Tom (3:36)

I thought the piece was not very good. There's like no new information in it. Like this is again something we've been talking about for decades at this point. And I feel like it was kind of grasping at straws.

Aseev (3:44)

He used AI. He used AI.

Tom (3:47)

Oh great.

Aseev (3:47)

It says in the article he used AI.

Tarun (3:49)

No, no, no, no. But, but also remember he, he decided to write this because he watched that documentary that claimed Peter Todd was Satoshi.

Tom (3:57)

Oh yeah.

Tarun (3:58)

And then he was like, I think this documentary is wrong. So it's like, it feels like a little bit also weird because of that.

Tom (4:03)

Yes, I agree. And also there's kind of a weak. They're like, oh well, Adam back did his PhD in public private key cryptography and Bitcoin uses public private key cryptography.

Tarun (4:13)

Oh my God. The way they describe PGP in that article is really embarrassing.

Tom (4:17)

I was like, also, I will say, I heard through the grapevine, Blockstream has some new product coming out and this is basically like a PR plant to hype up interest because no one else otherwise really gives a shit about Blockstream. Never doubt the PR submarine as Paul

Aseev (4:30)

Graham in the New York Times.

Tom (4:33)

Why not?

Aseev (4:34)

You think Blockstream got placed in the New York Times? The New York Times hates crypto.

Tom (4:38)

Yeah, but you have a good PR person. You have a Good angle. This is.

Aseev (4:42)

Your PR person is like, hey, just so you know, my client is secretly searching.

Tom (4:46)

It doesn't say that necessarily, but they can accept someone. And that's the difference between someone who's good at PR and bad at pr.

Aseev (4:52)

Okay, Justin, you said that you had not seen this story, and maybe you didn't even know who it was. What's your reaction to this set of claims?

Justin Drake (5:02)

I guess one reaction is that Nick Carter had this theory that AI would help with the discovery of Satoshi because it would fight breadcrumbs. So I guess interesting timing. In general, I'm very dubious of all these stories. I've been in the space since 2013, and this kind of story has happened maybe a handful of times. I would also be very disappointed if Satoshi was at and back.

Aseev (5:25)

Why would you be disappointed? Let's unpack that.

Justin Drake (5:27)

I don't know. I just think he has wrong takes, for example, on quantum. The topic is rule. So he believes that quantum computers that can break cryptography are at least 20 years away. And I'm willing to bet a Thompson cube with him on that.

Aseev (5:43)

Hmm. It was striking, actually, because in the article, they point out that Satoshi himself acknowledged the quantum risk back when he was posting.

Justin Drake (5:51)

So Satoshi actually didn't understand quantum computers. So maybe that is one point towards Adam Beck being Satoshi.

Tarun (5:58)

Wow. Johnson's pulling out the daggers.

Justin Drake (6:03)

Satoshi was talking about replacing SHA2 as it being vulnerable. But these hash functions are actually not the point of vulnerability. It's ECDSA that's vulnerable.

Aseev (6:15)

Right? I mean, there is. Well, we can talk about.

Tom (6:18)

I was going to say you were disappointed because Adam went to Epstein's island, but that's a whole other topic. I guess that would really sour Justin.

Aseev (6:25)

Might not even sour the asset. I feel like Justin's not the kind of guy to read about stuff like this.

Justin Drake (6:29)

I do listen to your show.

Aseev (6:31)

Oh, you do listen to our show. Okay. Unfortunately, you do know this. Okay, sorry. I'm sorry to have inflicted that on you.

Tarun (6:37)

Wow. Haseeb. Insulting a fan.

Tom (6:39)

It's.

