A (3:15)

point and working for a salary.

B (3:18)

I mean, shit, what the fuck, Matt?

A (3:21)

Yeah, clearly.

B (3:23)

Well, anyway, we appreciate, we appreciate your service to the cause. We have a couple. Well, the main topic today will be quantum, but before we get there, we have some topical things that I just wanted to cover.

A (3:36)

Yeah, let's do it.

B (3:37)

First comes first. There was a recent core bug. I guess the high level overview is if people were using legacy wallets on Bitcoin core and they tried to migrate to the new wallet, standard wallets would get wiped. This is like specifically if you have a bitcoin wallet running within Bitcoin core. What is your take there? How serious is this? I mean, I think a lot of people have been freaking out about it.

A (4:02)

Yeah, I mean, you have to. It's a very specific scenario. Right. So you have to have a really old wallet, not just a legacy wallet, but a legacy wallet that wasn't in a folder. So at some point Bitcoin core did this whole multi wallet thing where it can have multiple wallets loaded and then it moved from just having a single wallet dat file in your data directory to folders with names and then the wallet dat in those folders. So you have to have the old one. So pre multi wallet, which is very old.

B (4:33)

Like how old is that, do you think? Is that like 10 years or.

A (4:37)

No, it's not quite that old, but five years or something.

B (4:40)

Okay.

A (4:40)

It's pretty old and has to be a legacy wallet. So it has to be pre SQLite, which has been, I think, also something like five years. And then you have to do this transition. So you have to do the migration to the new wallet. Bitcoin Core Version 30 finally no longer supports legacy wallets. It can migrate them, but it doesn't support them. And then the migration has to fail for some reason. So.

B (5:02)

So it's not every migration. It's specifically

A (5:07)

a failed migration. And there's not really a lot of reasons why the migration should ever fail. The one specific reason that people ran into is if you're running a prune node and you have one of these legacy wallets and the wallet hasn't been synced with the node for a while. So like let's say you have a backup of the wallet and you're loading the wallet and it hasn't been synced for a while, such that your prune node has actually pruned the latest block that the wallet has seen. So like, let's say the wallet was last synced at block height 800,000 and the prune node only has blocks starting at 900,000, then the migration can fail. So in this case it will delete the file that you loaded in the Data directory to migrate. This is terrible. But in this specific case I described, it doesn't matter, because you had the backup, you're restoring from a backup, and your backup is still there. It won't delete your backup. It won't go searching your hard drive to delete your backup or something like that. So it's bad. And I'm glad they took it seriously and took the binary down. They took the binaries off the website until they got it fixed. But it is a really specific scenario. Uh, I don't think people need to panic about this. Excuse me. Um, and to. As far as I understand, they are not aware of anyone having actually had this problem.

B (6:31)

Um, well, no, didn't.

A (6:32)

Or losing funds. They had. They had someone who had this problem. It deleted their file, but of course, because they were restoring a backup. So.

B (6:41)

Yeah, I mean, specifically. I mean, it's very edge. There's. I mean, I think it's an interesting lesson in just how many different edge cases you kind of have to test against for these things. Right. Because that is. So it's such a small subset of. Like, how do you even test for that?

A (7:00)

Yeah, I mean, you don't. Right. This is only. The only way to protect against. This is just defensive coding. And that, you know, the code should have been structured better or should have been written better or whatever. These kind of things happen. This is why backups are important. You know, if you're dealing with large sums of money, double check what the software is doing. Don't just blindly trust it, no matter what the wallet is, whether it's Bitcoin,

B (7:19)

coin test your backups. Always good reminder for that. Right?

A (7:24)

Yeah.

B (7:26)

Okay. Well, glad we covered that, I think. I mean, look, it's. On the surface, I don't want to be dismissive of any kind of bugs, but on the surface, like, it seems, like, very scary. So I think a lot of people freaked out about it. So it's good to just cover the specifics of who it affects, how it affects it, and in terms of severity, it's not as severe as one might originally expect.

A (7:55)

Right, right.

B (7:58)

Okay, awesome. And the second piece before we get into the meat of our conversation today is you've been following along with the Clarity act going through U.S. congress. I know you've made it kind of a. I wouldn't say like a hobby project, but a little bit of a passion project for you with what you have. Like a website, save your wallets or something. Save our wallets? Or whose wallets are we saving?

A (8:21)

Saveourwallets.org, myself and a few others, honestly, mostly a few others. But we're really pushing because we need to get this to pass. I think it's really important for protecting any number of future Bitcoin L2s and current Bitcoin L2s, you know, whether it's lightning or spark or whatever, make sure that they're, they have legal cover and developers aren't risking prison time for operating these services.

B (8:47)

So specifically what's important for you is the developer protections component.

A (8:51)

Yeah. So there's a bunch of stuff in clarity in this market structure bill that's all around like how tokens are treated legally. I couldn't care less. I think most bitcoiners probably couldn't care less. You know, are NFTs a security? Who the fuck cares? It's not my problem. I mean there are important legal questions and public policy questions here, but it's not really my problem. However. However, it also includes language around protection for developers and service operators. People who are running services that power non custodial wallets. Whether that's a service to backup ancillary data, whether that's an LSP for lightning, an ARC service provider for your ARC system, whatever it is, or potentially a some kind of coordinator for a coinjoin system, those are self custodial and shouldn't be regulated as money services businesses. As the regulation designed around custodial custodial businesses, how do we, you know, those regulations are all built around banks and things that are custodians and how do we regulate custodians. And now they're trying to apply it, or in some cases trying to apply it to self custodial systems. And these ancillary services that power self custodial systems, like the Samurai case, like them going to prison over running a self custodial coordinator, they weren't actually operating a wallet.

B (10:17)

Right.

A (10:18)

Operating the end user wallets. Right. So these kinds of protections are really important not just for people trying to run privacy services, but much more important, they're important for people's ability to offer lightning. Lightning has become a bare minimum for a decent bitcoin wallet. Like I think at this point if you're launching a new bitcoin wallet and it doesn't support lightning, that's not a bitcoin wallet. That's like, okay, maybe it's a wallet purely for self custody, for long term cold storage, fine, maybe you don't have lightning support there. But anything else, if you're like a consumer focused bitcoin wallet and a mobile app, you have to have lightning support at this point. And all these things that offer lightning support, whether it's breeze, using liquid with a swap provider, whether it's spark, whether it's an actual native lightning, whether it's arc. Some of these are more custodial than others.

B (11:09)

Good example, Phoenix.

A (11:10)

Some of these are more custodial than others. But they all have these ancillary services that power the wallet, that hopefully aren't trusted, although in some cases they are trusted, but when they're not trusted, they shouldn't be a money service business. They shouldn't be regulated as if they're a custodial provider. And so it's really important that we fix the law here. And so the latest version of the market structure draft out of the Senate just dropped the other day. It looks great. We're.

B (11:36)

It was literally yesterday.

A (11:37)

I'm really happy with the language. Yeah, I think it might have been yesterday. We're really happy with the language in whatever it is. Title four, I think is the. No, wait, I'm wrong. Title six. Title six. Protecting Software Developers and Software Innovation. We're really happy with the language in title 6, section 604, blockchain regulatory certainty Act. It's great. It's gone through a few revisions that were not as good. The current version is better. And so we need to make noise, make sure the Senate hears us, make sure we get this thing passed as is, without more changes, hopefully, certainly without worse changes. Improvements always welcome. But, you know, I think we're, we're pretty happy with the language now. So.

B (12:17)

Yeah. Yeah, I mean, Elizabeth Warren, call your senator. Elizabeth Warren already filed a bunch of amendments and one of them is to remove the developer protections aspect. So, yeah, it's definitely still being fought on the Hill.

A (12:33)

It is. It is still being fought. And I think that's why it's important that people make their voice heard. If the Senate isn't aware that this is a, a priority for their constituents and not just Republicans, especially Democrats, frankly, it's more important to call your, your Democratic senator for those in, in blue states, or at least with a Democratic senator, because the statistics show that Democrats hold Bitcoin as, as much as Republicans do or people who vote blue. I, I hate referring to people as if they're defined solely by their party. The people who vote for Democrats hold Bitcoin about as much as people who vote for Republicans do. And those, and the Democratic senators often don't hear that and don't hear that these things are priorities for their constituents. They feel pressure from people on blue sky and whatever who just scream about how bitcoin is boiling the oceans and killing the babies and they, you know, these, these senators need to hear no A that's not true. But whether it's true or not, this is a priority for me and I'm not going to vote for you if you don't.

B (13:43)

And it's good for America. I mean I, it's interesting right? Like I saw the study, that study too, the most recent study that showed that basically ownership is split across party lines, at least how you vote. I think part of the reason for the perception is maybe, and I don't have stats on this but maybe the, the louder anti bitcoin contingent votes votes Democrat and so they hear that there's not that much, especially post Trump, there's not, it doesn't feel like there's that much anti bitcoin sentiment on the Republican voting side.

