --> 00:10:41,720 where rather than having to have a dedicated cluster of error correction qubits, call it, 141 00:10:42,080 --> 00:10:46,980 for each logical qubit, you've got a bunch of physical qubits error correcting each other to get one logical qubit. 142 00:10:46,980 --> 00:10:59,800 Instead, in this neutral atom architecture with the optical tweezers, they can, in theory, have one cluster of error-correcting qubits that corrects a whole bunch of active computing qubits. 143 00:11:00,440 --> 00:11:13,900 And that's why they got that remarkable result in the paper of basically, if this high-rate non-local error correction works, we can go down from 500,000 to 10,000 physical qubits needed to implement Shor's algorithm. 144 00:11:13,900 --> 00:11:22,540 And that's basically my summary of a lot of these quantum papers is if this thing that hasn't ever been done works, then we can do this easy thing. 145 00:11:23,200 --> 00:11:30,340 And that's yeah. So that's where the relationship is and how why you see these radically different relationships between number of physical qubits and logical. 146 00:11:30,700 --> 00:11:37,460 Because it depends dramatically on what types of error correction you can do on this physical architecture and whether those work. 147 00:11:38,340 --> 00:11:42,960 And you need to do the error correction because these physical qubits are beholden to entropy, right? 148 00:11:42,960 --> 00:11:44,680 Yeah, they're notoriously flaky. 149 00:11:45,600 --> 00:11:45,760 Yeah. 150 00:11:46,160 --> 00:11:53,340 And so that, like on the physical qubit side, like we're still trying to figure out a way how to make it so they don't deteriorate in real time. 151 00:11:53,880 --> 00:11:54,060 Right. 152 00:11:54,180 --> 00:12:04,280 And then also in this neutral atom architecture, again, because they can physically move qubits, they have in the paper, they accept that physical qubits will deteriorate. 153 00:12:04,280 --> 00:12:10,200 and they design a theoretical neutral atom quantum computer 154 00:12:10,200 --> 00:12:15,160 that has a reservoir of pre-coherent backup qubits 155 00:12:15,160 --> 00:12:16,700 that they can grab with the optical pleasers 156 00:12:16,700 --> 00:12:19,160 and stuff into the circuit to replace one that deteriorates. 157 00:12:20,220 --> 00:12:22,160 So exactly as you said, these physical qubits, 158 00:12:22,280 --> 00:12:23,820 they tend to break down. 159 00:12:24,640 --> 00:12:27,220 And so the big question is how do we stabilize them 160 00:12:27,220 --> 00:12:29,680 and make it so that we can kind of continue doing computation on them? 161 00:12:29,940 --> 00:12:32,980 And different researchers in different parts of the quantum field 162 00:12:32,980 --> 00:12:36,280 have different methods of kind of holding that shit together for longer. 163 00:12:37,320 --> 00:12:38,740 And how much energy does all that take? 164 00:12:40,620 --> 00:12:46,040 Yeah, I mean, that's the other big question that I think Bob McElworth and I were talking about on X this morning, right before this. 165 00:12:47,200 --> 00:12:54,500 You know, even if you linearly scale up the energy needed, it's still huge. 166 00:12:54,500 --> 00:12:57,160 He was saying it's something like 100 megawatts based on his calculations. 167 00:12:57,540 --> 00:12:59,700 You need to cram into whatever device. 168 00:12:59,700 --> 00:13:02,540 if you linearly scale up the energy needed per qubit 169 00:13:02,540 --> 00:13:03,960 based on current technologies. 170 00:13:04,760 --> 00:13:07,300 But my point that I think is a valid point, 171 00:13:07,360 --> 00:13:08,540 if you think about the complexity 172 00:13:08,540 --> 00:13:11,180 of moving around more and more qubits 173 00:13:11,180 --> 00:13:12,720 in the neutral atom architecture 174 00:13:12,720 --> 00:13:15,380 or in cooling more and more qubits, 175 00:13:15,540 --> 00:13:16,940 it's not going to be a linear scaling. 176 00:13:17,280 --> 00:13:19,100 And we've seen this even with classical computers 177 00:13:19,100 --> 00:13:22,020 that the more dense you make devices, 178 00:13:22,200 --> 00:13:24,200 the more leakage you have. 179 00:13:24,960 --> 00:13:27,720 And therefore the more energy it takes per bit 180 00:13:27,720 --> 00:13:28,900 to keep it cool. 181 00:13:28,900 --> 00:13:30,660 for supercomputer architecture. 182 00:13:31,720 --> 00:13:34,480 And so even, let's say, as linear, 183 00:13:35,020 --> 00:13:37,100 it's still a ton of energy to cram into a device. 184 00:13:37,400 --> 00:13:38,440 And if it's nonlinear, 185 00:13:39,040 --> 00:13:40,760 it may become completely intractable 186 00:13:40,760 --> 00:13:45,540 to power a device that can do meaningful quantum computing. 187 00:13:47,580 --> 00:13:48,060 Yeah. 188 00:13:48,880 --> 00:13:52,080 So, I mean, again, going back to the confidence 189 00:13:52,080 --> 00:13:57,320 of the other side, like, what do you think is driving? 190 00:13:57,320 --> 00:14:26,760 I guess the whole conversation as it pertains to Bitcoin is this perceived urgency that is being thrust on the developer community specifically to upgrade to a quantum-resistant cryptographic primitive that would secure private keys so that they wouldn't succumb to an attack via a quantum computer. 191 00:14:27,320 --> 00:14:41,780 And that that's been like the confounding, not confounding, but it's been sort of the thing that's really perturbed me is like that you have this very. 192 00:14:43,160 --> 00:14:45,360 Confident and. 193 00:14:48,360 --> 00:15:06,758 So what a manic I think manic is a good way to describe it a group of people are saying we need to fix this devs do something right now And it frustrating for two reasons Number one quantum has been thought about within Bitcoin since Satoshi was around 194 00:15:06,858 --> 00:15:07,838 I mean, he mentioned it. 195 00:15:08,918 --> 00:15:13,098 If you've been reading the mailing list and looking at some of the research being done, 196 00:15:13,098 --> 00:15:18,598 there are people trying to figure out, okay, if quantum computers do come, 197 00:15:18,818 --> 00:15:22,778 what's the best way to transition to a quantum-resistant address structure? 198 00:15:23,278 --> 00:15:29,958 And there are a ton of not only coordination issues, but standardization issues that exist. 199 00:15:30,138 --> 00:15:35,338 There's a ton of, for lack of a better term, tech debt that exists. 200 00:15:35,338 --> 00:15:47,118 Like if you are going to transition to a quantum resistant address structure that is going to disrupt a lot of the infrastructure that's been built today. 201 00:15:47,238 --> 00:15:51,798 So you talk about the Lightning Network, PSBTs, multisig, all this stuff. 202 00:15:51,798 --> 00:15:59,898 You need to think through how do we transition to this address structure without disrupting all that if possible. 203 00:16:00,078 --> 00:16:02,558 And if that is going to be disrupted, what do we do? 204 00:16:03,978 --> 00:16:09,058 And my biggest worry is that you rush a change. 205 00:16:10,118 --> 00:16:15,958 And it just not only disrupts all of that standardization, that infrastructure that's been built to date, 206 00:16:15,958 --> 00:16:34,078 but you haphazardly rush to a change that has been well thought through, well tested and leads to a bigger fallout in terms of disruption to the network than having done nothing because quantum potentially doesn't manifest on the timescale that these people are saying it well. 207 00:16:36,518 --> 00:16:38,378 Yeah, I mean, I think it's a legitimate risk. 208 00:16:38,598 --> 00:16:44,898 And frankly, it's why it's one of the reasons I try to stay on top of all of this, because we should be realistic here. 209 00:16:44,898 --> 00:16:48,738 the most likely outcome is that at some point, 210 00:16:49,478 --> 00:16:53,978 SecP256K1 or elliptic cryptography in general will fail. 211 00:16:54,398 --> 00:16:55,678 Like that's the most likely outcome. 212 00:16:56,398 --> 00:16:58,818 I don't think personally that it's quantum that's going to break it, 213 00:16:59,158 --> 00:17:01,598 but, you know, crypto systems have failed over the years. 