Laura Shin

This episode is brought to you by Indeed. Stop waiting around for the perfect candidate. Instead, use Indeed Sponsored Jobs to find the right people with the right skills fast. It's a simple way to make sure your listing is the first candidate. C According to Indeed data, Sponsored Jobs have four times more applicants than non sponsored jobs. So go build your dream team today with Indeed. Get a $75 sponsored job credit@ Indeed.com podcast. Terms and conditions apply.

Matt Corello

Can Bitcoin developers say we're working on this? I mean, yeah, I'll like yes, people are working on this. I can point to many people working on this. Here's my people.

Laura Shin

Name all of them. Please name all of them right now. Hi everyone. Welcome to Unchained, your no hype resource for all things crypto. Laura I'm your host Laura Shin. Thanks for joining this live stream. Before we get started, a quick reminder. Nothing you hear on Unchained is investment advice. This show is for informational and entertainment purposes only, and my guest and I may hold assets discussed in the show. For more disclosures, visit Unchained Crypto.com did you know that figure is giving away $25,000 in USDC? They're a decentralized digital asset platform for earning, borrowing and lending. Download the Figure Markets app using our link FigureMarkets Co UnchainedDP deposit into their democratized prime pools and earn about 9% APY paid hourly while you enter. Every dollar you keep in for 25 consecutive days counts as an entry. Again, the link is figuremarkets co unchaineddp for full details. The Energy Network is an intelligent, decentralized grid that coordinates smart devices to balance supply and demand. Energy dollar is the native token of the Network from one of Europe's fastest growing energy startups. Follow Use Energy on X to find out more. Quick note before we get into today's episode. Bits and Bits now has its dedicated feeds. We're spinning off from the Unchained feed and moving to a new podcast and YouTube channel. So if you want to keep up with our weekly live streams and macro meets Crypto breakdowns, make sure to subscribe to Bits and bips directly. We won't publish there until March, but subscribe today so you can be ready for launch. Be sure to subscribe to the new feeds@unchained crypto.com bitsandbips Today's guest is Matt Corello, open source Engineer at Spiral. Welcome Matt.

Matt Corello

Thanks for having me.

Laura Shin

Last fall, Nick Carter of Castle Island Ventures started making a lot of noise about how he didn't think that Bitcoin core developers were prioritizing the quantum computing threat to Bitcoin enough. One of his essays on this topic was called Bitcoin Developers are Sleepwalking towards Collapse. He outlined some different threats that he felt were specific to Bitcoin. In particular, he also talked about the Bitcoin culture and said it's a very real possibility that Bitcoin is the only blockchain chain left exposed. On Q Day you wrote me and you said you felt that Nick was overstating the issue and that you wanted to push back on what you were calling fud. So why don't you start by saying what you think Nick is getting wrong and what you think the true state of work is amongst Bitcoin core devs on the post. Quantum Bitcoin.

Matt Corello

Yeah, I think there's two main important points to recognize. The first point is actually that most crypto wallets use derivation schemes that are quantum safe. So most crypto wallets, most bitcoin wallets included, use seed phrases, right? 12, 24 words. And the way that wallet goes from the seed phrase, those words into a private key is quantum safe. So there is in fact already something the wallet has that ties its ownership, that, that gives it ownership, that allows it to prove ownership in a way that's quantum secure. Obviously the, the derivation from the private key to the public key and what appears on chain is not. And the quantum computer can calculate the private key from the public key could forward a transaction. But what this fact allows is it means you could do a soft fork in Bitcoin and similarly in any other crypto, in fact that uses seed phrases and require proof of seed phrase. So you can say, okay, we're going to do a soft fork. It's great that you have the private key, but we don't really trust that anymore because there's a quantum computer or there's high risk of quantum computer. And in fact now you have to prove that you knew the seed phrase that was used to drive that private key. We could do this relatively quickly. Wallets don't have to upgrade. You know, I think that the big fear is that there's like this 10 year, 20 year time horizon that's going to take for wallets to upgrade and iteratively move all of their coins over to new address types. And the reality is for most wallets that's probably not required. There's a lot of nuance and complexity to get there. But in fact that could be done pretty quickly. I think the other point. Sorry, go ahead.

Laura Shin

No, go Ahead.

Matt Corello

I was going to say, I think the other point in terms of understanding where we are on this is that there has been a lot of work done. You know, there's. I think it can be hard to tell sometimes when you look at Bitcoin to figure out who's relevant, you know, what devs matter, what devs are just kind of in free, which devs are spending all their time on social media and posting and not actually doing real work. So they don't have kind of respect and they're not actually. They don't matter. And I think the easiest way to identify that is to look at the large funding organizations, organizations like chaincode Labs, organizations like Brink, Blockstream Research, that fund a lot of bitcoin core developers, spiral as well. Their spiral funds list bitcoin core developers and some other kind of layer two stuff. And then look at what those organizations overall are doing. Do they have people who are working on this problem or are those organizations totally ignoring it? And the reality is most of those organizations do have people who've spent a material amount of time on this post quantum question for bitcoin. Blockstream Research especially has a few cryptographers who've spent time on it. Chaincode Labs has also spent a good chunk of time on mapping out what a post quantum future for bitcoin looks like. They had a research report last year, mid last year or so, and then someone even linked me to an image of the growth of post quantum posts on the bitcoin mailing list. And over the last number of years, it's been basically a linear increase to the point that now it's 30 or 40% of all the posts on the mailing list are talking about post quantum. So I think there's clearly quite a, quite a bit of work, quite a bit of discussion going on on how this should look, what should be done. And then it's important to recognize that we could in fact move rather quickly if we had to.

Laura Shin

Okay, so we're going to get into the details around kind of the technical stuff in a little bit. But before we do that, I just wanted to ask you. So I like, you know, to me, like I. So there's just so many topics to cover. You know, there's the technical part, there's like the roadmap, there's a lot of things. But I like really thinking about it, it sort of felt like the number one biggest disagreement was sort of this characterization around how seriously the bitcoin core developers are taking this threat. So I just kind of wanted to understand, like, is your appearance on this show one in which you're representing what your personal perception is of the situation? Or have you talked with other core developers, you know, either like as a group or even with some subset of the larger group? And were you kind of designated as like a person to represent the views of bitcoin devs or no?

Matt Corello

Yeah, I don't think there's almost ever been a case where anyone is is designated to represent the views of bitcoin devs. I can only speak to conversations I've had with people what my understanding is of where people's views are, but I think that's probably pretty close to accurate. I don't really work much on bitcoin core anymore, but I do spend a lot of time hanging out with people who do and chat with a lot of people who do pretty regularly and obviously have been around working on bitcoin open source protocols for 15 years now. So, yeah, I mean, I can speak to conversations I've had and I think I can fairly accurately represent what other people's views are or what. I mean, I wouldn't say there's a strong consensus yet, but I think there's a consensus forming in terms of approaches and so I can speak to that.