A (14:19)

Yeah, I think that's true and I think it's just, yeah, it's just who's loud on social media? The, the Republicans on X are pro or at least neutral bitcoin and the Democrats on blue sky are strongly anti bitcoin. But the actual average person who votes Democrat or votes Republican is equally split on bitcoin.

B (14:38)

What about I saw, I haven't gone through the draft yet. I mean who has the time for this shit? And it dropped yesterday but I saw some things that were open section. So do you, did you track, are you tracking anything that says like they, they coupled it with more stringent like surveillance stuff kyc AML stuff Like I, I saw some takes that said that part was really bad.

A (15:03)

Honestly that's possible.

B (15:04)

I, I, I because that's like classic government, right? It's like they give us developer protections and then they just fucking tighten the noose everywhere else.

A (15:12)

I only read the section on self custodial protections. I, I don't think whether this passes or not, they're going to continue to want more and more and more AML KYC on custodial, you know, exchanges and, and all these parties that are money services, business and are money transmitters. I don't think there's anything we can, we can fight that and we should fight that but I don't think we're going to win that fight. What we need to make sure is that self custodial is protected, is available, is good. So it has to not just not just exist but actually the user experience of self custodial has to be competitive with a custodial product. That's why Lightning is so important. Having the ability to receive to and pay Lightning invoice means you get instant payments and low fees. Well lower fees in a wallet. And if all of the self custodial wallets are on chain only with this 10 minute plus block time transaction confirmations take an hour and the fees are super high, no one is ever going to use a self custodial wallet. Right. So we have to have competitive user experience and that only can exist if we have legal protections in place for developers to build these ancillary services that power self custodial wallets. That's the only way we win. And so yeah, I think this is really, really critical because otherwise you know, in the United States you're going to be stuck with on chain only. Which I know some bitcoiners like to talk about how it's great but I mean you're just at that point like on Chain I like on chain but at that point you're just a masochist. You're showing off that you can like self flagellate and like whack yourself with the whip. Like I, I just, it's not.

B (16:57)

No. I love on chain's great. Lightning's great too. They have, they have their use cases.

A (17:02)

They do, they do. But for the average person who just wants to move money it's lightning or bust.

B (17:08)

Of course, of course. Like if you're like on a day to day basis. Particularly if I'm using it for like if I'm using bitcoin for like merchant processing type of situations like to buy something or whatever. Like Lightning's amazing.

A (17:22)

I mean I use solid yeah dinner, you know whatever it is.

B (17:26)

I use silent link like as my esim for my phone and just being able to just like open the browser just quickly and privately just pay a lightning invoice is, is amaz. It's just amazing UX when, when, when you nail it, it's amazing UX and we just need to on the consumer side I think we've been, it's been coming a lot more accessible but I 100% agree with you. Especially after Tornado Cash and Samurai there's been a significant chilling effect and we need explicit developer protections on all open source software and I think that will go a long way on the KYC AML piece. Look, I think it's going to be a long fight pushing back against the trend of increased financial surveillance in the name of anti money laundering, particularly with regulated entities. But we do need to make sure it's not used as an end around to go after open source developers that are not custody custodying funds. I think that's the big concern. That's like the main route that we've seen them take in the past. I mean, if you look at what Samurai pled guilty to was an unlicensed money. Unlicensed money transmitter. Right. It was basically an AML KYC charge that they ended up pleading guilty to. So I will say that on the Bitcoin Policy Institute side, I mean the freaks are aware that I'm one of the three founding board members of bpi. It's a major focus of ours. Both explicit developer protections, explicit self custody protections for end users, and then also that kycaml.

A (18:58)

Yeah, and that's in there too. Self custody is also explicitly protected in this proposed bill that came out yesterday.

B (19:04)

So also important for that reason and to the freaks that I think rightfully believe, you know, the actionable thing is to focus on tools and usage of the tools. I mean, I think it's multi pronged. I think it's important that we have tools that empower individuals. But it's also important that as Americans raising families in America, building businesses in America, that we don't have our own government throwing us in the gulags. And America should be the place where open source flourishes, where bitcoin flourishes. This is good for the country, it's good for everybody. But anyway, freaks, I just wanted to touch on it briefly because it's topical and Matt's been involved, but I will have, I'll bring someone on from the Bitcoin Policy Institute side and we'll, we'll go more in depth. This is not something that's going to happen overnight. Especially with midterms coming up. It's going to be a, probably a longer process. And the Bitcoin Policy Institute guys are throwing their office opening event today in D.C. so they're a little bit busy with that. It's an all star guest list. It's pretty impressive. Who's, who's going to be there. But we will, I'll get one of them, I'll get someone on from there from our team over there sometime soon. Okay, Matt.

A (20:10)

Hopefully we get it before the midterms. That'd be nice.

B (20:13)

Yeah, we'll see. It could be a midterm thing, you know, it could be a rally of the votes for the midterms. We'll see.

A (20:20)

Or maybe we get a lame duck, lame duck passage. That'd be nice too.

B (20:23)

I mean I, I will say on the behind the scenes, on the free samurai side, like it's. It could it. It, I think would be a big boost to the constituency, the bitcoin constituency, if Trump pardons pre midterms. So we're kind of hoping that that leverage helps us. Okay. The meat of our conversation, the reason we're having this conversation today was a back and forth we had on nostr. Yeah, it's way more productive to have it on.

A (20:57)

High bandwidth communication.

B (20:59)

You know, it feels like mainstream wise, I don't even know mainstream wise, but like social narrative wise. Like this kind of came out of nowhere and got very loud very quickly and it's dissipated a little bit with bitcoin pumping. It's funny how that works. That usually happens, but it's probably going to be a constant conversation. So I think it's important to talk about. But this is something that has been on the radar of bitcoiners for many, many years. And that's the risk of some kind of cryptographically relevant quantum computer coming in and breaking trust assumptions that bitcoin relies on. So, I mean, why don't you set the scene on what are the real concerns here in terms of quantum and how you look at it?

A (21:51)

Yeah. So, okay, so I want to start with three facts about our options and I think hopefully unambiguous facts and then we can talk about scenarios and what makes sense when deal. And I think these aren't necessarily super obvious to everyone, so I think they're important to point out. First of all, in a world where there's a quantum computer on the horizon or out there, and bitcoin, the bitcoin community that exists at the time, we can't decide this for them in advance. They will decide when this happens or if this happens. And the bitcoin community that exists at this time says, okay, no, we need to, we need to burn insecure coins. So coins that the quantum computer is going to steal. We need to burn them so that they're not available for the quantum computer to steal. It's important to point out that this does not apply to any wallet that was derived from a seed phrase. So if your wallet has a seed phrase, and this is basically every major wallet except for Bitcoin core, you can. It's a whole other discussion, I think seed phrases, Bitcoin core is in many ways right, that seed phrases are bad ux, but basically every other wallet uses seed phrases. But if you have a seed phrase, you, you can do a quantum secure ZK proof that, you know, the C phrase that derived that public key after the fact, after the fact. So if so, I mean I you know how it might happen? I don't know, maybe the coins are, are first frozen and then like there's a hard fork afterwards to restore anyone who had a seed phrases access depends on timelines, depends on availability, whatever. But this is possible that the, the stark for this exist. We know the quantum secure quantum computers cannot reverse a hash function. They get a square root speed up. So if you have 28 bit hash function that wouldn't protect you. But if you have a 256 bit hash function like sha256 it would still be 128 bits of work for the quantum computer to break it, which is is more than is possible.

B (23:59)

I feel like we jumped ahead of here first like the concern and correct me if I'm wrong. Well, correct me if, if this is not a good way of putting it. The concern is that you have someone figures out a quantum computer that is cryptographically relevant and as a result can take a bitcoin public key and reverse engineer it to get a Bitcoin private key and spend funds. Right?

A (24:25)

That's the concern. So that's, that's the biggest concern. There's some, some tail concerns around proof of work, but we won't get into that right now. But yeah, the, a quantum computer if one is built and I know there's a lot of disagreement on how likely this is, but set that aside in the future there may become someone who figures out how to build all the engineering challenges to build a quantum computer that can has enough qubits and can run for long enough that it can reverse reverse public key. So it can calculate the private key for a public key that it sees either on chain or in the mempool and then it can of course take the money.

B (25:06)

And then specifically all the older address types, the older address type has a public key that's exposed by default. The newer ones are then additionally hashed. So those aren't vulnerable.

A (25:20)

Right.

B (25:20)

It's the older ones that are vulnerable.

A (25:25)

Right. First, yes. Plus Taproot. So one of the designs of Taproot was using public keys to improve anonymity set by making the public key an explicit part of the output. And so in the Taproot case, a quantum computer can also calculate the private

B (25:42)

key for it now and the newest addresses.

A (25:47)

Yes, and also most wallets, most wallets reuse addresses regularly. Some wallets exclusively reuse addresses.

