0:02

On one side, there's like billions of dollars being

0:04

spent in private industry. On the

0:06

other side, the government appears to

0:08

have some concerns and they're doing

0:11

stuff. And so like, I'm

0:13

just like, well, what is Bitcoin going to do? What

0:17

Bitcoin did is brought to you by

0:20

our lead sponsor and massive legends, Iron.

0:22

The largest NASDAQ -listed Bitcoin miner using

0:24

100 % renewable energy. Iron

0:26

are not just powering the Bitcoin network.

0:28

They also provide cutting edge computing resources

0:31

for AI all backed by renewable energy.

0:33

So whether you're interested in mining Bitcoin or

0:35

harnessing AI compute power, iron is set in

0:37

the standard. Visit iron.com to

0:40

learn more, which is

0:42

IREN.com. Okay,

0:44

well, Hunter Beast, great to meet you, mate.

0:46

I'm looking forward to this one. I've

0:49

been looking forward to this as well. The

0:51

quantum thing is something I've kind of ignored for a

0:53

long time because I've never seen it as sort of

0:56

truly an imminent threat to Bitcoin. But

0:58

there's been some updates recently on

1:00

the quantum side that might be

1:02

speeding that process up. So I want to

1:04

get into everything, but I do want to frame

1:07

this. I know almost nothing about quantum. So I

1:09

want to go right back to the start and

1:11

get into it from the very basics. But

1:14

before we do that, do you want to introduce yourself

1:16

and why you're the person I'm talking to about this?

1:19

Yeah, so I'm Hunter

1:22

Beast. I have...

1:25

been working in the Bitcoin space for about the

1:27

past four years full time, mostly

1:30

on the RGB project, but

1:34

which is

1:36

still in the works. But

1:40

I've been

1:43

in the middle of

1:45

last year, I sort

1:47

of switched gears to work

1:49

on a project that I

1:51

found to be a bit

1:53

more How'd

1:57

you say like just if

1:59

it was something that that

2:01

I always felt that was a

2:04

A concern like a very legitimate

2:06

concern in Bitcoin like when people

2:09

bring up The what people called

2:11

quantum fud, you know, I'm like

2:13

well like behind every every piece

2:16

of fud is usually a kernel

2:18

of truth or you know, and

2:21

unless it's like very like pedestrian

2:23

fud, right? But no, this is

2:25

pretty potent fud. This is like,

2:28

this has some some some stick

2:30

stickiness to it. And so I

2:33

mean, I think that every Bitcoiners

2:35

should probably be just a little

2:37

concerned about the quantum through the

2:40

threat that quantum computing could pose.

2:43

And so I

2:48

started a company called Cermont Systems,

2:52

and we later realized there was no

2:54

way to... We didn't really have a

2:56

good way to monetize it, so instead

2:58

we turned it into a nonprofit. And

3:02

so now we have the Cermont Systems

3:04

Foundation, and they've

3:06

been... This has been

3:09

kind of like the

3:11

center I've been using

3:14

for organizing... a

3:16

bit and some work

3:19

towards some research we've

3:21

been doing and some

3:24

projects that kind of

3:26

help with keeping an

3:29

eye on the potential

3:32

threat. Let's just put

3:34

it that way. Yeah.

3:37

Okay, cool. And so when did you

3:39

first like go down the quantum rabbit

3:41

hole? Well, That

3:45

was like, it's only been

3:47

a year. But I

3:49

did, when I went down that rabbit hole,

3:51

I read a lot of books. Quantum

3:54

computing for everyone was one of the first

3:56

books I picked up. And

3:58

there was a couple of

4:01

other books, like programming quantum

4:03

computers and things like that.

4:05

And I just wanted to

4:08

get a good understanding of

4:10

kind of the fundamentals and

4:14

the like like what could what how

4:16

they work what they do, you know,

4:18

like kind of demystified them. And

4:21

what I can say is that

4:23

it is very different, like it's

4:25

similar but different. Technically,

4:28

everything you could do on

4:30

a classical computer, you can

4:32

do on a quantum computer,

4:34

they're just much more limited.

4:36

And at least in our

4:38

current iteration of them. But

4:40

that's starting to improve as

4:42

well. So yeah,

4:45

that's basically the takeaway

4:47

I have from there

4:50

is that their capabilities

4:52

are more of like

4:54

a superset of classical

4:56

computing. And so

4:59

it's almost like how

5:01

graphics accelerators kind of

5:03

are like the added

5:05

additional capability to a

5:07

computer. So

5:10

they're very much

5:12

like a way

5:15

to accelerate certain

5:17

kinds of computation.

5:21

Okay. So can you demystify some of this

5:23

for me? Because like I say, quantum computing

5:25

is something that I don't have a good

5:28

understanding of. So what is a quantum computer

5:30

and how is it different to a normal

5:32

computer? Yeah, so

5:34

a quantum computer will...

5:37

have the capability

5:40

to store states

5:43

as a form

5:46

of probability or

5:49

superposition. So

5:52

they can store

5:54

kind of like

5:56

intermediary states between

5:58

ones and zeros.

6:01

And because of that, they

6:03

can they can store practically

6:05

infinite states between one and

6:07

zero. And is this

6:09

because the qubits can be both one

6:11

and zero simultaneously? Correct.

6:14

Okay, so what does that actually allow

6:16

them to do? Well, it's actually they

6:19

can't be exactly one and zero at

6:21

the same time, right? It's either one

6:23

or zero, but it's a certain probability

6:25

of becoming a one or zero that

6:27

you're kind of using

6:31

in the circuits like

6:33

you're using certain quantum

6:35

gates that will adjust

6:37

the probability of something

6:39

becoming a one or

6:41

zero, depending on

6:43

other inputs. OK.

6:46

And so what's the benefit of that? Even

6:48

if it's in a limited subset, what's the

6:51

benefit of that over a normal binary computer?

6:54

Well, you can... some

6:56

real bangers on there, some real

6:58

banger algorithms. One of them is

7:00

a cultures algorithm. And

7:03

you can program in

7:05

the public key for

7:07

a Bitcoin address. And

7:11

it'll go through some

7:13

steps and use it

7:15

needs like another piece

7:18

of memory for almost

7:20

like working memory. And

7:22

then it'll turn

7:28

that number into

7:30

potential factors, factor

7:33

numbers. And so

7:35

the thing that secures

7:37

elliptic curve photography is

7:40

what's called the discrete

7:42

log problem. And it's

7:44

essentially a fancy name

7:46

for the fact that

7:48

it's difficult to factor

7:51

very large numbers. to

7:54

find the factors to

7:56

them. And so there's

7:58

kind of like this

8:00

like mix of elliptic

8:02

curve cartography and quantum

8:04

computing that like it

8:06

requires a good understanding

8:08

of both. And I

8:10

will admit I have

8:12

maybe an intermediary understanding

8:14

of both, but I

8:16

have a sense for

8:18

how it works a

8:20

little bit, you know?

8:23

And then I developed

8:25

some specifications as to

8:27

like, you know,

8:30

once I had a

8:33

decent understanding of the

8:35

problem, what we can

8:37

do to mitigate against it. Okay. And

8:40

so the big sort of problem with

8:42

quantum computing, as far as I know

8:44

it, is that they'll throw errors very

8:47

regularly. And so why is it that

8:49

a quantum computer will throw arrows where

8:51

a normal computer doesn't in the same

8:53

way? Right. So there is something that

8:56

there's noise that will interfere with the

8:58

circuits. And

9:00

it's because they're cool

9:03

to near absolute zero

9:05

in order to entangle

9:07

qubits with each other.

9:10

And for that entanglement

9:12

to remain undisturbed through

9:14

quantum computer

9:16

programmers will do is that

9:19

they'll implement error correction codes.

9:22

Or in the latest

9:24

Microsoft announcement, they actually

9:26

are using sort of

9:28

like a quasi particle

9:30

to simulate a new

9:32

state of matter called

9:34

a Myrona fermion. And

9:37

Myrona fermions are

9:39

much more isolated

9:42

against noise. while

9:45

still being able to maintain

9:47

quantum states, entangled states.

9:50

And so that's, they

9:53

need like far fewer

9:55

of them to perform

9:57

computation, whereas like at

10:00

the Google Willow processor,

10:02

they found, they

10:04

made a major breakthrough as well,

10:07

but it took them about seven

10:09

times seven, like, array

10:12

of cubits of physical cubits

10:14

to become one logical cubit.