Aseev (6:39)

Yeah, well, you know, what do you know? I. I. Okay, so first, let me. Let me say a few things. Well, I read this last night. I was like, oh, man, this is like red meat for the Internet. The Internet's gonna get all over this. So I didn't. I didn't actually see the full reaction from the Internet. It. It. It felt like. So Adam back has always kind of been in the conversation as a potential satoshi candidate. For those of you who don't know who Adam Back is. He is CSO of Blockstream. What is, what is his title? Something like that. He was the inventor of Hashcash. He was a very early cypherpunk. He's one of these people who has always written into lineage of bitcoin very clearly. He was an influence on Satoshi. Satoshi cites him. He's the creator of Hashcast, which is the origination of the proof of work function that became proof of work in bitcoin. Bitcoin pulled together a lot of different ideas that Satoshi, clearly he credits Adam back in the bitcoin white paper as being one of the sources of the ideas that led to the generation of bitcoin. So clearly Adam Back was in the intellectual lineage. He's one of the progenitors. He was in the room where it happened, so to speak. Right. He was in the cypherpunk forum. He was one of these guys. I think he was back when cryptography was regulated as a munition. This is one of the things that he mentioned in the piece, Very famous story. The RSA algorithm supposedly was illegal because this was a munition and you couldn't export it. And so he would get T shirts printed with the RSA algorithm, which you can write in just, I don't know, 10 lines of code or something. They would get T shirts printed and he'd put in his email signature the RSA algorithm as a form of civil disobedience. So he is one of the OGs and he's been around forever and he's one of these people who, you know, he's kind of a dinosaur in certain respects. Like he, you know, is. Is kind of a bitcoin. He's a bitcoin Max. He's got laser eyes now. I think I agree with you, Justin, that it would be very disappointing that Satoshi became like a laser eyes dude who got a job at Blockstream and is like part of a DAT that is kind of.

Tom (8:32)

He was a. He was a co founder, just to give him credit. But you're right that, like, it's lame. Yeah, it's.

Aseev (8:38)

Well, but like, what are they doing with bitcoin? Like, what is blockchain doing with bitcoin? They're like creating like lightning things for institutions or whatever. I don't, I don't even know what they're doing, what they're doing anymore. But it's, it's just like kind of,

Tarun (8:49)

hey, they made a satellite.

Aseev (8:53)

Yes, I do remember that. Like, so that you could access bitcoin. From anywhere in the world or whatever. It's just kind of a, it's like, okay, well if that's who Satoshi ended up becoming a little sad. It is kind of disappointing. Yeah, it is a little sad, right? Compared to like Hal Finney of like, oh, he like sort of died before he could see the beauty of his creation. It would be much more satisfying if it was Hal Finney. If it's Adam back, then it's kind of like, okay, well that's. Do we now have to revere Adam back? We have to like go look at him and be like, he's the guy who we all have to look for to, for advice. Like if he actually is Adam back. How would you treat Adam back differently, I guess is the question. Justin, starting with you, you work at Ethereum, the Ethereum Foundation. How would you treat Adam back differently if you knew that it was confirmed that he's Satoshi?

Justin Drake (9:41)

I mean, the only way to confirm would be for him to sign a transaction with one of the citizens.

Aseev (9:46)

Let's say he signs.

Justin Drake (9:47)

Oh boy. I am willing to keep an open mind.

Tarun (9:53)

I mean, I mean, I just, I honestly, I think it'd just be kind of depressing, like, oh, wow, wow, that's like how I would feel.

Aseev (10:02)

Yeah. Tell me, tell me, Justin, tell me more.

Justin Drake (10:05)

Yeah, I mean one thing that we are starting to do actually at different foundations is talking to Blockstream more specifically in the context of Quantum. So they have just in case, Adabaku,

Aseev (10:16)

Satoshi, it's a good time to start building the relationship.