214 00:17:01,698 --> 00:17:02,338 We've seen it. 215 00:17:03,878 --> 00:17:07,198 And it seems likely that at some point it will. 216 00:17:07,958 --> 00:17:10,998 So what do we do about that? 217 00:17:10,998 --> 00:17:27,718 And so I try to stay up on what the other kind of new cryptographic research is so that when there's something suitable for Bitcoin that can support all the infrastructure we have, wallets and Lightning and everything that you mentioned, we should actually add it to Bitcoin. 218 00:17:27,958 --> 00:17:32,078 And we should maybe even do that before there's a real threat so that people have options. 219 00:17:32,478 --> 00:17:33,138 And that's fine. 220 00:17:33,158 --> 00:17:33,578 That's good. 221 00:17:34,478 --> 00:17:38,558 There was a whole discussion on the mailing list about the benefits and downsides of having options. 222 00:17:38,558 --> 00:17:46,298 And I think Peter Wola is a bit concerned about people having options because there could be fighting over what the correct option to use is. 223 00:17:46,498 --> 00:17:54,918 I'm less concerned about that because we already have that essentially where some custodians use MPC that's kind of cross crypto. 224 00:17:55,238 --> 00:17:57,438 I think Coinbase does and others. 225 00:17:57,858 --> 00:17:59,958 But some custodians use on-chain multisig, right? 226 00:18:00,158 --> 00:18:00,538 That's fine. 227 00:18:01,158 --> 00:18:04,958 It's OK for different people to choose different tradeoffs and how they secure their coins. 228 00:18:05,698 --> 00:18:08,518 So yeah, if we have suitable cryptography, we should totally put it in Bitcoin. 229 00:18:09,178 --> 00:18:12,098 And there's a decent argument to say that we're getting very close to having something 230 00:18:12,098 --> 00:18:16,858 suitable to add, at least as a backup in the work that Jonas Nick and blockchain research 231 00:18:16,858 --> 00:18:18,078 and others are doing. 232 00:18:18,978 --> 00:18:24,878 So I'm not out here saying we shouldn't do anything about the potential break of SECB 233 00:18:24,878 --> 00:18:25,798 256K1. 234 00:18:26,438 --> 00:18:30,358 And I think that's where, kind of to your point, these confident, almost manic people 235 00:18:30,358 --> 00:18:33,738 in their quantum side are like, devs do something. 236 00:18:33,738 --> 00:18:35,718 well, the devs are doing something. 237 00:18:35,838 --> 00:18:38,938 Even people like me that don't believe in quantum at all 238 00:18:38,938 --> 00:18:42,038 are out there doing research and evaluating research 239 00:18:42,038 --> 00:18:45,238 on what we could use as another crypto system for Bitcoin 240 00:18:45,238 --> 00:18:47,138 and to chill out, I guess. 241 00:18:48,558 --> 00:18:49,558 Well, it's not only that. 242 00:18:49,718 --> 00:18:53,338 It's like they're treating Bitcoin Core 243 00:18:53,338 --> 00:18:55,338 like any Bitcoin developer is a monolith. 244 00:18:55,578 --> 00:18:56,438 Like, go do something. 245 00:18:56,538 --> 00:18:59,378 And it's like, well, there's only so many people 246 00:18:59,378 --> 00:19:02,478 who are qualified to understand quantum physics 247 00:19:02,478 --> 00:19:09,758 and the cryptography sec p 256 k1 like that's like a very niche part of like the bitcoin 248 00:19:10,878 --> 00:19:14,398 development process like obviously you have the p2p layer you have the wallet layer you have the 249 00:19:14,398 --> 00:19:21,838 gui you have many different facets of of the protocol that make up bitcoin and like finger 250 00:19:21,838 --> 00:19:25,278 wagging at the whole dev community like do something it's like well not everybody within 251 00:19:25,278 --> 00:19:29,278 the developer community is going to be able to do anything about this because they're not 252 00:19:29,278 --> 00:19:38,238 like their core competency isn't the cryptography and taking it further like making the cryptography 253 00:19:38,238 --> 00:19:43,578 quantum resistant like there's very few people that are equipped to work on this particular 254 00:19:43,578 --> 00:19:48,698 problem and to your point and what i've been saying for the last six months since this has 255 00:19:48,698 --> 00:19:55,318 become a huge meme is like the people who are um equipped and able to do this work or seem to be 256 00:19:55,318 --> 00:20:02,018 working on it maybe it's not the pace that you want but you can't pull out a whip and make them 257 00:20:02,018 --> 00:20:10,198 work faster nor would you want to like yeah there's a great post uh stew stew txo out there uh but 258 00:20:10,198 --> 00:20:17,478 there's other like since since this post it was in december uh there have been five new uh post 259 00:20:17,478 --> 00:20:22,038 quantum cryptographic algorithms published and zero new numbers factored by an actual quantum 260 00:20:22,038 --> 00:20:26,158 computer. And I just thought that was, that was so great. It's like, so, so really we're, 261 00:20:26,358 --> 00:20:31,258 we're upset about the rate of progress when month to month to month, we're seeing new algorithms 262 00:20:31,258 --> 00:20:34,818 that are kind of progressing the state of the art for post-quantum cryptography in Bitcoin 263 00:20:34,818 --> 00:20:41,738 and no new physical quantum devices being built that run real algorithms that could maybe even 264 00:20:41,738 --> 00:20:45,738 someday break Bitcoin. Uh, no, I think the progress is at a, at a, at a good pace. We might 265 00:20:45,738 --> 00:20:51,858 even be over-investing if you, if you ask my honest opinion. Yeah. Well, I think I saw something 266 00:20:51,858 --> 00:20:55,898 yesterday where somebody was saying like you could do the factoring of these numbers by hand 267 00:20:55,898 --> 00:21:00,338 faster than the quantum computers could right now. Yeah, I checked with my six-year-old and 268 00:21:00,338 --> 00:21:05,078 I see seven now. Anyway, he can factor more numbers than a quantum computer for sure. 269 00:21:05,838 --> 00:21:11,378 I actually just set my six-year-old up with the synthesis math tutoring that app and he's 270 00:21:11,378 --> 00:21:14,598 been playing with it. So I actually did see him factor some numbers this morning that 271 00:21:14,598 --> 00:21:16,278 that were faster than a quantum computer. 272 00:21:18,518 --> 00:21:23,798 But again, so the Google paper specifically, 273 00:21:24,058 --> 00:21:26,918 I think it's another thing to touch on 274 00:21:26,918 --> 00:21:30,618 is the fact that they didn't actually release the results. 275 00:21:30,758 --> 00:21:32,138 They released the zero-knowledge proof 276 00:21:32,138 --> 00:21:35,838 that they had done something and said, 277 00:21:36,178 --> 00:21:37,258 basically framed as like, 278 00:21:37,318 --> 00:21:38,898 we didn't want to release the results of this 279 00:21:38,898 --> 00:21:41,818 because we don't want black hat quantum developers 280 00:21:41,818 --> 00:21:48,698 to get access to this and to go build a computer that disrupts the world. 281 00:21:48,698 --> 00:21:55,358 And then the advocates for this paper were saying, well, now this is the warning. 282 00:21:55,778 --> 00:21:58,598 They're not going to tell us the advancements that they're making 283 00:21:58,598 --> 00:22:01,318 because they're worried about releasing them to the public 284 00:22:01,318 --> 00:22:05,418 because it'll be used against us by nefarious actors. 285 00:22:06,518 --> 00:22:10,218 Is this a marketing scheme, a way to develop a budget, 286 00:22:10,218 --> 00:22:22,378 Or do you think there's some legitimacy here that the smartest people in the world working on this problem are truly worried that we're hitting an inflection point, a tipping point that could accelerate the progress being made within quantum computing? 287 00:22:24,318 --> 00:22:28,058 So it's it's a really interesting problem to think about. 288 00:22:28,438 --> 00:22:31,718 I had that moment of pause as well when I read the Google paper. 