Laura Shin

Okay, so let me ask you. Then you started to lay out how you thought it might be actually fairly easy to prepare Bitcoin for a post quantum world. And I did want to kind of question a little bit of what you said there because it's not just that there would have to be this step where I guess various wallets would say, hey, you're public, sorry, your private key is no longer sufficient. We need the seed phrase. But it seems like before that there would have to be a lot of other technical issues that would need to be addressed. From what I understand, in order to prepare Bitcoin for a post quantum world, there would be much higher data requirements. So obviously, given the block size wars that happened back in the day, it does seem like bitcoin core developers are quite conservative when it comes to how they want to approach the data requirements of the network. There would be like choosing a post quantum scheme, which I don't even think that is like a very simple thing to do. I think there's kind of a lot of different options. Justin Drake of the Ethereum foundation came on the show and he talked about how he actually had chosen a scheme that is higher on data, but then they have a way to make it, you know, light in terms of the data requirements on Ethereum. It seems like there might be multiple soft forks that might be required. And you know, then of course there's the fact of just bitcoin culture, which, you know, Nick pointed out in his articles that the only two upgrades over the last 10 years have been SegWit and that took two years to debate development, develop and test. And then Taproot, which took three years. And then, you know, there's this whole period of like deprecating addresses, rotating the addresses and then getting all the different holders to do this. I haven't even gotten to the lost and abandoned coins, which are like 5% of the network. You know, the whole Satoshi's coins issues. There's, there's just kind of a lot of, a lot of different things that need to be decided before we get to the point that you described about just like, you know, rotating the addresses and addressing the wallet issue. Am I wrong? You know, I'm not a technical person.

Matt Corello

So yeah, there were a lot of things you threw out there, I think. So first of all, yeah, it's obviously not trivial to just snap our fingers and say we're done, you know, this is no big deal, we've solved the problem. But some of the steps you mention aren't. I think some of them are clear for now. And then some of the steps you mentioned maybe aren't as required as some people maybe think. So maybe. Let me lay out.

Laura Shin

Yeah, why don't you lay out what you think the roadmap would have to be to address the threat.

Matt Corello

So yeah, I mean, obviously as I mentioned, I think there's starting to be some kind of consensus for this kind of roadmap. There's obviously a large bitcoin community out there. There's lots of people who have opinions, so things are likely to change somewhat. But I think. So first of all, I don't think there's much of a question right now in terms of which post quantum scheme to enable. All of the post quantum schemes that exist outside of hash based signatures are fairly early cryptographically and having them and there's a decent chance that they just get broken classically. Right. That a normal computer could break them, that we have some cryptographic breakthrough. It's, they're starting to, you know, they're starting to get some years on them, but they're still fairly young as far as cryptography goes. So I think that's not really a question. I think right now the only thing to do would be to add hash based signatures in bitcoin. But we don't have to start relying on them. So you mentioned the large data requirement of hash based signatures. It's true, they're fairly large compared to existing signatures, somewhere between 3, 4 and 10, 20 times larger depending on exactly which type of wallet you might have. And so what we could do is we could say, look, you can start using addresses that commit to the post quantum hash based signature, but you don't have to use them yet. They're there, they're hidden, they're not even revealed on chain. And for now you just start using these new signatures and it's free, it doesn't cost you anything, it's just silently committed in your public key. And then in the future, when a quantum computer, cryptographically relevant quantum computer becomes a more urgent risk, at that point the network could soft fork out the original signature scheme and say, okay, actually now you have that hash based signature public key committed to in your output, now you have to reveal it and start signing with it. So you can't just keep using the old scheme. And so for now it's free. If, and I think this is most likely outcome, if 10 years go by and we start to get a little closer to the cryptographically relevant quantum computer world, it hasn't kind of suddenly appeared, then at that point we could say, okay, actually some of these lattice schemes or some other post quantum scheme is actually really compelling. We're a lot more confident in the cryptography then we could add that and people could start using that much more efficiently at that time. But like having a hash based scheme now lets people start migrating for wallets that don't have a seed phrase, which is fairly rare. It's just kind of these weird specialty wallets. For some of these weird wallets they could migrate.

Laura Shin

So just in my opinion, it sort of feels like letting it get to a point where the quantum threat exists and then kind of changing things as you go along and expecting people to know that they can't just transact with their bitcoins the way that they normally do. Like that to me just sounds like a recipe for a lot of people losing their money. Right?

Matt Corello

No, I mean the wallet. So the wallets would start using. So two points. The wallets would start embedding those post quantum public keys now. So they know how to sign with it. They could sign with it, they just don't have to yet. So that the cost is zero. Right. So you're not adding a ton of extra data on the blockchain. You know, possibly 10 years away from a quantum computer, you're not. You know, one of the concerns is that wallets are going to maybe kind of reasonably look at this and say, well look, quantum computer is still a ways off. You want me to start using a relatively inefficient post quantum signature scheme that's just going to add more fees for me. It's going to result in bigger transaction, slow, whatever. I'm not going to bother doing it. I'll upgrade later. So you really want a upgrade path that is free for now until a quantum computer becomes a more urgent threat. And I think that's fairly straightforward. Right. You just start committing to these keys. The wallets know how to spend with it, they know how to build these keys, how to sign with these keys. They just don't have to use it yet. And then at some point when the risk becomes more urgent, then the switch is flipped and the wallets continue as they were before. No big deal. They just have to start signing with the other scheme that they already knew how to do.

Laura Shin

Okay. I mean, I guess to me, and again, because I'm not technical, sometimes I'm like sort of questioning what I'm thinking here, so please correct me. But as far as I understand. So Nick said this, Justin Drake was on my show, said it. Chris Pikert, who is one of the experts in lattice based cryptography, he explained this as well. It just feels like anybody who develops quantum computing capability could keep it secret while they sort of, you know, kind of get their plans in place to sort of maximally benefit from being first. So it doesn't feel like a feasible kind of prevention measure to say, oh well, wait until it becomes a threat and then we'll. It sort of feels like then, then you're just leaving all these holders vulnerable to this threat.

Matt Corello

That's, I mean, look possible that a quantum computer is developed in secret, obviously in that world. It's probably a nation state. They're probably not trying to steal Bitcoin. They're probably trying to decrypt communication so that they can spy on everyone. But I think this is true. No matter what blockchain you look at and in fact, no matter what cryptographic protocol you look at broadly. You know, there has to be a point at which point people say, okay, now the risk is more urgent and we need to stop accepting the old signatures from the old coins. Old, whatever.

Laura Shin

Yeah, but, but so what, what I, what I guess I disagree with you on is like you're saying, oh well, this applies to any blockchain. But you know, as I'm sure you're very well aware the Ethereum foundation has come out. They have a priority. They have kind of, you know, around this, they have a group of people that are dedicated to working on this. They have a deadline of when they want to have, you know, kind of made all their changes. They even already have.