10:17

So, with like

10:19

105 cubits, they're only

10:21

able to come up

10:23

with like two logical

10:25

cubits. And then with

10:28

the Microsoft Myrona 1

10:30

announcement, they have eight

10:32

top of logical cubits,

10:34

which are essentially the

10:36

kind that makes use

10:38

of Myrona fermions. This

10:41

episode is brought to you by Ankerwatch. The thing

10:43

that keeps me up at night is the idea

10:45

of a critical era with my Bitcoin cold storage.

10:47

This is where Ankerwatch comes in. With

10:50

Ankerwatch, you're protected by their time -locked

10:52

multi -sig vault and with your own

10:54

A -plus rated Lloyds of London backed

10:56

insurance policy. You get to hold

10:58

your keys, Ankerwatch holds the risk. Whether

11:00

you're worried about inheritance planning, wrench attacks,

11:03

natural disasters, or your own mistakes, you're

11:05

protected by Ankerwatch. Rates for

11:07

fully insured custody start as low as

11:09

0 .55 % and are available for

11:11

individual and commercial customers located in the

11:14

US. Speak to AnkerWatch for

11:16

a quote and for more details about your

11:18

security options and coverage. Visit AnkerWatch.com

11:20

today, which is AnkerWatch.com. This episode

11:22

is brought to you by River,

11:24

the best place for Bitcoiners and

11:26

businesses to buy Bitcoin. With

11:29

River, you can set up zero fee

11:31

recurring buys, making stacking sats effortless. And

11:33

while you're waiting for the perfect buying opportunity,

11:36

River lets you earn daily interest on your

11:38

cash balance paid in Bitcoin. which outperforms most

11:40

high -yield savings accounts. What

11:42

really sets River apart is their unmatched dedication

11:45

to security. You have peace

11:47

of mind knowing that River has monthly proof of

11:49

reserves and holds all Bitcoin in multi -sig cold

11:51

storage. And with US -based phone

11:53

support, you'll always have someone ready to help. To

11:56

open an account, go to river.com/WBD and

11:58

earn up to $100 in Bitcoin when

12:00

you buy. That's R

12:03

-I -V -E -r.com/WBD.

12:06

Okay, so I think you'll need to

12:08

explain to me what's the difference between

12:10

a physical qubit and a logical qubit?

12:13

Yeah, so a logical qubit

12:15

essentially is a collection of

12:18

physical qubits that are arranged

12:20

in such a way that

12:23

they implement quantum error correction.

12:26

So that's just reducing the noise

12:28

that you get from the qubits?

12:31

Correct. And so it allows

12:33

the circuit to be more stable and provide

12:38

like a better answer. Okay.

12:41

And so where are we actually at

12:43

with quantum computers? Because as far as

12:45

I understand it, they're pretty tiny at

12:47

the moment. They're not actually in the

12:49

state that they're kind of usable. Are

12:52

these breakthroughs from Microsoft and Google,

12:54

are they really substantial? Well,

12:58

they're fundamental. And

13:00

what's interesting is that They've been

13:03

working on this problem for over

13:05

20 years, like in a real

13:07

way. Like, of

13:09

course, you know, they didn't start out

13:11

pouring billions into quantum computing, but they

13:13

are now. And

13:15

so it definitely

13:18

feels like there's

13:20

like a, like,

13:23

like the efforts building.

13:26

It's like, like, I'm

13:29

forgetting the analogy, but basically it's

13:33

It's starting to really look like they're

13:35

making real progress in that field. When

13:37

it comes to Bitcoin and breaking encryption, which

13:39

is obviously what this conversation is about, is

13:42

this like a five -year problem, a 10 -year problem, a

13:45

50 -year problem? Where are we on that kind of trajectory?

13:48

Yeah, I mean, I hope we have at least

13:50

five years. Five years would

13:53

be really good. Like

13:57

Matthew Corallo on the mailing list, he

13:59

was like, no, it would be really

14:01

great if we even had like 10

14:04

or 20 years to develop like the

14:06

very best post -chronum photography for Bitcoin.

14:08

And that would be like one single

14:10

algorithm that does all the things we

14:13

want from it as developers that, you

14:15

know, like we've been able to do

14:17

with. elliptic

14:20

curve cartography and snore

14:22

signatures and having signature

14:24

aggregation that doesn't increase

14:26

the size of the

14:28

signature and elliptic curve

14:30

Diffie Hellman, things

14:32

like that. If we could

14:34

have something like that for post

14:36

quantum cartography, that would be really

14:39

cool. If we could prove that

14:41

lattice cartography is a

14:44

valid way to secure against quantum computers.

14:46

That's also that would also be important.

14:51

And like coming up with

14:53

like just like harder hash

14:55

algorithms, making sure that the

14:58

hash algorithms are more resistant

15:00

against other algorithms that quantum

15:02

computers can run like Grover's

15:04

algorithm. And so

15:07

which is Grover's algorithm is

15:09

for So like

15:12

algorithm is for factoring large

15:14

numbers, whereas Grover's algorithm

15:16

is more like reversing, like

15:18

getting the inputs to a

15:20

black box function based on

15:22

its output. And so you

15:24

can essentially reverse a hash

15:26

that way. Whereas with Schroeder's

15:28

algorithm, you can reverse a

15:31

elliptic curve signature. Well,

15:34

publicly. Well, with the

15:36

quantum computers we have today, How

15:38

many logical qubits do they

15:40

have operationally running? Well,

15:47

IBM has a quantum computer

15:50

that has about 150 qubits.

15:52

They've had that for

15:54

a little while. They

15:58

actually give out free credits

16:00

week and you can run

16:03

like limited quantum computing programs on

16:05

there, or if you want to

16:07

run more involved quantum circuits, you

16:10

can pay them $1 .60 a

16:12

second. And works out to

16:15

be like $5 ,000 an hour for running

16:17

on one of their machines. And

16:19

also, I'm not even sure

16:22

they're even breaking even on

16:24

that. Like their machines are

16:26

so expensive that like even

16:28

that is might be, I

16:31

don't know. So,

16:34

uh, and so like really

16:36

we're in like maybe the

16:38

like low hundreds, uh, at

16:40

best and that that's for

16:43

physical uncorrected, uh, qubits, but,

16:45

um, so you like, you

16:47

could implement quantum error correction codes with those

16:49

qubits, but you wouldn't get much with them.

16:51

You get maybe like two or three basically.

16:54

And that was a two or three

16:56

logical qubits. Yeah, exactly.

16:59

Okay. And if. We get to the point

17:01

where these are powerful enough to break encryption.

17:04

How many logical qubits do they need to

17:06

get to? About 1 ,500.

17:09

Okay, so that obviously seems a long way off,

17:12

but do you think with these advancements that they've

17:14

had, that's closer than we think? They

17:17

have made some very fundamental

17:19

improvements in the approach that

17:22

they're taking. Microsoft

17:24

sounds pretty confident, and hopefully the

17:26

confidence is warranted. I would hate

17:28

for them to be. lying to

17:30

their shareholders, right? Like, so

17:33

there's that. And

17:36

that said, many physicists are very

17:39

skeptical. At least something

17:41

I've heard is that there are physicists who

17:43

are skeptical of what they've put together. And

17:46

so there's a lot of skepticism

17:48

going around, you know, and there's

17:51

also a lot of bold claims,

17:53

right? So, like, It

17:55

can be very difficult to figure out

17:58

exactly where we're at. Even

18:01

if you're in the thick of it,

18:03

just reading every announcement and looking into

18:05

them and listening to what other people

18:07

are saying. I

18:12

feel like we're in a quantum superposition

18:14

already. One

18:19

of the things that I'm unsure of is if they do

18:21

manage to get to the point where they can break encryption.

18:24

Where does like Bitcoin fall on the list? Like

18:26

what are the first things that are going to

18:28

break? Well,

18:32

that would be the signatures. So

18:35

like the basically the address is

18:37

when you go to sign actions

18:39

action for like for coins sent

18:42

to an address, you have to

18:44

create a cryptographic signature and reveal

18:47

your public key for that to

18:49

be validated. And so for that,

18:51

that spend to be validated. And

18:54

so by other nodes and on

18:56

the network. And so, yeah, the

18:58

low hanging fruit is definitely signatures.