289 00:22:31,718 --> 00:22:40,398 um the thing about the google paper though is that there is no fundamental physical change 290 00:22:40,398 --> 00:22:46,258 that they're publishing like i said they published a mathematical change which reduces the number of 291 00:22:46,258 --> 00:22:50,978 sorry it reduces the complexity of the physical device you need to build in order to run this 292 00:22:50,978 --> 00:22:58,618 algorithm but no one actually made a more complex physical device so alex pruden who i'll be 293 00:22:58,618 --> 00:23:04,818 debating at Bitcoin++ in a couple of weeks, I think actually looked pretty cogently about this. 294 00:23:04,978 --> 00:23:08,538 Of the pro-quantum guys, he's one of the more pleasant to talk to. So I'm glad I'll be talking 295 00:23:08,538 --> 00:23:15,198 to him at Bitcoin++. And he was pointing out that let's say, right now we're at five-ish 296 00:23:15,198 --> 00:23:20,538 logical qubits have been demonstrated in a very short microsecond duration coherence. 297 00:23:21,218 --> 00:23:26,178 Okay. Well, what if through the mathematical improvements, we get to the point where it only 298 00:23:26,178 --> 00:23:34,558 It takes just 256 logical qubits in coherence for only five milliseconds in order to run 299 00:23:34,558 --> 00:23:39,578 Shor's algorithm on a Bitcoin private key or public key to get that private key. 300 00:23:40,138 --> 00:23:45,878 If they, on the mathematical side, compress the time and the number of qubits so much, 301 00:23:46,118 --> 00:23:50,598 then we could see a situation where it's very much in reach of the physical progress. 302 00:23:50,598 --> 00:24:02,978 So if physical progress is zero, but the mathematical progress is extreme, we could see it break kind of in that direction where the mathematical progress brings it down to the point where the physical guys have a very short step to take. 303 00:24:03,838 --> 00:24:04,918 And that's a great point. 304 00:24:05,418 --> 00:24:17,798 Now, that said, the Google paper puts us about six orders of magnitude away from the needed coherence time and about three orders of magnitude away in the number of qubits that need to be in a physical device. 305 00:24:17,798 --> 00:24:27,958 So I don't know how you want to look at those two different dimensions of orders of magnitude, but we're somewhere between six and nine orders of magnitude of improvement on the physical side away from implementing Google's paper. 306 00:24:28,658 --> 00:24:37,318 So we need to be really realistic that, yes, eventually the mathematical progress could bring it into reach of the physical, but we're still very far away from that. 307 00:24:38,258 --> 00:24:47,218 I guess that begs the question, what are the advancements from an order of magnitude perspective on the physical side been like in recent years? 308 00:24:47,798 --> 00:24:50,898 is that a big leap? 309 00:24:51,798 --> 00:24:53,498 It's obviously, it is, 310 00:24:53,678 --> 00:24:56,898 but have the advancements over the last 10 years, 311 00:24:57,378 --> 00:25:00,238 was it 100 orders of magnitude away? 312 00:25:00,498 --> 00:25:01,678 Five years ago, was it 1,000? 313 00:25:02,178 --> 00:25:04,098 And are we now getting to the point where 314 00:25:04,098 --> 00:25:06,818 six to nine may seem big, but it's not that big? 315 00:25:08,558 --> 00:25:09,498 We haven't. 316 00:25:09,498 --> 00:25:16,358 I mean, even the best kind of longest held stable devices 317 00:25:16,358 --> 00:25:20,238 have up to a couple thousand physical qubits, 318 00:25:20,238 --> 00:25:25,578 which is maybe a one or two orders of magnitude improvement 319 00:25:25,578 --> 00:25:26,878 in the last 10 years. 320 00:25:27,698 --> 00:25:30,918 But I hesitate to even say that 321 00:25:30,918 --> 00:25:33,118 because I think it paints it a little bit too rosily 322 00:25:33,118 --> 00:25:34,758 for the physical quantum guys, 323 00:25:35,418 --> 00:25:38,378 because the biggest improvements have come 324 00:25:38,378 --> 00:25:40,438 by implementing whole new architectures. 325 00:25:41,258 --> 00:25:42,958 And so there's no evidence right now 326 00:25:42,958 --> 00:25:44,458 that any single architecture 327 00:25:44,458 --> 00:25:47,598 can increase the number of physical qubits. 328 00:25:48,558 --> 00:25:55,058 And that's where I think the pro-quantum manic folks 329 00:25:55,058 --> 00:25:56,998 get way over their skis. 330 00:25:57,098 --> 00:25:58,998 They're like, all we have to do is scale up. 331 00:25:59,758 --> 00:26:02,498 But you can't just scale up 332 00:26:02,498 --> 00:26:04,738 when every scale up that you're doing so far 333 00:26:04,738 --> 00:26:06,558 for the last many decades has been 334 00:26:06,558 --> 00:26:09,098 because you developed a whole new architecture, right? 335 00:26:09,238 --> 00:26:10,338 You're like, you're just discovering 336 00:26:10,338 --> 00:26:11,718 a whole new sets of problem spaces 337 00:26:11,718 --> 00:26:13,618 because you're developing a whole new architecture still. 338 00:26:13,618 --> 00:26:19,398 And so I made it very clear in like, when would I start to think we need to take action in Bitcoin? 339 00:26:19,758 --> 00:26:30,418 And that's when we see a single quantum architecture increase the number of qubits you can hold in coherence for a longer time over several cycles, at least two. 340 00:26:30,418 --> 00:26:36,698 we need to start seeing a trend in one architecture scaling up and then maybe it becomes just a 341 00:26:36,698 --> 00:26:42,418 scaling problem where we just have to do the decades long industrialization to go order of 342 00:26:42,418 --> 00:26:46,778 magnitude order of magnitude order of magnitude now we need to start taking action but until you 343 00:26:46,778 --> 00:26:52,418 see that they're like oh okay maybe maybe this one is going to be the one but until there's evidence 344 00:26:52,418 --> 00:26:56,598 that it actually scales why would you take any action we don't have the evidence to say to justify 345 00:26:56,598 --> 00:27:04,078 action. Yeah. And that's where it gets very confusing. I think that's been the most 346 00:27:04,078 --> 00:27:12,298 disconcerting thing observing this over the last year as the narrative around the quantum threat 347 00:27:12,298 --> 00:27:18,818 to Bitcoin has hit the market. Again, I'm not a quantum physicist. I'm not a cryptographer. 348 00:27:18,818 --> 00:27:36,198 I know enough to understand, like I can explain, like a logical qubit does like the theoretical algorithm, the physical qubit sort of creates the space where that stuff is computed, for lack of a better term. 349 00:27:36,198 --> 00:27:41,438 And I understand that there is coordination on the physical side and energy needed. 350 00:27:41,438 --> 00:27:53,198 And it seems clear to me that it's not where it needs to be and not anywhere close to where it needs to be to effectively run this stuff persistently to wage the necessary attacks. 351 00:27:53,198 --> 00:27:59,158 But then again, going back to the confidence game and I hate to say like the sky is falling 352 00:27:59,158 --> 00:28:07,598 perspective that is very reminiscent of like climate change and things that I'm just using 353 00:28:07,598 --> 00:28:09,338 like PsyOp pattern recognition. 354 00:28:09,638 --> 00:28:10,778 And it feels like that to me. 355 00:28:10,818 --> 00:28:11,458 It could be wrong. 356 00:28:11,818 --> 00:28:12,878 Using heuristics here. 357 00:28:13,718 --> 00:28:18,578 Again, don't understand the math and not a physicist by any means. 358 00:28:18,678 --> 00:28:19,658 Study economics. 359 00:28:19,658 --> 00:28:26,898 but yeah I think that's the narrative side of things it's very very easy to socially attack 360 00:28:26,898 --> 00:28:32,078 people and it feels I'm not saying that I do believe the the other side is earnest in their 361 00:28:32,078 --> 00:28:37,198 beliefs and that that's like the interesting part of this whole discussion and observing it 362 00:28:37,198 --> 00:28:43,578 over the last year is like they're so ardent on their beliefs and people who are just skeptical 363 00:28:43,578 --> 00:28:48,438 like, hey, I believe that you're genuine, but I'm not seeing it. 364 00:28:48,718 --> 00:28:53,898 And there's this narrative leverage, this asymmetric leverage they have 365 00:28:53,898 --> 00:28:57,038 because they can project fear onto the market. 366 00:28:57,298 --> 00:29:01,058 And if you're not afraid, you're not doing enough and you're actually stupid. 367 00:29:02,058 --> 00:29:04,258 Yeah, I think it's the classic FUD game. 368 00:29:05,838 --> 00:29:08,058 And it does make it hard to distill. 369 00:29:08,058 --> 00:29:12,778 Again, I didn't want to be, I'm not a quantum physicist, by the way. 370 00:29:12,778 --> 00:29:17,138 I'm just a person with engineering background and with a lot of experience for many decades of reading research papers. 