B (25:55)

Because when you spend, you're exposing your

A (25:57)

public key when you spend even no matter, no matter the output type. When you spend, you expose the public key. So if you reuse addresses, it doesn't matter.

B (26:07)

It's reusing an address that you've spent from.

A (26:09)

Right, right, right, sorry, yes. So when you, yeah. Once you've spent from it, the public key is now exposed and then the quantum computer could still use it to steal your future funds to. And the reality is a very large portion of wallets and addresses have their public key exposed irrespective of the output type. It's just, it's a sad.

B (26:31)

Because of address reviews.

A (26:33)

Because of address reviews. The sad reality in these wallets shouldn't be used. But people like them. I mean, you know, you go on the app store and the first result for a bitcoin wallet is Trust wallet.

B (26:43)

Yeah.

A (26:43)

And it only gives you one address by default. Well, it's also, they exclusively reuse address. They only ever give you one address

B (26:49)

because the shitcoin, the shitcoins by default reuse accounts. Right. Which bitcoiners can think of as addresses. So like if you're using Solana, you're always reusing the same address. So UX wise, if you're coming in from ETH or Solana, you're used to reusing addresses. And would I, am I correct that from that point alone they're more vulnerable than Bitcoin? No, because they're just by default constantly reusing addresses.

A (27:16)

They are, they, they have a higher concern and, and they're obviously their APIs are harder to redo. That said, of course they're more centralized, they generate things more often so they can move a little quicker than Bitcoin.

B (27:32)

Okay, so that's the main concern. Right, so that's the concern.

A (27:35)

The concern is a quantum computer exists and then it steals half of all the bitcoin.

B (27:41)

Well, wouldn't it be that much?

A (27:44)

It's pretty close. When you consider the address reuse, it's pretty damn high.

B (27:49)

I think it's without address use, it's like 1.8 million Bitcoin invulnerable address types without reuse.

A (27:58)

And then somebody had said it's like 40% of addresses, not by balance, but by count that have money have the public key exposed. So it's all.

B (28:08)

Okay, well we could, I mean I.

A (28:10)

Whatever the number is, it's to make

B (28:12)

it multi million bitcoin, make it a more productive conversation. I mean, I think on the education side, the risk of address reuse being that you could be vulnerable to a quantum computer could end up reducing address reuse specifically because a lot of it is like Corporate based. Right. Whether it's a trust wallet maintaining, you know they could update to HD wallets or like Coinbase and all these exchanges, like a ton of exchanges are reusing addresses. So I think it's, I, I think it's kind of productive to say okay we can get. And also if a quantum computer exists that can do this shit I don't think it's going to happen overnight. So I think like we could probably move those people. And then the second part is, the second part is there's a concern that I've heard which is okay, you're not using reusing addresses, you don't have a vulnerable address type. So you're not using Taproot or Legacy, right? You're, you're actually, you're using a hashed, a paid a public key like 3address or whatever segwit address or bc1 or bc1 or whatever native Segwit or RAP segwit. But when you spend your public key is exposed in mempool and as a result you could have an active attack. I think that's also probably can just be thrown out of the discussion for now because that would happen way later from any kind of break on already expo. Like the, the idea that you have a quantum computer that could do it in like 30 minutes or 40 minutes is like it's got to be so much more advanced than one that is just like sitting there grinding for like a year or something on an already an exposed address.

A (29:49)

I think that's unclear. It depends a little bit on the type of quantum computer. I mean one of the challenges with a quantum computer is that they don't maintain coherence for very long. So basically your, your computer is short lived and it might be the case that the first quantum computer to reach cryptographic relevance is one that moves pretty quick just because of. In practice the only way to make it work is for it to move quick because it, the coherence falls apart too fast. So I think that's unclear. It certainly depends. But I do agree that like you know, for part of the problem with the quantum discussion is you very quickly get into like all of these potential future scenarios and what happens if it happens suddenly versus slowly versus you know, X, Y, Z. And it becomes a very useless discussion because you have all of these scenarios that is not.

B (30:42)

You have to narrow the problem set. It's like I feel like the productive way is to narrow the problem set. So then I think, I think the thing that people agree with, most people agree with I think there's like decent consensus and I think it'd be probably one of the easier things to implement just from a consensus point of view is some kind of quantum resistant address type or wallet structure. I think there's some, some proposals that you could do it through the existing taproot trees, right? So like you could just have a taproot address that is quantum resistant and then people could opt into choosing to move to that if they want to. Is that correct?

A (31:21)

So that, that kind of gets into my second point that I want to raise that I think is important to set context and that is that the exact, the options available to us depend on whether we assume a future bitcoin community freezes or burns.

B (31:40)

I want to, I'm trying to narrow the problem set here because I think that's actually really controversial. So should we argue about that first?

A (31:46)

So, so I think well see the, the problem. So I, I think so. So first of all, we can't decide that, right? Like we can't decide here and now today whether of course, you know, in, in 10 years when there's a quantum computer on the horizon or if in 10 years there's a quantum computer on the horizon. Does the bitcoin community say, okay, actually that quantum computer is going to take 1, 2, 3, whatever million Bitcoin, they're going to dump it on the market and they're going to wreck the price. And this, you know, I don't want that Bitcoin, I'm going to, we're going to freeze those coins. But the problem is we do kind of have to predict that because what's available to us depends on that. So if we assume that a future bitcoin community will freeze, burn these coins, then we can do it simply the way you described. So we, we add a new tap leaf. So we add some opcodes to tab script and simple, just a hash based signature. We can do this today and it can be entirely transparent. So a wallet today or you know, with the softwork designed, could start adding this tap leaf to all of their taproot outputs into their taproot addresses. It's just a new thing that they derive from your, from your existing seed phrase. So there's no new derivation, there's no new wallet whatever. Just a different address, same address format. Nothing has to change. Everybody already supports it or everybody who supports taproot already supports it. And then in the future, if and when a quantum computer becomes a risk and the insecure spend paths are disabled, at that point the wallet switched to Just using this backup and they already have it, it's already in place. All of their coins are already secured by it.

B (33:47)

Everybody see what you're saying? But if you don't freeze, then you could just spend via the insecure path.

A (33:53)

If you don't freeze, they can just take the money. So if you don't freeze, wallets today have to start using this, some scheme, some actual post quantum scheme, which is relatively more expensive, right? It's going to be a new address, it's going to be a new address type, it's going to be a new output type.

B (34:11)

Higher fees, more data.

A (34:13)

Higher fees, more data. The transactions are, I mean potentially stateless, which is a whole other quagmire. You can have the data only be something like 10x. Your transaction fees only be 10x. Bigger signatures. I don't know, throw out a number of 5x or something. Bigger transactions and higher fees. But then the transactions are stateless, so then you can't reuse addresses or your private key leaks to a classical computer, not, not even a quantum computer.

B (34:39)

So you literally just cannot reuse addresses with that type of address type, right?

A (34:43)

Or you pay a much higher fee. So instead of 10 times bigger signatures, something like a hundred times bigger signatures, or maybe it's 50, I don't know, you have to go read the doc and then you don't have this distastefulness problem, but then your fees are very high. So this is obviously not ideal. And I think a big part of the problem is if we are designing a software today to enable future post quantum support, I think it only makes sense if we think people are going to adopt it, if we think wallets are actually going to start using it, rolling it out and having it as an option today to secure the coins in the future. Because if that's not true, if people are just going to wait, well then there's not really much reason to bother with anything today. Like, well, you know, when we get, when we get to that point, we can roll out some software and the large custodians, your coinbase, your whatever, they'll have no problem switching just to using it, not worried about them. It's the long tail of people with self custody and cold storage who might forget about something or might not get to it in time, might not be paying attention to Bitcoin. It's those wallets that I worry the most about. And for those wallets what we want is we want to roll out a change today that they start using today, consistently that they using today. So that in 10 years or however long it takes, it's, it's already there and we don't have to worry about it. A third option that kind of straddles the difference here. So there's kind of a third option. There's, there's a, like. Okay, we'll do both. We'll say it's a new Taproot version, taproot version 2, segwit version 3 or 4, or whatever we're at, and it will work the same as I described earlier. So it's just. Taproot still has a public key, it still uses secpe, and it just has a new tap leaf that is quantum safe. But the only difference is just the version number. There's no consensus meaning to the difference. It's just a different version number. But by using that version number, you explicitly opt in. You raise your hand, you say, hey, I'm ready. There is a secret tap leaf here. You don't have to worry about it, but it exists. I promise you it exists. And if it doesn't, that's fine. That's my problem. Please freeze my coins. So I'm going to opt into having the insecure spend path disabled on this output type. So that's kind of the third option.

B (37:02)

You know, it kind of like that.

A (37:03)

We're back to, we're back to wrecking the privacy of Taproot, right? One of the calls of Taproot was for every output to look the same on chain and suddenly we're, we're wrecking that. But it.

B (37:14)

Well, every post Quantum output would look the same. They would. All right, yes.