Matt Corello

Different than Bitcoin still. Right. Like, they have a bunch of. Yes, there. There's also a bunch of Bitcoin developers working on plans and designs and pushing forward potential changes to Bitcoin.

Laura Shin

The question in both cases, can you name those?

Matt Corello

When do you.

Laura Shin

So we have BIP360, which is just to address some quantum vulnerability in Taproot that, you know, for whatever reason got implemented. So it's sort of like reversing.

Matt Corello

BIP360 is a new address format for post quantum anything.

Laura Shin

Okay. It's not related to Taproot.

Matt Corello

No, it's just a new address format like any other post quantum. Any change to crypto, any crypto or Bitcoin, you have to start allowing people to commit to post quantum public keys and then potentially use them. And bip360, is that okay?

Laura Shin

So there's that list, the other things that are kind of in place, that they're, like you said, that they seem to be working. Yeah.

Matt Corello

So I think that. Well, the interesting question for every cryptocurrency, whether it's Bitcoin or Ethereum or anything else, is at what point do old public keys no longer get accepted? At what point? And this is the burn question, right? This is at what point do you say, okay, there's all these old coins, whether it's Ethereum, Bitcoin or any existing cryptocurrency today, there's all these existing coins that are possibly lost, maybe just old holders that are held on keys that are only elliptic curve cryptography. Right. Only vulnerable to a potential cryptographically relevant quantum computer. At what point do you say we're no longer going to accept that? And that is a question that every cryptocurrency has to contend with, and every cryptographic system has to contend with. It's not specific to cryptocurrency. That's true of TLS and literally everything on the Internet that's cryptographic. And at some point you have to flip that switch. And there is not really a lot unique about any cryptocurrency, whether it's Ethereum or Bitcoin or anything else about the decision of when to flip that switch.

Laura Shin

But so have the Bitcoin developers chosen a date? Because the Ethereum foundation does have specific deadlines.

Matt Corello

I don't think you can really choose a date in advance because ultimately the community that exists at the time is going to evaluate the risk. Right. Like we can say, okay, well you've got five years. Or we can say, okay, you've got eight years or 10 years or two years. Whatever we say kind of doesn't really matter because it's up to the community that exists at the time. Right. I'm sure the bitcoin community will look at the Ethereum community and say, okay, well, have they moved? No. Okay, well, you know, has. Where is Google's Quantum computer? Where's IBM's quantum computer? This. Most of the. Yeah, all of the quantum computers that exist are being developed in public.

Laura Shin

Right. So you were talking about like the moment that you flip a switch. But so let's put it another way. So Cointelegraph just published an article quoting Bitcoin core developer Ethan Heilman. And in that he said that he expected that optimistically Bitcoin would take seven years to upgrade to post quantum. He's also the author of the BIP 360. So seven years from now is the

Matt Corello

year he's referring to migration. Right. And if you do a burn, you don't have to rely on migration. Right. You could rely on seed phrases.

Laura Shin

Wait, if you don't do a burn, what does that mean?

Matt Corello

If you do disable insecure spend pass, you disable old addresses and you burn old lost coins, you burn anyone who hasn't migrated, then in that case you actually don't have to burn everyone, you just burn non seed phrase wallets, which is fairly few.

Laura Shin

Okay, so okay, but I mean, I don't think the community has really discussed what to do with the old lost or abandoned coins, which, you know, that's 5% of all bitcoins, it's 1.7 million bitcoins. So like, do you think that the community is just going to be like, sure, let's just burn them all without much discussion or I don't know, it feels like that alone would take like three years for Bitcoin, Bitcoin to decide how to deal with those coins.

Matt Corello

Yeah, I think obviously that again, this is something that gets decided by the community that exists then like we can't. It's true of Ethereum and every other cryptocurrency. We can't decide now. It's up to the community that exists then. But I think the important thing to recognize in, in Bitcoin and every other cryptocurrency, but Especially in Bitcoin, is that it's ultimately up to the market. Right.

Laura Shin

I'm so sorry, I need to understand when you say this is up to the community that exists, then you don't see this as a multi year process that would start now or even just multi month. I don't know the exact time frame. But you don't you feel like let's just wait until the post, until you know, Q day is here and then that community.

Matt Corello

There's two separate points, right? So there's the question of when you start migration, when you add hash based signatures to Bitcoin, whatever, that should happen soon, right? And there's people working on that, targeting, enabling that soon, getting that done soon. There's a number of developers working on that and yeah, that'll happen in the next however many years, hopefully soon. Then there's the question of when do you flip a switch and require that? When do you say, okay, now if you haven't migrated and your wallet's not seed phrase based, then you can't spend your coins anymore. They're not your coins anymore. And that's again a question Ethereum and every other blockchain has to contend with in Bitcoin especially. But also every cryptocurrency, it's ultimately decided by the market. Right. And so when a quantum, when a cryptographically relevant quantum computer is a material risk, is kind of potentially in existence or going to be soon. Someone is going to propose the fork without question on every blockchain, but especially Bitcoin, someone will propose that for someone.

Laura Shin

But what if, what if like 10 people propose 10 different types of forks? Yeah.

Matt Corello

Yes, but also in practice that's not what we've ever seen. People just, you know, if they all kind of agree that this should happen, it they all pretty quickly coalesce.

Laura Shin

I mean the block size thing took like, I don't even remember, three years I think, to hash through.

Matt Corello

Yes. And at every step there was kind of only one serious alternative proposal. But most importantly, it wasn't urgent.

Laura Shin

Well, yeah, okay.

Matt Corello

It was not a like, okay, well we either disable these spend paths or the market for Bitcoin gets crushed in a year when this quantum computer comes online. Those are two very, very different scenarios. And once someone proposes the fork, I think it's very clear which one the market is going to prefer. Right. There's either the fork with insecure spend paths disabled or there's the fork with, as you know, several million additional coins on the market. Supply and demand is pretty clear. Right. One has massive supply for this bitcoin token. And one has today's normal supply for this bitcoin token. And the market is going to prefer the one that disables the coin. So I don't think, while there is some discussion of it in bitcoin, it's not really ambiguous as to what the outcome of that will be and what will happen there.

Laura Shin

So you feel like there isn't really much debate about what to do with the old coins, that everybody will just agree that they should burn them.

Matt Corello

Oh, I'm sure many people will disagree. I'm sure many people will be very sad about it, will scream about it, whatever. But my point is it doesn't really matter because it's up to the market. And that's true of every blockchain and every cryptocurrency. It's up to the market. The market can decide, well, look, we're going to sell this one and we're going to buy this one, and now this one has all the value. And so we're not going to call that thing that has no value bitcoin. This is bitcoin. Pretty clear with supply and demand that one has orders of magnitude more supply live on the market, maybe 5% more coins, but those 5% of coins are going to be on the market available for sale, which is going to be an order of magnitude or two more coins on the market.