371 00:29:17,138 --> 00:29:28,138 So I come at it not as an expert in the particular field, but as someone experienced in reading papers and kind of understanding the real implications of what some new publication means. 372 00:29:29,538 --> 00:29:33,018 So, yeah. So I think one thing I want to say from what you were just saying is that. 373 00:29:33,018 --> 00:29:37,178 I recommend really that everyone go read the papers, 374 00:29:37,178 --> 00:29:42,178 because in many cases, the papers that underlie 375 00:29:42,178 --> 00:29:46,858 the big manic posts about quantum, the sky is falling, 376 00:29:46,858 --> 00:29:51,458 the papers are much more conservative in what they claim. 377 00:29:51,458 --> 00:30:08,836 Now this Google one is kind of an exception to that but I think that also a good way to gauge the progress in quantum computing is look at what the actual results in the papers are that justify these very high excitement posts in social media and in kind of science journalism let call it 378 00:30:09,316 --> 00:30:18,896 And what you'll find is that the real results being published in the academic papers are small, like little nuanced improvements in things. 379 00:30:19,876 --> 00:30:22,776 And again, this Google paper is kind of an exception to that. 380 00:30:22,816 --> 00:30:27,276 But the vast majority are, especially on the physical side, actually, I think exclusively 381 00:30:27,276 --> 00:30:30,696 that's true on the physical side, they're these small progressive improvements. 382 00:30:31,516 --> 00:30:35,916 And so you can kind of tell where we are in quantum computing by the fact that what gets 383 00:30:35,916 --> 00:30:40,776 the hype in the social media and science journalism side are these tiny little improvements on 384 00:30:40,776 --> 00:30:41,536 the physical side. 385 00:30:41,996 --> 00:30:46,876 Okay, so if that's what gets the hype, then we are a long way from getting all the way 386 00:30:46,876 --> 00:30:54,856 there because when we're getting close, you're going to see the Majorana particle architecture 387 00:30:54,856 --> 00:31:00,636 scaled up again and now went from X logical qubits to Y for the third time in three years. 388 00:31:01,136 --> 00:31:06,136 We're going to see like, oh, these are big improvements. They're building devices that 389 00:31:06,136 --> 00:31:10,496 can run Shor's algorithm on bigger and bigger, even if they don't really run it, to be fair, 390 00:31:10,556 --> 00:31:13,716 they don't have to run the actual algorithm, but the physical device is capable of running it 391 00:31:13,716 --> 00:31:19,836 on a key this big, on a key that big, you know, you'll see, I guess, bigger results actually being 392 00:31:19,836 --> 00:31:23,916 published with less hype. And right now we're seeing tiny results published with huge hype. 393 00:31:23,916 --> 00:31:28,336 And that's one of the ways to kind of tell how far we are and how much it is just hype. 394 00:31:30,676 --> 00:31:39,776 Yeah. It's, yeah. And again, I think really nailing down the risk of trying to rush 395 00:31:39,776 --> 00:31:48,676 a change to Bitcoin to appease the people who think that this is coming faster than others 396 00:31:48,676 --> 00:31:56,876 believe it is? What are the risks of upgrading to something in haste because you're worried about 397 00:31:56,876 --> 00:32:03,736 this? And alternatively, not alternatively, but on top of that, is there a line in the sand we can 398 00:32:03,736 --> 00:32:09,536 draw? It's like, hey, we hear your concerns. We'll take this seriously. We'll continue the 399 00:32:09,536 --> 00:32:13,596 research that we've been doing and make sure that we advance that. 400 00:32:13,776 --> 00:32:19,016 But if we get to 2030 and we're at this state of quantum research, 401 00:32:19,016 --> 00:32:20,456 we're not going to take you seriously anymore. 402 00:32:20,756 --> 00:32:22,076 Like what is the line in your sand? 403 00:32:22,236 --> 00:32:23,156 Oh, that's a good question. 404 00:32:23,196 --> 00:32:25,256 I haven't really thought about it from that angle of, yeah. 405 00:32:25,256 --> 00:32:27,176 Like when do we stop paying attention? 406 00:32:28,896 --> 00:32:33,776 Like it's like Greta was like Greta Thunberg again for the good using the 407 00:32:33,776 --> 00:32:37,656 climate change analysis and analogy was in 2015. 408 00:32:37,656 --> 00:32:40,156 She was like, by 2022, Miami is going to be underwater. 409 00:32:40,416 --> 00:32:41,676 It's like 2022 came and went. 410 00:32:41,856 --> 00:32:42,596 Miami is not underwater. 411 00:32:42,696 --> 00:32:44,136 It's like, OK, we can't take you seriously anymore. 412 00:32:44,816 --> 00:32:45,836 What is that? 413 00:32:46,416 --> 00:32:48,756 What is that line in this conversation? 414 00:32:50,116 --> 00:32:54,776 Yeah, I think with quantum, it's really hard because the reality is, again, I think quantum 415 00:32:54,776 --> 00:32:56,516 is not physically possible, but I can't. 416 00:32:56,556 --> 00:32:57,376 That's an emotional thing. 417 00:32:57,816 --> 00:33:05,436 So we can't really do that because there could always be a new architecture developed that 418 00:33:05,436 --> 00:33:08,476 makes it possible, something we haven't thought of before. 419 00:33:11,056 --> 00:33:17,716 But I think the good news is that, as I said, something is eventually most likely going to 420 00:33:17,716 --> 00:33:19,156 break our existing crypto. 421 00:33:19,496 --> 00:33:23,716 And so we need to keep doing this research and building new crypto systems for Bitcoin, 422 00:33:24,076 --> 00:33:25,176 regardless of quantum. 423 00:33:25,236 --> 00:33:27,796 And we should keep doing it at the right pace. 424 00:33:28,436 --> 00:33:34,796 And so one of the ways to, I think, ease the tension here is to say, look, Bitcoin actually 425 00:33:34,796 --> 00:33:39,976 is developing towards quantum resistance, regardless of your level of concern or my level 426 00:33:39,976 --> 00:33:44,136 of concern. I'm not concerned, you are. It doesn't matter. Bitcoin is developing towards quantum 427 00:33:44,136 --> 00:33:50,156 resistance. You know, BIF360, Payton Merkle route is advancing. I think it's fairly likely to get 428 00:33:50,156 --> 00:33:55,436 activated on the network, which opens up the door to building quantum resistant new crypto into 429 00:33:55,436 --> 00:33:59,716 Bitcoin. Right. So that's like step one is actively happening. And why is it happening? 430 00:33:59,716 --> 00:34:01,996 because it's actually a good change for Bitcoin. 431 00:34:02,676 --> 00:34:06,196 And pretty much everyone in the Bitcoin developer community, 432 00:34:06,296 --> 00:34:07,856 there's like a couple of very tiny exceptions, 433 00:34:08,076 --> 00:34:10,776 but really pretty much everyone's on board with that change. 434 00:34:10,876 --> 00:34:13,456 And it does move in the direction of quantum resistance. 435 00:34:13,816 --> 00:34:15,136 Does it matter that it's quantum resistant? 436 00:34:15,376 --> 00:34:17,896 Not to me, but it does to some people and that's okay. 437 00:34:18,416 --> 00:34:19,796 And we'll see that continue, right? 438 00:34:19,796 --> 00:34:24,956 As other cryptographic research is done 439 00:34:24,956 --> 00:34:26,076 and as we get to the point 440 00:34:26,076 --> 00:34:29,476 where some alternative cryptographic primitive 441 00:34:29,476 --> 00:34:30,896 is appropriate for Bitcoin, 442 00:34:31,676 --> 00:34:33,176 I think it's absolutely a good thing. 443 00:34:33,216 --> 00:34:34,576 And I think almost everyone agrees 444 00:34:34,576 --> 00:34:37,896 to have people, 445 00:34:38,396 --> 00:34:40,616 to give people different ways to secure their coins 446 00:34:40,616 --> 00:34:42,636 depending on their goals, right? 447 00:34:42,656 --> 00:34:44,876 So someone who's trying to secure their Bitcoin 448 00:34:44,876 --> 00:34:48,376 for some kind of dynasty trust, let's say, 449 00:34:49,036 --> 00:34:50,736 they might want to put it in a way 450 00:34:50,736 --> 00:34:52,476 where it's secured by both elliptic curves 451 00:34:52,476 --> 00:34:54,716 and let's say hash-based signatures 452 00:34:54,716 --> 00:35:00,316 because they don't care about the signing cost when they go to spend that Bitcoin. 