Summary8 min read

Podcast Summary: Unchained — Quantum Computing Got 20x Closer. It Threatens A Third of All Bitcoin

Host: Laura Shin
Guests: Alex Pruden (CEO, Project 11), Delev Bleufstein (CEO, Oratomic)
Date: April 3, 2026

Episode Overview

This episode covers two landmark breakthroughs in quantum computing that have dramatically accelerated the timeline for quantum computers that could break the cryptography underpinning major blockchains, such as Bitcoin and Ethereum. Host Laura Shin convenes with quantum and crypto experts to unpack Google’s new white paper, a major development from Oratomic, and the urgent implications for crypto asset security. The conversation zeroes in on the technical, practical, and philosophical ramifications for blockchains and lays out what the ecosystem must do to prepare for a post-quantum world.

Key Discussion Points & Insights

1. Quantum Breakthroughs & Crypto’s Timeline to ‘Q-Day’ (01:06–09:23)

Google’s White Paper
- Announced a landmark cryptanalysis showing that quantum computers could soon break elliptic curve cryptography (ECC), the basis for securing Bitcoin and Ethereum.
- Notably co-authored by Google, members of the Ethereum Foundation (e.g., Justin Drake), and Dan Boneh (Stanford).
- Used a zero-knowledge proof to avoid revealing exploit details while proving the threat is real.
- “[The analysis] covered quite a breadth of potential attack vectors…even systems like zero knowledge proof systems or data availability systems for layer twos, all of those are covered.” — Alex Pruden (02:24)
- The paper posits a hard deadline for post-quantum migration: 2029.
Oratomic’s Breakthrough
- Oratomic’s new paper: Shor’s Algorithm as possible with as few as 10,000 reconfigurable atomic qubits.
- Previous estimates for a “crypto-breaking” quantum computer required millions to a billion physical qubits; Oratomic claims they can get there with just 10,000 using reconfigurable atomic qubits and novel error correction methods.
- “We have systems in the lab that…are getting as large as 6,000 atomic qubits…It is starting to become substantially closer.” — Delev Bleufstein (06:37)
- This reduces the assumed timeline and makes a relevant quantum attack “substantially closer.”
AI Acceleration Factor
- Oratomic and others in the field use AI extensively for accelerating hardware and science breakthroughs, but constructing utility-scale quantum computers overnight isn’t plausible.
- “It is highly unlikely that another actor…is going to just spontaneously do it.” — Delev Bleufstein (10:21)

2. Timeline Debates & Community Skepticism (10:53–15:34)

Matthew Green (Johns Hopkins cryptographer) expressed skepticism: “I am not convinced we have anything to worry about in my lifetime…”
Alex Pruden highlights a rift: physicists are increasingly optimistic quantum threats are near-term, while some cryptographers lag in taking this seriously.
- “Physicists like Dolev are clearly making progress and are much more optimistic… The quantum computing space is moving incredibly fast.” — Alex Pruden (12:20)
Both Alex and Delev agree: the uncertainty around the timeline means crypto communities cannot afford to wait—prudent action is needed now rather than betting on low probabilities.

3. Secrecy, Disclosure, and the Quantum Tipping Point (15:34–18:34)

Google’s use of a zero-knowledge proof rather than a full disclosure of their method represents a cautious new trend in responsible disclosure, motivated by fears of enabling malicious actors.
- Responsible disclosure from cybersecurity is now entering quantum research.
Quantum Tipping Point: Once a quantum computer can crack a 32-bit number, it’s likely one could soon crack a 256-bit key (e.g., Bitcoin). The transition from “possible” to “practically threatening” could be abrupt.
- “When you get a quantum computer that can…run Shor’s algorithm on a 32-bit number, it…implies…you could trivially build a machine that could do 256 bits.” — Alex Pruden (16:30)

4. Urgency for Migration: Blockchains Must Act Now (18:34–22:04)

There’s no “safe deadline;” blockchains should begin post-quantum migration immediately.
Migration will require sweeping changes to protocols, smart contracts, user wallets—the entire stack.
- “The act of migrating to an entirely new foundation of cryptography… is not a button press and it’s going to take a long time.” — Alex Pruden (14:45, 19:02)

5. Primer on “Utility-Scale” Quantum Computers and Error Correction (21:19–29:18)

Utility-scale quantum computer: can solve commercially and scientifically useful problems, including breaking public-key cryptography via Shor’s Algorithm.
Error Correction is the key hurdle. Quantum states are fragile. Breakthroughs (like Oratomic’s) make robust, fault-tolerant quantum computers seem plausible within years.
- Quantum error correction allows analog-like computation with digital reliability—an innovation that opened the field in 1995.
- “The remarkable thing about quantum error correction is you can do analog type computation but correct the system as if it’s digital… That is, at its fundamental essence, why quantum computers are more powerful…” — Delev Bleufstein (24:01)

6. The Direct Impact: Crypto’s Quantum Vulnerabilities (31:36–38:47)

What ‘Q-Day’ Means for Bitcoin (and others):
- Once a quantum computer is built, all exposed public keys in Bitcoin, Ethereum, and similar systems would be at risk of private key recovery within minutes or hours.
- Satoshi’s coins and all “lost” coins could be claimed by whoever has the quantum computer—raising profound questions about digital asset ownership and protocol governance.
Fast vs. Slow Clock Quantum Computers:
- Fast-clock computers could snatch coins in mempool (pending transaction pool), exploiting public key exposure before a transaction is finalized.
- Slow-clock computers less likely to pull off real-time attacks, but still threaten older or exposed addresses.
Chains with slow confirmation (e.g., Bitcoin’s 10-min blocks) are at higher risk for such attacks.
Real-time attacks could make permission-less on-chain migration to post-quantum addresses impossible once quantum attacks are possible.

7. Why Blockchains (Especially Bitcoin) Are Especially Vulnerable (44:20–46:11)

All public keys are, by definition, exposed and accessible for attackers to run Shor’s algorithm.
In contrast, centralized institutions can roll back or modify records post-attack, but blockchains cannot ("not your keys, not your crypto").
Elliptic Curve Cryptography is deeply woven into every layer—protocol-level, smart contracts, wallets.

8. The Urgency for Bitcoin and Ethereum: What Should Developers Do? (49:05–56:01)

Bitcoin:
- Its decentralization and governance make upgrades slow and hard to coordinate, yet over a third of coins (6.7M BTC, ~$450bn) are at risk.
- There’s currently a lack of urgent coordination on migration. Industry consensus is “action, not talk” is needed right now.
- Incremental changes, like BIP 360 (pay to Merkle root), can help, but root-level transition to post-quantum signatures is essential.
Ethereum:
- More complex: smart contracts, L2s, consensus protocols all pose added challenges.
- Faster block times (12 seconds) offer some protection against real-time “onspend” attacks. Nonetheless, migration complexity is greater.
- Active efforts are underway, led by Justin Drake and the EF, but migration scope is vast.

9. Broader Ecosystem and Post-Quantum Blockchains (59:34–63:27)

Some new blockchains (unnamed, due to obscurity) are post-quantum from inception; however, value migration depends on mainstream chains’ ability to upgrade in time.
Algorand is cited as incorporating post-quantum cryptography in a real-world deployment (uses Falcon, a NIST candidate).
Ultimately, the existing major chains are expected to develop post-quantum upgrades, using new projects as “test beds” for algorithmic security.