Laura Shin

Okay, yeah. Hearing you talk about this, it does feel like. It feels like you're saying, well, we'll just decide that at a certain point. But I feel like there is another way to do it where there could be a plan of like, here are all the steps and our deadline to reach step one is this. Our deadline to reach, step two is that, et cetera, et cetera, until you get to the point where you've kind of cleared all the hurdles to prepare for everything. And that's not what I'm hearing, but it feels like there is only.

Matt Corello

I think what I'm saying is there's only two steps. There's only two relevant steps for post quantum security in bitcoin. The first relevant step. The first relevant step is just adding the ability to commit to a post quantum public key. I think that should be done soon. I think there's starting to be some level of agreement, maybe not exactly bip360. There's still some debate about the exact format of it, but it's not super relevant. It's just a way to commit to a post quantum public key.

Laura Shin

But you didn't include the decision of like which type of post quantum scheme, right?

Matt Corello

Oh, I think there's unambiguous, pretty strong consensus for hash based signature for some hash tree based signature.

Laura Shin

Okay, but which one? How long would that step take?

Matt Corello

Which specific hash based signature? So there was Jonas Nick at Blockstream Research proposed a variant of Sphinx that actually marries some of the benefits of Sphinx with the option to do a stateful signature which is much smaller, called shrinks. So probably shrinks. There's not really a lot of kind of different options you have when it comes to hash based signatures. The available set of options is pretty mined out. So probably shrinks. I don't think it matters that much exactly which one. They're all pretty close to each other in terms of performance and size and whatever else.

Laura Shin

Okay, so you're saying you don't think it will take too much discussion to settle on that?

Matt Corello

Yeah, I don't think there will be a lot more discussion aside from just doing shrinks. There has been a lot of discussion over the last few years on exactly how to allow the commitment, whether it's an attack leaf, whether it's bit 360 or something similar to it. I think we're starting around the corner on that discussion. So that should happen soon. In Bitcoin terms, that doesn't necessarily mean this year, but hopefully soon. I'm optimistic that there's a fairly concrete proposal that has kind of growing consensus this year and then hopefully makes good progress towards activation. Yeah.

Laura Shin

Okay. Okay. All right, so in a moment we're going to discuss just a lot more questions about the Bitcoin situation with the quantum threat. But first we're going to take a quick word from the sponsors who make the show possible. Want a chance to win $25,000 in USDC figure? A platform to earn yield, borrow against crypto and access lending markets is running a $25,000 USDC sweepstakes tied to their democratized prime product. Here's how it works your markets app using our link figuremarkets co unchainedp Deposit into a democratized prime lending pool and leave your funds there for 25 consecutive days. Every dollar equals one entry. So $1,000 equals 1,000 chances. While your funds stay in the pool, you're also earning around 9% APY paid out hourly. To learn more and enter go to figuremarkets.co UnchainedP, which is also available in the world, is about to see one of the largest infrastructure shifts of the century. New technologies are using more energy than ever before. But our legacy Grids can't supply the demand and we are barreling towards a global bottleneck, so Fuse is rebuilding it. The energy network is an intelligent, decentralized grid that coordinates smart devices to balance supply and demand. The network harmonizes existing infrastructure, increases grid capacity and unlocks low cost clean energy. Energy dollar is the native token of the network. The more electricity the world needs, the higher the demand for the energy network. The value of energy dollars may fluctuate from one of Europe's fastest growing energy startups. Follow Use Energy on X to find out more. Back to my conversation with Matt so I did want to ask about the views amongst the Bitcoin core devs. It seems like you are saying that they are actively working on this, that there are plans in the works, that there's active discussions, all this stuff. I understand that this thing could be difficult to prove, at least in this interview, but I just at least wanted to look at the public statements that have been made and also to hear if you have any personal insight to share on the views of these people. I'm sure you saw or I'm not sure you saw. So I want to ask Nick published a post in which he ranked the Bitcoin core developers in order of what he personally assessed as their importance. And then he listed different public statements they made on the Quantum thread, although about half of them actually haven't really said much. So I'm just going to name the 11 that he had at the top. There were I think 30 or 40 in total. Peter Woolley, I don't know how to say his name was in a category of his own. And then the other 10 labeled as very high influence were Greg Maxwell, Jonas Nick, Anthony Townes, Adam Back, Alex Marcos, Michael Ford, Marco Falcke, Andrew Polstra, Mara Vanderlan, and Peter Todd. And he said of this group, quote, if you can't convince basically everyone on this list of the importance of your update, it won't happen. So you know when he then went through their public statements. So Peter Woolley, these were all statements that peter made in 2025. He said, quote, I certainly agree there is no urgency right now. He also said, I'm unconvinced about the practicality of Ethan Heilman's proposal. And that's the one that we talked about earlier about the Quantum vulnerable addresses. And then the third statement that Nick

Matt Corello

found was no, that would have been in reference to a previous version of the 360. It's been rewritten several times.

Laura Shin

Okay, okay. The third statement was, quote, I believe the main quantum related threat to Bitcoin, at least in the medium term, is not the actual materialization of a cryptographically relevant quantum computer, but the belief whether one may exist soon after. I don't mean to imply that such a machine won't ever appear, but I do believe the fear that one may exist will likely have a more meaningful impact. So would you agree with Nick that it seems like Peter doesn't view the quantum threat as urgent?

Matt Corello

I think you have to separate the. So a lot of these kinds of comments that Nick keeps pointing to are often in response to people claiming that a cryptographically relevant quantum computer is on the two to five year horizon. Or in fact in many cases people were claiming two years ago that we're going to have ASI in one year, which would have been a year prior to now, and then that ASI is going to figure out room temperature superconductors and then from there have a few more technological breakthroughs and then we're going to have a quantum computer in like three years. And I think the actual quantum experts, when you ask them, they're still giving 10 year time horizons. The NSA is still giving 10 year time horizons of when people should plan to be done with pre quantum cryptography, actually.

Laura Shin

So NIST has asked government agencies to deprecate the use of quantum vulnerable cryptographic schemes by 2030, which is in four years, and then to end all reliance on them by 2035, which is nine years.

Matt Corello

Right. So about a decade that they say that you need to be quickly migrating off in the next five years and then you should be completely done with pre quantum stuff in a decade when they think quantum computer is moderately likely or fairly likely. And so I think there's often a response from bitcoiners, not necessarily always bitcoin devs, but popular bitcoin personalities on social media and sometimes bitcoin devs as well, where people will raise the quantum question and their response is it's not happening today or tomorrow or in the next two or three years. So first of all calm down. But then that is not the same as saying we shouldn't do anything, we shouldn't do anything. Now if you look at especially more recent statements like conversations in the last few weeks on BIP360, which only finally took its current form relatively recently, I'm not sure if it was this year or late last year, then conversations tend to be more around, you know, what does it look like when the cryptographically relevant quantum computer is more urgent? You know, what is the bitcoin community doing then and less about what to do now. There seems to be kind of an implicit just yeah, sure, we could do hash based public keys and commit to them. It's not really a huge deal.