453 00:35:00,836 --> 00:35:05,816 They care that it is almost 100% secure for 100 years. 454 00:35:06,376 --> 00:35:10,676 And you really can't get 100-year security from one cryptographic assumption. 455 00:35:11,196 --> 00:35:12,716 You need a couple of them. 456 00:35:12,716 --> 00:35:14,656 And so I think Bitcoin is going to go that direction. 457 00:35:15,456 --> 00:35:19,616 I think that's my take is just let's do the right thing for Bitcoin. 458 00:35:19,616 --> 00:35:24,796 And in the long term, the right thing for Bitcoin is also going to happen to make quantum resistance an option. 459 00:35:25,516 --> 00:35:27,316 We just don't need to rush. 460 00:35:27,496 --> 00:35:29,776 And as you said, there's a big risk to rushing. 461 00:35:29,996 --> 00:35:39,916 You know, Satoshi notoriously chose a elliptic curve specifically that wasn't published by NIST to help mitigate the risk of kind of a backdoor crypto going into Bitcoin. 462 00:35:41,436 --> 00:35:46,856 And right now people are like, no, let's push this NIST published post-quantum architecture into Bitcoin. 463 00:35:46,856 --> 00:35:53,896 And everyone who knows what Satoshi did is kind of, no, let's not put the NIST thing in. 464 00:35:53,976 --> 00:35:57,536 Let's develop something from our own first principles that's appropriate for Bitcoin. 465 00:35:57,916 --> 00:35:59,976 And when we have something good, we'll put it in. 466 00:36:01,156 --> 00:36:06,076 Yeah, and that seems to be what Jonas and Mikael are doing with Shrinks Plus. 467 00:36:06,696 --> 00:36:07,176 Yeah. 468 00:36:07,576 --> 00:36:14,196 Jonas published Shrimps last week, which is sort of an advancement of Shrinks Plus. 469 00:36:14,196 --> 00:36:21,876 because the way I understand it, shrimps, if you were just doing pure shrinks plus private key, 470 00:36:23,636 --> 00:36:29,796 transferring a private key or recovering a private key on another physical device would be quite 471 00:36:29,796 --> 00:36:36,176 burdensome, but shrimps makes it so you can begin recovering seeds on multiple devices using the 472 00:36:36,176 --> 00:36:43,656 same seed phrase. Yeah, exactly. I actually wrote it up for Optech. So check out Optech 473 00:36:43,656 --> 00:36:48,996 tomorrow morning. And I summarized shrimps and also some other work on post-quantum crypto by 474 00:36:48,996 --> 00:36:53,796 Conduition about isogeny-based crypto for Optech. And that'll come out tomorrow morning. So there's 475 00:36:53,796 --> 00:37:02,556 two new post-quantum systems detailed in Optech tomorrow by me. I'm the anti-quantum guy, but I'm 476 00:37:02,556 --> 00:37:07,896 out there actively doing the work to publicize the post-quantum stuff because like I said, 477 00:37:07,896 --> 00:37:09,936 we need it eventually regardless of quantum. 478 00:37:12,276 --> 00:37:14,836 And so what are your thoughts on shrink splats and trims? 479 00:37:14,976 --> 00:37:18,516 Like, is it a solution or is it a step toward the solution? 480 00:37:20,816 --> 00:37:22,856 They're like, okay. 481 00:37:23,256 --> 00:37:31,716 You know, it, it would significantly impair the, um, the development of things like lightning 482 00:37:31,716 --> 00:37:36,696 and pay join and, and tap root and, and, you know, all the cryptographic primitives that 483 00:37:36,696 --> 00:37:41,996 we rely on, Frost and Musig, and even the MPCs that are kind of non-Bitcoin specific 484 00:37:41,996 --> 00:37:48,616 for multi-signature and threshold signature, any of these would still significantly impair 485 00:37:48,616 --> 00:37:49,016 those. 486 00:37:50,676 --> 00:37:56,736 So I think Jonas's work and blockchain research in McHale is exceptional, and it's definitely 487 00:37:56,736 --> 00:37:57,696 moving the state of the art forward. 488 00:37:58,516 --> 00:38:05,176 But as of now, I would be hesitant to put any of these in Bitcoin because of the combination 489 00:38:05,176 --> 00:38:09,036 of their size, which would impair the number of transactions we could do if we were to use them, 490 00:38:09,456 --> 00:38:14,796 and the fact that they're not really compatible with our existing wallet infrastructure that 491 00:38:14,796 --> 00:38:20,716 people are depending on. I wouldn't be upset if other people in the developer community thought 492 00:38:20,716 --> 00:38:25,256 they were a good thing to add, especially if we're thinking about, as I said, a world where 493 00:38:25,256 --> 00:38:30,936 we do have multiple crypto systems available in Bitcoin and people can choose whether they secure 494 00:38:30,936 --> 00:38:35,576 their coins with one, the other, or both, potentially. I'm not going to be mad if they 495 00:38:35,576 --> 00:38:42,556 go in in that context. I think the shrimps in particular shows a lot of promise in that it, 496 00:38:45,156 --> 00:38:51,436 I guess the way I would put it is that it's close to compatible. It works decently well with, 497 00:38:51,536 --> 00:38:55,256 as you said, being able to restore seeds on multiple devices and the ways we use Bitcoin for 498 00:38:55,256 --> 00:39:00,656 real, while still being not so huge that it completely destroys the usability of the chain. 499 00:39:00,936 --> 00:39:03,096 or requires massive block size increases or something. 500 00:39:05,976 --> 00:39:08,536 So I love the direction that Jonas and crew are working there, 501 00:39:08,976 --> 00:39:12,416 and I hope that it just continues and we kind of take our time 502 00:39:12,416 --> 00:39:14,376 getting something better than these before I put it in. 503 00:39:14,376 --> 00:39:16,576 That's my hope. 504 00:39:16,576 --> 00:39:17,256 Yeah. 505 00:39:17,256 --> 00:39:21,616 And then there's a whole discussion around hash based and lattice based. 506 00:39:21,616 --> 00:39:24,696 I know Jonas and Mikhail are working on a lattice based 507 00:39:26,136 --> 00:39:28,096 research paper right now. 508 00:39:28,096 --> 00:39:40,196 So what's the, I guess, what's the consensus or lack of consensus around which direction to go in when given those two options? 509 00:39:41,196 --> 00:39:54,956 I think the consensus right now is if for some reason we decide to or need to do something in the near term, let's say the next five years, it would probably be something hash based because it doesn't require any new cryptographic assumptions. 510 00:39:54,956 --> 00:39:57,736 It relies on things we already trust and know in Bitcoin. 511 00:39:58,096 --> 00:40:09,796 with the downside that hash-based has certain downsides in terms of calculating keys that make it harder to use with our existing infrastructure in various ways. 512 00:40:13,096 --> 00:40:15,756 So yeah, so hash-based would be the thing to do soon. 513 00:40:16,696 --> 00:40:24,156 Lattice-based requires some new cryptographic assumptions, but has definitely certain benefits in terms of the flexibility of the math. 514 00:40:24,156 --> 00:40:27,576 I don't understand it as well, if I'm being honest. I haven't read deeply about it. 515 00:40:28,096 --> 00:40:39,536 And then the other piece, actually, for Optech tomorrow, is about isogeny-based crypto, which is a whole different kind of crypto that also is quantum resistant, but also requires a new cryptographic assumption. 516 00:40:40,336 --> 00:40:45,556 But it works on elliptic curves still, but using a different kind of key that's not vulnerable to quantum. 517 00:40:47,376 --> 00:40:50,696 So I think if it's not hash-based, we don't know what it would be. 518 00:40:50,776 --> 00:40:51,336 It could be lattice. 519 00:40:51,416 --> 00:40:52,176 It could be isogeny. 520 00:40:52,236 --> 00:40:53,076 It could be something else. 521 00:40:53,076 --> 00:40:59,096 and research should continue and is continuing to kind of get to the point where we could do 522 00:40:59,096 --> 00:41:05,376 something other than hash based. And my, again, my hope is that we have much more time than the 523 00:41:05,376 --> 00:41:10,656 quantum doomsayers are predicting and we can get to a really good alternative crypto system 524 00:41:10,656 --> 00:41:17,916 that broadly works within the Bitcoin ecosystem and supports all the stuff we want, you know, 525 00:41:17,936 --> 00:41:22,516 whether it be signature aggregation or silent payments or HD wallets, like whatever the stuff 526 00:41:22,516 --> 00:41:24,536 we wanted. We want a crypto system that supports that. 527 00:41:26,136 --> 00:41:26,796 And I think 528 00:41:26,796 --> 00:41:28,776 the research is going quite rapidly 529 00:41:28,776 --> 00:41:30,536 towards having some options there 530 00:41:30,536 --> 00:41:32,776 in the next, let's say, maybe 10 years. 