Justin Drake (10:20)

Basically the strategy that we have for Quantum is to try to build an industry standard. And if we can get Bitcoin to use the same solution as Ethereum, then that's a de facto industry standard. And to the credit of Blockstream, they actually have now four researchers working on hash based cryptography, which is the direction that we're going down. And they have some really strong people, including Mike Kudinov, who we wrote four academic papers with, as well as Joe Nestic, who's been an OG in the space and is a, you know, a very good cryptographer. They've also hired, you know, just a couple months ago, these two, two brothers. And I think there's been a wake up call internally to Blockstream and, and they are taking it seriously.

Aseev (11:03)

Tom, how would you react if it was confirmed that Adam Back was Satoshi?

Tom (11:07)

I, I really don't think about this a whole lot. I think obviously the danger with Bitcoin is just like tying it to. It's supposed to Be kind of this like stateless person, personless entity. And then when you imbue it with a physical characteristic, it becomes a lot less attractive. And so I think that's kind of the big concern is just like, hey, everything kind of now gets tied to this person's personality versus this being the sort of immaculate conception of the asset.

Aseev (11:36)

Yeah, it is in a way, like the original prohibition in religion is to make idols of men. And we as an industry have kind of made an idol of satoshi. It's almost hard not to create this hagiographical aura around him and the immaculate conception of bitcoin. And if Satoshi is a dude with business interests, with laser eyes, with 800,000 followers and with particular views and political affiliations and so on, it's a weird shift for the industry to have to grapple with of that. Like, oh no, no. This was made by like this guy and he goes to conferences and gives talks and likes these coins and doesn't like these coins.

Justin Drake (12:23)

And Satoshi was an extremely open minded person. He at the very beginning was considering building a marketplace on top of bitcoin. There's traces of this in the early GitHub repo. He was also a big fan of project like Namecoin, I believe. And I think he would have absolutely loved Ethereum. And so that I guess is a negative on Adam back potentially being satoshi.

Aseev (12:48)

Yeah, it's also worth pointing out some of the weaknesses in the article. So it's not like this is a slam dunk case. And obviously there's a lot of people.

Tarun (12:54)

Not at all.

Aseev (12:55)

Yeah, so like the silometric analysis. So silometry is basically looking at these ticks in writing style in order to determine certain characteristics about this person. The stylometric analysis that they did, he kind of took it into his own hands because the initial stylometric analysis was inconclusive. And he says that very clearly in the article is that the original stylometric analysis they did was unable to decisively say who this was. Within the cypherpunk group there was 20 something candidates that they felt were equally close. And actually Hal Finney was considered to be basically equivalently close psylometrically compared to Adam Back. But then at the very end he sort of does this his own kind of choosing a decision tree that gets the answer that he likes of, oh, people who put also at the end and then people who do the double hyphens and people who do this and people who do that, which obviously if you do that manually, you can get any result you want if you have a sufficiently large decision tree to play with. So it's a little bit of a. I respect the fact that he was very honest about the fact that the stylometric analysis initially was inconclusive, but then he kind of just does a different one, Just kind of yoloing it, like, almost p. Hacking his way into a stylometric answer to get what he wanted, which is the principal criticism of the article, which is why I don't think it's actually conclusive that Adam Back is.

Tarun (14:19)

I also feel like stylometry is this kind of pre LLM thing that's romanticized as a way to catch a criminal, but in the current universe, I just don't think, who gives a shit about stylometry anymore? I can't generate. I can convert styles very easily, and it cost me almost nothing.

Aseev (14:40)

Oh, yeah. But like, in 2008.

Tarun (14:42)

No, no, I know, I know. I'm just saying. I'm just saying, like, there's also this kind of funny nostalgia romanticism of catching a criminal here that, like, I think is part of the storytelling. If you read the article.

Aseev (14:52)

But. But you think psylometry doesn't work, or are you just saying.

Tarun (14:55)

No, no, no. I'm just saying I think if you read the article, there's an aspect of it that's like entertainment. And the stylometry thing feels a little, like, pushing, you know, like, really focused on the entertainment aspect and, like, less on the accuracy aspect.