Laura Shin

Well, okay, so if you were to lay out all of the steps end to end, how long do you think that would take? Do you agree? Shoot. Who was this? Some. There was, it was, it was. What's his name? Ethan. It was Ethan who said that he expected it would take seven years for bitcoin to upgrade to post quantum. Do you agree with that seven year time frame?

Matt Corello

Yeah, I think that might have been from the chain code quantum report from last year, I think early last year, which really focused on a migration path. Right. So really focused on this idea of okay, you know, do a soft fork, add post quantum signatures and then have all, all really materially all wallets migrate to using them and you know, get that whole process through. And I don't think that that's necessarily a requirement again because seed phrases can be used as an alternative signature scheme. Now we don't want to rely on that. And so because they're fairly expensive, you have to do stark proofs. Right. ZK proofs. And so ideally, yeah, we do want wallets to start migrating and again I think that's why people are working on it now and starting to make good progress, I think. But yeah, I mean if we want to get wallets to substantially migrate. Substantially, all active wallets to migrate, I think, yeah, that takes many years and I think that's why people are working on it now.

Laura Shin

And okay, okay. So I did also then want to ask about some of the other Statements of the 11 most influential people as, you know, named by Nick. Yes. So you can dispute, you know, if you think any of those people.

Matt Corello

I didn't read his specific new article, but he apparently changed his list materially because when he was arguing with me on X, his list included I think 10 people and of them 6 or 7 don't work on bitcoin anymore or have never materially contributed to bitcoin core. So I think he's rewritten his list a few times.

Laura Shin

Okay, okay, so I understand. Yeah, people might quibble with the list. The 11 people though at the top, I would say I've heard of pretty much all of them except like one or two. So I don't think, just from what I know it didn't seem crazy to me, but I'm going to just name some of the other statements that he flagged here in July of 2025. So you know, what is that like nine months ago or eight months ago, Peter Todd said, quote, for all the claims of progress on quantum computing hardware, the fact still remains that no one is even close to demonstrating cryptographic relevant quantum computing capabilities. And the actual cryptographic relevant capability as a real hardware are laughable. And then in November, which is just

Matt Corello

three months ago, Adam, Peter Todd is a great example of someone who is never materially contributed to Bitcoin Core. And I think Adam is a great example of someone who has never contributed to Bitcoin Core and he'll happily tell you this.

Laura Shin

Interesting.

Matt Corello

He's the CEO of Blockstream. He's not an active engineer who contributes to Bitcoin.

Laura Shin

Okay, okay, so, but, but just to get this on the record, Adam tweeted when somebody asked him about the threat from Quantum. Again, this was in November. He tweeted, quote, probably not for 20 to 40 years, if then. So compared to how the government is saying four years from now you need to hit your first milestone and nine years from now the next one. And he's saying 20 to 40, if even. It just feels like you're disputing Nick's ranking here. You feel like some of the people

Matt Corello

that obviously some of the people on the list are super relevant and very substantial contributors to bitcoin development. I don't think Adam is one. I don't think he would quibble, I don't think he would complain about that characterization. But yeah, I mean, I think I disagree with him on the 20 to 40 year time horizon. Certainly it's very to be clear, it's very possible that the cryptographically relevant quantum computer will take 20 to 40 years. It's also possible that it will take less and obviously we should be ready with the also possible it will take less scenario.

Laura Shin

Okay, okay. So again, I understand you are quibbling with the 11 people that he named as most influential. But what was interesting is actually six of them don't really even have any direct public statements about it. Some of them had said things that were super limited in scope or kind of like theoretical. So these six are Anthony Townes, Andrew Polstra, Alex Marcos, Michael Ford, I guess this is five, sorry. And Marco Falcon. So, you know, and I think those

Matt Corello

people are all developer, well the exception of Marcos, who doesn't really work on bitcoin anymore. But those people are all developers who mostly focus on their day to day work and are out making grand public statements about the future of bitcoin. That's not really something that has ever been a thing in bitcoin development. You know, there are, I think you can count. I think there's maybe been two or three public statements on behalf of bitcoin core ever. And so you don't really see people making statements now. There's conversations. And I think the real question, I think maybe the important distinction to, to push back on Nick's characterization, you know, I think he, I think you, you quoted him and forgive me if I'm misquoting slightly as saying something like if these people don't agree with your change, it's not going to happen

Laura Shin

or support or something like that.

Matt Corello

Right. I think that's a slightly slight mischaracterization because I think the reality is more if these people or a handful of other people potentially don't materially disagree with your change, it might happen. Right. The, you know, most bitcoin developers. Yeah, you know, I think there are many bitcoin developers who don't have strong feelings about what to do about Quantum. Whether it's an immediate risk, whether to do anything now, whether to wait, whatever. They, maybe they have jobs and they're focused on other things and they're maybe not, not as focused on this. But that doesn't mean you have to convince them that this is the most important problem and they need to drop their existing work and work on this in order to make changes to bitcoin to support Quantum. I mean there are a number of developers working actively on what a post Quantum Bitcoin should look like, what the short term plan should be, what a long term plan might be. And those people just have to finish their work, have a concrete plan, propose it more formally and that there's, I mean there's bip 360. I think there's maybe some more work to be done there, but they just have to propose it more formally and then it can start making progress. And I think the people who have maybe not been loud about this or maybe aren't as active on formulating their own opinions, that doesn't change what happens in bitcoin. Right. If they're strongly opposed to it. That's one question. One that's, that's a problem. Right. They would. If they're strongly opposed to it, then maybe that's going to slow things down or maybe prevent things from happening. But I don't think, as you know, most these people haven't made any comments about it because.

Laura Shin

Okay, well, their focus. So, you know, so one of these developers, I forget who said that they felt like the Public perception of the threat is more of a, more of a threat to Bitcoin coin than the quantum thing. So do you think that there would be value if the Bitcoin core developers did something similar to what the Ethereum foundation did where they said, we've set aside these group of people to focus on this, we've set aside this amount of resources, whatever it is, just signal to the public that this is being worked on in a dedicated fashion with real timelines to hit, real goals and metrics or whatever the thing is. Do you feel like that might be a value?