531 00:41:33,456 --> 00:41:33,536 Yeah. 532 00:41:34,916 --> 00:41:36,576 And so, this seems very 533 00:41:36,576 --> 00:41:38,476 reasonable. It seems like a very reasonable approach 534 00:41:38,476 --> 00:41:40,436 to upgrading Bitcoin. 535 00:41:40,616 --> 00:41:42,296 And again, that's been the most frustrating thing. 536 00:41:42,736 --> 00:41:43,876 Debs do something. 537 00:41:44,416 --> 00:41:46,596 Bitcoiners aren't focused on this. It's like the research 538 00:41:46,596 --> 00:41:48,296 is being done. 539 00:41:48,456 --> 00:41:49,796 What... 540 00:41:49,796 --> 00:41:52,156 I mean, I can't speak for them, but 541 00:41:52,156 --> 00:41:56,476 that's what i've been trying to figure out is like what pace would be sufficient for you guys like 542 00:41:56,476 --> 00:42:00,716 what changes do you want to see and then there's a circular logic where it's like hey we're working 543 00:42:00,716 --> 00:42:07,036 on this like give us feedback on um the the work that we're doing whether or not you think it's 544 00:42:07,036 --> 00:42:12,316 sufficient for the security that you deem necessary for these quantum advancements that are being made 545 00:42:12,316 --> 00:42:16,796 and if you don't agree like do you have a solution and if so will you propose it and they're like 546 00:42:16,796 --> 00:42:21,276 we can't propose it because bitcoin core is controlled by a cabal of five or six developers 547 00:42:21,276 --> 00:42:24,776 so we'd never even propose it because we'd get rejected immediately. 548 00:42:25,016 --> 00:42:28,396 It's like, well, is this productive at all? 549 00:42:28,496 --> 00:42:29,436 Like, what is going on here? 550 00:42:31,196 --> 00:42:31,996 Yeah, yeah. 551 00:42:32,496 --> 00:42:34,456 And I think what they're actually saying 552 00:42:34,456 --> 00:42:36,176 and what they're reflecting when they say that is 553 00:42:36,176 --> 00:42:42,096 that they know their crypto proposal would be rejected 554 00:42:42,096 --> 00:42:45,296 for good technical reasons. 555 00:42:46,396 --> 00:42:48,756 And so it's not, oh, Core is this cabal. 556 00:42:48,756 --> 00:43:02,256 It's really Bitcoin core holds the line on the quality of technical contributions accepted so high that nothing right now, no new crypto system for Bitcoin right now meets the bar. 557 00:43:02,656 --> 00:43:07,796 And that bar, of course, can move if the threats to Bitcoin's existing crypto system get closer. 558 00:43:07,796 --> 00:43:22,536 And so that's, I think, where the disconnect is, let's say, is that no one in the Bitcoin core maintainership has yet come out and said, the sky has fallen, quantum is in three years, we have to do something now. 559 00:43:23,116 --> 00:43:27,716 And if we had to do something right now, then some of these existing crypto systems would be accepted by core. 560 00:43:27,976 --> 00:43:35,596 But the cabal won't accept them because they're not really good enough and they'd only be accepted if it was an imminent threat. 561 00:43:35,596 --> 00:43:38,776 but what is good enough in the eyes of 562 00:43:38,776 --> 00:43:41,616 people who do believe it's an imminent threat 563 00:43:41,616 --> 00:43:45,276 do they have solutions because that's the one I haven't seen 564 00:43:45,276 --> 00:43:49,176 they've said basically that we should just take 565 00:43:49,176 --> 00:43:53,516 Sphinx plus into Bitcoin even though the signatures and keys would be 566 00:43:53,516 --> 00:43:56,936 combined like 10 kilobytes per spend or something like that 567 00:43:56,936 --> 00:44:01,236 and like that's not a completely 568 00:44:01,236 --> 00:44:05,376 unreasonable argument if the thing really 569 00:44:05,376 --> 00:44:10,396 was around the corner. Now Sphinx Plus is a NIST standard under the name SLHDSA, I think it is. 570 00:44:12,136 --> 00:44:19,776 So the question is, is the sky falling enough that we would accept an unmodified NIST standard 571 00:44:19,776 --> 00:44:29,916 into Bitcoin with these significant trade-offs in having 100x the key signature size versus our 572 00:44:29,916 --> 00:44:31,916 And I think as we discussed at length here, 573 00:44:31,916 --> 00:44:33,916 the sky is not falling nearly enough 574 00:44:33,916 --> 00:44:35,916 to accept that kind of a trade-off. 575 00:44:37,916 --> 00:44:39,916 Okay. So that's the one thing I've been wondering. 576 00:44:39,916 --> 00:44:41,916 I thought, I mean, you mentioned Alex Pruden, 577 00:44:41,916 --> 00:44:43,916 he's with Project 11. 578 00:44:44,916 --> 00:45:00,034 They helping blockchain systems transition to post I believe working with Solana and Ethereum I was curious if they had a specific solution 579 00:45:00,034 --> 00:45:03,834 that they're putting forth for Bitcoin that... 580 00:45:03,834 --> 00:45:07,734 I don't know if they specifically have one 581 00:45:07,734 --> 00:45:11,094 that's targeting Bitcoin directly. 582 00:45:11,894 --> 00:45:15,814 They published a paper on some improvements they've worked out. 583 00:45:15,814 --> 00:45:17,134 I think it was Lattice-based, 584 00:45:17,134 --> 00:45:19,914 where it does support a lot of the Bitcoin wallet infrastructure. 585 00:45:21,574 --> 00:45:27,194 Like I said, Lattice has more key math ability than hash-based stuff. 586 00:45:30,134 --> 00:45:33,574 So yeah, I think if they were to propose something for Bitcoin, 587 00:45:33,774 --> 00:45:35,514 it would be probably Lattice-based. 588 00:45:35,994 --> 00:45:39,114 And the Bitcoin folks would currently say, 589 00:45:39,334 --> 00:45:41,114 the Lattice stuff is too new, 590 00:45:41,194 --> 00:45:44,994 and we don't yet fully trust the cryptographic assumptions it makes for Bitcoin. 591 00:45:44,994 --> 00:45:47,994 we'd want to see more time 592 00:45:47,994 --> 00:45:51,394 more threat modeling 593 00:45:51,394 --> 00:45:52,474 more proofs 594 00:45:52,474 --> 00:45:53,854 more different systems 595 00:45:53,854 --> 00:45:54,894 based on these same assumptions 596 00:45:54,894 --> 00:45:56,514 that all are shown to work 597 00:45:56,514 --> 00:45:57,514 that's the kind of thing 598 00:45:57,514 --> 00:45:58,254 we want to see for Bitcoin 599 00:45:58,254 --> 00:46:00,374 we don't want to put a new system in 600 00:46:00,374 --> 00:46:03,874 that's vulnerable to some classical attack 601 00:46:03,874 --> 00:46:06,074 in the attempt to defend against a quantum attack 602 00:46:06,074 --> 00:46:10,194 yeah and this was similar to what would happen 603 00:46:10,194 --> 00:46:10,894 I mean you mentioned 604 00:46:10,894 --> 00:46:13,454 ECDSA was chosen for a certain reason 605 00:46:13,454 --> 00:46:17,354 Schnorr was on the table, but I believe it was patented at that point. 606 00:46:17,354 --> 00:46:23,554 And I think Satoshi even said, hey, it probably needs more time to be in the wild before we adopt something like Schnorr. 607 00:46:23,714 --> 00:46:33,454 And then, what was it, 13, 14 years in to the protocol, Schnorr was included into, including into Bitcoin. 608 00:46:34,814 --> 00:46:35,354 Yeah, exactly. 609 00:46:35,654 --> 00:46:42,954 There's a track record here that Bitcoin, it's so strange when they're like, Bitcoin should this, that, and everything. 610 00:46:42,954 --> 00:46:58,554 And demonstrably, Bitcoin has a conservatism that is appropriate and will adopt new cryptographic primitives or assumptions as appropriate to the protocol. 611 00:47:00,094 --> 00:47:06,814 One thing that relates here is it's interesting to see the difference between centralized things and decentralized, right? 612 00:47:06,814 --> 00:47:10,934 So centralized systems can just upgrade their crypto. 613 00:47:11,434 --> 00:47:12,314 They can take a new assumption. 614 00:47:12,734 --> 00:47:15,014 And if it goes bad, they can turn it off. 615 00:47:15,454 --> 00:47:18,094 And that's a low cost thing when you're a centralized system. 