A (37:19)

So if you supported post Quantum, you would set this flag and it would

B (37:23)

look the same and presume like everyone who's using Taproot would do that. So why wouldn't they?

A (37:28)

Hopefully. I mean, I, I think some wallets probably wouldn't as much. You know, something like lightning might not just because it. Wallets that are very actively managed probably don't worry as much because they're going to, not going to have a problem transitioning to a new output type if and when a quantum computer happened. So maybe they wouldn't. I mean, look, it's just, it's slow to roll out output types. Wallets are very slow to adopt things. Some wallets still don't support Taproot sending, let alone receiving. Receiving is fairly rare, in fact in wallets today. So it would take a lot of time and we would have some, some privacy loss. But potentially that's a third option that kind of straddles the line.

B (38:07)

I kind of like that. I like the third option.

A (38:11)

Yeah, I don't. I mean, I'm not a huge.

B (38:13)

So let's talk about. So. So my belief. And first of all, the actual solutions, I'm the first person to admit, are like a bit way above my pay grade. Like, I'm not a cryptographer. You know, I can. I'm technically aware, I try my best, but that is not where I'm coming from on this stuff in regards to being productive and narrowing the problem set. Like, I just do not think we should operate under the expectation or the assumption or the belief that we're going to go out there and just proactively basically steal a bunch of people's bitcoin. Like, I don't think, I don't think that's in the ethos of bitcoin. I don't think that's part of the social contract. I don't think that's part of the value prop. I think it breaks a lot of narrative things and I just think it's plain old fucked up. And I think if you look at it, if you think about it, like, for that to be effective, you'd have to be proactive about it. So we're talking about something like an industry that's filled with a ton of hype. The biggest concern is some kind of sudden quantum break that people aren't expecting. I don't know how we'd ever be able to objectively decide that that was happening unless bitcoin was being stolen. But even if bitcoin was being stolen, it's like if Satoshi moves his bitcoin tomorrow, like, was that quantum or was that satoshi moving his bitcoin? Like, there's no way for you to really know.

A (39:34)

I don't. So I don't think that that's the most likely scenario. And I think that the scenario we should focus more on is a scenario where we see it coming for a few years. Because I think that's been the history of quantum. I mean, it's, it's primarily been funded by private enterprises who like to talk about their work because they need investment. They have to continue to attract investment. It's wildly expensive to build these things. And so they brag about how about their progress so that they can talk about it. And so, you know, we, I, I think it's very, very likely that if and when a quantum computer becomes cryptographically relevant, we'll have years of notice, but it'll be clear. It'll be clear that, like, it's continuing to increase the number of available qubits, the coherence time, the whatever is continuing to increase. And we can plot a graph at that point. We'll be able to plot a graph and like, you know, draw a line and be like, okay, when this graph reaches this line, we're, we're screwed. And we'll be able to put some error bounds and say, like, well, it's going to happen in the next three years, between three and five years, based on past trends, I think with high likelihood, that's the kind of scenario we should worry about. And like, what does the community do three years out?

B (40:46)

So, like, I think I first of all fundamentally disagree with that. Like, I don't think that, like, I think first of all, it's yet to be seen how like, startups will actually be able to monetize any cryptographic relevance. Like, I don't understand how they monetize it short of attacking Bitcoin. And then the second piece is so like, I think, like, that's like kind of an investor scam to begin with. But like, I think who could really benefit is governments, specifically the majors, right? US, Israel, China, maybe throw Russia in there. The majors have a lot of, have a lot of reasons for why they would want to be able to break, you know, basic crypto primitives and they would be doing it in secret. And maybe the reason, the, I think the reason that we see so much quote, unquote, transparency on research and stuff, like you said, is because people are raising, but also because it's so far away from being cryptographically relevant that they don't have an incentive to go dark yet. Like, I assume anyone who's serious about it would be, would go dark anytime they got close to it. I don't think they'd be telling people from the rooftops, like, we're about to attack your message encryption or attack your, attack your maybe financial network.

A (41:59)

It will continue to be very expensive. So even if, like, even if you're like, okay, and you'll see it too. Well, Google's quantum lab. Google didn't make any public announcements about killing it, but they stopped releasing any information about their progress three years ago. That's suspicious. Come on. I mean, like, we can see these things. And the reality is, yes, you're right. You know, there's. Governments might want it. I think there's two points people have raised. The point that if governments do get a cryptographically relevant quantum computer, they're not going to waste their time stealing Bitcoin. They're going to, they're going to use it to break encryption so that they can spy on everyone in the world and not worry about trying to steal money, because that's worth a lot less to them than breaking everyone's encryption everywhere in the world. But I think much more importantly, the reality is the private market is winning this. The governments have not been at the forefront of this kind of research, of most physics, of most private research, because the actual capitalism is a much better system. The reality is capitalism is better than socialism. And so these, these companies have done a better job raising money from investors to build this privately versus versus governments. And so, yes, I mean, you're, you're right that there will be a higher incentive to kind of quote, go dark as they start getting closer. But again, like, we'll be able to see that they went dark. Right. And these communities, you know, there'll be people in the Kwan community who leak. Right. One of the biggest challenges of large scale things, especially in private enterprise, is leakers. Like in government enterprise, leakers can be heavily punished. You can throw them in prison. And private enterprise, they can just say stuff. And there's not a lot you can do. You can sue them, but it only goes so far.

B (43:49)

Well, you can, but if it's a national security thing, you can still black bag them.

A (43:54)

If it's a government thing, yeah, sure.

B (43:56)

Well, even if it's private enterprise, it doesn't matter.

A (43:59)

I, I'm not as worried about governments using it to steal Bitcoin. Um, and, and it's just not, it's not been the history of quantum. Like we, we've seen. It's not the history of physics. Right. It's not like people didn't know the US Was building an atomic weapon before they were. Like, everyone in physics knew the Germans and the Americans were building an atomic weapon because the research to. Oh, crap. I think we can. You know, physicists saw all of this public research that was being shared internationally. That's like, oh, wait, if you do that, oh, I think you could like use this to build a bomb. Right. And then it only takes a day of thinking about it before you're like, yeah, every country in the world is trying to build this bomb. There's no way anyone's not doing this. Sure. You might not know actually how far they are and how close they are to building a bomb.

B (44:52)

But yeah, it was theoretical until Hiroshima happened, man.

A (44:57)

But, you know, everyone's doing it. You know, it's not that potentially that far off. And certainly governments knew it wasn't far off. So I, I don't, I just, you know, yes, maybe we'll start seeing progress and then it'll go dark, but that'll also be really strong indication.

B (45:14)

Well, I, anyway, I think if it happens, I'll, I'll be on the record that I think if it happens it'll be dark and then first of all, it'll be a government that uses it. It's going to be a government thing. It's not going to be a startup.

A (45:27)

If it's a government, I'm not worried about it. Well, the startup is going to attack bitcoin.

B (45:31)

The startup will be absorbed. The startup will be absorbed by governments. The startups will be absorbed by governments way before anything cryptographically relevant happens.

A (45:43)

Quite possibly. And in that case, probably they won't do anything to Bitcoin until it's like in the New York Times.

B (45:51)

Well, well, that's the other piece that's like ridiculous about all of this is like, I don't like how does this theoretical attacker monetize? Like, I just do not think they're. You can't dump, you're not going to be able to dump 4 million bitcoin or 2 million bitcoin, whatever the number is on the market at once.

A (46:10)

No, but you can do it slowly over time. Right. And really depress the price of bitcoin. I think this is one last thing that I wanted to, to raise.

B (46:18)

Unless the market realizes what's going on and then you can't.

A (46:23)

And then what? Bitcoin goes to zero because no one wants to buy this thing. I mean, yeah, okay, that, that's possible. Right, but that, that's what you're describing. Like you can't sell it because bitcoin has gone to zero.

B (46:33)

I mean not zero but like significantly down.

A (46:37)

Sure, I think that's possible. But I think there's one last point here that that's worth raising. In a future world where bitcoin is now where quantum computer exists, whether it's become, whether people are like, ah, it's going to be here in three years based on public knowledge, whatever. Or whether it's the coins are being dumped and like there's some leaker who's claiming that it's quantum and like, yeah,

B (47:00)

that's what it would be like because we wouldn't know.

A (47:02)

Maybe in either case there will be a fork. Right. Like someone is going to write the code to make a fork that freezes all the insecure quantum. Insecure spin passes, steals those Bitcoin.

B (47:14)

Yeah.

A (47:15)

Whatever it is. Right. I mean, I, I think if a quantum computer exists, they're going to be stolen one way or another. Right. It doesn't matter whether they're frozen or stolen. They're. They're not going to go to the original owner, but there will be, this fork will exist. And so it'll ultimately be up to the market to decide. Right. It's not, we don't get to decide. And it's not some like philosophical discussion within the community. Yes, that feeds into the market. But ultimately the market is going to decide which of these two potential bitcoins is the real Bitcoin. It is the most valuable. There's a large part of Bitcoin value, Bitcoin's value comes from the fact that there is only one. And so I think one is going to dominate. We saw this.