Matt Corello

Yeah. So first of all, yes, Peter has said a number of times that in the short term, the bigger risk to Bitcoin is fear over quantum, not necessarily an immediate cryptographically relevant quantum computer because it might lead people to do irrational things. It might lead people to panic and change Bitcoin in a material way that, that's harmful to Bitcoin. And I think that's fair in the short term. Yeah. A cryptographically relevant quantum computer is not a material risk in the next two or three or four years. In fact, it's almost zero risk. Right. But that's also not what Peter has said about whether a quantum computer will exist in 10 years or 20 years. And so in terms of your broader question on whether Bitcoin should make a statement, I think that kind of defeats the point of Bitcoin. I don't know what. There's no one who can make a statement on behalf of anyone. There's people at Blockstream Research who do work on this. I think one of them sadly just went on pat leave. But as far as I understand intends to make this a full time job. Jonas, Nick has written several things on this. Just came out with a whole new cryptographic scheme again, Chain Code has, has written the Bitcoin quantum report to analyze different directions Bitcoin can go and what options it had. This is a while ago, this is about a year ago. So I think it's maybe a little out of date now. But you can look to organizations who contribute to Bitcoin and look to what they're doing. And I mean, I guess Blockstream Research could make a statement that says they have people working on this. I don't think that necessarily is exactly what Nick is looking for. But there's just no one who can make a statement on behalf of Bitcoin.

Laura Shin

I mean, what if, you know, just people on the core dev mailing list got together and said, hey, we're going to form a committee or maybe Yeah, I know. Okay. Bad word choice.

Matt Corello

You can't decide. Right.

Laura Shin

But. But they, they could say, hey, we're just going to form a group that is going to focus on this. There's four or five of us. You know, whatever the number, if you're interested, join us. You know what, it could be something like that. And then they could just say they could publicly. They're not speaking on behalf of bitcoin, but they could just publicly tweet that they're doing it just so people know. Because right now, I don't know if you're aware, but this is something a lot of people are concerned about. This is something that a lot of people who do research on different blockchains, they are kind of looking at the landscape and they're feeling like, well, amidst this kind of revolution, we're seeing in AI, it looks like. And news from the quantum world itself saying that there are these leaps that are happening and they're happening quickly. You know, they're looking at this and they're saying Ethereum is looking prepared or, you know, whatever. Blockchain doesn't have to be Ethereum. And, you know, Bitcoin, it feels disorganized. It feels like it's being downplayed. It sort of feels like it's. Yeah, just not really being paid attention.

Matt Corello

I mean, I think that's totally fair. If you look at, like your average bitcoiner on social media, you're right that the responses are often, in some cases, quantum will never happen. Quantum computers are impossible. It defies the laws of physics. I mean, just kind of nonsense, let's say. Certainly uninformed takes, but your average random bitcoiner on social media is probably not the best source for what's going to happen on Bitcoin. And yeah, I mean, look, can bitcoin developers say, we're working on this? I mean, yeah, like, yes, people are working on this. I can point to many people working on this.

Laura Shin

And so.

Matt Corello

So here's my formal statement that, like,

Laura Shin

people are working on all of them. Please name all of them right now. So Jonas.

Matt Corello

I think so.

Laura Shin

Who else?

Matt Corello

Yeah, Jonas, Nick and Tim Ruffing on the cryptography side. So Tim Ruffing wrote a good paper formalizing taproots. Quantum security of the commitments in taproot. So that means that a quantum computer can calculate the private key for a taproot output, but it can't forge alternative leaves within the hash tree that's committed to in Taproot, which allows us to explain.

Laura Shin

Just list all of it.

Matt Corello

So Tim Ruffing wrote a good paper there and I think he's going to work on this more too. Obviously Ethan and his co contributor is on 360. There's three authors on bit 360

Laura Shin

and

Matt Corello

again, I think so. First of all, most softworks in bitcoin took two or three or four people. Once they got moving they had more contributors obviously. And I think there's more people working on post quantum security in bitcoin than most soft forks had in their early days. And I don't think it's complicated like bit 360. Again I don't think it's quite the right answer in whole right now, but it's straightforward, not a lot of implementation complexity.

Laura Shin

So you reached out wanting to come on the show after you saw a clip in which Nick said that he felt that the outcome of what he viewed as the bitcoin developers kind of lackadaisical attitude toward the quantum threat would likely, likely be, as he put it, that blackrock would fire the bitcoin developers. And I was curious. So obviously I know in the world of decentralization that is not a thing, but I'm just curious for your view on this. Do you consider BlackRock and other institutions that are fiduciaries to their customers whose bitcoin they are custodying. Do you view those entities as being some of the primary stakeholders whose either views or opinions or desires should influence either the bitcoin core devs, if not decisions at least like their plans or their, you know, the timeline on which they will make changes?

Matt Corello

Yeah, I mean I are say the most important stakeholder. No, but are they a stakeholder like any bitcoin owner and user who might care about Bitcoin and might have valuable feedback worth listening to? Of course, you know, bitcoin development I think unlike some other cryptocurrencies is still operated very much in a kind of traditional open source fashion. And that's to say that developers work on what they think is important. And if you think something is important, you either have to convince an existing contributor that that thing is important or start working on it yourself or pay someone to work on it. Those are all options that BlackRock has. I don't think they have materially contributed, if at all to bitcoin development, but some other ETFs actually have. You know, Bitwise and Ark have funded some bitcoin development efforts and but at the same time, I mean look like the reality is bitcoin developers are working on this stuff. And so I don't think that BlackRock has an incentive to fire anyone. I do think they become a little more relevant when we start talking about that second step of disabling insecure spend paths. Right. Because they're the economic, you know, there will be a fork. I have no, I'm not under any illusion as to think that there will not be bitcoiners who disagree. There certainly will be people who disagree with disabling insecure spend paths and prefer the fork with the quantum computer stealing, stealing old bitcoin. But it's ultimately decided by the market. And I think BlackRock will, will play a role in deciding that because they're a market participant now, they're obviously a fiduciary and people will presumably take some of their coins to vote them themselves and they might lean on BlackRock to vote one way or another. And maybe BlackRock it will be complicated. And you know, BlackRock hopefully isn't just voting on their own, voting on their own or, you know, selling one side one fork and buying the other. You know, probably they'll just hold both until it's clear and then, you know, other market participants will really decide.

Laura Shin

I'm sorry, so there, so there's going to be a hard fork too, not just soft forks.

Matt Corello

Even in the case of a soft fork, I mean, there's still, it's still decided by the market. Right. So we saw this with. Even before kind of, I mean, I know segwit2.x was a hard fork, but we saw this with segwit2.x where it was decided by the futures market long before the fork came about. And so there's, you know, there will be. Market participants will get to decide which coin they prefer. And in the short term there will probably be some hash power on both that tries to keep them going and they'll pay for one and one will, will advance pretty quickly.

Laura Shin

Okay, I just, in the interest of time, I do want to ask you a few other questions. So I want to know, like when bitcoin developers think about their work, who do they view as their core constituents? And it could be like five different ones and if so, then I want to hear how they're ranked in your mind.