616 00:47:18,214 --> 00:47:29,674 And so they have a different math here where if it's easy to change because you're a centralized system, then the risk of taking a bad assumption is much lower because you can just change again. 617 00:47:30,394 --> 00:47:31,654 But Bitcoin isn't like that, right? 618 00:47:31,694 --> 00:47:35,314 Bitcoin is a massive global distributed decentralized network. 619 00:47:35,314 --> 00:47:44,354 And so the costs of taking a bad crypto system into Bitcoin are much higher than for something like Solana or for Google internally or some web server. 620 00:47:44,534 --> 00:47:48,314 You know, some web server turns on SLH DSA today. 621 00:47:48,474 --> 00:47:50,814 They can turn it off tomorrow and that's OK for them. 622 00:47:51,194 --> 00:47:51,894 We can't do that in Bitcoin. 623 00:47:54,094 --> 00:47:55,314 No, we can't. 624 00:47:56,094 --> 00:47:58,534 And that's, again, the more frustrating. 625 00:47:58,894 --> 00:47:59,754 And Bitcoin gets picked on. 626 00:47:59,754 --> 00:48:02,614 And that's like, and that being honest, 627 00:48:02,814 --> 00:48:05,574 and I'm happy you said that because that's one thing 628 00:48:05,574 --> 00:48:10,574 that I think Bitcoiners who don't believe it's a big risk, 629 00:48:10,574 --> 00:48:13,874 like the whole line of like, and I used to say this too, 630 00:48:13,974 --> 00:48:19,334 hand up of if quantum comes, 631 00:48:19,454 --> 00:48:20,714 like Bitcoin's not the only thing at risk. 632 00:48:20,854 --> 00:48:21,574 Like, yes, that's true. 633 00:48:21,634 --> 00:48:23,834 But to your point, like all these centralized systems 634 00:48:23,834 --> 00:48:32,734 can trivially incorporate and rip out these cryptographic systems rather trivially because 635 00:48:32,734 --> 00:48:33,814 they're centralized. 636 00:48:33,814 --> 00:48:40,274 Like Bitcoin does have a big, unique problem in the sense that it's a distributed system. 637 00:48:40,274 --> 00:48:41,494 We need to get consensus. 638 00:48:41,494 --> 00:48:43,714 Once we put something in, it's hard to take it out. 639 00:48:43,714 --> 00:48:51,594 And the risk factors to Bitcoin are certainly unique and arguably higher than they are to 640 00:48:51,594 --> 00:48:52,594 other systems. 641 00:48:53,834 --> 00:48:58,754 Yeah, so we have to pay attention and we have to move at the appropriate time, for sure. 642 00:48:59,754 --> 00:49:02,074 Yeah, and to your point about lattice-based, I just wanted to bring this up. 643 00:49:02,294 --> 00:49:04,954 That's why I'm looking at my other screen over here because we wrote about it yesterday. 644 00:49:05,934 --> 00:49:14,354 But going back to lattice-based schemes and the fact that they're not as battle-tested as some hash-based solutions. 645 00:49:15,154 --> 00:49:18,574 So lattice-based schemes offer advantages of verification speed and signature aggregation, 646 00:49:18,574 --> 00:49:24,554 but to carry a trade-off, they rely on newer mathematical assumptions that haven't been battle-tested as long as hash functions. 647 00:49:24,714 --> 00:49:30,474 In fact, NIST tested 69 post-quantum Canada algorithms during its standardization process, 648 00:49:30,554 --> 00:49:34,614 and two of them, Rainbow and Psych, were broken with classical computers during testing. 649 00:49:36,174 --> 00:49:39,834 And so that's four, what would that be? 650 00:49:39,874 --> 00:49:45,574 That would be like four and a half percent or less than that, like three and a half percent of these, 651 00:49:45,574 --> 00:49:55,834 these, or maybe like, yeah, 3.5% of these post-quantum lattice-based systems were proven to be insecure. 652 00:49:56,574 --> 00:50:01,554 And so that's, if you're going to incorporate a lattice-based system into Bitcoin, 653 00:50:01,814 --> 00:50:08,734 and you have a 3.5% risk of it being insecure, I think that's pretty high for a trillion-dollar network as well. 654 00:50:10,134 --> 00:50:10,814 Yeah, for sure. 655 00:50:12,014 --> 00:50:14,814 And I mean, this gets back to... 656 00:50:15,574 --> 00:50:19,134 what I was saying earlier, like, what's the line in the sand? Like, how do we have a, 657 00:50:19,134 --> 00:50:25,354 a more level-headed conversation about all this with, with the, uh, the people who are 658 00:50:25,354 --> 00:50:28,474 convinced that this is coming faster than, than we are? 659 00:50:29,914 --> 00:50:39,034 Yeah. I mean, my best way is, is to, to rely on, on evidence-based decision-making. And that's why 660 00:50:39,034 --> 00:50:42,994 I keep posting kind of every few months, I guess I probably post something about, 661 00:50:42,994 --> 00:50:47,594 Look, I'll worry about quantum when I see, like, here's a list of things. 662 00:50:47,594 --> 00:51:07,454 I think it's scaling over two generations, less than exponential scaling in the time needed to solve progressively larger keys on the same quantum system, and beating classical in any cryptographically relevant, even small size problem. 663 00:51:08,194 --> 00:51:12,314 And to date, none of those three things have happened in any quantum architecture. 664 00:51:13,174 --> 00:51:14,894 And so there has to be evidence. 665 00:51:15,114 --> 00:51:21,834 We can't, as I joke about it being unicorn fart based engineering, but the reality is 666 00:51:21,834 --> 00:51:24,254 that anybody can FUD anything about Bitcoin. 667 00:51:24,814 --> 00:51:32,154 And if we can be caused to make a change to the protocol based on claims and not evidence, 668 00:51:32,714 --> 00:51:36,634 then Bitcoin is vulnerable to the most obvious of attacks, right? 669 00:51:36,634 --> 00:51:41,914 Bitcoin can't be subject to change without evidence that it needs to. 670 00:51:42,314 --> 00:51:43,754 That simply doesn't make sense. 671 00:51:44,694 --> 00:51:53,834 And so we can set a pretty clear evidentiary standard for when a quantum architecture shows these three or maybe four. 672 00:51:53,954 --> 00:51:56,294 Like people can argue about exactly what the criteria are. 673 00:51:56,774 --> 00:52:02,914 But we can set pretty darn clear standards for the evidence required to start taking immediate action. 674 00:52:03,434 --> 00:52:05,714 And of course, in the meantime, we're going to take progressive action anyway. 675 00:52:06,014 --> 00:52:08,594 So it's not like this is a, oh, we're going to do nothing until. 676 00:52:08,594 --> 00:52:13,734 It's just we're going to take a slow and steady approach until there's this level of evidence that we have to move faster. 677 00:52:15,234 --> 00:52:17,094 Yeah. And do you think. 678 00:52:19,414 --> 00:52:21,494 Yeah, we have to think of opportunity cost, too. 679 00:52:21,714 --> 00:52:33,374 Right. Like what else could be could we be working on in Bitcoin that is necessary to low hanging fruit that undeserved attention to the quantum question could take away from? 680 00:52:34,554 --> 00:52:37,074 Yeah, that's a really important point. 681 00:52:37,074 --> 00:52:54,134 And I think even more than not working on the right things, it's essentially fudding the amazing innovations that are still kind of nascent, not widely deployed in Frost and silent payments and Musig and even DLCs. 682 00:52:54,494 --> 00:53:00,614 All of these things are classical elliptic curve based protocols that are really valuable for Bitcoin. 683 00:53:00,614 --> 00:53:04,054 You know, Craig Ra is working on getting silent payments into Sparrow Wallet recently. 684 00:53:05,034 --> 00:53:06,934 Coldcard just shipped music to support. 685 00:53:07,714 --> 00:53:13,114 And these things strictly depend on the existing elliptic curve cryptography. 686 00:53:13,634 --> 00:53:14,634 And they're great. 687 00:53:15,054 --> 00:53:18,494 They're huge improvements in the usability of Bitcoin in a couple of different ways. 688 00:53:18,554 --> 00:53:20,254 I'm not going to get into them because it's not important right now. 689 00:53:20,634 --> 00:53:29,474 But when you're saying we need post-quantum tomorrow, people just say, well, then why would I bother developing silent payments or music when we're going to replace the existing crypto? 