Aseev (15:08)

Right. I mean, I don't know that much about psylometry, but it strikes me like that sounds very plausible as a way to identify people.

Tarun (15:16)

I'm not saying it's not. I'm just saying it's, like, not something where it's, like, uniquely identifiable. And so, you know, it's like. I think it has romanticism.

Aseev (15:23)

It does have tells. Yeah. Satoshi did have tells of, like, mixing British and American English spellings. He had, like, inconsistent hyphenation of words. There were a lot of things that I didn't realize that satoshi was not that good at covering his tracks about leaking bits of information about himself, which, like, of course, you know, on the

Tarun (15:43)

other hand, the next. The next satoshi, now that they have AI, can hide themselves much better.

Aseev (15:48)

That is very true. Yeah. Today it's way, way, way easier to basically hide any of these styometric tics about yourself just in the depths of a prompt. Okay, so I'm glad to hear, Justin, that you're working with blockstream on the Quantum stuff because one of the big stories that we wanted to cover, and part of the reason why we wanted to get you on the show was to talk about the big quantum story that has emerged over the last couple of weeks. So rewinding a little bit and let me maybe give a little bit of exposition. So your role in the Ethereum foundation is you are one of the chief researchers who's been working on the post Ethereum 2.0 transition. You're big in the original beacon chain, then the beam chain, and then now working on the post quantum transition for Ethereum, which has gained a lot of steam lately. Now there was a big dual sort of paper drop that took place a couple weeks ago. The first paper from Google and the second from a company called or Atomic Google. This paper was actually co authored by you, Justin Drake, as well as Dan Benet, and then the Google Quantum security team and what they demonstrated. And I'm going to ask you to go back over everything I say to correct it in case I'm wrong. But my understanding is that basically what they discovered was a very, very large improvement in the quantum efficiency of Shor's algorithm. So Shor's algorithm is the algorithm that is going to be used by quantum computers to break public key cryptography. So it works against rsa, ecdsa, all the classic crypto that people use to do public private key cryptography, which is the foundation of how wallets are secured in crypto. That is what's under threat by quantum computers. And Shor's algorithm is the way that you can get an exponential speed up in these algorithms. So that makes something that would take millions of years to break on classical computers can be done in potentially minutes on a quantum computer. This attack, it was assumed that Schwarz algorithm, it was known to be the way that you would break these things, but it was thought that it would take millions of qubits of physical qubits in order to be able to break ECDSA 256, which is what is used by Ethereum, Bitcoin, most of the major cryptocurrencies. And this attack showed a 20x improvement in the number of qubits that would need it, meaning only 500,000 physical qubits you would need in order to break ECDSA 256 using this improved algorithm. For Shor's algorithm, this could be done in minutes. Roughly the estimate was 9 minute attack window in order to break one of these keys. And it's important to note that Bitcoin is probably the most vulnerable of anything to this attack. Because one third of the supply of Bitcoin has exposed public keys, meaning that the public keys in the RAW have been either one, they're keys that existed before the modern address format, which moderately protects public keys, or two, the public keys have been exposed in the mempool at some point, which you need to do when you're signing a transaction. Now, the other thing that was striking about this paper was that they didn't release the actual circuit that's used for this quantum algorithm. Instead, they generated a ZK proof using SP1 that they knew of a quantum circuit that had these properties, but they didn't want to release it under the assumption that it was too sensitive, too dangerous, too scary, and that this is almost like an alarm drill that, hey, just so you know, we know this and we can prove that we know it, but everybody needs to get their shit in order ASAP in order to solve this. The second paper, very briefly, was also on Shor's algorithm, but it was using a different architecture called neutral atoms, which is my understanding is a little bit more, you know, engineering wise, a little bit further away. But they showed that only 26,000 physical qubits would be necessary to crack the same thing in roughly 10 days, a much longer attack period. But this would be another huge improvement over the 500k cubits that would be required to solve, to break ECDSA 256. Now, all this together has led Google to claim that they now see a quantum transition timeline by 2029. A lot of people have been saying, historically, no way you're going to get these before the mid-2030s, even the best case scenario. Now people are saying, who knows, it could well be that by the end of the decade we have viable quantum computers. Okay, that's my brain dump of what's going on. Everybody's kind of freaking out over what this means and how people need to get their shit together to get everything in this industry post quantum, otherwise it's going to be a quantum apocalypse. Justin, talk to us about your involvement in this paper, how you interpret these results and should we be scared, right?