Notable Quotes & Memorable Moments

On the magnitude of the threat & need for urgency:
- “If I can know your private key, Laura, I am you in blockchains. The meaning of a blockchain ceases to mean anything.” — Alex Pruden (19:17)
- “The date [for post-quantum migration] is as soon as they can be quantum resistant.” — Alex Pruden (19:02)
On Google’s zero-knowledge proof approach:
- “This will be a growing trend because we’re going to start approaching such machines.” — Delev Bleufstein (15:50)
On error correction’s critical role:
- “The remarkable thing about quantum error correction is you can do analog type computation but correct the system as if it’s digital… And that is, at its fundamental essence, why quantum computers are more powerful and capable of utility scale operation than classical computers.” — Delev Bleufstein (24:01)
On responsible disclosure:
- “We have a paradigm for this in cybersecurity, which is responsible disclosure… That’s what they’re trying to do there.” — Alex Pruden (16:30)
On the philosophical irony for crypto:
- “All the things that crypto people love about crypto…do make it especially vulnerable to quantum.” — Laura Shin (49:05)

Timestamps for Key Segments

01:06 Introduces the quantum breakthroughs and accelerates timeline for post-quantum urgency
04:26 Delev Bleufstein explains Oratomic’s leap in qubit efficiency and error correction
07:55 Assessing the realism of Google’s 2029 timeline for quantum risk
10:53 Community skepticism—reaction to Matthew Green’s viral tweet
15:34 Discussion on secrecy & responsible disclosure (zero-knowledge proofs)
19:02 Why blockchains must migrate ASAP; scope of migration required
21:19 Primer on utility-scale quantum computers and their significance
31:36 Crypto’s quantum vulnerability: what Q-Day means in practice
35:23 Public key exposure vs. block times—who’s at risk from real-time attacks
44:20 Why blockchains are uniquely at risk compared to legacy systems
49:05 The challenge and necessity of Bitcoin’s migration
54:31 Overview of BIP 360 and incremental protection steps
56:01 Ethereum’s expanded attack surface and additional challenges
59:34 The fate and dynamics of post-quantum-native blockchains

Project 11’s Call to Action and Roadmap (64:30–67:37)

Project 11 is building wallet and infrastructure products to enable post-quantum migration, starting with tools for Bitcoin and Ethereum.
Will soon release a comprehensive research report demystifying quantum threats for practitioners and institutions.
Call for urgent, concrete action across the industry: “Decentralized systems have performed miracles… There is absolutely no reason why blockchains…can’t set the example for the rest of the world for post-quantum security.” — Alex Pruden (66:22)

Final Thoughts

This episode is a wake-up call: with new technical feats from Google and Oratomic, quantum computing threats are no longer a distant concern but are rapidly approaching. Blockchains are uniquely exposed due to their public nature and hard-to-reverse design. With a plausible Q-Day coming as soon as 2029, coordinated and immediate migration to post-quantum cryptography isn’t optional—it’s existential.

For further details and real-time risk assessment tools:

Project 11’s risk tracker and reports: project11.com

Listen to this episode for a sober, actionable crash course on why the quantum clock is ticking for Bitcoin, Ethereum, and the whole blockchain sector.