19:02

Are we going to see national security

19:04

encryption get broken and planes falling out

19:06

the sky and bank encryption get broken?

19:09

Or is Bitcoin going to be kind

19:11

of top of the list because there's

19:13

potentially such a big honeypot there? Well,

19:16

the problem with the other

19:19

systems is that If

19:21

you break them, it's only going to

19:23

be temporary. They can

19:25

repair them, right? They can upgrade

19:28

them. They can reverse the ledger

19:30

if they wanted to. They can

19:32

track down people who still funds

19:34

through the existing financial system, right?

19:37

So it really is

19:40

like, how would you

19:42

say, just

19:44

prohibitive, I would say,

19:46

in terms of your

19:49

rewards from if

19:51

you were to target the

19:53

existing system with if you're

19:55

like an your financially motivated

19:58

attacker. I see. Okay. So

20:00

that makes sense. So in

20:02

if it's the public private

20:04

key pair that's like the

20:06

kind of low hanging fruit,

20:09

I guess Satoshi's keys are going to be like

20:11

the canary in the coal mine for this. They

20:14

could be, but like. The

20:16

thing about Satoshi's coins is

20:19

that they are spread out

20:21

amongst tens of thousands of

20:23

public keys. And so

20:26

they're about 50 Bitcoin each. So

20:28

it's not like one big address

20:30

honeypot, right? And

20:33

the 50 Bitcoin is because that

20:35

was the epoch one block reward,

20:37

right? The

20:39

bigger honeypot is probably

20:41

actually maybe the

20:44

Binance or Kraken cold wallets, because

20:46

those have been spent from, we

20:48

have the public key for that

20:50

on chain. And

20:52

that's the other problems. Generally,

20:57

there are three vulnerable

21:00

address types. There

21:02

are paid to public key,

21:04

which is what Satoshi's coins

21:06

were in. There's

21:09

reused addresses. So

21:12

basically an address that you've any

21:14

address type that you've received funds

21:17

and then spread from and then

21:19

finally tap root addresses. So.

21:22

Okay. So can we go through them? Cause.

21:24

So Satoshi's coins are paid to public key,

21:26

which was like the only address type then

21:28

as far as I understand it, which means

21:30

when he was signing a transaction, the public

21:32

key actually goes on chain. So why is

21:34

that the easiest one to attack? Because.

21:38

Well, I mean, they're all

21:40

kind of the same amount

21:43

of difficulty. It's just like,

21:45

like, all of them can

21:47

give you a 65 by

21:49

public key, right? Or 64

21:52

by public key, in terms

21:54

of the math of things.

21:57

But if

22:00

you, yeah,

22:02

so like, it's really

22:04

all about like, the amount and

22:06

also how much you think you

22:08

can get away with and like

22:10

you know maybe there's some like

22:12

imitation game type theory where you'll

22:14

try to take something maybe not

22:16

the big the big kraken and

22:19

binance cold wallets you'll take something

22:21

like smaller like that people necessarily

22:23

watching so so closely and maybe

22:26

try to take that first and

22:28

maximize your your earnings. uh,

22:30

and then of course you'll

22:33

like dump into something like

22:35

fiat which you know you

22:37

can then depend on even

22:40

if there is like our

22:42

corner computers attacking the system

22:44

you could depend on the

22:47

authorities to you know protect

22:49

that kind of uh activity

22:51

and so um it uh

22:55

And there's also certain

22:58

ways you can use

23:00

Bitcoin for it to

23:03

behave in sort of

23:05

like a quantum aware

23:08

way. If you're aware

23:10

of the quantum threat,

23:13

you can design certain

23:15

protocols for working with

23:18

addresses and spends and

23:20

just trying to avoid...

23:23

spend time avoiding certain doing certain

23:25

things to make it more difficult

23:27

for a quantum attacker to take

23:29

those funds and that's something I've

23:32

also been researching but regardless and

23:34

that does not require a soft

23:36

fork but that said The best

23:38

solution in my opinion would be

23:40

a soft fork that introduces a

23:42

new kind of cryptography that's resistant

23:44

to quantum computers OK, so

23:46

let's get into how a quantum computer would actually

23:48

derive a private key from a public key. Is

23:50

it just a case of it's more powerful so

23:52

it can brute force it or how does that

23:55

work? Well, the

23:57

way the Google Willow

23:59

white paper described it

24:01

was they observed like

24:04

a such a high

24:06

degree of efficiency that

24:08

it's not really thermodynamically

24:10

possible to perform that

24:13

much computation. unless

24:16

it has doing

24:18

work in parallel

24:21

universes. What

24:24

does that mean? Well,

24:26

when matter becomes entangled,

24:28

like when you have

24:30

a particle that's entangled

24:32

with another particle, it

24:35

really does seem like that's

24:37

your window into another universe.

24:40

Okay. I don't

24:42

understand that though. You're gonna have to explain that

24:44

to me more. Yeah, so

24:47

like quantum entanglement is tricky

24:49

and weird and I'll admit

24:52

I don't fully understand it

24:54

other than just that like

24:57

that's what it's looking like.

25:00

And also humanity doesn't really

25:03

quite understand parallel universes that

25:05

well either. So it's possible

25:08

that through this technology we

25:10

will discover more about, like,

25:13

what that actually means. But

25:16

that's, I mean, I can send

25:18

you a snippet of the Willow

25:20

White Paper that's really kind of

25:22

juicy. It's like, I'm sorry, the

25:24

what? You know? Like,

25:28

I feel you. Like, I feel you. I want

25:30

to double click on that too. I think just

25:32

about everybody does. Like, we just don't know. Like,

25:34

in some ways, we don't know. We only have

25:36

theories as to why these computers are so much

25:38

more powerful than. classical

25:41

computers. But

25:43

I mean, yeah, that that blows my

25:45

mind. I need to know more about

25:47

that. But but we know for a

25:49

fact that it will break ECD ECDSA.

25:53

If you have enough qubits

25:56

that are air corrected, we

25:58

know exactly the circuit that

26:00

you would build to take

26:02

a public key, load it

26:04

in, and then turn that

26:07

into a private key. Now,

26:09

the devil's always in the

26:11

details, but that's essentially like,

26:14

you know, the

26:17

threat model. So,

26:20

okay, so we know that all private keys

26:22

are potentially compromised in this scenario then. No,

26:26

actually, let's not

26:28

jump to that conclusion. This

26:31

technique is a little... So,

26:33

anytime a public key is

26:35

revealed, that would

26:38

be when... vulnerable. But

26:41

yeah, okay. Right. But

26:43

like all private keys, like,

26:46

uh, private keys, when they're turned

26:48

into public keys, the public key

26:50

can be hashed, right? And so

26:52

essentially, um, like

26:54

if you hash your public key

26:56

and you put the hash of

26:58

that public key on chain, that's

27:00

safe. And so any address that

27:02

starts with BC1Q, that's like a

27:04

native sacred address, that's going to

27:06

be fine. Any address that starts

27:08

with the number one. that's going

27:10

to be fine. So long as

27:12

you don't reuse that address, you

27:14

receive funds to it, but then

27:17

you spent like you spent from

27:19

that again, then you've reused it

27:21

and and like, you know, it's

27:23

it's it's you've already revealed the

27:25

public key for that. So it's

27:27

not safe. But if you're before

27:29

if you're using a HD wallet,

27:31

a proper HD wallet, like a

27:33

hierarchical deterministic wallet, and you

27:36

are like that's bit 32 compatible,

27:38

right? Like a bit 32 wallet.