Justin Drake (20:14)

So I don't think we need to panic. The 2029 timeline is just an internal one within Google. But now this 2029 data is starting to spread, for example, to Cloudflare that was released today. And that's also 2029. The data we have picked within the Ethereum foundation as a target to upgrade all layers of Ethereum to be post quantum secure, but more likely than not, we're looking at post 2030. But of course it takes time to do these migrations and there's a user action that's required, as is the case in blockchain. So starting to plan now is definitely important. Historically, when you look at Shor's algorithm, it's been heavily optimized over the last two decades or so. In 2014 we were talking about a billion qubits in order to break a key. Now we're talking about less than a million. And through the Google paper, but then the autoatomic paper brings it even down further to tens of thousands of qubits. And really when you look at the quantum algorithm, there's two layers. There's the abstract logical algorithm, which is what Google improved, and then there's the specifics of the quantum architecture that you're using. And this is what Auratomic is looking at. And there's this platform called neutral atoms that is kind of the dark horse in quantum. Over the last few years, they've really been able to show that they can scale extremely gracefully. You don't need these fridges that consume megawatts of power. You don't need this crazy cabling. You can have lattices with thousands of qubits. And one of the superpowers of neutral atoms is that it's all to all connectivity. So you have any qubit that can connect to any other qubit. And the reason is that you can physically move them in space, put them together, kind of have them kiss and entangle and then kind of move them around. And this superpower is also the main drawback of neutral atoms, which is that because there's physical movement of qubits involved, it's actually very slow. It's about 1,000 times slower than the superconducting. So the stuff that Google is currently looking at is the superconducting platform, they can break keys, or they estimate that they would be able to break keys in a few minutes. We're looking at several days, roughly a week on the Aura atomic platform. And you're right, the release of these two papers was coordinated, I think partly because some of the oratomic folks were ex Google and they had a little bit of a relationship going on there. And the other thing that's happening is that Google has made it public now that they're going to be investing and looking heavily into neutral atoms. So historically Google has been very open minded on the quantum physical qubits that they use. And now they're making kind of a potentially a mini Pivot, or at least a fork and exploration on both platforms in parallel. And to your point around the zero knowledge stuff, one kind of new aspect to the mix is that governments are starting to be interested in these results. And Google has made it clear publicly that one of the reasons for going down the zero knowledge path is because of some pressure from, from governments. And yeah, I think the natural assumption going forward is that we should assume that this pressure will keep on increasing, potentially even in the competing jurisdiction of China, where they're also very strong on quantum. And yeah, the race is on. And at this point, I'd say there are very, very few experts that believe that we can't build a quantum computer. So it's happening, we have to migrate. But very few believe that it's happening before 2030.

Aseev (24:11)

Okay, many, many questions. First, was this ZK not disclosing the circuit thing, was this your idea? Did you add this to the mix?

Justin Drake (24:21)

They wanted to do a ZK proof and originally they had this very complicated approach where they would write their own circuit and do things the hard way. And I just told them, hey, there's this new thing called ZK vms. There's some commercial ones that are available. Some of them are very easy to use and they just happen to pick SP1.

Aseev (24:42)

Got it. Okay, so what was your involvement in the paper? At what point did they bring you in and what did they want you there for?