Loading summary

Transcript69 lines

[00:00]
Sponsor/Announcer
Us with 30 days of hey everyone.
[00:04]
Laura Shin
Welcome to Unchained, your no hype resource for all things crypto. I'm your host, Laura Shin. Thanks for joining this live stream. Before we get started, a quick reminder, nothing you hear on Unchained is investment advice. This show is for informational and entertainment purposes only and my guests and I may hold assets discussed in the show. For more disclosures, visit unchained crypto.com introducing
[00:24]
Sponsor/Announcer
Nexo, the premier digital wealth platform. Receive interest on your digital assets. Borrow against them without selling. Trade a variety of cryptocurrencies all in one platform now available in the U.S. get started today at Nexo.com Unchained
[00:44]
Laura Shin
Today's topic is the threat that quantum computing poses to crypto and why it may arrive a lot more quickly than people have been expecting. Here to discuss are Alex Pruden, Co founder and CEO of Project 11, and and Delev Bleufstein, CEO of Oratomic. Welcome Alex and Delev.
[01:02]
Alex Pruden
It's a pleasure to be here.
[01:04]
Delev Bleufstein
It's a great pleasure.
[01:06]
Laura Shin
The two big news stories this morning, they are about breakthroughs in quantum computing and these likely change the timeline for when crypto and blockchains need to have post quantum technology. And that deadline is now three years away, at least according to this Google paper. So that's 2029. Google announced it had published this white paper showing that future quantum computers could break elliptic curve cryptography, which secures certain crypto assets, for example, the public keys and Bitcoin and Ethereum. They actually didn't fully describe the vulnerabilities and how they did this. What they did was they provided a zero knowledge proof that they had done this to keep bad actors from using the information. Alex, can you start by telling us more about this news and what it means for the cryptocurrency currency community?
[01:59]
Alex Pruden
Yeah, absolutely. I, I think so. There's a couple notable pieces. First off, what, first thing that was notable was Google, right? So Google and not just Google. Right. But a member of the Ethereum foundation. Actually Justin Drake, who leads the Ethereum foundation, was a co author as well as Dan Bonet, who's a prominent Stanford professor. So I think the, you know, that lends some credibility to, I think what some have been saying about this problem for a while. So that's, that's, that's thing one. Thing two, you already mentioned it was a zero knowledge proof that kind of described the circuit or the rough approach. And they did that explicitly because they believed that, hey, they didn't want a bad Actor to use this. The third thing that I would say is the analysis that they did was very comprehensive. And I think I would encourage everyone to at least read the abstract or even skim the paper, because if you're, if you're in digital assets, because they covered quite a breadth of potential attack vectors that is not often discussed. So in addition to Bitcoin, Satoshi's Bitcoin, that's kind of always what comes up in the quantum conversation. They talk about things like stable coins, some people mention, but even systems like zero knowledge proof systems or data availability systems for layer twos, all of those are covered. And explicitly the vulnerabilities to a quantum computer are described. And so I would say the totality of kind of the vulnerability was a key takeaway. And I think it makes sense if you think about it. Right. You said elliptic curve cryptography. Elliptic curve cryptography is the foundation of pretty much all digital assets, and it's the foundation of all digital assets because it's been proven to be secure classically and it's generally really performance. And so everyone's gotten really used to the elliptic curve cryptography and it's gotten built into all of these things. And I think the Google paper just kind of by saying, hey, all of these things are broken. But it really is saying elliptic curve cryptography might be broken. But this is like it was describing the implications, which I think has been good. I don't think there's anyone who's done quite as good of a job of describing all the ways in which it has an impact.
[04:00]
Laura Shin
Yeah, yeah. I mean, I was reading this and I was like, wow, Google knows a lot about crypto assets.
[04:08]
Alex Pruden
Dan does know a lot about crypto.
[04:09]
Laura Shin
That is true, that is true. And Justin contributed. So the other bit of news involves your company Delev, or Atomic, and you announced that you have your own breakthrough in the quantum computing world. Can you share what it is that your company announced?
[04:27]
Delev Bleufstein
Yes. So we put out a paper on arXiv. It is not yet peer reviewed, although we believe that the results are technically sound. And the title of the paper is Shor's Algorithm as possible with as few as 10,000 reconfigurable atomic qubits. There's a lot to unpack there at a high level. What I will say is that I know there's been a lot of talk about quantum computers for a long time and it always is one of those things that's 10 years away and there's a lot of promises that Quantum companies make, etc. But it's clear that we're crossing a moment, that it's going to actually be different. And it's exciting because we'll be able to soon build useful quantum computers. But it's also concerning because they could also quite soon become cryptographically relevant. And I think the best way of capturing that is that a decade ago, the best guess we had in terms of, or the best calculations we had in terms of how to build a cryptographically relevant quantum computer was that we would need a billion noisy physical qubits to make what we call error corrected qubits. I can explain what that means if that's of interest. We needed a billion qubits and at a time when we had systems of as large as five qubits. Now, with this recent work, we see that we can actually do things with as few as 10,000 qubits using novel approaches to the error correction, which I can describe if interested. And we have systems in the lab that up to some subtleties are getting as large as 6000 atomic cubits. These, you know, there's a lot of steps still before you can actually fully assemble this into a cryptographically relevant quantum computer, but it is starting to become substantially closer.
[06:20]
Laura Shin
Yeah, and so the first or, or not the first, but the one that you talked about in your paper is basically a leap 20 times. Essentially like, like the or the threshold has been lowered that much from what was it, the 5 million to the or, I forget the numbers you, you gave.
[06:38]
Delev Bleufstein
So typically, typically the, the most recent state of the art estimates are on the scale of millions. And indeed in this recent Google paper, it's half a million physical qubits. We have as few as 10,000. And so it's actually a factor of 50 even relative to this recent result. And then one might ask why. And the reason is we've invented a new approach to doing quantum computing over the past few years that's based off of atoms suspended in a vacuum and trapped in laser beams that we can actually move around as the computer evolves. And we have found that this can make error correction so much easier and so much simpler that you can get away with 50 times fewer numbers of qubits.
[07:23]
Laura Shin
Wow. Okay, so I did want to like, just unpack here. You know, I talked about how the timeline, at least from Google's perspective, has been updated to 2029. Like, what do you think of what they said there? Does that, you know, seem correct to you? Do you see any scenarios where it could be moved up again to 2028 or you know? Yeah. What are you kind of thinking about this date that everybody is trying to zero in on?
[07:56]
Delev Bleufstein
It's a good question. I'll answer in two ways. One is that based off the work we are currently doing at Oratomic, I believe it is quite plausible, although not guaranteed, that we will be able to achieve such a computer by the end of this decade. So in that sense I think the timeline is apt. It is possible that the developments could be even faster than that. However, I think that quite likely it's not going to happen, for example, within the next year. There's progress that needs to be made. It is, to the best of my knowledge, I think we currently have the world's lead on how close we are to Building 1, and we are currently leading the development of Building 1. And as we continue to make progress, we will be working with people like Alex and his team so that people are aware as we're continuing to advance.
[08:56]
Laura Shin
And I did just want to dive in a little bit more on that timeline issue because we are living in a world where everybody is seeing that AI is suddenly taking work that could take, you know, hours at the very least, if not longer, and just shortening it tremendously. So I wondered if that is factoring into your calculation or if AI just can't even help in this realm or like, how should we think about that aspect affecting the timeline?
[09:23]
Delev Bleufstein
Oh, we, we use AI all the time. Yeah, we're using AI for everything. So we, we, it is a powerful tool for advancing science and engineering and we use it heavily and broadly. It is becoming clear how to soon build a, what I would call a utility scale quantum computer, which can be capable of many applications and cryptography is one of those. But I think it is highly unlikely that this can just happen overnight. I think we have the best understanding of all the complexities associated with this as we are advancing toward building such a utility scale computer. And it is highly complex. For example, we have systems at Caltech which are the world's largest quantum system. This is spearheaded by one of our co founders, Manuel Andres, where there's systems as, as large as, you know, over 6,000 atomic cubits and even that, you know, although we are using that for quantum computing, it's not trivial. And it's also not like you have the system of a lot of, lot of atomic cubits and then you just press a button and all of a sudden it becomes a fault tolerant quantum computer running Shor's algorithm. It's advanced, it's complicated. It's like designing A new type of computer. You have to think about how you do the whole thing. And we're making a lot of progress on that. And I think it looks very promising, but I think it is highly unlikely that another actor somewhere in the world is going to just spontaneously do it.
[10:53]
Laura Shin
Okay, I did want to ask one other thing because this, just so you know, I'm like reading all this news about, you know, that both your press release, the Google one, I'm checking out the papers and I see Matthew Green, a cryptography professor at Johns Hopkins, who tweeted, quote, I am not convinced we have anything to worry about. In my lifetime, this tweet might haunt me. And I was so curious for both of yours react your reaction to that,
[11:23]
Alex Pruden