Matt Corello

Yeah. Certainly depends on the individual contributor. I think that most contributors try to focus on the bitcoin that they think holds up bitcoin's principles the best. So principles like censorship, resistance, like minimizing third party trust in the maximal way possible, I think they're really more focused on the principles rather than a specific constituency. I do think that hopefully the vast majority of people who've bought bitcoin and own bitcoin do so because of those principles. Like, the reason they've invested in Bitcoin is because of those principles. And so ultimately they are, by reinforcing and focusing on those principles, really working for the people who hold Bitcoin and furthering their economic interests as well. But I think it's more about the principles rather than a specific constituency.

Laura Shin

Okay. And then I also want to understand, and by the way, I'm going to let the audience know Alex Pruden of Project 11, which is this company that is trying to help the crypto world become quantum. I don't know if resistant is the word, but to prepare for that phase, and he was on the pod a few weeks ago, he came up with this framework of questions, which I just thought was brilliant. And he and I, when I saw these questions, I thought these were amazing. He and I were curious. So what type of bitcoin are bitcoin developers optimizing for? There's a type of bitcoin where it should be like gold and it should change as little as possible. There should be, or. Or there could be a type of bitcoin where it, you know, tries to be the type of gold as an investment, in which case then it should be somewhat future proof, like to, you know, perpetuate this investment, like, you know, something long term. Or the third could be, you know, a type of bitcoin where it's, you know, this is like the, you know, something where it's decentralized and so it's an antithesis to large financial institutions. So, you know, what type of bitcoin do you think developers should be aiming for?

Matt Corello

Yeah, I can only speak for myself there. Obviously, different people have very different views, and there's lots of different people who contribute to bitcoin for different reasons. They came at bitcoin from a different reason and for different principles that they think are valuable. But at least speaking for myself, I mean, it always comes back to this concept of trustlessness, of how do we make sure that you can hold and transact in bitcoin without counterparty trust or with minimal possible counterparty trust. And when it comes to quantum, that's obviously complicated. Right, because there's the question of pushing people to upgrade and people shouldn't have a counterparty, even in the sense of being forced to do something. But on the flip side, you can't call it trustless if a quantum computer can steal 5% of the coins and dump them on the market, that does impact people's ability to trust the system and ability to use the system in a way that isn't trusting someone else or in this case trusting a quantum computer operator. So I think that's the most relevant part. There was one other thing I wanted to say, but I forgot what it was.

Laura Shin

Well, so I asked you whether it should change as little as possible, whether it should be more like a long term investment.

Matt Corello

Yeah, I think that's the wrong axis to look at it. I think trustlessness is the right answer. And obviously that does mean it should change fairly infrequently because rapid changes are going to introduce various risks that might require you to trust third parties. Whether it's developer community around Bitcoin or if you have to change wallets, you're like maybe being forced to trust some new wallet developer. So there's reasons why you don't want it to change very quickly that are very important, but that's not necessarily the goal. The goal is to be able to transact without trust.

Laura Shin

Okay, okay. Yeah, because I mean, there is a view. Again, this is Alex, this was his lens. He said, you know, there could be a view that in a way like the price is a little bit of a product and that goes to that kind of like goals as an investment sort of thing. And you know, it just sort of feels like some of the decisions that the developers are making here will affect that. And so in this situation with BlackRock where they have a fiduciary duty, this is, this is I think, why, I think, I think this is why that there's first of all some perhaps overhang on the price right now because of this perception that the Bitcoin developers are not prioritizing this and maybe like a cultural clash or difference, you know, around kind of what Bitcoin is for or like what it should be prioritizing.

Matt Corello

So, yeah, so I a, I strongly disagree with the characterization that Bitcoin's current price is materially because of some kind of quantum risk. There's obviously a lot of concern around long term quantum risk. But in terms of short term price action, when you actually go talk to market makers, it's not high on the, it's not high on the list.

Laura Shin

Okay, well, just.

Matt Corello

It's on the list.

Laura Shin

But anyway, no, just so you know, this tweet is from yesterday. Charles Edwards of Caprioli Investments tweeted, the only reason bitcoin is down 50 plus percent against equities and gold in the last year is quantum computing. Nothing else. Is a substantial factor.

Matt Corello

But if that were true, then Ethereum would be up substantially on Bitcoin and that's not true. Right. So I'm very skeptical of that. There's a lot of bitcoiners who want to blame something, blame someone for lackluster performance in this bull market, or lackluster. I mean, it's still, I think performed fairly well, but it didn't have the kind of crazy bull run that you had in the last two cycles ago, let's say. But the reality is bitcoin is competing for capital in a way that it hasn't in the last few cycles. Like AI is super capital intensive. There's this massive new investment class that is substantially competing for capital. There's a lot of interest in value accrual that will happen because of AI in traditional equities. Look, bitcoin is competing for capital in 2020, Bitcoin wasn't competing for in 2020, whatever, 2022, Bitcoin wasn't materially competing for capital. Instead we had massive stimulus pouring into bitcoin among other asset classes. So, yes, it has had an impact, but to say that it's the bulk of the price action, I think is just looking for someone to blame.

Laura Shin

Okay, so I did also want to

Matt Corello

ask, but I was going to answer really quickly. You raised this question as like, is the price a product? And I mean, I think in the kind of short term, no. Right. Does the short term price matter to developers or developers trying to pump the bitcoin price in the short term? No, that is not relevant. Right. The goal is these principles that matter. But on the flip side, you know, I also talked about like the market decides forks. And so if you have some fork where maybe the principles are ambiguous as to which one is more important and one has or maybe the principles kind of favor one, but the other one has substantially more lower supply on the market, then that one is probably going to win. Right. And so the price is relevant. And if we're talking about a world where you have a Bitcoin where a quantum computer operator can steal millions of coins and dump it on the market, that is relevant even just to the ability of people to transact with Bitcoin. If bitcoin is being dumped to zero, well, people can't really usefully transact with it. You know, if, if bitcoin goes down a little bit and your purchasing power goes down 50%, that's not a thing to fix in the short term. But if in the long term there's this massive crash that's interfering with your ability to use the system, then. Yeah, I think that's relevant.

Laura Shin

Yeah, I think the issue is. So obviously Satoshi has their coins and it seems like they've abandoned them, but there are other people who may feel that they've lost coins, and then at some point in the future, they may find the keys. And if after that, you know, it's like, oh, your keys got burned, or, you know, or your coins got burned, then, you know, they're not gonna be happy.

Matt Corello

If your wallet used a seed phrase, probably you're gonna be okay. If your wallet is old enough that it predates seed phrases, you weren't gonna get your coins back at that point. Will have been 15, 20 years, 30 years. Yeah. Okay, you weren't going to get it back.