Justin Drake (24:50)

Yeah, so they brought me in very late in the game. They had basically written the whole paper. I joined in about a month ago and I essentially did a review of, of the whole paper, made a bunch of corrections, especially on the Ethereum sections. Also added a few paragraphs for things that they had missed. But I think my main contribution was just being a co author and helping spread the word. I think similar thing with Dan. So they brought Dan and I at roughly the same time, and we made relatively minor technical contributions, but I think it provided a bit of balance and legitimacy to, to a paper that could otherwise be seen potentially as being overly aggressive to the blockchain space. That's something that they were worried about, but also just helping spread the word. And once the article was so the paper was published, one of the PR people within Google kind of looked at all of the articles that were published and spreading the word. And the vast majority actually came from the crypto space. And you know, we had various tweets that had millions of views. And I think it's been a massive success partly because of the involvement with crypto.

Aseev (26:11)

Okay, so you say it's been a massive success, but the message has been received very differently in different pockets of crypto. So you know, most notably Ethereum obviously has been pretty forward. You guys have had a post quantum initiative for quite a while now and I think that to much kind of industry plaudits. But if you look at bitcoin, you see a very different reaction from the bitcoin space. As we were just alluding to with Adam Back, what's your reaction to the bitcoin reaction to this paper?

Justin Drake (26:39)

I mean bitcoin has this culture of trying to get rid of fud and I think this is a good default position to have. But for some cases where it's actually not fud, it's some sort of autoimmune disease. But the good news in this specific case is that we do have a technical solution. We do have many years to do the upgrade. And so I actually think it's a reasonable outcome to saying that we shouldn't be rushing this. There's no need to be super alarmed. And in the context of the firm foundation doing all of the heavy lifting, technically speaking, for them it's just a copy paste job. I think one of the big difficulties for bitcoin is that they need to resolve what to do with the satoshi coins. There's like 5% of the supply, about a million bitcoin that either needs to be burnt or will be sell pressure. What I expect will happen is that we're going to see a fork where the community and the market more broadly can decide which way to go. But it looks like some of the bitcoin holders, for example Michael Saylor, are in favor of burning and they could potentially heavily influence the market in the shorter term. And basically, I guess we'll have to

Aseev (28:04)

see what Adam Back thinks. That might be the biggest tell of all.

Tarun (28:07)

I love the speculation on this because it just sort of feels like bitcoin learning about having stake implicitly in some ways.

Aseev (28:22)

I mean, does anybody actually think that they're not going to burn Satoshi's coins? Who really thinks that they're just going to be like, yeah, it's almost like the DAO hack, you know, like who actually thinks people are going to be like, yeah, we're just going to give a huge portion of supply to like North Korea or something, or China or something? Who thinks that?

Justin Drake (28:43)

So Nick Carter believes that there is a possible outcome where the US government is the first to build a quantum computer and they have some sort of legitimacy to salvage the coins and put them in some Sort of a fund. And if Satoshi were to come back to life, or maybe the US government could just appropriate the coins.

Aseev (29:03)

Come back to life. Interesting. Is this actually what he said?

Justin Drake (29:10)

Well, that's what I understood in one of his podcasts, that they would basically be quarantined in some sort of a fund and Satoshi would have some sort of legal claim if he were to come back. And in the meantime, no one will steal them.

Aseev (29:25)

Suddenly, Adam back is Satoshi, and then he's like, oh, yeah, it's me.

Tom (29:28)

Wasn't Hal Finney cryoed? So, like, you know, if it's Hal Finney, he gets.

Aseev (29:34)

Oh, I see, I see, I see. Okay, but how would you prove. I mean, what would be the sufficient proof in a post quantum world that you are Satoshi?

Justin Drake (29:45)

So there is, you know, for some subset of addresses, a potential way to prove ownership without the private key. And basically what you want to do is look at the seed that generated the private key. Now, unfortunately, the Satoshi's coins came before. I believe it's the BIP32 standard that had. Yeah, yeah, but it's possible that, you know, there was some sort of like, default implementation back then that had some sort of like master seed. And then you could show that these addresses are correlated in some very structured way. So I wouldn't completely rule it out that there is a way to prove ownership.