690 00:53:29,474 --> 00:53:37,014 in a year. You shouldn't, if that was true. And so I think it is very important that we push back 691 00:53:37,014 --> 00:53:42,514 on this quantum FUD and say, look, as of now, there's no evidence that we'll be kind of replacing 692 00:53:42,514 --> 00:53:47,214 the basic elliptic cryptography in the next decade. So we should keep building silent payments 693 00:53:47,214 --> 00:53:51,514 and music and frost and DLCs and everything based on the existing cryptography. It's going to be 694 00:53:51,514 --> 00:53:59,554 around for a long time. So, so keep building. Yeah. Oh, it's also, it's hiresome. Do you think 695 00:53:59,554 --> 00:54:06,414 this is a social attack or man? I don't know. Intentional, intentional social attack. I guess 696 00:54:06,414 --> 00:54:11,714 if you believe the quantum's not, not coming as quickly as they believe it is a social attack, 697 00:54:11,714 --> 00:54:18,254 but I guess the question is intent. I, I tend to be optimistic on people's motivations. 698 00:54:18,254 --> 00:54:37,114 And so I don't think so. I think it's more just that people love to panic. And I mean, we've seen that in the real world in so many ways in recent years. The need to panic, I think it relates to the fact that life is too soft. People don't do hard things. 699 00:54:37,114 --> 00:54:47,274 And so they need to find things to be worried about to satisfy their nature, their natural evolutionary need to be worried about something. 700 00:54:48,014 --> 00:54:51,354 And so we just get prone to panic and it's easy to rile people up with this stuff. 701 00:54:52,574 --> 00:54:52,694 Yeah. 702 00:54:54,234 --> 00:54:56,214 Any parting notes here? 703 00:54:56,354 --> 00:55:00,534 Anything we didn't touch on that we should probably mention as it relates to this quantum discussion? 704 00:55:03,774 --> 00:55:06,274 Oh, I already shilled it once, but I'll shill again. 705 00:55:06,274 --> 00:55:11,814 read OpTech. I write the changing consensus section of OpTech every month. And I think it'll 706 00:55:11,814 --> 00:55:17,194 actually put you more at ease about quantum because we cover quantum a lot in there. And you'll see 707 00:55:17,194 --> 00:55:22,234 the kind of remarkable progress being made, which very likely means that long before, 708 00:55:23,174 --> 00:55:26,874 because possibly never, but long before even a realistic timeframe for quantum, 709 00:55:26,994 --> 00:55:33,314 assuming it started scaling today, I think long before it gets to a production relevant quantum 710 00:55:33,314 --> 00:55:37,794 computer, we'll have a better system in Bitcoin. Like it's happening actively. 711 00:55:39,074 --> 00:55:43,674 Well, this will be published the day after Optex published. So you're not, you're not 712 00:55:43,674 --> 00:55:49,094 spoiling anything. Is there any specifics you want to expand on there? 713 00:55:49,814 --> 00:55:56,274 Oh, sure. So I read this developer Conduition has been posting a lot about cryptography to the 714 00:55:56,274 --> 00:56:02,074 Bitcoin mailing list recently and to Delving Bitcoin. And he did this big write up earlier 715 00:56:02,074 --> 00:56:06,674 this month or last month, I guess, about isogeny based crypto that I mentioned earlier. 716 00:56:07,494 --> 00:56:12,014 And he basically made the argument that Bitcoin developers should be paying attention to it. 717 00:56:13,394 --> 00:56:20,254 And so I read his whole thing and wrote a summary for Optik about it. And isogeny based crypto is 718 00:56:20,254 --> 00:56:26,114 very interesting because unlike cash based or lattice based crypto, it's only about twice the 719 00:56:26,114 --> 00:56:31,514 size on chain of the existing elliptic curve stuff. And part of that is because it's also 720 00:56:31,514 --> 00:56:37,534 elliptic curve based. But unlike our existing stuff, it doesn't depend on the hardness of 721 00:56:37,534 --> 00:56:45,094 reversing points to keys, to secret keys, in order to be secure. It has a totally different 722 00:56:45,094 --> 00:56:49,334 security assumption. It's just based on the same shapes of curves on a graph, right? 723 00:56:51,234 --> 00:56:56,754 And so I think that is very promising. And I think people should read Conduitions whole post 724 00:56:56,754 --> 00:57:01,334 if they're kind of even technically interested in this kind of stuff, because he does a great job of 725 00:57:01,334 --> 00:57:05,454 bringing it down to a place where Bitcoiners who kind of understand elliptic curve 726 00:57:05,454 --> 00:57:09,514 cryptography, the classical kind, can also understand isogeny-based cryptography. 727 00:57:10,634 --> 00:57:10,714 And 728 00:57:10,714 --> 00:57:16,434 because it also works on elliptic curves, 729 00:57:16,874 --> 00:57:21,434 some of the machinery we already have in Bitcoin could be applicable to it. So we kind of take a new 730 00:57:21,434 --> 00:57:25,094 cryptographic assumption for the hardness, but we can use some of the same 731 00:57:25,094 --> 00:57:29,454 optimized elliptic curve math that we have already to work on these systems. 732 00:57:30,054 --> 00:57:31,514 And so that might be promising for Bitcoin. 733 00:57:33,094 --> 00:57:43,454 You know, if I'm being totally honest about it, I would guess that if isogeny based crypto were to come to Bitcoin, we would probably still want to do something that's not elliptic curve based as well as a backup. 734 00:57:43,454 --> 00:57:51,394 So that if there's a fundamental break in elliptic curves themselves, which there hasn't been any evidence of it yet, we'd have a fallback. 735 00:57:51,394 --> 00:57:55,734 fallback. But it's just promising to see a totally different 736 00:57:55,734 --> 00:57:59,354 avenue that's not Lattice, not Hash, also being brought to the fore. 737 00:58:00,074 --> 00:58:01,454 And I'm glad I got to write about it. 738 00:58:02,554 --> 00:58:07,514 Do you think there's enough top-tier cryptographers 739 00:58:07,514 --> 00:58:10,334 well-versed on these subjects focused on Bitcoin? 740 00:58:10,994 --> 00:58:11,854 Do we need more? 741 00:58:13,974 --> 00:58:18,554 Not an isogeny-based crypto yet. And that's exactly what Conduition writes about, is that more 742 00:58:18,554 --> 00:58:23,574 Bitcoin folks should be looking at this and seeing if it's suitable, because if it's suitable, 743 00:58:24,234 --> 00:58:28,914 it would have a lot of really good properties that apply to Bitcoin and let us keep using 744 00:58:28,914 --> 00:58:36,354 Bitcoin the way we want to. Yeah, great to know. Thank you for all your work on the front lines of 745 00:58:36,354 --> 00:58:43,314 having the conversation and helping add context, because again, as somebody who's not well versed 746 00:58:43,314 --> 00:58:47,994 in quantum physics and knows enough to be dangerous when it comes to cryptography, it is 747 00:58:47,994 --> 00:58:52,094 I don't want to say it's easy to get bamboozled, but it's easy to begin 748 00:58:52,094 --> 00:58:55,814 questioning, and you should always question, but getting a 749 00:58:55,814 --> 00:59:00,154 well-rounded perspective on both sides of this quantum debate 750 00:59:00,154 --> 00:59:03,814 as it pertains to Bitcoin, I think is important. You've been doing an incredible job of 751 00:59:03,814 --> 00:59:08,114 providing much-needed context. Thank you. Yeah, I 752 00:59:08,114 --> 00:59:11,654 love funbusting. It's been a hobby for a long time, so glad to be out there doing it on a new topic. 753 00:59:12,794 --> 00:59:16,054 Awesome. Where can people find out more about what you're working on? 754 00:59:16,054 --> 00:59:22,894 yeah check me out on x usually at reared encode um i sometimes post on the mailing list as well 755 00:59:22,894 --> 00:59:27,614 and um if you're building a wallet i offer consulting reviews and stuff for bitcoin 756 00:59:27,614 --> 00:59:32,814 wallets and similar kind of on-chain bitcoin stuff uh and you can just hit me up on on x about 757 00:59:32,814 --> 00:59:39,874 that my dms are always open all right awesome brandon i hope you enjoy uh enjoy your day and 758 00:59:39,874 --> 00:59:44,054 hopefully we can do this again you too man well great talking we'll draw a line in the sand we'll 759 00:59:44,054 --> 00:59:46,834 say if quantum hasn't progressed in six months. 760 00:59:47,634 --> 00:59:48,474 Six months. 761 00:59:49,194 --> 00:59:50,334 Yeah, I'm kidding. 762 00:59:50,994 --> 00:59:52,054 Peace and love, freaks. 763 00:59:52,434 --> 00:59:52,654 Okay.