I can start and then maybe let you jump in. So I know Matthew Green, we work together at Aloy, who's a co author of a paper called zexy, which a blockchain called Alia, which I used to be associated with, was based on. So I know Matthew very well. Incredible cryptographer and a great guy. And we have a little dialogue going actually about, About. About that tweet. I think, look, people's opinions are going to differ, right? And cryptographers opinions are going to differ about not so much whether quantum computing is a threat, but I think the timeline in which it matters and the priority of that threat. Like for example, in my dialogue with Matt on X, I was kind of like, you know, Matt, I feel like this is relevant because, I mean, you know what I think I agree. I think that this is going to be a big problem for cryptocurrencies. And you know, I kind of use the example of like, you know, actors like the NSA or some state agency would want to use a cryptographically reliable quantum computer for various things. And his view was that like, Y, but they have easier ways to get information than this. And you know, he is a computer security expert, right? So he understands that like the way Lazarus Group operates, say, or the way, you know, different state actors operate much, much better than me. But, you know, as he even acknowledges himself in this, in his tweet, like, this may come back to haunt him. And I think this is actually something. I'll use this opportunity to comment on a trend that I've actually noticed in since I've been working at Project 11, which is the physicists like Dolev are clearly making progress and I think are much more optimistic about the potential. There's not a guarantee, but the potential of the existence of a quantum computer in the near term for Whatever reason that that kind of attitude or feeling has somewhat lagged, you know, into the cryptography community. So kind of like it's, it's seeping in. Dan Bonet is a very prominent cryptographer whose name is on the Google paper. So I think he believes it, but I think it's. It's sort of slowly rippling out as a stone kind of thrown into a pond ripples out, you know, and again, so I think, I think I trust Matt's views on many things. I don't agree with him on this. And I think, again, I think some of it is just the fact that quantum computing space is moving incredibly fast. The work that Dolev is doing, you know, is happening incredibly rapidly. And it's not just Olive, it's Google, as we're talking about. There are other folks around just doing stuff too. It can be hard to make sense of all this. And so, yeah, that's, that's kind of my view on Matt's take.
[13:49]
Laura Shin
And I did want to, you know, because. And I had this back and forth about, like, the date. I wondered if you had anything to add on that. Like, are you thinking 2029 is really what everybody should be aiming for, to be quantum, to be post quantum?
[14:04]
Alex Pruden
I mean, far be it for me to second guess the quantum physicist building. But look, what I, what I would say, and the common refrain that I have is, and I really like the way Jolev framed it, he's like, it's plausible, though not guaranteed. And I think what that highlights to me is a really important aspect of this problem, which people sometimes take for granted or don't notice, which is that there is uncertainty, there's inherent uncertainty here, things could very well take longer. It's possible. But I think when we look at, from a cryptographic standpoint, the amount of value or what we're counting on elliptic curve cryptography to do for us, it really is existential for blockchains. And so I think even if you have a small probability, which I don't think there's a small probability by the end of the decade, I think there's actually quite a large probability it could happen by the end of the decade. But whatever number you think that is, unless it's vanishingly, astronomically small, we should do something because. And I'm sure we'll get into this more later, the act of doing something is not like Dolev used this kind of analogy of pushing a button on a quantum. An array of quantum atoms. It's not that easy. The act of migrating to an Entirely new foundation of cryptography is similar, totally not a button press and it's going to take a long time. And so that's, that's the other reason why I think that, you know, I think so in short, I think I agree with Dolan's assessment because he's smarter than me on this. But I also think it kind of doesn't matter if it does or not. I think the chance that it could happen is enough to encourage everyone to take action.
[15:34]
Laura Shin
And I also wanted to ask about the fact that Google withheld the method of, you know, how they achieve this. Is that the first time that somebody has done this when, you know, publishing something about a quantum breakthrough
[15:51]
Delev Bleufstein
that I don't know if it's for sure the first time. I think it is certainly a notable example and it is an example of how the field is evolving and both us and the Google people, we would like to make sure that people are informed but at a certain point not enabled to build the technology. I think that it's, this will be a growing trend because we are going to start approaching such machines.
[16:30]
Alex Pruden
And I think I'll just jump in here and say the Google paper, one of the things that they say in there, and actually this is worth highlighting I didn't mention this earlier. There's often this perception that there's going to be kind of this, you know, this quantum computer is going to appear on the horizon miles away and we'll see it kind of approaching slowly and then we'll, we'll be able to prepare everything in time. The Google paper in there explicitly tackles that assumption and says, look, when you get a quantum computer that I think it was, it was a 32 bit number it used, it was like when you have a quantum computer that can get to, it can factor a 32 bit number or run Shor's algorithm on a 32 bit number, it effectively implies is their belief that that means you could quite trivially build a machine that could do 256 bits. I see Dolev nodding vigorously. So I'm, I'm just parroting what was said, but this is, I mean, it's good to hear that Dolev agrees with that sentiment. And this is, I think, you know, a really important thing to note. So these, you know, quantum physicists like Dolev and you know, some of the co authors of the Google paper and others everywhere, I mean, I think by and large want to do, want their work to do good for the world and obviously these are consequences of the fact that we have these systems that are capable of doing this and many other things that just have to be mitigated. And we have a paradigm for this in cybersecurity, which is this concept of responsible disclosure. And so the Google paper also references the cybersecurity practice of responsible disclosure, where proving that you found a bug without publicly announcing that you know exactly the details of it is generally how bugs are disclosed, for obvious reasons, because you don't want someone to go take advantage of it, and that's what they're trying to do there. I obviously can't comment on whether or not any other physics papers do it, but I do think it's notable that, you know, look, this is, this is very relevant technology that. And there's a lot of money on the line and value. And I think perceptions matter as much as reality. And I think that's just something we have to acknowledge when, you know, thinking about the developments of quantum compute.
[18:35]
Laura Shin
Okay, so when you piece together kind of, you know, the breakthroughs that were published today in both papers, if you were to give every blockchain a date by which you think it should be quantum resistant, what date would you give and, like, what specific, you know, whatever. Like, what specific things do you think need to be upgraded or, you know, kept safe?
[19:03]
Alex Pruden
Look, I'll answer the first one first. The date is as soon as they can be quantum resistant. I think it's like, it's actually less about, like, what's the deadline? It's more about how much can we do if we put a shovel on the ground right now? You know, because again, I, I think, like, listen to what Dolo said. It's like, probably not very unlikely within a year plausible beyond that, respectively and increasingly plausible as time goes on. Look, I think these systems rely entirely on elliptic cryptography explicitly for the integrity of the identity. Right? So it's like, if I can know your private key, Laura, I am you in blockchains. It sees, like, the meaning of a blockchain ceases to mean anything. We might as well go back to where, you know, use transacting through banks. So, yeah, I think they need to start as soon as possible. It kind of doesn't matter. I mean, different blockchains will take longer or shorter, but I think there's just everyone needs to go with regard to what needs to happen. I'm going to be a little bit tongue in cheek here again and say everything, because the reality is this elliptic curve cryptography is kind of really baked in at the foundation of these systems, right? So everything depends on it. And so when you remove that foundation and you change its assumptions, you kind of have to rebuild everything. So tangibly the protocols currently that use elliptic cryptography for authorizations of spending like Bitcoin, Ethereum, most protocols that has. So those have to evolve any contract first for those blockchains that use smart contracts, any smart contract has to get redeployed with new logic to ensure that say admin keys are post quantum secure. And so that has to happen and then all user wallets, all value anywhere has to migrate. Because I don't have like you don't have my keys, I don't have your keys. Justin Drake doesn't have either of our keys for our Ethereum wallets. Like that's how it's designed. You know, you every, all of us have to do something and there has to then be a, there has to be a pathway to migrate to that post quantum world. That by the way all of that protocol smart contract wallet level stuff has to be secure, double underlined, which means like we don't just ship it in a weekend, it's gotta be designed, tested rigorously before we can rely on it.
[21:20]
Laura Shin
And so I did also want to ask because I realized from reading the papers that I so I understand like on an abstract level kind of what a quantum computer is. I understand you know like about physics and just you know, quantum, quantum physics like on the most kind of mainstream layperson level. But when I was reading the press release to love about the researcher company did it said that it showed that what you called utility scale quantum computers will be will or that they require fewer resources to build than previously thought. So what is that? What's a utility scale quantum computer?
[22:05]
Delev Bleufstein
These are fantastic questions. So, so first off, a utility scale quantum computer is a quantum computer that can solve some of these large scale problems that have been of interest to us for a long time. This takes from things like we've made recent progress how to use quantum computers for artificial intelligence, but it's also things like material science, chemistry. There's a lot of scientific and engineering promise of quantum computers. Implicitly when people talk about utility scale quantum computers, they mean error corrected ones or fault tolerant ones. And I think also if I can add on that, so I think there's sometimes skepticism of how close we are to quantum computing and I think it's just a little bit useful to plot the trajectory of these things. So in 1994, Peter Shor invented this factoring algorithm. And the main reason people actually initially said that this was wrong, his idea that you can use quantum computers for doing something like breaking cryptography or for anything useful was because of the absence of the ability to do error correction. It's extremely fundamental from a physics perspective as well as an engineering perspective. And it was a true theoretical breakthrough that it is even physically possible to do quantum error correction. This was done. This was invented by Shore and then others like John Prescoll, et cetera, in 1995.