Aseev (30:26)

Okay, interesting. Tarun, what's your reaction to Bitcoin quantum denialism?

Tarun (30:33)

I think I was someone who has reformed over the last couple years, and I say that as someone who almost started a quantum computing PhD in 2011. So I spent a lot of time in that space and then basically was like, I don't think it's going to happen soon. And then kind of once I was in crypto, I was like, okay, crypto exists because we kind of. I made that assumption it's not going to happen soon. I think the interesting things to me are actually more some of the technical things that have improved these systems a lot. So one of the real problems with qubits historically is for every one qubit that does real work, like real computation, you have to have a ton of these auxiliary qubits for error correction, because as you go through the computation, there's a ton of errors. And obviously since the early days, Kitaev and others came up with all these kind of complicated error correcting schemes. But people didn't really. It was hard to implement, had a lot of practical considerations. It reminds me a lot of how ZK sure, in the 90s in theory, people did understand a lot of stuff related to zk, but it just took a lot of million tiny optimizations compounding together before we kind of got the modern proving systems. And so I think quantum computing has always had this problem where it's promise the moon up front and then it just takes 20 years for a lot of these incremental updates to happen. Sorry, I'm giving my own personal view like how I got to now. I kind of believe in the QDay stuff and I think it's actually very interesting that people are thinking about quantum algorithms the way they think about normal code optimizations in a way that people didn't before. Right. Like Shor's algorithm, 1993, 1994. So it's been around forever. But I think a ton of the optimizations that actually look a lot like the ZK optimizations are the stuff that people have over time more recently realized as the way to make these things practical. I think it's actually very interesting just from a sort of anthropological standpoint of hey, this thing promises the Moon, but then it's like death by a thousand cuts before it actually can achieve that. And I think that story is what we're probably going to be telling if I zoom to 2030 and look backwards. And I do think there's obviously been tons of research on post quantum cryptography. I think the main problem with it is it's just huge key sizes and it has a lot more practical problems than it does theoretical problems. Like, I think we understand a lot of post quantum cryptography reasonably well. Right. Like NIST has a contest for the, the choice of post quantum. But it's sort of weird to me. There's still denialism, but I can see why. If you don't understand that, it's like, you know, you can, you can easily take the, the tact of like, well, what's the largest prime number? Quantum computers are a factor 15. Who cares? Right. Or you could take the tact of, well, actually there's a bunch of little optimizations that will let you have a more sigmoidal jump curve in capability. It's not going to be this kind of gradual thing. And I think that's understanding that is important to understanding the denialism. People don't think it's going to have this kind of AI very fast growth curve. But it actually seems like that that my opinion.

Aseev (34:16)

What's your take on quantum?

Tom (34:19)

Yeah, I mean, I know much less than Justin and Trune. I guess I kind of think about historical comps and it kind of reminds me of way back, people used to use MD5 for hashing passwords. And then, okay, gradually over time, these sort of demonstrations of being able to do collisions with less and less compute became more mainstream. And then we just transitioned away from MD5 to using SHA. And so it was, I feel like quantum is analogous in some ways in that it was rational to dismiss it maybe 10 years ago with the evidence that you had. But as more evidence gets presented to you of like, yeah, this is more and more likely you should kind of update your assumptions around timeline, it feels like maybe that's kind of the moment that the bitcoin community is having right now, or maybe crypto overall. But yeah, I'm very curious to see. Also just I thought it was interesting to see how much cryptocurrencies were prioritized in this Google paper, given that, hey, it's obviously still somewhat niche in the grand scheme of things, but maybe just the most directly targetable bounty for someone who has a sufficiently powerful computer sufficient ability to implement shorz.