Laura Shin

So I know we're over time, but I just want to ask you one last question and then one very short one. So you kind of alluded to this earlier. When I had Justin Drake on the show talking about quantum stuff, he mentioned that it's possible that I could kind of create some kind of mathematical breakthrough that would also pose a threat to the cryptography in bitcoin even before quantum computers arrive. And not just bitcoin, but, you know, blockchains generally. And he was saying that blockchains even needed to try to migrate to a post AI cryptography. And I wondered if that was a threat that bitcoin developers were looking at.

Matt Corello

I mean, certainly, I think this has been raised many times in the quantum discussion is, well, what's the probability of there just being a traditional classical breakthrough leading to cryptographic issues with, like, are

Laura Shin

people actively working on trying to prevent that?

Matt Corello

I mean, there's a limit on what you can do here. Right? Because you, you could. For, like, really the only thing you can do is you could say, actually, we're going to require everyone. You can't just use one signature scheme. You have to use two. And we pick two very different signature schemes so that hopefully at least one survives. Right. This is what some people are doing for post quantum. They're saying you have to use both. Doesn't really work as well in a blockchain because you have a lot of additional overhead. But that's basically the only thing you could do. I don't. Yeah, I don't think there's much we can do. There basically is the real answer that any cryptocurrency can do there. There is a shot that, okay, EC cryptography is broken, Sec P is broken, and all these things we talked about. For quantum computers, we have to use them. So maybe in some way hash based CK proofs are still secure, hashes are still secure and SECP is broken. That's possible. That's basically the quantum computer scenario. And so we could do the emergency solution version of the quantum computer scenario. But yeah, I mean there's just kind of a limit, like if all hash functions are broken. Okay. I mean there's just not much we can do to prepare for that. In some cases there's kind of emergency things you could do, but there's not a lot you could do to prepare for it. It depends a lot on the scenario and the exact cryptographic primitive that's broken and how it's broken. And is it an overnight breakthrough or is it, you know, usually cryptographic primitives are broken overnight. They're broken progressively over a year and it doesn't seem like AI is going to necessarily change that behavior. At least with current tooling and kind of the short term progression of LLMs, they don't seem to be on that, the kind of crazy ASI progression right now. They're kind of very, very important tool to potentially massively unlock human productivity.

Laura Shin

But yeah, okay, okay, so last question. Hopefully this is a short one because I know we're over time, but. So, you know, as I mentioned at the Ethereum Foundation, Justin said that, you know, not only are they working on this, but he described kind of how they're thinking about how to resolve this. And hopefully I am not mischaracterizing this because I didn't get to fully write my question now, but I think it's that they're going to hash the public keys and then they're going to like snarkify them or something to make them lighter weight because you know, this data issue about how post quantum measures what will just create a lot more data for the blockchain, that's like a second piece of it. He also said he's organizing a three day post quantum workshop. He's hoping to have more than one Bitcoin developer there. And one other thing that he said was in his ideal world, both Bitcoin and Ethereum would use the same post quantum strategy and that he hoped that all the other blockchains would follow. And I wondered just generally what you thought of that whole plan, whether you think Bitcoin would be open to sending the developers. Yeah, just all those things.

Matt Corello

Yeah, I wasn't aware they were doing this, this workshop. There was obviously another post quantum cryptography workshop with a bunch of Bitcoin Developers at it late last year. October of last year? I think so, yeah. I mean a bunch of work's been done. Yes. I mean I'm not 100% sure exactly what scheme he was referring to, but it sounds like they were talking about using hash based schemes to hash based cryptography schemes and then using snarks to compress them. So you could do rather than having some kind of post quantum CK proof in every or a full hash based signature scheme in every single transaction on the blockchain. You can.

Laura Shin

Yeah, I'm sorry, I remember hash based

Matt Corello

on snark or hash based.

Laura Shin

I remembered another detail. He said to hash all the signatures in a block or something like that for all the transactions. So it would be like one hash for all, all the transactions in a block. Something like that.

Matt Corello

Yeah. I assume he was referring to using a post quantum ZK proof scheme to prove validity of all the signatures rather than having to embed all of them. You know that, that certainly might be something that Bitcoin utilizes at that time. Especially if we're talking about a scheme where people can retain access to their coins using proof of seed phrase where that isn't just a small amount of additional data, it's a really substantial amount of additional data. And so there, yeah, you probably want to do kind some kind of post quantum ZK proof to compress it. I'd be curious to know exactly which scheme he was referring to and what their, their thinking is. But yeah, I think it also might be more relevant to Bitcoin in kind of the medium term, not necessarily the immediate short term. I think again there's kind of this, this two stage right where we want to first get people to have the ability to commit to post quantum public keys, have wallets, be theoretically able to use them even if they're not using them today. We want to get that done relatively quickly and then optimizing that so that when QDay happens, the kind of blockchain isn't super limiting on the number of transactions overnight is something that can happen a little more slowly because it only really has to happen by Q day. And in the worst case you could do a block size increase accompanying that to maintain some kind of sensible block size. So that's. That. That is a little bit of a less, less immediate pressure.

Laura Shin

Wow, okay. I, that threw me for a loop that you said that they might increase the block size.

Matt Corello

Well, I mean, you know, I. Obviously speculating it depends on a lot of factors. It depends on what other options we have. But you know, the block Size exists for many reasons, and it's not only to limit IBD size, it's also to make sure there's fee pressure for miners and limited block space so that miners get paid and other related issues. And yeah, so it also depends a lot of what kind of hardware is available at the time. Right. If every transaction is going to 10x in size and hardware is 10x better, then probably the hardware, the block size could be increased pretty substantially, potentially by something like 10x, because then you're not wrecking miners, you're not wrecking the fee market, and you're not wrecking people's ability to do IBD because computers are 10x faster. So there's a lot that goes into a block size change, of course, but in a kind of naive scenario, you could imagine the block size being increased.

Laura Shin

Okay, okay. All right, Matt. Well, we covered a lot of ground. I don't feel like I got to ask every single thing, but we covered a lot. And I appreciate that you went over time. I think this is an issue that people care about a lot. And so I really, really, really appreciate that as a core developer, you came on the show to talk about the viewpoint of at least yourself and potentially maybe some other core developers, because I think people really care. And like I said, in. In this world where we're seeing AI increased by leaps and bounds, it does feel like the quantum thing could come sooner than people expect. So thank you so much for. Yeah, thanks so much for coming on the show.

Matt Corello

Yeah, of course. Thanks for having me.

Laura Shin

All right, everyone, thanks for joining this live stream and we'll catch you next week.

Matt Corello

Well, the holidays have come and gone once again, but if you've forgotten to get that special someone in your life a gift, well, Mint Mobile is extending their holiday offer of half off unlimited wireless. So here's the idea. You get it now, you call it an early present for next year. What do you have to lose? Give it a try@mintmobile.com Switch limited time,

Laura Shin

50% off regular price for new customers. Upfront payment required. $45 for three months, $90 for six month or $180 for 12 month plan taxes and fees. Extra speeds may slow after 50 gigabytes per month when network is busy. See terms.