[23:27]
Laura Shin
So just explain what error correction is like, does that. So if I think, when I think about quantum things, it's like, you know, different possibilities exist. But it's not until the observation is made that, like, it gets pinpointed to, you know, one outcome or I don't even know if the language I'm using is correct. But so are you saying that when you have a quantum computer, because it is dealing with all those possibilities, that it also means that it could actually come up with errors where, you know, what was actually observed and, like, the final pinpoint actually didn't occur or what does that mean?
[24:01]
Delev Bleufstein
It's related, but slightly different. So it's the fact that quantum states are intrinsically very fragile. And it's actually very similar to analog classical computers. Analog classical computers aren't, you know, bits that are 0 and 1. They're, for example, voltages that can take on continuous values like 0.4322211.1 volts. And these are theoretically very powerful quantum you have superpositions and you have a qubit. And it can be on a block sphere, and it can be 0, it can be 1, it can be 0 and 1 at the same time, and it can be anything in between. And it actually is really reminiscent of analog computing. And analog computing is very powerful. You can do much more complex and powerful things. But the fundamental issue is you can't correct errors. If you have a digital computer, it's intrinsically robust. It's made out of bits, and it's 0 or 1 and 0 or 1 are like robust concepts. Even if you have voltages that wiggle, 0 and 1 stay robust. If you have something analog, you can't correct it. The remarkable thing about quantum error correction is you can do analog type computation but correct the system as if it's digital. And this is due to the wave particle duality in quantum mechanics. That something can be both a wave and continuous as well as a particle at the same time. So it's actually more so that with quantum computers, you can get all the benefit of quantum where it can be powerful, it can be in superpositions at the Same time, it can do lots of complex things at the same time, kind of like an analog computer in some ways, but you can correct it as if it's digital. And this is related to then when you measure it, you can project it and it behaves like particles that you can remove. And that is at its fundamental essence, why quantum computers are more powerful and capable of utility scale operation than classical computers. And that was known since 1995. That's the reason three decades have come and gone since then and there has been a lot of development in the field and a lot of industry that sometimes people are used to hearing false promises and things that are very far away. In my PhD, using new approaches, with these atoms trapped in optical tweezers, we did the world's first error corrected quantum algorithms. And in our work as well as recent work from Google, we started to show that you can actually experimentally exponentially reduce errors by using error correction. Error correction has a threshold and you can exponentially reduce the error and you can exponentially get closer to the type of computer that you want. And this type of thing is happening within the last like 12 months.
[26:35]
Alex Pruden
And if I could just add one thing on that I found as a non physicist that's useful, is that what Dola just said is very important. And Google, as he highlighted, had a big result on this called Willow. And the way to think about this below threshold of exponential error reduction is you can kind of buy in, in the sense that you can add more physical qubits to a system and use all those physical qubits together in an error corrected manner. And the bigger, the more or less of them you have, you can tune the error rate that you want, right? And that's, that's a very powerful thing, is if you want to do a very complex computation, you need to have very slow error rate. But if you're at this threshold where you're marginally adding one or two more qubits can reduce errors exponentially, then it becomes possible to tune. So Dolev's nodding. So I didn't totally screw up that explanation, hopefully. Dylan, feel free to correct anything I said wrong there. But I think it's just, it's an important point because I think a lot of times in the dist, in the modern or kind of the dialogue in blockchains, people are like, well, we're nowhere near the error rates we would need to be at to really have this threat in Bitcoin. And I think this is like, this is what's misunderstood though is it kind of Just comes down to scaling these physical systems again, because if you have enough of these physical qubits and you have a good enough error correction, you can kind of get as reliable a computer as you want. I'm hand waving some aspects there. Obviously there's challenges with scaling and different things, but kind of that's it, right? And this is why over three decades, as Stola described, like, everybody went into figuring out this error correction thing, because if you can't do that, you can have a 5 million qubit computer. Who cares? It doesn't get you anything important. But once you get that error correction solved, now it's possible to do a lot of exciting things. Breaking cryptography, depending on who you are, maybe more or less exciting. But as Dolla mentioned, there's many other crazy and awesome use cases for a quantum computer. I mean, it's really a new era of science that we're living in and I think that's an incredibly exciting thing.
[28:32]
Laura Shin
Okay, and then so just to go back to my original question about this phrase utility scale, like, I didn't know exactly what that meant. I was thinking like literal, like utilities, like our. You know, I didn't know what that meant, but. But also then it got me wondering, like, you know, because I just saw this on social media, so I don't even know if it's true. Hopefully it is. But I saw somebody say that Steve Wozniak was working at H at Hewlett Packard and suggested that they build personal computers and they thought he was nuts and told him no. And then so he left to found Apple. And I didn't know, like, is there a day when we will have personal computers that are quantum computers or is that like out of the realm of possibility?
[29:19]
Delev Bleufstein
I don't know. It's unclear what we're going to use quantum computers for in the long future. It's definitely not utilities like kitchen appliances or anything like that, which is funny. It's really, when we say utility scale, quantum computers, we mean that once you hit this error correction threshold and a certain threshold of system size, there's a whole world of possibilities that open. Cryptography is just one. There's a lot of promise scientifically for material science, for chemistry, for artificial intelligence, and also broadly, it's just a new type of computational paradigm that once you hit error correction, that's really the thing that makes it a new type of computer because of this very fundamental thing, that it's an analog type computer with digital type correction. So, yeah, when we say utility scale,
[30:14]
Laura Shin
we mean very useful okay, got it. All right. Well, Delev, it has been such a pleasure chatting with you. Thank you so much for joining and congrats on your news. So for the rest of the show, we will be chatting with Alex to dive a little bit more into the details around how these quantum breakthroughs impact blockchains. But first, we're going to take a quick word from the sponsors to make this show possible.
[30:39]
Sponsor/Announcer
Step into a new era of wealth. Discover Nexo, the premier digital wealth platform. Manage your crypto portfolio with confidence and control. Receive interest on your digital assets. Borrow against them without selling. Trade a wide range of cryptocurrencies all in one platform, now available in the US with 30 days of exclusive privileges for new clients. Experience wealth club premier access, enhanced interest rates, reduced borrowing costs, and crypto cashback on swaps. Get started today@nexo.com Unchained.
[31:18]
Laura Shin
Back to my conversation with Alex. So, you know, we just dove into these new quantum breakthroughs that were just announced, but obviously this is a crypto podcast and we want to know exactly what this means for cryptos. So go ahead, take it away.
[31:37]
Alex Pruden
Okay, cool. So what it means is it pulls the timeline for Q day forward, Q day being the day that a crypto utility scale cryptographically relevant quantum computer emerges, you heard Dolev say, plausible by the end of the decade. So that could be when Q day is. So that means on that date when someone has, and it could be Dolev like has a quantum computer at that scale, they could recover a private key from a public key on Bitcoin, Ethereum or other networks. That would imply in some sense that they own all of the Bitcoin or could. Practically speaking, what it probably implies is that the, and I'll talk about Bitcoin first before going to other networks. It practically implies in the short term that Satoshi's coins or other lost coins are potentially going to become bound again. And there's nothing, There's a world in which maybe that's a good thing, right? You know, there's the guy who's like in the UK digging around a dump looking for his keys or whatever. Maybe someone like do could help him finally solve his problem or their problem. But the, you know, the reality is it's this uncomfortable, it's this uncomfortable reality, which is that this, this basic guarantee that cryptography gives us, that enables blockchains and enables them to be trustless kind of breaks. And so we have to, we have to deal with the implications of what to do with the lost or stolen coins that aren't going to go back into circulation on their own. Do we let an owner of a quantum computer recover them as like digital salvage? You know, this kind of like some people kind of like to think of this as like ocean treasure that's under the, you know, no one owns. Do you burn them? Do you burn these coins? You get rid of them, take them out of circulation? Maybe that's good Economically, there's less supply. So price of asset go up or do you somehow redistribute them? There's kind of no other ways. Right. And because this is, you know, not your keys, not your crypto, again, no centralized protocol, you know, issuer provider or developer can do that for you or change that. Like if, if someone, for example, let's just take the example of burning Bitcoin associated with the satoshi walls. What would that take? It would take consensus at the bitcoin in the Bitcoin protocol to be like, you know, 51 of miners are like that. We're just, we decide we're moving into a new world where there's 21 million my Satoshi's coins of a total supply. We're just deleting off of the ledger that we were maintaining all of those wallets or we're freezing them or, you know, we're adding something. But bottom line is it requires Bitcoin consensus to funnel them any change to address them. So yeah, and again, maybe I'll just end by quickly just again saying to see where you want to go with this, Laura, because, I mean there's the consequences. Because of the fundamental nature of cryptography, the consequences are quite widespread. But maybe just one last note. Sorry, I know I said it was going to end, but one Dolan's approach, specifically he actually in the Google paper, it describes this concept of fast clock and slow clock quantum computers. And what does that mean? It means that certain quantum computers can do operations fast or slow, fast and slow being somewhat relative. But that is very relevant for blockchain context. Like I want to know if I send a transaction on Bitcoin in the hour window, that my public key is exposed as part of the transaction before the block is confirmed. Am I vulnerable or not? The fast clock computers, Google claims, can actually take your key, take your bitcoin out of the memory. The slow clock computers can't. But the slow clock computers are kind of easier to scale and easier to apply error correction to. So we think potentially there's a chance that that may be the first horizon that we do cross. And therefore then the Question of Satoshi's coins or lost assets generally becomes relevant.