B (47:56)

I agree with that.

A (47:57)

There's one that, that will immediately.

B (47:59)

One wins, one will win at some point and then it's the other one trends to zero at that point.

A (48:05)

And so it's really a question of this competing trade. Like, is your view Bitcoin must never freeze these coins because it's against Bitcoin's philosophy to freeze coins. It's seizure. Asset seizure is against Bitcoin's philosophy. And this is asset seizure. And thus it must not happen. And thus this Bitcoin is valueless or this other bitcoin has a million and a half less supply. And that million and a half bitcoin is about to be on the market whether immediately or over the next however many years, depressing the price over the next however many years. I do not buy for a second that that argument doesn't win. This Bitcoin has 10% less supply. Actually not. Right. So it's important again to point out that it's only wallets that didn't use a seed phrase. Right? So wallets that use the seed phrase are totally fine. They can claim their money, they can get their money back. And so even when we're talking. So what we're really talking about is just the really old coins, just the Satos era, 2011 era stuff, which is, I guess, you know, something like a million coins. Right? So there's 10, there's 5% less supply on this, this bitcoin that no Satoshi no longer has his coins. And then there's this other bitcoin where there's 5% more supply. Not only more supply in like theory, but more supply actually on the market. So 5% additional Bitcoin available for purchase on the market is probably X more Bitcoin available for purchase on the market. The vast majority of Bitcoin is not available for purchase. People are diamond hands exist, right? Or certainly not available for purchase at current prices. All of a sudden you have X more Bitcoin being sold every day. Don't buy that that one's going to win. And they don't buy that that one's going to win. Because the philosophical debate isn't clear, right? It's not just this black and white asset seizure bad. This is asset seizure. I agree, asset seizure is bad. The whole point of Bitcoin is to prevent that from ever being a consideration. But is not black and white because these coins are going to be stolen. Like your options aren't.

B (50:07)

We don't know them.

A (50:08)

Freeze the coins. Assuming, assuming there's a quantum computer and it's.

B (50:12)

But you wouldn't know at that point. You wouldn't know at that point. It'd be proactive. It'd be by design proactive. You would not know if those coins would be stolen or not. You'd be making an educated.

A (50:22)

Potentially true. That's potentially true. That it's unclear. And I think in that case you

B (50:29)

can't do it afterwards.

A (50:32)

I mean, you can wait, right? It's like, okay, well, you know, 10,000 of Satoshi's coins have moved and this leaker is claiming that a quantum computer exists. And Google was making good progress towards a quantum computer until five years ago when they stopped announcing it. But they didn't stop investing in it. You know, you can make, you'll be able to make a very cohesive argument that a quantum computer exists. Cryptographically relevant quantum computer exists. Sorry. And then at that point it'll be a question of which one has more value. And I, you know, this is speculation, but I think you'll be able to make a very cohesive argument. And because you'll be able to make a very cohesive argument, the, the philosophical debate around whether this is asset seizure will lose because it will no longer be black and white. Because it will be. No, no, no. I don't think this is asset seizure because the alternative is that the assets are just stolen. Not that the original owner gets to keep their money. They're just, they're just, they're not going to be held by the owner either way.

B (51:37)

I mean, if I, I mean, I, first of all, I, we're just making speculation based on market dynamics. But I do not, I don't believe the case is that strong that the side that freezes a ton of Bitcoin, including the creator of bitcoin's bitcoin, would win in a fork. Like, I, I, I don't believe that's necessarily the case. I think if, first of all, by the way, like, if, if someone does, if someone, if someone does compromise those keys, I, I think they have a pretty strong incentive not to immediately dump in a fork situation because they have no bitcoin on the other side of the fork. And I think they have a decent argument to be very loud about that. But I mean, I would argue if you're correct, if you're correct that that fork would win, then Satoshi's coins are already frozen. He can't, can he spend. Like if, if Satoshi woke up tomorrow and started spending his bitcoin, is someone going to propose a fork and say that it was quantum that's making him move his, that, that is his bitcoin's moving because of quantum. Because the price would start dumping as soon as Satoshi moves his bitcoin tomorrow.

A (52:44)

Right, but, but I think like no one can make a good argument today that it's a quantum computer, cryptographically relevant quantum computer.

B (52:50)

Well, the, the key of their argument would be Satoshi's coins moving because that's probably the single biggest thing that could break through hype on quantum. Like, I don't, I, I don't even know if I would believe quantum exists unless old coins were stolen in the first place.

A (53:06)

Yeah, I mean, I think you have to be able to, it has to be plausible. Right? Like it is, it is. Like if Satoshi's coins move tomorrow, I would bet that it's Satoshi moving their coins or that there was some, some classical computer issue. Maybe, maybe the, the randomness making the, the coins wasn't secure or whatever. Like, but not a quantum computer. Based on all of the evidence we have of it seems relatively compelling that the best public quantum, the best quantum computer, the best state of the art quantum computer is publicly known.

B (53:39)

And we don't know that's true.

A (53:41)

We don't know that's true, but it seems like a pretty safe bet. I think most people.

B (53:45)

Do you think that the Chinese would, would tell people

A (53:49)

if the government had one? No, but again, like the, in practice these communities are small and these communities are open. Right. The reality of any, any niche thing is that generally the communities are small and open. And so the people who show up at quantum computer conferences know each other and they know who's building what. And yeah, it's possible the Chinese have some secret lab that's next smarter than all of the other labs in the West. It's possible. I mean it's certainly not likely though. You know, it's not saying Chinese people are dumb, but like they're, they have one lab and it's going to be, you know, 10 labs building different types of quantum computers in the West. Unlikely. You know, I think they, there's tons of smart PhD quantum researchers in China, but are they going to be better than 10 times more approaches in the West? Probably not.

B (54:49)

So then I have, I have another question for you. So like why, from your logic, right, okay. So if you freeze bitcoin that is vulnerable to being stolen, then clearly there's less bitcoin on the fork that has it frozen, Right? Because by design you're freezing a bunch of bitcoin. Why is it the fascination that with quantum specifically we're freezing potentially stolen bitcoin but with every other method of stealing bitcoin, it's never even contemplated freezing bitcoin, for instance. The speculation right now is that Maduro's government has 600,000. Had 600,000 Bitcoin. Let's just put it out there. Let's, let's say that's the case. I think that's overstated, but let's say that's the case.

A (55:43)

Sure.

B (55:43)

Why does the US government dropping Delta Force on his headquarters and seizing the bitcoin that way? How is that any different? Like why is that? Why aren't we freezing their bitcoin than if the US government secretly built a quantum cryptographically relevant quantum computer and stole Maduro's bitcoin that way? Like why is.

A (56:03)

I think because it's, it's an in system question versus an out of system question. It's like if in a world with a cryptogrel where they asked cryptographically relevant quantum computer, it is impossible to use the bitcoin we have today, right? Like anyone who has any bitcoin, no matter the address type, they start moving their coins instantly stolen before they can do anything. Bitcoin.

B (56:24)

Well that's why it's important.

A (56:25)

It's not just that they can steal. Yes, but it's if you, if you play it out right. A quantum computer isn't just something that can steal from some people by sending in guns or whatever. A quantum computer is something that breaks the whole system and makes the system totally untenable and totally unusable in any way, shape or form. And I think the same is true for any kind of cryptographic break that results in the vast majority of bitcoin being stolen.

B (56:59)

Yeah, but that can be solved without freezing bitcoin. Like that can be solved by having that. You know, like it depends here too,

A (57:08)

there are shades of gray, right?

B (57:09)

That your, your V3 method, right. Your V3 method could solve that without freezing people's bitcoin who didn't opt in to being. Having their bitcoin frozen.

A (57:20)

Right? There are shades of gray, right? So if there's. I think, I think the, the point about seed phrase based wallets is also important to consider though, right? Where it's okay, your options are, you know, assume we know a quantum computer is about to be built. You know, there's one that has just shy of enough bits 96 instead of 128 qubits or whatever it is. Right. It's making good progress. It's shown consistent growth. It's very clear that they're just engineering challenges at this point. And okay, some wallets have switched, but certainly not all of them. And some coins have moved, but certainly not all of them have moved to this new, you know, taproot version 2. Just an extra signaling bit to indicate that you're secure. Your options are freeze coins that don't have a seed phrase proof that can't do the seed phrase proof technique such that the quantum computer doesn't get any money or don't, in which case many bitcoiners have old wallets. They weren't paying much attention and they don't move the coins. So if it's like 10 bitcoin in the old style address format in total, then like, yeah, okay, whatever, let the quantum computer steal the 10 bitcoin. It's not worth the hassle, it's not worth debating, whatever. If it's 5 million Bitcoin, then we have to have a very different conversation. So I think it really is shades of gray. And it's part of why I harp on the like, we can't decide for the future bitcoin community. Not just because, like, we can't decide, but also because there's so much nuance to exactly the scenario of like how many coins have moved over how many wallets supported versus, you know, are there a bunch of wallets that just never bothered to do this? How quickly does the quantum computer appear? Is it sudden? Do we discover some secret quantum computer that we didn't know about that had already existed? You know, there's so many pieces to this scenario that feed into that decision that I think we can't predict it. And I do think there are very likely Scenarios where the bitcoin community is going to want to freeze those coins. I think that's very likely.