27:41

And if it generates a new

27:43

address for you each time you

27:45

use one, then or even each

27:48

time you request one, then you're

27:50

going to be okay. It's

27:52

just it's it's when you reuse

27:54

addresses, or if you're using taproot,

27:57

I think that would be another

27:59

pitfall that that viewers might actually

28:01

be thinking about. Okay, so if

28:03

we know that the segway addresses

28:05

are safe, then why do we

28:07

need to move to a quantum

28:09

resistant algorithm? Well,

28:12

because when you spend from

28:14

them, an

28:17

attacker with a sufficiently powerful quantum

28:19

computer could take your transaction in

28:21

the mempool. I see. Yeah,

28:24

so like anytime you

28:26

spend your coins, you

28:29

have to reveal your public key

28:31

at that point. And when you

28:34

put in the mempool and like

28:36

everybody can see it then because

28:38

it's on all the notes, then

28:40

that's when the attacker could go

28:42

ahead and do the thing before

28:45

the transaction is mined. And if

28:47

if if it even if it

28:49

is mined, sometimes they're like reorgs

28:51

and orphan blocks and and those

28:53

public keys are then available and

28:56

and the transaction might not technically

28:58

have been mined. So There's definitely

29:00

like a lot of considerations when

29:02

you're thinking about a potential quantum

29:04

threat model. Okay.

29:07

And so this is just in the

29:09

crop top then. And this isn't like

29:11

a long term solution for everyone, but

29:13

theoretically in a world where we have

29:16

quantum computers that can do this, if

29:18

you were using segue addresses and sending

29:20

transactions out like out of band directly

29:22

to miners, would that get around this

29:25

issue? Well, yeah,

29:27

except it doesn't solve

29:29

for the problem of

29:31

orphan blocks. But yeah,

29:33

that's one that definitely

29:35

increases your security substantially.

29:40

The only problem is that it kind

29:42

of sucks, right? Because you don't have

29:44

a free mempool anymore. And

29:46

it's not the ideal solution.

29:54

There's definitely like services out there like slipstream,

29:56

for example, that you could use like if

29:58

you were to just create the transaction hex

30:00

and say blue wallet and then copy that

30:03

and then put it in a slipstream instead

30:05

that and make sure you have a high

30:07

enough fee rate for it to be selected

30:09

for in the next block. Then then you

30:12

that's that's a much better, much safer thing

30:14

to do than just publishing the transaction to

30:16

the network. But then but

30:18

it's a shame solution. It

30:21

really It's

30:23

not fair. It's not like a

30:26

fair market, right? And so, in

30:28

order for us to preserve the

30:30

free market of the mempool, we

30:33

need to essentially come up with

30:35

a better one. Yeah,

30:37

that makes sense. Okay, before we get

30:39

into the solutions that you've put forward

30:41

for this, what would it mean for

30:43

mining? So, mining

30:46

is a little different. It

30:52

depends on like I

30:54

haven't seen a lot

30:56

of academic literature on

30:58

how like shot 256

31:01

and in particular how

31:03

the how actually like

31:05

like Bitcoin mining based

31:07

on the difficulty right

31:10

is Could potentially be

31:12

compromised by a quantum

31:14

computer. We believe it

31:16

can be I

31:19

just, I'm not aware of the exact algorithm

31:21

that you would use other than just that

31:24

it would probably be based on Grover's algorithm.

31:26

It would be using Grover's algorithm, but it

31:28

would be an implementation of it that was

31:31

specific for the purpose of Bitcoin mining. And

31:33

when you say compromise, does that mean

31:35

that the quantum computers will be able to

31:38

outcompete the ASICs that we have right

31:40

now, or is it something different? I've

31:43

heard some people say, they

31:46

might, I've heard some people say

31:48

like they might substantially, they might

31:50

just be competitive. It's

31:53

hard to say. Like,

31:56

if there might be like kind

31:58

of a middle ground where they're

32:00

very good, but like, you know,

32:03

like one quantum computer that costs

32:05

a million dollars could replace, you

32:08

know, 10 ,000 ASX, right? Like

32:10

then, you know, like work. We're

32:12

still in good shape because then

32:15

everybody was just updated to quantum

32:17

miners. Okay. So you've

32:19

proposed BIP 360. Do

32:22

you want to explain what that

32:24

is? Yeah. So BIP 360, Bitcoin

32:26

Improvement Proposal, there are

32:28

gaps in between them. By the way,

32:31

I can't say it's the 360th one.

32:33

It's just BIP 360. That's what it's

32:36

called. It

32:39

is specifying a

32:41

new address format

32:43

call or what

32:45

they call output

32:47

type actually is

32:49

the technical term

32:51

for it is

32:53

that starts with

32:55

BC1R and it

32:57

will essentially be

32:59

a hash of

33:01

a public key

33:03

that comes from

33:06

a post

33:08

-quantum cartography signature algorithm.

33:11

And so post -quantum cartography or

33:13

PQC allows you to, basically, the

33:17

way it works is it

33:19

presents, it's just the whole

33:21

idea behind post -quantum cartography

33:23

is just to make it

33:26

substantially harder for a signature

33:28

or public key to, for

33:31

quantum computer to do anything useful

33:33

over it, essentially. And

33:36

also, to be clear, hash

33:39

algorithms are much harder for

33:42

quantum computers to work over

33:44

than signature algorithms. And

33:47

so Grover's algorithm, as

33:49

I mentioned earlier, works

33:51

over hashes. It scales

33:53

in a way that

33:55

is not as efficient.

34:03

public key elliptic curve cryptography.

34:06

Okay, so like the one of

34:08

the big benefits with elliptic curve

34:10

cryptography and Schnur signatures is that

34:12

they're very old algorithms that we

34:14

we've seen like tested for a

34:16

very long time. Are these post

34:18

quantum algorithms new? Yeah,

34:21

so one thing is, uh,

34:23

well, yes or no. So

34:26

for example, the psychp256k1 was

34:28

specified. in

34:30

2000 and we've had it for

34:33

25 years now and it's worked

34:35

pretty well so far. There

34:40

are a couple, like

34:42

post quantum algorithms that use

34:45

hashes, they're hash based, post

34:47

quantum cartography, signature algorithms. There

34:50

are a couple that are even

34:52

older than that though. One is

34:54

from 1977, Leslie Lampert came up

34:56

with the Lampert signature. Uh,

34:59

that uses hashes. It's very,

35:01

uh, large, uh, signature

35:03

size and public key size. Uh,

35:06

total would be like 80 kilobytes.

35:09

Um, but they are known to be secure

35:11

and those have been around for a very

35:13

long time. Similarly, uh,

35:15

there's also another, uh, there's also

35:17

another one called Widternits OTS, one

35:19

time signature that, uh, came out

35:22

a few years after that in

35:24

the 80s and, uh, that also.

35:26

is slightly smaller, but has its

35:28

own limitations. In

35:30

fact, one of the limitations is that if

35:32

you were to ever reuse it, people could

35:34

come up with a private key for it.

35:36

So that's why it's called a one -time

35:38

signature. So anyway, things like that. And

35:40

this might be a stupid question, but how do we

35:43

actually know they're quantum secure? So

35:45

it's their belief to be

35:47

quantum secure. Their belief to

35:49

be hard problems for quantum

35:52

computers to solve. For

35:54

example, if it uses a hash algorithm,

35:57

we know that hash algorithms

35:59

are difficult for quantum computers

36:02

to solve, and that they're

36:04

more difficult than elliptic curve

36:06

cryptography or factoring large numbers

36:09

like RSA or an ECC.

36:12

The hash algorithms are

36:14

kind of like a

36:16

level above, like quite

36:18

a bit harder. for

36:20

quantum computers to solve,

36:22

but they're not impossible.

36:25

And so there's also been

36:27

work put towards what's called

36:29

lattice cryptography. And

36:32

that is essentially

36:34

doing signatures in

36:36

higher dimensions. And

36:39

so we believe that by

36:41

increasing the dimensionality of the

36:44

problem, we can make it

36:46

more difficult for quantum computers

36:48

to parallelize. This

36:50

episode is also brought to you by Ledger.

36:53

If you're serious about protecting your Bitcoin, Ledger

36:55

has the solution you need. Their

36:57

hardware wallets give you complete control over your

36:59

private keys, ensuring that your Bitcoin stays safe

37:02

from hacks, phishing, and malware. With Ledger's easy

37:04

-to -use devices and the Ledger Live app,

37:06

managing your Bitcoin has never been more convenient.

37:09

Whether you're a long -time holder or new to the world

37:11

of Bitcoin, Ledger makes it simple to

37:13

keep your assets protected. If you

37:16

want to find out more, visit ledger.com

37:18

and secure your Bitcoin today. that's L

37:20

-E -D -G -E -R dot com.

37:22

This episode is brought to you by

37:24

CASA, the leading Bitcoin self -custody solution.