[35:23]
Laura Shin
Yeah, that distinction they made in the paper. So they, so when, when your bitcoin is attacked in the mempool, they call that an on spend transaction. That was alarming. I had not heard that before I knew about the public key ones but you know, since that is the main risk people call out. I saw it when Justin Drake tweeted about this paper because as you mentioned he was a co author. He said he felt that there was at least a 10 chance that by 2032 a quantum computer would recover.
[35:55]
Sponsor/Announcer
But.
[35:56]
Laura Shin
So I'm just gonna, I don't, don't know if this is correct.secp256k1ecdsa private exposed public key. Do you, do you think, do you agree with him about that? First of all that it might happen and second of all about you know, the 10 chance.
[36:14]
Alex Pruden
So I am on, I am on the record. You can go through my tweets and find I have, I've made bets with a handful of people for 2035 was the day, this is about a year ago I made this bet for, for 2035 it would happen. So I. The statement that you just read, I do agree the I have money on the table so to speak. 35 and I look, I mean I think after this new work and, and people like dollar working on this problem, I would feel pretty good about making a bet on 2032. Quite honestly, I think a lot, a lot of people would make feel good about making a bet on 2030. I haven't actually. It's funny, since this work has come out, I haven't looked at the prediction markets or anything but it might be kind of interesting to see what they are doing.
[36:56]
Laura Shin
Anyway, I was just gonna say you should, you should put that on our prediction market.
[37:01]
Alex Pruden
You know, we thought about doing that actually. Project 11, it was an idea that we had I still think is a good idea that we may do or others should do. But yeah, it's just, it's like when, when is two day and then. And what's cool about that is you'd be able to maybe hedge against this risk. Like if you were worried that like protocols weren't going to repair. This is kind of like what people talk about is the good thing about prediction markets you can like hedge risk against certain events. Obviously that's all in theory often not in practice given how liquidity works there. But yeah, I think it is a good idea.
[37:27]
Laura Shin
Okay. So you know, I just wanted to address your comment about Satoshi's coins and you know, whether or not burning is a good option. I interviewed Bitcoin developer core developer Matt Corallo on my show about this and he said that he thought clearly the community was going to choose to burn all the coins where the public key was exposed. And I thought that was cool. Crazy in my opinion. Not, not that I'm saying I don't know if you know, whether or not people choose that is, you know, they might. But the notion that like it would be kind of easy to resolve that, that struck me as implausible. I just, even, even if that was like the end outcome, I think there would be a huge fight. It's just like a big drawn out thing. But anyway, so let's talk a little bit more about the onspend attack that we mentioned. The, you know, which is the one that happens when the transaction has been sent to the mempool. So let's say that you know, we're in this post quantum world and you know, bitcoin or. Well, yeah, let's, when we will use Bitcoin has not become post quantum. And I, you know, send, send a transaction or I broadcast a transaction. So like what exactly happens?
[38:48]
Alex Pruden
Yep. So today if I like broadcast a transaction, what happens? So I send a transaction. What is this? What is a transaction even? It's basically a message to the network that's formed a certain way that's digitally signed by me or you or whoever was the sender that says transfer 1 bitcoin or 0.1 bitcoin or 100 sats to Laura signed Alex. Basically that's kind, I mean it's like a simple way to think of it, but that's kind of what it is. Right. And in order to verify that signature critically you need to include the public key. And, and so, and that's, and maybe just for your listeners that may not be aware, Bitcoin addresses, which is kind of how you send money around. It's like the thing you reference when you're sending the recipient. That address is a hashed public key. And this is a good, good time to kind of highlight some other note from the Google paper. Hashes many people may be aware are used in mining. It's another cryptographic primitive. It's effectively you can kind of think of it as like put something in one side and a jumble of randomness comes out the other side. It's used in mining and a whole bunch of other things. The Google paper actually said there's, there is a quantum attack on hashing it's called Grover's algorithm. It's not Shor's algorithm, it's the other one. And the Google paper said, look, Grover's algorithm is not going to be a near term concerned for a variety of reasons, but most importantly just the fact that the resources that Grover's algorithm would require is not 10,000 qubits. It's like astronomical numbers of qubits. So we can probably, you know, of course we can never take anything for granted. Just look at how progress has happened over the last year. But for now, I think we can probably view Shores as the most, as the, as the more dangerous. Okay, so back to the transaction example I sent. I exposed my public key because it was hashed in an address, but I have to expose it. And that's, that's important because in digital signature algorithms, ecdsa, the elliptic curve digital signature algorithm, the verifier, to know that the signature is authentic has to take as input the public key. They take the public key, they take the signature, and then they run an algorithm that says whether or not that signature was valid, yes or no. Okay, so what does this have to do with Bitcoin and how does quantum enter in? Well, there's this concept of finality, and Bitcoin is a little funny. I mean, it's, it's kind of funny to say that it's funny because it was the original way to do it. But most other protocols these days use something called proof of stake, which kind of has a much firmer sense of finality, I guess, if you will. In Bitcoin, there's a chance that as miners mine a block, two miners find the same block at the same time. And it may take a couple of blocks for the network as a whole to recognize which tip of the blockchain is the right blockchain, which tip corresponds to the right blockchain. And so this is why if you send a transaction to Coinbase, you're like, I'm depositing some Bitcoin in Coinbase. They typically don't show it until an hour. I think it's standard or used to be standard. And the reason is they want to give a few minutes for blocks to confirm. Right. And so what this Google paper is saying is their estimate for an on spend attack they claim could be run within a nine minute interval potentially. And they have a lot of ideas for how. It's like you could run a pre computation and basically if you, if you were ready and waiting, it would take nine, it's kind of nine minutes is best case. Right. But the window here is really an hour, right? So nine minutes is definitely less than an hour. So even in less than ideal conditions, it's possible with a fast clock quantum computer that I could go in the mempool, send a different transaction, signing a message that I use your public key to, you know, I use your public key that you broadcast to recover your private key, sign a different message with a higher fee and be like, actually don't send, you know, my bitcoin to Laura, Alex, send Alex's bitcoin to Dolev. I'm sorry to make dole of the villain here in the story, but let's just say for a point of example, right? So that is what would happen in a real time on spin attack. Now one more thing before I kind of conclude this answer is this doesn't only it's like you frame the scenarios like if bitcoin hasn't migrated yet and this would be what would happen and you wouldn't be able to spend because potentially quantum adversary could you run it on spend attack and take your bitcoin. The other thing that this effectively closes off is if you haven't migrated to a post quantum address type, say then after real time attacks become possible, you can no longer do it in a permissionless way because. Because what, what is like what would this, what would a mic. Let's just imagine what a migration would look like. Let's imagine there was a UTXO type that was post quantum secure and I have my funds in an existing UTXO that's secured under P2PKH or P2PKWH. The, the migration would look like me sending those funds on the network to this new thing. Right? And so you're stuck kind of because if you, if it's like, you know, you can imagine like worst case scenario, the quantum adversaries are ever. They're just waiting for someone to come up out and just like expose themselves and then they got you. And so this is again, this is like one of the original reasons why I started really getting really interested in this problem is because again at the point you have these real time attacks possible, it's kind of it's over. Like you're not the assets at that point back to Satoshi's coins. Like all of those coins at that point might as well be Satoshi's coins because you're not getting them back really. And you know, and look of course that you can. That's a little bit hand wavy. Like there are ways you can do it. Maybe you can come up with a zero knowledge proof system. Maybe you could use a private mempool. But none of them give you the same. It's not the same guarantees that you would get with a typical bitcoin network. I hope that was helpful.
[44:20]
Laura Shin
Wow. Okay. That is frightening. So the way that I wrote my question is I actually wrote crypto, but when I verbally asked it to you, I asked you to use the example of bitcoin. I'm just trying to remember in the paper, I think they didn't say this on spin attack was only possible in bitcoin. They said it was generally possible on public blockchains. Is that correct?
[44:44]
Alex Pruden