B (59:48)

I just, I think it's a distraction that people think that it's even tenable to freeze the bitcoin without consent, like I, the, the V3 mode or whatever. I think it could be. I think it can very well be tenable because you're consenting. Like, I want the quote, unquote, insecure spend paths to be frozen whenever the network dictates. And I can still access my bitcoin. I reject the premise that freezing a bunch of bitcoin makes the underlying chain more valuable because there's less Bitcoin because it's a slippery. It's just straight up a slippery slope. And I think that if you, if you think. I think pigeonholing it as philosophical is wrong. Like it's. Because it's much more than that. It's the core value prop of bitcoin. It's being able to use it in a permissionless way, whether you want to spend or save it. And I'll go back to the Maduro example. Let's pretend we didn't drop Delta Force on them already, which we did. But let's say it, it becomes obvious that they have 600,000 bitcoin and they have 600,000 bitcoin that they stole from their people, right? A bunch of that bitcoin was either stolen from miners directly or was, you know, the, the corrupt government squirreling away oil and gold resources and stuff and converting it to their own bitcoin wallets. No matter how you cut it, like Maduro's assets are stolen assets from his people. If we were to freeze those, if BlackRock, if BlackRock, Coinbase, MicroStrategy block came together and was like, we were going to freeze those and now there's going to be 600,000 less Bitcoin on the market on our side of the fork. I think that fork will lose, I think China. I think a bunch of other actors would be like, well, what's going to stop them from freezing my bitcoin? What's going to stop them from saying we have to do KYC AML on every address? And if you don't do the KYC aml, then we're going to freeze your bitcoin? And I think it becomes.

A (61:41)

I think you're totally right.

B (61:42)

Unless it's incredibly obvious that Quantum exists in a real way. And I don't know how that could ever be obvious.

A (61:50)

Right? So I think that's the core of the disagreement, like, I think you're totally right. That fork would lose. I hope I certainly not only do I believe you're right, but I certainly hope you're right. Because if you're not, then like, I don't find bitcoin valuable at all. I mean, I think we saw this with the bcash fork, where Bitmain plowed something like a billion dollars into propping up the bcash price. And it failed horrendously because tons of bitcoiners who had lots of coin said, this is not the bitcoin I want to see. This is a valueless bitcoin to me for various reasons and sold it and wrecked the price of it. And I think you're totally right that the same would happen in the case of Venezuelan bitcoin or something like that. And I think you might also be right if it's quantum hype and it's not clear. And I think that's really the core of the disagreement is, you know, if it's. Well, you know. Yeah. How obvious it is. If it's. Well, you know, it's just speculation and there's some coins moving, but it. There's not real. No one's really like claiming they really have it. And you know, maybe it's just like in a Russian lab somewhere. I think you're right that that might very well not happen. Very likely wouldn't happen. And it's probably a good thing. But if it's super obvious, if it's like, here, look, we've got this running in a lab. Let's take you on a video tour on YouTube. Let's live factor satoshi's coins and demonstrate that we can steal Satoshi's coins live on YouTube. Then like, you can't argue at that point.

B (63:23)

Yeah, but that's never gonna happen.

A (63:25)

I don't actually. I think that's very likely. I think.

B (63:30)

You don't think they would steal the coin first

A (63:34)

if bitcoin hadn't frozen at that point? Sure. But they would instead factor, you know, 96 bit key or something instead of. Instead of a key with more entropy, they would demonstrate we have a quantum computer that can factor almost a real private key and we've shown demonstratable growth over the last five years. Within two to three years, it's going to be cryptographically relevant for real world crypto. I think that scenario is very likely and I think, in fact the most likely. But maybe not. Maybe not. I think that's. Yeah, I mean, that's just speculation. Right. We, whatever we can't really debate that or conclude who's right or wrong there. It's only speculation. And that, that's, you know, that kind of thing will feed into the discussion and the decision by the bitcoin community.

B (64:26)

While we're in the realm of speculation, theoreticals, I'm kind of curious on your opinion. Just because it's a fun theoret. US government has a dark program to break crypto. They succeed. You know, they break Chinese message encryption and whatnot. They use it to spy on a bunch of people, enemies and non enemies alike. Spying everybody, right? They're just using it. They get to a point where they're like, holy shit. Like, we think someone, someone else is going to get this capability, right? Because that's always the thing. It's like you find it in dark and then you have a window of opportunity where you can use it until someone else also has access to it. And so you're trying to take advantage of it. So they like come to the conclusion, they're like, okay, people are going to fig. Figure out that we have access to it. So then they steal a bunch of bitcoin. And they probably don't start stealing with satoshi's bitcoin, right? They steal with other vulnerable addresses that are not as heavily watched and might actually have larger amounts in it. Because a bunch of satoshi's bitcoins are coinbase transactions. There's smaller amounts in a single address. So like reused addresses, stuff like that. And they have a little bit of plausible deniability, like, oh, like those maybe, you know, that company was mismanaged their cold storage and like, that's why there was a break or whatever. And so they gobble up a bunch of bitcoin, put it into secure addresses and then they announced to the world, we discovered Quantum actually three years ago. We've used this for American dominance and you know, American dynamism, as A16Z likes to say.

A (65:52)

And we've taken this bitcoin, North Korea's

B (65:55)

bitcoin, and we've taken, yeah, we've taken this bitcoin and we put it in the strategic bitcoin reserve alongside all the other stolen bitcoin we have, because that's SBR has just stolen bitcoin. That's what it stands for, the stolen bitcoin reserve. And they announced to the world, we're not going to sell it. It's for America's future. Does a fork that freezes their bitcoin succeed in that situation? Does it even get proposed?

A (66:18)

Yeah, I mean, I'm sure it gets proposed. Really good question. I assume it would fail, but yeah, I don't know.

B (66:24)

A fork would fail, right? They would just have it.

A (66:27)

I think a fork would fail in this. Like they, you know, because they would steal North Korea's bitcoin, right? They wouldn't steal like Coinbase's bitcoin. If they stole Coinbase's bitcoin, Coinbase would sue them and get the money back. Right. Like the courts would give, give them their money back.

B (66:40)

There's some separate property rights in the country, right?

A (66:43)

They'd steal North Korea's bitcoin, they'd steal Russia's bitcoin, whatever. Or they would claim it's North Korea's and Russia. Whether it is or not, it's a separate question, but they would claim it's North Korea's and Russia's bitcoin. And I don't think that people would be so motivated to freeze those coins when it's North Korea and Russia's because it was like, it's North Korea's bitcoin. Like, I mean, personally I would be happy for North Korea to have less bitcoin. Like that's in general, like, I would like North Korea to have less bitcoin. That would, that would make me happy. Now there's not anything I can do about that. But like in general I want, I want them to have less bitcoin. So I think the, the like political will and motivation of people to say, no, no, no, we're going to steal, we're going to seize those coins and give them back to North Korea. Asia's not going to be there, obviously. I think at that point there, it would likely be the case that freezing insecure spend paths would happen for future, for other coins. So they can't steal any other coins. But I would guess that the political will just wouldn't be there to do it.

B (67:48)

So that in that situation we would have wasted a ton of mental cycles under the assumption that we're going to freeze bitcoin when really the path forward should just be focused on.

A (68:00)

I think we would freeze. No, I think, I think they would steal North Korea's bitcoin. They would announce it and then we would freeze all the other. We would freeze satoshi's coins or maybe they would still Satoshi's coins, but we would then freeze coinbases like insecurity.

B (68:14)

They could freeze. If they stole satoshi's coins, then those wouldn't be frozen.

A (68:18)

I think at that point it would just be like, well, this is too Complicated because also it's.

B (68:22)

So it's like a quantum attacker. That's not the US government would have to steal.

A (68:26)

I think it's also probably. It's largely impractical to freeze coins after they have been stolen.

B (68:33)

Exactly right.

A (68:34)

Because you announce a soft fork and you're like this utxo, I'm going to freeze this utxo. And then they immediately spend it and like mix it with a bunch of other coins before the soft fork activates. And now what do you do? Like that doesn't. You just can't do that. Like, it's not by design. So it only works if it's, you know, you can be proactive. And again, I think in practice, if it were a US government lab, they would just take North Korea's bitcoin, be done with it, and we would disable all the other insecure spend paths.

B (69:06)

Interesting. Yeah. I mean, I just think. Yeah, except for your one scenario where it's like extremely obvious that it's about to happen, which I just don't think is a real. You think is the most realistic scenario. I think it's the least realistic scenario. Besides that scenario, I don't think it's a logical assumption to assume that a fro a fork with. With frozen freezing a large portion of bitcoin would ever succeed over one that doesn't. But maybe, maybe I'm wrong.