37:27

I've been using CASA since 2019 and I

37:29

can't recommend them enough. CASA have

37:31

options for all Bitcoiners from a two of

37:33

three multi -sig to a three of five

37:35

and a private client option for absolute best

37:37

in class security. CASA also

37:39

do inheritance which I very recently set up

37:42

and it really couldn't be easier. My inheritance

37:44

plan has gone from a vague treasure map

37:46

for my wife to a rock solid security

37:48

plan that I have total confidence in. To

37:50

find out more about CASA, go to CASA

37:53

.IO, which is C -A -S -A .IO.

37:56

Okay, and we're getting to exactly what

37:58

this means for Bitcoin, but if we

38:00

were to implement something like this, is

38:02

it a like one time thing that

38:05

fixes it forever or is this going

38:07

to be like an ongoing thing? Well...

38:12

If we had the perfect algorithm

38:14

like Matt Cruella wanted on the

38:16

Bitcoin Dev Smelling List, then

38:18

of course, we'd just upgrade to that

38:21

and that would be fine. But unfortunately,

38:23

we don't have that. We're not anywhere

38:25

near that. We need like a good

38:28

10 or 20 more years of post

38:30

-chronography research to get us like the

38:32

perfect thing. And so

38:35

that's why in Bit360, we actually

38:37

specify three different algorithms because we

38:39

don't know which

38:42

of them will ever

38:44

prove to be, uh,

38:47

unreliable. And, uh, so, so like

38:49

if one breaks or two breaks,

38:52

you at least have a third,

38:54

right? And so it, uh, it's,

38:57

um, it really is just like the best

38:59

of what we have now. And

39:02

it's, uh, essentially

39:05

like, like 5360, it's not perfect,

39:07

but it's the best of what

39:09

we have. And it's it's

39:11

the best solution we have now. And

39:13

so I just want this out there

39:16

and us to have the software for

39:18

it. We're actually going to build it.

39:21

And we're hoping we're hoping

39:23

actually to have a working

39:25

implementation by the end of

39:27

the year. The intention ultimately

39:29

is that we're not scrambling.

39:31

We're not like we have

39:33

like, you know, look like

39:36

if there is a every

39:38

Q day, right? Like. There's

39:40

a, like we come to

39:42

realize that Bitcoin has been

39:44

compromised by quantum computers. Then

39:47

if we ever see that,

39:49

if that ever occurs, then

39:51

we have a way to

39:53

potentially mitigate against that. And

39:56

so this is good for

39:58

Q -Day. This is also

40:00

good for also if we

40:02

just get a general sense

40:04

that, you know, like this

40:06

is where quantum computers are

40:08

going and there's a growing

40:10

consensus that quantum computers could

40:12

be a very real concern

40:15

more than just like an

40:17

8 -bit experimental quasi -particle,

40:19

you know, setup, right? Like,

40:21

if Microsoft suddenly has, you

40:23

know, 1 ,000 or 2

40:25

,000 myron -affirmion qubits, right,

40:27

topological qubits, then, like, that

40:29

would be like, okay, guys,

40:32

like... might need to think

40:34

a little bit more seriously

40:36

about this. Yeah, exactly. So

40:39

in terms of your goal for this,

40:41

in the ideal scenario, is it that

40:44

we wait 10, 20 years, however long

40:46

it needs to find the perfect quantum

40:48

resistant algorithm? Or

40:51

do you think we need to move forward

40:53

with 360 sooner than that? What

40:55

I guess the question is, is this you

40:57

trying to open the conversation and start something

40:59

happening rather than you thinking this is the

41:01

right solution? Well, I

41:04

mean, I think this is the

41:06

right solution for right now if

41:08

we're ever needed. It's just like

41:10

it really is like anyone's guess

41:13

whether we have 10 or 20

41:15

or maybe it's a complete boondobble,

41:17

right? Maybe it's a complete like

41:20

Who knows what like it's you

41:22

know, it's We really just don't

41:24

know and the fact that we

41:26

don't know is essentially a source

41:29

of fear and I think One

41:31

of the best ways to hand

41:33

like address that fear is to

41:36

have a solution waiting in the

41:38

wings and like, you know, basically

41:40

ready to go if we ever

41:42

need it and. Like

41:46

is has actual real code and

41:48

a real spec and real implement,

41:50

you know, just like and is

41:53

able to see how it works.

41:55

We're able to see, you know.

41:58

And if there's any impact

42:00

on block verification time, right?

42:03

Or how a node

42:05

scales through regular usage,

42:08

if there's like things like that. I

42:10

want to see that scaled on test.

42:12

I want to run this on a

42:14

testnet and see how this actually works

42:16

with real money, yeah. And so what

42:18

are the effects on Bitcoin from this

42:20

upgrade? Is it that keys are way

42:22

bigger and blocks take longer to validate?

42:26

Yeah, so blocks are bigger

42:28

to validate and they are

42:31

also can potentially in certain

42:33

configurations of the signature algorithms

42:35

take a good amount time

42:38

longer to verify. Maybe

42:40

not. Actually, it's I wouldn't say

42:42

good amount. It's actually like roughly

42:45

equivalent, but like it's it's it

42:47

would be something like two to

42:49

four times slower, which is not

42:52

terrible compared to like, you know,

42:55

One signature algorithm we evaluated

42:57

actually made things 15 ,000

42:59

times slower. And

43:02

the reason why we evaluated it

43:04

was because it produced substantially shorter,

43:06

like smaller public keys and signature

43:08

sizes to the point where like

43:10

we might not even need to

43:13

like do anything special about, say,

43:15

increasing a discount or increasing a

43:17

block size, right? But

43:20

the problem is... the the block like if

43:22

a block took a second to verify normally

43:25

it would take four hours to verify if

43:27

it was full of that kind of signature

43:29

algorithm so like things like that like you

43:31

aren't completely obvious at first and and then

43:34

you just sort of like dig into it

43:36

a little bit more and you're like oh

43:38

no this actually won't work and so uh

43:40

things like that i want to kind of

43:43

like i want to make sure there there

43:45

aren't any obvious pitfalls and that's why i

43:47

want to actually just write the code and

43:50

then get it out there and see how

43:52

it works. And

43:54

then we'll have a better idea

43:56

of like if this is, you

43:58

know, a good design or not. And

44:01

if it is, then we'll have potentially

44:03

like a solution. And for those who

44:06

are, you know, concerned or fear mongering

44:08

or saying Bitcoin is going to die

44:10

due to quantum computers, well, we can

44:12

just point that to vid 360 and

44:15

say, well, no, we have a plan.

44:18

You mentioned block size there. Do you have an

44:21

idea of what this will do to block sizes?

44:24

Well, so that's, and just to

44:27

be clear, bit 360 is a soft

44:29

fork. So it's not like a wholesale

44:31

increase in block size. It is essentially

44:33

adding a new field to the transaction

44:35

similar to the witness. We call it

44:37

an attestation. It's just a synonym for

44:39

a witness, but it's a different, it

44:42

has different rules. And so we

44:44

just need a different name for

44:46

it. And so Yeah,

44:50

the attestation,

44:53

yeah, if you stuff it full of like,

44:55

so it depends. It depends. Like,

44:58

so first of all, the

45:00

attestation is a much stricter

45:03

rule set, only valid public

45:05

and public keys and signatures,

45:08

only valid public key and

45:10

signatures can go into the

45:12

attestation, so they have to

45:14

sign for the transaction. And

45:17

then also they have to

45:20

be committed to in advance.

45:22

And although you can do

45:24

like a threshold signature and

45:27

you can like kind of

45:29

like put a hash there

45:31

instead and you will always

45:34

still need to provide a

45:36

valid public gain signature. And

45:38

so that's that that really

45:41

just dramatically reduces the amount

45:43

of shenanigans that can be

45:45

had with a attestation versus

45:48

like a witness. And so

45:50

there's that. And if we

45:52

were to provide, say, a

45:55

16x discount versus the 4x

45:57

discount that Segwit provided, in

46:01

the software we call it

46:03

Qubit with a capital B,

46:05

a Qubit discount of 16x

46:07

would result in worst case

46:09

scenarios, 16 megabyte blocks. uh,

46:12

when they're serialized on disk,

46:14

they're not, you know, like

46:16

it's not raising the one

46:18

million, uh, um,

46:22

the one million V byte,

46:24

right? Like, like, uh, uh,

46:28

cap. It's, it's just, uh, um,

46:31

it's just fudging the math

46:33

on how we account for

46:36

the, um, the size

46:38

of the block, the weight of the

46:40

block, what they call, with these terminology

46:43

that they came up with in the

46:45

Segwit days that we've been wrestling with

46:47

ever since. But

46:50

yeah, if we just like quadruple

46:52

that discount, then that should be

46:54

relatively sufficient for us to maintain

46:57

roughly the same amount of throughput.