Yes and no. I, I think so. Again, the, the fact that bitcoin's block times are so slow means that that's kind of like, makes it especially vulnerable. There are other black bitcoin cash, other variants of bitcoin, like it's, you know, have similar block times or similar parameters. Dogecoin, I think is a fork. Litecoin, there's a fork of Bitcoin. So technically they would be possible in some of these other contexts too, but it kind of just depends on the block time. Notably, if you look at some of these blockchains that have come out since bitcoin that had faster block times, it kind of like accidentally is a defense against real time attacks on quantum. Right, because the quantum computer, I mean, it's possible they optimize even more. And nine minutes is only the beginning, not the end. Where quantum computers get. But for now like 15 seconds is to use the Ethereum block time. I think it's still 15 seconds. 12. There you go. So 12 seconds, it's like much, you know, much too fast for a quantum computer to do an on spend attack. Now Ethereum has other problems that are unique to it, but at least that is, you're probably safe for now.
[45:48]
Laura Shin
Okay. Okay. So before we dive into like, specifics about Bitcoin and Ethereum and all that, I did also just wonder. So I saw somebody actually tweet this. They were wondering why Google, you know, chose to focus their paper on blockchains. And because there are so many systems that would be vulnerable to quantum computing. And I was curious if you had any thoughts on, on why they chose to do that.
[46:12]
Alex Pruden
So we, I love getting this question. And in fact, at Project 11, we maintain a running list of what we consider to be myths, common myths, and myth misconceptions. I believe this one we've numbered as 11, you know, no pun intended, but yeah, The. Okay, yes, Cryptography generally is affected by quantum computers that can run Shor's algorithm. Cryptographically relevant quantum computers. No system, though, is as reliant on it as digital assets are. Why is that? Well, for two reasons. One, the organ, like organizations that use cryptography outside of the blockchain context are like, banks, Internet companies, a bunch of centralized organizations where like, let's imagine something went bad. Let's imagine somehow like a quantum attacker was like, trying to infiltrate a bank account or do some, you know, trying to hijack some swift transaction. Like, there's a mechanism for a group of people to get together at some level and just say, hey, that never happened. Like, we're not counting that. That's. We're rolling it back, we're amending. And it's because, like, these ledgers that centralized companies maintain or databases are centrally maintained. Someone can just change them, right? That's not the case, literally. That's the antithesis of Bitcoin or any blockchain or it's supposed to be, right? It's why they were invented. So I think that's one thing. I think the other thing is. Let's take another common example. People are like, I mean, I'll pick the straw man. The nuclear launch codes. Alex, why should we care about a quantum computer? Because, God, you know, if the quantum computer comes out, people will get the nuclear launch codes. It'll be nuclear holocaust cost. I mean, that's. It's a ridiculous example, but I'm using it because it's illustrative. It's like, how do the nuclear launch codes work? I could ask you. I could ask anyone. The answer is like, no one really knows. And there maybe is an answer, and maybe it uses public key cryptography. But the. But that is not, you know, those. The information about how public key cryptography uses. Not public. So it's not unlike. Let's compare it. Unlike Satoshi's Bitcoin address or addresses they used to mine, those are just public on the Internet for anyone to find and see. And so that is kind of the lowest hanging fruit. So not only is it more existential for crypto, it's much, much easier to get the information you need to run an attack like Short's algorithm. So while it is. And by the way, like this, none of this is to say that the outside of crypto, the world, is not taking it seriously. In fact, arguably, they're taking it more seriously. A lot of Internet companies cloudflare, for example, I believe 50% of all Internet traffic through Cloudflare is already using post quantum cryptography. Right. So there are people that are like, moving forward on this. Google itself was like, hey, for all of our internal systems, you referenced this data like, we're going by 2029. And that's a six years ahead of what the NIST has said. And there's, I'm sure, spending millions of dollars to do that because they think there's a risk to their systems.
[49:06]
Laura Shin
Yeah, I mean, it's. It all. All that stuff you made sense. You know, these are all the things that crypto people love about crypto, and yet they do make it especially vulnerable to quantum, which is, yeah, just. It's just interesting. Slightly ironic, but. So let's now focus about bitcoin, which I think we already talked about the first time you came on the show. And as I mentioned, when I interviewed Matt, I really was not impressed with his responses pretty much at all. So, you know, there's been a lot of people in community that have been making noise about how they feel like the bitcoin community is not prepared. And today I saw a number of tweets in that realm. Like, for instance, Ryan Watkins of Syncrecy Capital tweeted, quote, with today's news, the probability that post Quantum becomes a legitimate narrative for Eth Zec and even Sol versus Btc is much higher. Then he wrote, bitcoin devs need to get their shit together as soon as possible. And I just wanted to highlight, like in the Google paper, they had this little graphic of the bitcoin balance of the top 100,000 vulnerable addresses, and that tallies to 6.7 million BTC, which is about $450 billion today, which that's not quite half, but a sizable chunk of its $1.3 trillion market cap. So I just wondered, when you look at how bitcoin is so decentralized, people like, you know, feel that it faces challenges when it comes to coordination. So if you were a bitcoin developer today, what would you do to try to ensure that the community can face this quantum threat in time?
[50:58]
Alex Pruden
Great. Yeah. And let me just quickly make a shameless plug, since you mentioned that Google numbers, they used our data. Project 11 riskless and user and workshops were cited in the paper. And anyone, if you're interested, you can go to our site, project11.com and there is a risk with Q list and an address bar and you can put in your address and like, effectively. It's kind of like the am I poned thing, if anyone remembers that from old days of Cyber security, you can find out if your public key is exposed. So I just wanted to make that point to anyone who may be interested or know where that data came from. Okay, if, if I was a bitcoin developer, first off, I would just say, like a strength of bitcoin. I'm not, I'm not. I wouldn't argue with Matt or, or many others to say that. The fact that bitcoin is so decentralized is certainly a philosophical strength that I think lends credence to what they and many other folks who hold bitcoin want to believe about it, which is digital gold. What is gold to humans? It's like the store of value of all to beat any fiat currency. So it's kind of like that's how people like to of it, right? The fact that there's no single actor that can drive things one way or the other is a strength. I won't deny that. As you pointed out, it's kind of intention with the current challenge that bitcoin faces, and this is, I think, kind of the spirit of Ryan's tweet. So look, I will say even something even stronger than if I were a bitcoin developer, I would do something. I think we at Project 11 are here building digital. You know, we're here to migrate and protect digital assets into the post quantum future. We want to build the post quantum rail as the post quantum future. I believe bitcoin or something like bitcoin should be part of that future. So we are building stuff at the wallet level, infrastructure level for bitcoin, because that's kind of right now, like, you know, in absence of developer consensus, that's what you can do. So we are doing that. And I think more people should do that. I think too many people, I think, get hung up on. We have to all agree on everything. Look, I mean, there are certainly things that you need to come to consensus about at some point, Satoshi's coins, for example. But there's a lot of work that can be done now in terms of exploring algorithms, running signets and test nets, building wallet infrastructure or wallets migration tools. We launched, actually our first product was something called Yellow Pages, which was basically kind of a quasi migration tool to let you create a new post quantum key and then sign with that signature your bitcoin key. So to prevent that thing I said earlier, where it's like you couldn't migrate past a certain point. So look, there's a lot that can be done and I would just encourage bitcoin developers and developers across the entire ecosystem to start taking this seriously. And start taking this seriously means action, not talk like it's great, there's some research and we should do research, but we should also put this research into practice and something we've done with Solana. For example, we had a grant from the Solana foundation who's kind of leaning forward in this as well as the ef. They're like, hey, put these post quantum signatures in a test net for us and let's do some performance evaluations. How does the network, what happens to the network if we just drop in these signatures? These are the kind of experiments that we're going to have to run all over the place because we can't again, we're not just hand waving this engineering challenge or we shouldn't hand wave this engineering challenge. So I hope that was specific enough. We will be working on bitcoin stuff. I think every bitcoin developer should make this the top priority because I don't think there's a bigger technical challenge to bitcoin today. And I think that advice applies across the board digital assets.
[54:32]
Laura Shin
So there is a bitcoin improvement proposal out there360 and it puts forward a new script type called Pay to Merkle Root P2MR. So what is that? Why is that post quantum? And what do you think of this proposal?
[54:48]
Alex Pruden
I think it's great. I think the team is great. Again, like I'm, I'm, I'm cheerleading anyone who's working on any aspect of this in all its forms. That said, I think what, what is it specifically? It's effectively disables the key path spend for taproot transactions, the key pass spend. Without getting into the nitty gritty of taproot which quite frankly I'm not that familiar with. Anyway. The upshot is that when you do a pay to taproot key path spend, you expose it like your public key remains exposed. And so that's obviously bad going back to like slow clock, fast clock. You know, if your public key is exposed, either slow clock or fast clock could get you. And so what BIP360 does in its current form is it effectively closes that door. So now if you're using taproot, you're not going to expose your public key. So therefore it could reduce the number of vulnerable bitcoin in the sense vulnerable to slow clock quantum computers, but in its current form does not add post quantum signatures to bitcoin or make bitcoin post quantum secure. So I would view this as an important step A small step, but an important one. But ultimately just one of many steps that have to happen.
[56:02]
Laura Shin
Okay. And then Ethereum faces a different set of risks. The Google paper cited like a number of different levels. You know, kind of at the smart contract level, L2S the base layer. I mean it was, I really frankly was impressed that Google went into all this detail and knew this much. But some of the examples were like a tornado cache anonymity pool being drained without anybody noticing until the balance went to zero. It even talked about like ZK rollups, like different types of attacks there at the base layer. Can you just describe a little bit like what you think Ethereum is facing in terms of these vulnerabilities and how well positioned you think it is to face the quantum threat?