A (69:44)

I think you're. I think I probably agree with you. I think we largely agree on that point. I think the only other note I have, and part of the reason why I want to focus on that scenario is because it's the. Also the only scenario we can really do anything about. Like if, if a quantum computer suddenly appears tomorrow in a secret lab and they just start stealing bitcoin, you know, it's not somebody who's just going to take North Korea's money and then be fine with it. It's someone who's really just trying to steal all the coin. They can maximize profit, dump it on the market as quickly as they can before bitcoin can react. I think bitcoin is just dead. I think that's it. There's. There is no. There's nothing left for bitcoin.

B (70:29)

Even if we have ways to spend post quantum without freezing.

A (70:33)

So. Because no wallets will adopt it. Right. So the things we can do today I described earlier. Right. But we can add a way for people to have quantum security. If a future community flips a bit, you know, maybe it's opt in so it doesn't have Any of these questions around seizure but they have to take some active action. They have to deploy a self fork before the quantum computer starts stealing all the coins or we do some. And that, that's nice because it's, it doesn't impact transaction sizes today. Wallets do it transparently.

B (71:12)

So people actually adopt it.

A (71:14)

People will actually adopt.

B (71:15)

Very few people are going to adopt this stuff if it's, it's way more expensive and you don't know if 10x more expensive.

A (71:21)

That's the only other option we have and no one's going to use that. Sure, okay, maybe Coinbase Custody will use that, but I don't care. Coinbase Custody. If, if, if a quantum computer appears, Coinbase Custody can move quickly. Anything that becomes available to secure coins, Coinbase Custody will be the first people to adopt. And so I don't, I'm not worried about them. I'm worried about the average bitcoiner who has coins in self custody. Maybe they're not paying that much attention to Bitcoin. You know, they care about bitcoin but it's not their full time job. They have a job, they do something else during the day. Maybe they're coins are backed up in a safety deposit box halfway around the world at their parents house or in a bank in Zurich. You know, they can't move quickly necessarily and most of them won't move quickly. Those coins are the ones we need to protect. And those coins will also never adopt something that's 1050x more expensive today. They're going to wait and most wallets won't adopt it period anyway. Like ignore the whether the end user will adopt it, the wallet developer won't adopt it because they don't want a wallet that has that much worse user experience than everybody else. A few of them, there will be some options. There'll be a few wallets that have it, but most of them won't. And so I think so that number

B (72:38)

three path that like opt in taproot path makes, doesn't that make the most sense?

A (72:44)

I think it makes sense to deploy something like that, but it only makes sense if the future community has a chance to respond before a quantum computer starts stealing coins. If it doesn't, I think it'll just be too like Bitcoin, you know, oh, government, you know, private lab gets quantum computer. They've been secretly stealing bitcoin for several years. They've managed to dump 100,000 bitcoin on the market. Oh, this is why Bitcoin's down 50% year on year. But the cool part about now, everyone's just like, what the hell is the point of bitcoin? You know, so many people lost all of their money on this garbage. Like, but the cool part about the

B (73:23)

cool, I mean, seriously, I think that's

A (73:27)

what the market's response will be.

B (73:28)

The, the, the, the cool part about the opt in path, right, is so like, you opt in to Taproot, you're not, you're, you're just taproot V3 or whatever, you're not paying more money. It's, it's relatively low friction. We have a lot of time to do it. The cool part about that is if you are proactively than freezing the insecure paths of those coins specifically, it's actually like way easier to have consensus on that proactively because you're not. All you're doing is flipping a switch on people who have already opted in to have their switch flipped when there's a concern. That's a completely different argument to be making to the market than we are going to freeze a bunch of people that didn't give consent. So you could actually, it's actually a lot more realistic that we could actually do that proactively versus trying to potentially.

A (74:18)

I think this assumes that like the, the likely scenario is very, very unclear whether a quantum computer exists. And I think, think I would rate the scenario's likelihood as, you know, 90% chance it's going to be clear two years away that it's somewhere between one and three years away. That's my 90% scenario. My 9% scenario is it's sitting in a government lab, no one knows about it, it's operating for a while. Maybe it's not going to steal any bitcoin, but maybe not a year before they announce it, they just start stealing bitcoin because why not? Or maybe it's in a Russian government lab or a Chinese government lab or a North Korean government lab and they start stealing bitcoin as a way to make money.

B (75:00)

Probably not the most important.

A (75:01)

My 1% scenario is it's very ambiguous. Not like, you know, not like, okay, well, the lab kind of hasn't announced any new papers, but three people from the lab are leaking to the press that they're getting close and they were showing good trajectory for the last 10 years. And then they went dark a year ago as they started to get to the point where it's close. Like, I think that's still very clear. I think the community would pretty universally agree that it's going to happen in somewhere between three and five years in that scenario. I think the like 1% scenario is the like, well, some coins started moving. We're not really sure. We don't really, you know, there's like one guy, but he's kind of a quack, but he's claiming that he has, you know, his cousin works for this lab that has a quantum computer. And then there's this other guy who's also kind of a quack, but he's claiming his friend's brother works for this lab that has a quantum computer. And we're all just really not clear. I, I don't think that's going to happen. I just, I think that's a 1% chance. I think in that world. Yeah. Okay, maybe this like option 3 is, is better because the community would just freeze those coins at that point and then those, the people who opted into that would, would become quantum safe and, and that would be great. But I just, I think that's a really long tail scenario. And so I don't think that like, yeah, okay, it's nice to be ready there. But I don't think it's likely, I think in practice either we're going to have some notice and I think that's very, very likely. We're going to have notice. We're going to be very confident or we're not going to have any notice, in which case bitcoin's just fucked. There's no hope at that point.

B (76:47)

Well, you disagree with that premise. But okay, I mean, I think if we have no notice, if we have very little notice to no notice, and we go the opt in path, we can be aggressively proactive in terms of disabling the insecure spend paths and then, yeah, some bitcoin will be dumped on the market. But I think logically speaking, if someone does a big break and takes a bunch of bitcoin, they have an incentive not to dump it on the market. Their government, they throw it in a strategic bitcoin reserve. You don't have that much downward pressure after a panic.

A (77:17)

And then if they know that it's going to be frozen, like their quantum computer has value. Stealing Bitcoin from today? No, but not until they steal it.

B (77:27)

But then after they, after they steal it, after they steal it, they have incentive not to dump all of it on the market because as soon as the market starts pricing that in, they would, it would not be the most monetizable path for them. And if they're a private company, which I once again do not expect them to be a private company. I think at that point they'll be rolled into something dark in a government lab somewhere. If they're a private company, like the most monetizable path for them would be announcing to the world we stole this bitcoin. And now we've created a treasury company that's competing with MicroStrategy and we're not going to spend it. We're not going to spend it anytime soon. And that's, you know, that then, then they lock it up and have a shit ton of fucking coin and they borrow it against it or whatever they want to do. I don't know financial engineering.

A (78:13)

I think we agreed earlier that if, you know, the market's, the market's value for bitcoin comes from these properties of being trustless money, that I don't have to trust anyone else to have this money. And if a material number of bitcoin was stolen because of a quantum computer, maybe with the one exception of your scenario of like the US government stealing North Korea's money, everyone's just gonna be like, ah, okay, well, they're the only

B (78:42)

ones allowed to steal bitcoin, but only from North Korea.

A (78:47)

You know, I think in any other, nearly any other scenario, the market perception of bitcoin is just going to crater because this core value problem, the thing that gave bitcoin value is suddenly gone because, shit, somebody stole a million Bitcoin or 100,000.

B (79:02)

Whatever the reality, even though we'd have a way for people to spend bitcoin going forward, at that point, that would be fine because they'd be in the opt in path and they'd be fine.

A (79:11)

They could spend. But they stole a million, they stole all of Satoshi's coins, they stole. You know, Joe Bob will come out of the woodwork and say, like, ah, you know, I had a mil, you know, I had 10,000 Bitcoin. I was an OG. I got involved in 2010, I bought all this bitcoin. It might even like be legit. Like, he has proof. Like, look, here's my empty GOX receipts. I actually bought 10,000 Bitcoin, um, and it was stolen from me by, you know, quantum computer. I think the stories around stuff like that will be so noisy that bitcoin just won't have nearly the same value. Maybe it'll recover.

B (79:51)

I mean, I think it wouldn't be ideal scenario. I would. It wouldn't be an ideal scenario. But I mean, I also, I think the quote unquote cure of like proactively stealing it would also Kill the fucking price. So you're, you're out, you're, you are where you are. You're like, you got to work with the hands we were dealt.