46:59

It might be a little reduced

47:01

if every transaction is a post

47:03

-quantum -retail transaction. it'll

47:07

be somewhere between uh so like

47:09

also one thing to understand is

47:12

that because we're providing three different

47:14

signature algorithms we can also uh

47:16

like users will choose how many

47:19

they want to put on their

47:21

uh transaction or their address really

47:23

to encumber their address with it's

47:26

almost like it's almost like a

47:28

multi -sig but for in a

47:30

quantum perspective and so like You're

47:33

having like, you're basically tripling, you

47:36

could potentially triple the number

47:38

of signatures you put on

47:40

ordinary transaction. If you

47:43

were, like using all

47:45

three different algorithms, if you

47:47

were particularly paranoid about, you

47:50

know, when you want to go

47:52

spend these coins. So like, if

47:54

you are cracking or Binance

47:57

or Bitfinex or Coinbase, or

47:59

micro strategy, right? Like if you're one of these

48:01

big institutional players with a large amount of coins

48:04

that you want to secure, then

48:06

you'd probably want to increase

48:08

the number of signatures you

48:10

include in your transaction. And

48:13

so that would be

48:15

something like no more

48:17

than 20x, larger if

48:20

you use all three.

48:22

So it's somewhere between two and 20, depending

48:25

on like how badly you want to secure

48:27

your coins, like how how

48:29

much value you want to secure. And

48:32

in a way that also leads to kind

48:34

of like an MEV kind of behavior and

48:36

that like some of the really high value

48:38

transactions will pay more, not only in fee

48:40

rate, but also in for these signatures. And

48:43

also in that way, it kind

48:46

of also addresses the security budget

48:48

concern because, you know, like some

48:50

people have proposed reducing the block

48:52

size and I'm like, well, why

48:54

not just make transactions bigger? So

48:58

just to try and put that into layman

49:00

terms so I understand, does that mean that

49:02

instead of having whatever we have now, 4

49:04

,000 transactions in the block, it might be

49:06

1 ,000 transactions in the block? Yeah,

49:09

maybe more like 3

49:11

,000, one to 3

49:13

,000, still in the

49:15

thousands. Okay,

49:18

so it's not the biggest reduction in the

49:20

world. So what have

49:22

the general reception of this been

49:24

like in dev circles? Well,

49:30

um, the developers. So

49:33

it's definitely like, um,

49:36

like pretty much every core

49:38

dev I've talked to or

49:40

anybody who's like a long

49:42

standing, uh, uh, like

49:45

contributor to Bitcoin is

49:48

just entirely skeptical that

49:50

like, you know, we're

49:53

going to see any, we have any concern.

49:55

And. Like

49:58

Peter Woolley, right? He

50:00

was the one who, actually,

50:03

can you help me with the pronunciation of his

50:05

name? You know, you would know. Well, I thought

50:07

it was Peter Woolley, yeah. I

50:09

think you got it. Well, okay,

50:11

great. So, awesome. Well,

50:14

if I'm getting that from a European,

50:16

then actually not European. You're Australian. That's

50:18

different. Well, I'm English, but I live

50:20

in Australia. Oh, okay,

50:23

cool. Yeah. yeah, I thought was

50:25

Peter Woolley. Okay, will it

50:27

okay. So Peter will it

50:29

He's he's the guy who

50:31

who basically for those who

50:33

don't know he implemented taproot

50:35

Really just kind of like

50:37

pushed it through along with

50:39

Jeremy Rubin, but and his

50:41

contributions to that but He

50:43

and he was also one

50:45

of the contributors or like

50:47

kind of like he's the

50:49

lead maintainer of the secp

50:51

256k one implementation used by

50:53

Bitcoin And legendary

50:56

dev. Oh, yeah. Amazing

50:59

guy. Uh, like legendary

51:01

dev. Exactly. Oh, gee. Uh,

51:04

very talented and he's answered so many

51:06

questions. I've, I've asked them like Bitcoin

51:08

said exchange him and merge, right? Legends,

51:11

right? Um, so

51:14

Peter will, uh, he's, uh,

51:16

um. He's

51:18

he, he acknowledges like this is

51:20

a potential threat model. But he

51:22

also is still skeptical that it

51:24

will ever happen. And

51:27

he also has recommended

51:30

that we potentially confiscate

51:32

vulnerable coins because it

51:35

could definitely... According to

51:37

him, he says that

51:39

it would... Of course,

51:42

we have to do

51:44

this. And I'm like,

51:46

wait, of course not. I don't think so.

51:48

I don't think, of course, we need to

51:51

confiscate all the vulnerable coins. You know, it's,

51:53

it's, it's a, that's a

51:55

different line of discussion altogether. But

51:57

I think that's a really interesting line of

52:00

discussion. So I very briefly spoke about the

52:02

quantum stuff with Alex Leachman when he was

52:04

on the show. And one of the things

52:06

he brought up was this idea that in

52:08

like a post quantum world, all those old

52:11

coins that are vulnerable, like Stochie's coins being

52:13

a perfect example, like they've never moved. We

52:15

assume they're never going to move. And in

52:17

a post quantum world, something has to happen

52:19

with them either. Satoshi moves them, which

52:22

I don't think is likely, they

52:24

get confiscated, like you say,

52:26

or they get stolen. And

52:29

I feel like there's a kind of

52:31

an analogy to the Ethereum Dow hack,

52:33

where it's like, it's a very kind

52:35

of critical moment where we have to

52:37

be really careful about what we do.

52:39

And I don't think confiscation is a

52:41

viable solution at all. Yeah,

52:43

I think it's a terrible idea, in

52:45

my opinion, that's like kind of breaking

52:48

one of the original promises of freedom

52:50

of money, right? like censorship resistance. And

52:53

so there's that.

52:56

There's also like, you know, the,

53:00

there is one potential compromise

53:02

I've heard that, you know,

53:04

might like be a good

53:07

like, you know, middle

53:10

ground between the confiscators

53:13

and the liquidators, right?

53:15

And that is to

53:17

restrict the spending of

53:20

pay to public key addresses To

53:23

one per block and so even

53:25

if quantum computers are going at

53:27

it at that point Like before

53:30

before Qt a Like one per

53:32

block like we hardly ever see

53:34

him anyway So like you'll be

53:37

able to get it through just

53:39

fine after Qt a it'll be

53:41

a free -for -all and instead

53:43

of like, you know, they're being

53:46

like, you know a bunch of

53:48

like transactions

53:51

going into a block, it going

53:53

straight to Coinbase and it's like

53:55

a sudden exit rush of liquidity,

53:58

right? Instead of doing that,

54:01

we could just like kind

54:03

of throttle that bandwidth down

54:05

and to like just, according

54:08

to consensus rules, miners can

54:10

only include in a valid

54:12

block one paid to public

54:15

key spend. spend transaction. And

54:17

so if they were to

54:19

do that, then

54:21

they would smooth

54:24

out basically that

54:27

potential exit. And

54:30

there's like about 34 ,000

54:32

paid to public keys. And

54:35

so it would take like basically, it

54:37

would lengthen it over the course of

54:40

a year or so, because there's about

54:42

50 ,000 blocks in a year. So

54:44

you're saying that the general pushback from

54:46

the dev community is that this is

54:49

just not important. And this is something

54:51

you hear a lot in Bitcoin. A

54:54

lot of Bitcoiners just assume that this isn't

54:56

a real threat. We don't have to worry

54:58

about it. I hope they're right. In many

55:00

ways, I hope they're right. Well, I hope

55:02

they're right, too. But what

55:04

is it that you're seeing that makes

55:06

you think they're not right? Well,

55:09

just that. OK. Yeah. So that was

55:11

a great question. So there are... know,

55:14

multiple billions of dollars being

55:16

poured into these programs, these

55:20

quantum computing programs,

55:22

there are companies

55:24

like Microsoft, Amazon,

55:26

Intel, Google, IBM,

55:31

they all have big quantum computing

55:34

programs, very well funded. Uh, they

55:36

also have, uh, there's also like

55:38

small startups like SideQuantum, Rigeti, INQ

55:40

that are also looking into this.