[56:50]
Alex Pruden
Absolutely. So I'll say pros, cons. First off, big pro, kind of step one to solving a problem is admitting you have a problem. And Justin Drake, and Justin Drake's a co author on the Google paper, Justin Drake leads the ef and I think in particular is really focused on making as part of their lean roadmap, making post quantum a part of it. And there's a lot of folks working on it. That's great. Huge pro. I would say Pro2 is Ethereum block times 12 seconds. We already covered this. You don't probably have to worry about fast clock on spend attacks anytime soon. Probably for Ethereum, hopefully at least bitcoin will be vulnerable first. Right. So you'll at least have it some kind of canary in the coal mine. So that's good con. Ethereum is more complex than Bitcoin, so there's more to fix. In fact, we've done some work, we've collaborated somewhat with the EF on various things because the EF has kind of split the effort on hey, we have to secure consensus because remember, the Ethereum uses proof of stake. Consensus proof of stake is basically like, you know, I put some money, deposits of money and I said I vouch for this block and I vouch for this block and one vouch here you can replace with sign. And that means there's a digital signature. That digital signature could obviously be forged in a postcode world. So a big part of the Ethereum clean PT roadmap is about securing consensus because that is now breaking this is Bitcoin does not have that problem. Ethereum does though, and any really proof of stake protocol does. So they have to solve that. They also have to solve the wallet level. Like what do we do with all the assets? Right. And there's Unlike Bitcoin, there's this whole complexity around smart contracts that exist and assets that are issued from smart contracts and assets that are issued on L2s that are anchored to Ethereum. And so the attack surface of Ethereum overall is much, much bigger. And because of all the smart contracts, you have like a lot more stakeholders that you kind of have to coordinate. So broadly speaking, I think it's a huge challenge. And again, I think EDF is leaning into solving it, but it doesn't mean that it's not a massive, massive challenge.
[58:54]
Laura Shin
Yeah, yeah. So Bitcoin has just sort of the inertia of the community itself, but then also the fact that they are so conservative. But the truth is there's really just a small number of people that actually maintain the Bitcoin corporate core code base. Ethereum is so different. It's like there's multiple clients. It's this whole defi ecosystem. Anybody can put a smart contract on there. Users might put money into it not knowing that it's not post quantum. There's just the universe of things that could go wrong is so much bigger.
[59:35]
Alex Pruden
Totally. I was going to say quickly think about stablecoins. Think about what everyone's trying to do with stable coins. Abstract away all the cryptographic complexity. Maybe they run into the hood. What the heck are you going to do? Right, because people theoretically have keys to send stable coins. Maybe they've never even been exposed to the Ethereum blockchain before and now they have to migrate somehow. I mean, this is like to your point, it's very complex.
[59:58]
Laura Shin
Yeah. So let's also talk about other blockchains because the paper cited some blockchains that it said stand out as post quantum from inception. I've actually never heard of any of these. I kind of don't even want to name them because they're so obscure that I don't know. Or maybe you think it's fine. I don't know. But I just wondered, is that feature alone something that you feel at this moment in time, like gives those chains a leg up? Or do you feel like the more proven chains will eventually get their act together? And you know, how do you think about that?
[60:44]
Alex Pruden
I think it comes down to. I think, I think, I think it comes down to where in the future we think value on chain will exist. Exist the. The quantum first blockchains, of which there are several that feature some post quantum cryptography, are effectively betting on a world, I think, where more or less all existing chains fail to migrate or don't migrate in time. And then to the extent that blockchains are useful, then the residual value will have to therefore by definition flow to them. That's possible. I think, look, we can't discount that. We can't discount that world. I think though, if you ask the average holder of bitcoin today and you said, hey, you have a choice to either buy some new Quantum L1 or keep your bitcoin and make it post quantum secure, most people would probably just prefer the former right now. That said, in kind of a funny way, all of these blockchains are going to become quantum L1, post quantum L1s because like really it's like at the end of the day, this post quantum cryptography is that like that the, or the elliptical cryptography's got what has to get replaced by something that probably one of these quantum L1s is using. So I think, I think the challenge that these post quantum L ones frankly will face is they have to convince everybody that all of the other chains will fail in their efforts to migrate. And I don't think people are ready to accept that yet. They may at some point and maybe quantum happens tomorrow and then they'll probably a whole different ballgame. But even Dolev is, as we saw earlier, doesn't believe that. So. But that, that. But I think one important thing about them, and I think one really cool aspect of the quantum layer ones is it's a test bed for these quantum algorithms, post quantum algorithms that will actually have to use potentially one or more. And it's great. Like this is one of the greatest parts about quantum crypto is crypto is kind of like the world's biggest cryptography bug bounty. Right? It's one of the reasons CC has been proven so durable, because I mean, God, if someone somehow had a classical way to get Satoshi's bitcoin, it feels like they would have done it by now. And so I think so. So I think the purpose ultimately these, that these quantum layer ones will serve, if nothing else, is effectively being the test nets for what, what quantum networks generally look like in the future.
[63:09]
Laura Shin
Okay. And I did actually just want to ask one brief question, which is I saw that the paper called Algorand quote, an example of real world deployment of PQC post quantum computing on an otherwise quantum vulnerable blockchain. So I didn't know what that meant.
[63:27]
Alex Pruden
And I'm going, I have to caveat here. I'm not deeply familiar with all of the various aspects of Algorand, if I recall. However, Algorand has a post Quantum address type that uses a NIST post quantum signature scheme called Falcon. And so theoretically I think you can send your funds on Algorand to this new address type. Now whether or not it's compatible with any of the D5 ecosystem on Algorand, whether or not anyone actually uses it, I cannot say. But I do know that they had this effort and that's probably what the paper is referring to.
[64:07]
Laura Shin
Okay, so last question. You briefly alluded to some things that Project 11 is doing in its efforts to help the crypto industry prepare for this post quantum future. But is there anything else you wanted to call out or even if it's just a call for people to seek you out for help or. Yeah, let us know what it is that you're up to or what we can expect on your roadmap.
[64:31]
Alex Pruden
Yeah, so shovels in the ground is my big thing, right? Like we gotta start, we gotta start everywhere. When we started Project 11, we really kind of were focused on looking at the wallet and migration layer. But look, I think the way things have advanced so quickly, I think we just kind of have to tackle anything, anything and everything that comes our way and you know, with regard to solving this problem. Practically speaking though, what people can expect is very shortly we'll have a post quantum version of a wallet, Ethereum, on Ethereum and Bitcoin that people can use to secure funds today. Now, the weight and the, the, the functionality of this wallet will be limited by virtue of the fact that post quantum cryptography doesn't exist on Bitcoin and Ethereum. So set your expectations. But this is also like, this is just the way it's going to be. I think it's kind of illustrative of like the fact that this is hard. Like all the things we've gotten used to with the wallets that exist today are because we've had a lot of e time to optimize. So again, this is a shovels in the ground effort. We got to start somewhere, we got to start securing value. So we're going to be, start doing that immediately. The second thing that I would call out that I hope your listeners and potentially you, Laura, might enjoy is we're putting out our own, our own research report. Yes, we too will have a tome, you know, a weighty tome that describes how we think about, about the threat and also specifically blockchains and how they're vulnerable. I, and I think that might be like we've attempted more so than other prior reports. So take Galaxy Digital and Arc. You know, they start, they Sort of leave. The issue of quantum is like, it's so, you know, it's black box. It's like it's probably far away. We open up that box and we try and say, hey, exactly like we go, we talk. We had a discussion about error correction earlier with Dolev. We go into a little bit of detail and try and explain to the educated layperson like, hey, what exactly is going on here? What do we need to look for in terms of metrics? How do we know we're getting close? And so we put a lot of effort into that. That's kind of meant for institutions, but generally it's going to be available for everyone to download and we'll probably have some, some fancy website around that charts and stuff for people to kind of track the progress of Q Day. So those are, those are kind of the two things right up next in the pipe. And overall, I am extremely excited and optimistic despite the fact that all this news is like, oh, it seems like quantum doom is sooner. Look, decentralized systems have performed miracles. I mean, look at the transition from eth1 to eth2. I think there were a lot of people, including me, who didn't think that was going to be possible given the challenge of decentralized consensus. And it worked. And I think there is absolutely no reason why blockchains and the communities that surround them or make up those networks can't set the example for the rest of the world. For our decentralized governance can actually lead and not lag in post quantum security. And we obviously, the mission of our company is to carry, you know, be the vanguard of that, to carry the flag for that. But you know, fundamentally I think this is an opportunity for blockchains for all of us to basically show the way and show how we can basically earn the right to be the post quantum financial rails of the future.
[67:37]
Laura Shin
All right, Alex. Well, it has been such a pleasure having you on Unchained. Thank you so much for helping to explain this big news today.
[67:44]
Alex Pruden
It's a pleasure to be here as always, Laura.
[67:46]
Laura Shin
Thank you very much and thanks everyone for joining this live stream. We will catch you tomorrow. Bye.
[68:00]
Delev Bleufstein
Sam.
[68:26]
Alex Pruden
Sat.