A (80:11)

Yeah, I, I, it depends a lot on the scenario, but yeah. So I mean, I think, look, at the end of the day, I think we, we agree and I think this is really the most important point because we can't predict exactly how a quantum computer is, how we're going to learn about a quantum computer, how we're going to discover it, whatever. We can't predict what the future community is going to do in response to that. But we do agree, and I think again, this is by far the most important part is that, look, you know, we need something that we can do that gives wallets the opportunity to have quantum safety in some of these scenarios, or at least hopefully the most likely scenarios. And I think certainly would be the most likely scenarios that doesn't cost them money that they would actually adopt that wallets would start using today. And then, because you know, if, if we're at the point in 10 years where quantum computer is on the horizon and we see it coming and we know it's going to happen, and there's 10 million Bitcoin that is not opted in to quantum security or hasn't moved, isn't in an output type where we think they might have a quantum secure spend path. Of course we can't freeze the coins. It's 10 million coins. You can't freeze that many coins. That would wreck the price too. To your point, if it's 1 million, if it's only Satoshi's coins, plus some other things that haven't moved since 2010, and at that point it will have been 25 years since those coins moved, you know, then we have more options than the community.

B (81:45)

But isn't that like a catch 22? Because like you're saying, okay, if it's a large amount, then we can't realistically freeze it without market crushing us. And then if, but if it's a lower amount, then what is even more

A (81:59)

amount plus the old coins.

B (82:01)

But what does it even matter because

A (82:03)

it's still a high amount? No, no, I mean, if it's Satoshi's coins, that's a lot of coin.

B (82:09)

All the coins sailor has 600,000 bitcoin. Are you able to sleep at night that he could just sell them all tomorrow? Like what? Like that. What's the amount? He could, he could choose to sell them all tomorrow if he wanted to.

A (82:24)

It's not just the it's not just that someone dumps it on the market, it's also that they're stolen coins dumped on the market. Right. That it's like Bitcoin no longer provided this security in a scenario where we see a quantity like, oh, Quantum computer has been clearly on the horizon for three years. Everyone knew it was coming and Bitcoin didn't manage to do shit. And now, you know, everyone who hadn't moved their coins since 2010 got their coins stolen. Yeah. Look, all I'm saying is what we should do today is to give the future Bitcoin community more options.

B (83:03)

Okay, I agree.

A (83:03)

To give, to put ourselves. Hopefully we'll all be a part of the bitcoin community when that time comes, assuming it happens and it happens within our lifespans, but to give that Bitcoin community the option to do whatever they need to do. Because every practical coin where the key has not been lost is in an output type where there is a recovery path. Whether that's because it has a seed phrase or whether it's because it, it has a post quantum public key in a tap leaf. Whichever way it has to make sure that they are able to, to get their money as long as their key has been lost.

B (83:40)

Yeah, we agree.

A (83:40)

And I think that's. Look, that's the only thing we can do today. We monitor the situation. You know, monitor the situation.

B (83:47)

There's a lot of situation monitoring happening.

A (83:49)

There's a lot of, there's a lot of situations to monitor and this is one of them. So that's the only thing we can do today. And it sounds like. I think we agree on that and I think that we'll see what happens. But I, you know, I'm, I'm confident the future community will have, have time to, to respond and as long as we give them room to respond, they can. But it only matters if we give them room to respond by letting wallets actually upgrade today to having quantum security one way or another.

B (84:18)

Awesome. Well, I mean, first of all, I want to thank you for being a good sport. I think this was a fun conversation. But before we wrap, I'm just kind of curious while I have you. So you are operating under the assumption that most quantum research is. All the quantum research that matters is public. There's nothing dark happening right now. There probably won't be anything dark of significance happening in the near future. In your, in your mind, what is, what is the timetable based on current public research of quantumly cryptographically relevant quantum computer that could do this type of attack.

A (84:58)

I think that that is, I, I can't speculate on that.

B (85:04)

Humorous. Humorous.

A (85:05)

No, no, I, I, I can't speculate on it specifically because, you know, there, there's the, the people who are experts who I might be able to look to, to inform my opinion, for the most part are trying to raise money.

B (85:20)

So they're, they're all trying to raise money.

A (85:22)

They're pumping their bags to try to raise money on the actual, like looking just at the technology, like what has been built. How much further is there to go? Whatever, you know, we've seen, we, we haven't seen them get off zero yet.

B (85:37)

Or do you think it's more than five years?

A (85:41)

Yeah, it's more.

B (85:42)

Do you think it's more than 10 years?

A (85:44)

I don't know. I don't know.

B (85:47)

But we have high confidence in more than five.

A (85:50)

Yeah, I mean, again, it's really hard to speculate because there's just no great information. But they haven't, look, they've, they've built, they haven't factored a number yet. They actually haven't factored a number yet. Right. And so they've claimed to factor numbers that have specific structure and they use part of that structure as a part of the algorithm they use and then they actually don't really factor a number from whole cloth. They've made major breakthroughs over the last few years and that's, that's why it's become such a big topic, you know, forever. It was the case that as you, as you build more qubits, you need error correction to recover from the fact that your qubits are too noisy. Prior to a few years ago, the every additional qubit they added, even if they used error correction, added more noise than the error correction could recover from. That's no longer true at very small scale. So that's a major breakthrough. But at the same time, we're still at the point where we're talking about one or two logical qubits. We're not talking about things where you can actually build, do real computation over a long period of time with lots of inputs, with any material inputs, with any input. Like, we're not talking about like, oh, well, they can, they can do 10 logical qubits and run it through 20 gates. No, no, no. We're talking about one or two qubits, not even a gate. And so we're just not at the point where we can start to measure progress once. And I think it's very possible that this might start happening soon where there's there's starting to be progress where there's like, okay, now we have three qubits and four qubits and we could build real gates that are doing actual computation in like a very solid, in a very traditional quantum computing sense. Not like, well, we have seven qubits but we actually, as a nice. They're not fully entanglementally that we actually can't do real computation with them, blah, blah, blah. You know, when we start actually really having measure numbers we can measure, then I think we can start to have a much more informed discussion around timelines. You know, we'll be like, okay, well now there's seven qubits and eight qubits and nine qubits and, and look, they can go through three gates and we're doing real genuine quantum computation with these nine qubits across three gates. At that point we'll start to be able to plot a graph and then we can make speculation, but we just can't. Today only an expert in quantum could really make some kind of speculation that's well informed at this point. And most of them have a very strong financial incentive to tell you it's definitely happening and it's definitely happening on a reasonable time horizon.

B (88:37)

Yeah, I mean a lot of investor scams out there.

A (88:40)

Okay, Matt, I wouldn't invest in, I

B (88:44)

mean I, I think whatever. I could be on the record that I think it's, if it's a real case, it's like 10 plus years. And I, I think a lot of what you see out there right now is bullshit.

A (88:53)

Fud.

B (88:54)

And maybe I'm wrong. Hopefully I'm not wrong. My whole family relies on this system working.

A (88:59)

So yeah, I mean, you know, to

B (89:02)

avoid a lot of skin in the

A (89:03)

game here, we spent, we spent the whole time discussing what to do when a quantum computer happens and definitely not enough time discussing if a quantum computer will happen or on what time horizon.

B (89:15)

I mean, I mean it's just hard

A (89:16)

to, it is, it's hard to speculate. It's impossible to speculate. But also I think that's people selling their Bitcoin because of this risk. Like. No, I mean, well, I mean like

B (89:27)

what's the Nick Carter tweet? The Nick Carter tweet was. Let me see, you know which tweet I'm talking about when he was like, watch out for the next couple of days. Like everyone's going to dump because Bitcoin's not prepared for quantum.

A (89:44)

Yeah, well then he was saying he was going to go talk press to get More people to dump bitcoin to make his prediction come true.

B (89:54)

Um, watch what happens. I don't know. But anyway, I think it was like the, like actual bitcoin price bottom. I think that might have been the bottom, the local bottom of this.

A (90:08)

Calling. Calling the top is always hard, especially when you're trying to manipulate it.

B (90:14)

But calling the. Calling the bottom, you just have to lose your mind. And you'll probably call the bottom appropriately in the wrong way.

A (90:21)

Yeah, it doesn't make sense to panic about this. Quantum computers don't exist. And I don't mean cryptographically relevant quantum computers. I mean, quantum computers basically don't exist. They have quantum supremacy for very narrow niche things that aren't related to actual algorithms. You know, when they start making progress, great, we'll have a different conversation. It's worth doing things for bitcoin so that if and when that happens, we'll be prepared and we'll have optionality as to how to protect bitcoin and make sure people get their coins back. But it's a long ways away and they just haven't started making the kind of progress that is really going to let us track kind of when and how and whatever else.

B (91:11)

Love it. Okay, well, Matt, thanks again for joining us and for being a good sport. I enjoyed the conversation. It was fun. It's a nice, you know, change of pace between work freaks. I think consensus is you should stay humble and stack sats about it. I hope you found this conversation helpful. All relevant links are at ciladisbatch. Com. Share with your friends and family. Give me feedback. Comment on the episode on nostr and podcasting 2.0 apps. Love it all. Thank you. Stay humble. Stacks ads. Peace.