55:43

And then, uh, there's also defense

55:45

contractors like Honeywell and Raytheon. And,

55:47

uh, there's also a, uh, company

55:49

the U .S. has. It's a

55:52

really interesting company. It's called Incutel.

55:54

It's apparently a, uh, yeah.

55:57

So, uh, they, they,

56:00

so we have no idea also just

56:02

to be clear. if somebody even has

56:05

a good enough quantum computer because there

56:07

have been some real, some real spooks,

56:09

you know, like going at this for

56:11

even a longer time than even private

56:14

industry has been. Interesting.

56:16

So can we put our tinfoil hat on for

56:18

a second? Because one of the questions that I

56:20

have is that like, Bitcoin is

56:23

obviously one part of this, but if

56:25

all encryption breaks, there's no secrets anywhere,

56:27

right? And so if

56:29

we, if like, All government secrets

56:31

were now out in the open.

56:33

That's obviously a mask off moment

56:35

in a way that we can't

56:37

even imagine. If we use

56:40

the like they, I don't know who they are,

56:42

but do you think they will let quantum computing

56:44

get to that point? Oh,

56:46

yeah. I mean, like, it's

56:49

arguable that they already have that

56:51

capability and they're just like kind

56:53

of, you know, like,

56:57

uh, churning through records in their

56:59

Utah facility already, right? Like that

57:01

could be the case. Um, there's

57:04

also, uh, like, like, I'm not,

57:06

I'm not sure I understand your

57:08

question. Like you're saying, like, like,

57:10

will the authorities Like, do the

57:12

three -letter agencies let this happen

57:15

because then all their secrets are

57:17

out? Okay. So, the federal government

57:19

has a, uh, guideline for this.

57:21

It's called the CNSA 2 .0.

57:24

And... It's basically

57:26

there like roadmap for how

57:28

we handle the potential threat

57:30

of quantum computers. And

57:33

they're basically saying that we need

57:35

to stop using elliptic curve photography

57:37

in new systems by the year

57:39

2030. That's only five years away.

57:42

And by the year 2035, we

57:44

need to have completely sunset our

57:46

use of elliptic curve photography in

57:48

government systems. So they're preparing for

57:51

this? They are preparing for

57:53

this. So like there's on one side,

57:55

there's like billions of dollars being spent

57:57

in private industry. On the other side,

57:59

the government is appears to have some

58:01

concerns and they're doing stuff. And so

58:04

like, I'm just like, well,

58:06

what is Bitcoin going to do? Because

58:08

like, it's not like we can just

58:10

roll back the ledger, you know, like,

58:12

like, I mean, I guess we could,

58:14

but that would fucking suck. And also

58:16

just to be clear, also, Ethereum, which

58:18

is a lot more centralized governance than

58:20

than Bitcoin has and regularly hard forks.

58:23

They had this big

58:25

hack and they were

58:27

not able to get

58:30

their governance structure in

58:32

a way that would

58:34

reverse that flow. And

58:36

it's arguable that they

58:39

couldn't have because now

58:41

there's like tether. And

58:43

you talking about the Bybit hack here? Yeah,

58:45

the Bybit hack, exactly. And they moved it

58:47

all into tether. And so

58:50

like the tether bridge isn't going

58:52

to want to like read readjust,

58:54

you know, and so, like, there's

58:56

like, there's a limited amount of

58:58

time that you could roll by

59:00

rollback a chain as significant economic

59:02

activity occurs on it. And at

59:04

which point, like, you know, it

59:06

might just be too late when

59:08

we realize that, you know, there

59:10

has been a a hack that

59:12

can be somehow attributed to being

59:14

a due to a quantum computer,

59:16

even though that's very difficult to

59:18

prove. So What's

59:20

your goal with this now? Because

59:23

if the devs aren't really on board with this,

59:25

is it now just an education thing for you

59:27

where you need to get out and explain what

59:29

you're doing and why you're doing it? That's

59:33

essentially one of the things

59:35

I'm doing. Yeah, I'm going

59:38

out to different conferences and

59:40

advocating for this bit and

59:42

trying to establish support and

59:45

consensus in addition to Actually

59:48

implementing it and so I I

59:50

hope that this is like taking

59:52

seriously as a potential solution and

59:54

Maybe there are better ones. I'd

59:56

like to see people work on

59:59

better ones because you know like

1:00:01

I mean I've I I've only

1:00:03

been working in Bitcoin full -time

1:00:05

for four years So I have

1:00:08

you know my limitations and my

1:00:10

understandings of Bitcoin even still like

1:00:12

you could work on Bitcoin for

1:00:14

10 years and you could still

1:00:16

there are still things you could

1:00:19

probably not know about it. And

1:00:21

so it's, yeah, like it's, there's

1:00:23

a joke that like people will

1:00:25

start with Bitcoin before going into

1:00:27

other cryptocurrencies to learn about them.

1:00:30

And then they just never stop

1:00:32

learning about Bitcoin because there's too

1:00:34

much to know. The

1:00:37

interesting thing here is down to like consensus,

1:00:39

right? Like we know that with things like

1:00:42

CTV, which I would love to see in

1:00:44

Bitcoin. That's like getting that

1:00:46

implemented is going to be hard

1:00:48

because it's not urgent. What

1:00:51

do you think? Like if this gets

1:00:53

to a point where it does become urgent, do you

1:00:55

think there's going to be it's going to be easy

1:00:57

to gain consensus? Or do you think that's still going

1:00:59

to be a big push? It

1:01:02

should always be a big push,

1:01:04

right? Like it always should be

1:01:06

a minor mental undertaking to ever

1:01:08

want to change Bitcoin. I

1:01:11

am very much in the Asafires camp

1:01:13

just because like this is a one

1:01:15

to two trillion dollar asset class, you

1:01:18

know, like I would hate to break

1:01:20

it. We have to be

1:01:22

very rigorous and make a very

1:01:24

good case, a very well -reasoned

1:01:26

obvious case for it to be

1:01:28

a no -brainer to upgrade to

1:01:30

it, right? Otherwise,

1:01:33

it would compromise the

1:01:35

very reason why we're

1:01:37

here, right? So...

1:01:41

I mean, as much as I love Jeremy

1:01:43

Moirvan's work in CTV and as cool as

1:01:45

that is and CSFS, I hope that part

1:01:47

of me is like, I hope we get

1:01:49

that because that looks really cool. But then

1:01:51

the other part of me is like, well,

1:01:53

but also there's like $2 trillion that we're

1:01:55

securing here. And so we also need to

1:01:57

be really careful. That's interesting to

1:01:59

hear you say you're in the ossifier camp because

1:02:01

I would have assumed with the work that you're

1:02:03

doing, you'd be like a strong push for these

1:02:05

new upgrades. I mean,

1:02:07

I understand them very well.

1:02:09

I've worked very closely with

1:02:11

a lot of people who

1:02:14

are in that field, and

1:02:16

it would be very cool

1:02:18

if we have that. And

1:02:23

I wouldn't say I'm a complete

1:02:25

100 % ossifier. In fact, a

1:02:28

lot of people who call themselves

1:02:30

ossifiers probably would make an exception

1:02:32

if Bitcoin or security were completely

1:02:35

compromised, right? Definitely. It

1:02:37

has to be a very good

1:02:39

reason for us to upgrade, in

1:02:42

my opinion. The

1:02:44

kind of argument, of course, is

1:02:47

that Bitcoin could be a $10

1:02:49

trillion asset class only if we

1:02:51

had confidence, something like that. I'd

1:02:53

be like, well, maybe that could

1:02:55

also be the case for quantum

1:02:57

resistance. Maybe that's what's holding us

1:03:00

back. It's

1:03:04

really hard to say. It's hard to

1:03:06

predict the future. There's a lot of

1:03:08

unknowns and like the work we're doing

1:03:10

is to de -risk that. I

1:03:13

don't know if like CTV or

1:03:15

CSFS can be de -risked more

1:03:18

than they already have been just

1:03:20

because they've been around for so

1:03:22

long. Whereas Bit360 has only

1:03:24

been around for like maybe at most, if

1:03:26

I'm being generous, like at most maybe about

1:03:28

a year. And so

1:03:31

it definitely needs some more

1:03:33

time in the oven needs

1:03:35

more tweaks needs more like

1:03:37

just love and hopefully, you

1:03:39

know, we'll follow its evolution.

1:03:42

But yeah, that's we're working

1:03:44

hard on it. And hopefully

1:03:46

we'll have a good solution

1:03:48

for if there if it

1:03:50

ever is needed, like it

1:03:52

and you know, I mean,

1:03:55

I'm a Bitcoiner, first and foremost,

1:03:57

I'm not like, you know, fully

1:03:59

invested in this quantum thing. And

1:04:01

so, like, you know, I would

1:04:04

be perfectly happy if quantum computers

1:04:06

were just like this fool's errand,

1:04:08

and like, or, or, or,

1:04:11

or maybe they can solve,

1:04:13

you know, the things they

1:04:15

want to solve with them,

1:04:17

like, simulating fusion power, or

1:04:19

like, coming up with enzymes

1:04:21

for forever chemical, forever chemicals,

1:04:24

right? Like that would be pretty cool.

1:04:26

if they could do that without also

1:04:28

breaking Bitcoin. But that's a big if.

1:04:32

Yeah, it's really hard for me to

1:04:34

say where I stand on Bit360 because

1:04:36

I don't understand how imminent the threat

1:04:38

of quantum computers are. But

1:04:41

if it is real and if it does turn

1:04:43

into something, then I'm very glad that this conversation

1:04:45

is starting. I guess that's where I'd be. I'm

1:04:47

glad the conversation is happening, but there's obvious trade

1:04:49

-offs to Bitcoin that Unless this is a very

1:04:52

real, very imminent threat, I wouldn't be interested in.

1:04:54

Does that make sense? Oh,

1:04:56

yeah. Without a doubt. Without a doubt.

1:04:58

Yeah. I mean, like, it's, uh, it's

1:05:01

just like, uh,

1:05:03

it really is the kind of thing where, like,

1:05:05

I just want people to have in their back

1:05:07

of their minds as they're reading these FUD articles,

1:05:09

you know, coming out that, like, oh, Bitcoin's going

1:05:12

to die because now we have my arena fermions.

1:05:15

Um, like, you

1:05:17

know... Hopefully, the fact

1:05:19

that Bitpli60 exists keeps people

1:05:21

from running away from Bitcoin.

1:05:24

Yeah. Yeah, that's fair. So

1:05:27

you said in the dev community, it's kind

1:05:29

of been a bit nonchalant in terms of

1:05:31

the response to this. Outside of the dev

1:05:33

community, what has the response been? Are you

1:05:35

an attack on Bitcoin yet? Actually,

1:05:38

you know, it's so funny is

1:05:40

that although I have been called

1:05:43

an attack on Bitcoin, Whenever

1:05:46

I'm doing an in -person event, like

1:05:49

what we just had, we

1:05:52

handed out a bunch of hats. It was really

1:05:54

cool. Bit360 hats.

1:05:57

And we're going to be doing

1:05:59

a bit devs dedicated to Bit360

1:06:01

on 3 .6. At

1:06:03

least in North America, we call it

1:06:05

March 6. On 6 .3. Nope,

1:06:09

different bit. Uh, yeah. So,

1:06:12

uh, no, uh, 5360 day

1:06:14

is, uh, uh, that's,

1:06:16

that's, yeah, that's, um, uh,

1:06:19

we're, we're doing a bit of that. And then, uh,

1:06:22

uh, but regardless, even the events that

1:06:24

we had last, last week were, uh,

1:06:27

uh, people would come up to me and just thank

1:06:29

me for the work that I'm doing because, you

1:06:31

know, it is a concern that a lot

1:06:34

of clubs have, you know, like it's just

1:06:36

a lot of people who aren't devs who

1:06:38

are. are like just trying to make their

1:06:40

way into stacking sats, you

1:06:42

know, and fiat mining, right?

1:06:44

Like ordinary Bitcoiners, you know,

1:06:46

like, if there's, if that's

1:06:48

even a real term, right?

1:06:50

Or like, Bitcoiners are ordinary.

1:06:52

But, but that said, Bitcoiners,

1:06:54

right? In general, are usually

1:06:56

very grateful for the fact

1:06:59

that I'm at least giving

1:07:01

this potential concern. The

1:07:05

time that it needs to for us to

1:07:07

really fully understand and potentially mitigate or do

1:07:10

up mitigations against it. Yeah,

1:07:12

it's very cool. I mean, I'm definitely glad the work is

1:07:14

happening. I hope we never have to use your work, but

1:07:16

it looks like maybe we will. So

1:07:18

these events, have these been a

1:07:20

space Denver? Yeah.

1:07:23

How's that going? Oh,

1:07:25

it's so great. We have like, I

1:07:28

think 78 members now. And

1:07:30

next month is when in

1:07:32

April is when be

1:07:35

kind of like our one year

1:07:37

mark when we first started collecting

1:07:39

dues from members. We didn't

1:07:41

have a space back then. And

1:07:44

so we just kind of built a bit of

1:07:46

a war chest. And then we

1:07:48

got a space and then we sometimes hold

1:07:50

Bitcoin events. We're very picky about what kind

1:07:52

of events we hold. Heatpunk was

1:07:55

one of them that was very well at

1:07:57

Peter Todd and Troy Kross come to that.

1:07:59

And that was only about a week ago

1:08:01

now. And that was

1:08:04

Yeah, no, like all those events were just so

1:08:06

cool. And it's just

1:08:08

going really well. And so

1:08:11

what's interesting is that when

1:08:13

we first started the space,

1:08:15

we offered discounts to new

1:08:17

members because we didn't have

1:08:20

a space yet. And those

1:08:22

discounts will expire next month.

1:08:25

And so after next month, When those

1:08:27

dudes come come do and and all

1:08:29

the members of spacemen were all real

1:08:31

close friends. I don't think I don't

1:08:33

think anybody's gonna wash out just because

1:08:35

we raised the prices a little bit.

1:08:38

Then you know, I

1:08:41

think we will be set

1:08:43

financially for like being a

1:08:45

a sustainable co -op of

1:08:47

bitcoiners in Denver with an

1:08:49

actual place to hold events

1:08:51

and meet and work. That's

1:08:54

amazing. So this is like Denver's equivalent of Bitcoin

1:08:56

Park or the Commons or whatever. I think these

1:08:58

third spaces are so important for Bitcoin. I love

1:09:00

to see it. I'll definitely try and get out

1:09:02

to Denver some point this year. It

1:09:05

would be really cool if you did. And

1:09:07

then maybe we can do another one of these in

1:09:09

person. Yeah, for sure. Hopefully

1:09:11

the quantum threat is not anymore severe then.

1:09:14

But Hunter Beast, I appreciate the time. It's

1:09:16

been good. I've definitely learned some stuff about

1:09:18

quantum. So it's been great. Is

1:09:20

there anything you want to do and want to say before we

1:09:22

close out? Oh, just go

1:09:25

to surmount .systems. There we

1:09:27

have a link for the

1:09:29

BIP and we also have

1:09:31

some donation links for the

1:09:34

foundation. It's a nonprofit. And

1:09:36

so there's a silent payment link

1:09:39

and a bolt 12 link. And

1:09:41

that's because we don't want to

1:09:43

reuse addresses. And also

1:09:45

we don't use Nostra. We do

1:09:47

have an X where we don't

1:09:49

use Nostra specifically because all Nostra

1:09:51

NPubs are public keys. So,

1:09:55

that'll be maybe another, once

1:09:57

we have everything figured out the Bitcoin side, maybe

1:09:59

we'll try to go and figure

1:10:01

out what Nostra needs to. We

1:10:04

quantum resistant and pubs. Yes.

1:10:08

Love it. Well, thank you very much for the time. Hunter. I

1:10:10

try and get out to Denver at some point this year

1:10:12

and we can do it again. All

1:10:14

right. Thank you, Denny. I appreciate it.