Aseev (35:30)

But I don't know, it does feel a little bit weirdly parallel to climate denialism, where it's kind of like, okay, well this leads to a lot of conclusions I don't like. So I'm pretty sure this is wrong. And no matter how much evidence mounts, there will always be some way to explain it away. The reality. I mean, I don't mean to be a doomer, because I've historically been pretty skeptical about quantum booster kind of fears, but it does seem pretty unequivocal at this point that this is a big change in timelines and that it should be pulling up everybody's expectations about when we need to make a quantum transition. The other thing is that quantum transitions, they're really so much more painful than updating hashing algorithms. We've already had multiple updates to hashing algorithms in many different blockchains and obviously Nobody ever used MD5. But even moving from whatever, moving from SHA2 to Ketchak or whatever or Monero, moving different proof of work algorithms, this kind of stuff is pretty painless. Doesn't really bother you that it was different in the past? Just like a little, you know, if block pass this thing, then do this, otherwise do that. Changing the public private key cryptography is an absolute fucking nightmare. So now for bitcoin, like it's, in a way bitcoin is the easiest because they have this purely political problem, which is, what do you do with Satoshi's coins? What do you do with all the Coins that already have their, their public keys exposed. That's a very economically momentous question. Even if you assume that Sochi's dead, you're like, what do you do with these coins now? It's no longer 21 million if you black hole these coins. And is that a weird violation of the narrative? Maybe, maybe not, who knows? But then you have even on Ethereum land. I've gotten in some trouble with Ethereum people for saying this, but Ethereum has a much harder time upgrading the cryptography because the cryptography is everywhere. The cryptography is in smart contracts, it's in multisigs, it's in admin keys. There's like EC recovers everywhere in the Ethereum state. And you got to figure out what do we do with all this? How would we make sure that it gets taken out? Even if there's a migration path, a lot of this stuff is hard coded. A lot of this stuff is like, yeah, the admin key cannot be changed or whatever. There will be bounties. Even if it's only a few percent of Ethereum addresses that actually are themselves exposed if they don't upgrade. There's a lot of stuff on chain, just like in state that is potentially exposed and can get compromise if a quantum computer is able to break those keys. So Justin, I'm curious how you guys are thinking about that side of it is beyond just, okay, how do we tell everybody to upgrade? What about the stuff that can't be upgraded? Or is that extremely difficult to upgrade?

Justin Drake (38:07)

Yeah, it's a good question. I mean, there is a fair point that within Ethereum there's three layers of the stack that need to be upgraded. There's the consensus layer with bls, there's the data layer with KCG and what you alluded to, Haseeb, the execution layer, which is itself a mini Pandora's box. One thing that I expect will happen is the security councils where you have admin keys to be one of the first to upgrade. And part of the reason is that if you do have a security council, they have the ability to upgrade. So upgrading is kind of possible almost by definition. And there's a very easy trick which is to have a dual signing or hybrid signing where you keep the ECDSA infrastructure and you add the additional post quantum signature so that even if there's a bug in the implementation, even if it's a rush job if you will, you're still no weaker than you previously were. And the main downside is that you're going to pay more gas so you might be paying five bucks of gas instead of less than a cent. But the good news is that these upgrades only happen once every six months, so it's not a big deal. So for example, we've been talking to the off chain Labs folks and it's possible that Arbitrum will upgrade the Security Council at some point. And interestingly, because Arbitrum is an optimistic roll up and they don't have all of the stock infrastructure that they would need to upgrade, their infrastructure would be post quantum secure just by upgrading the Security Councils. One of the things that Tarun mentioned is the size problem of the post quantum cryptography. So if you look at ecdsa, both the signatures and the pub keys are extremely short. They're 64 bytes and 32 bytes respectively. Whereas if you look at the signature sizes of NIST standardized post quantum schemes, they're at least 10 times larger. So Falcon, which is the smallest signatures there are 666 bytes, which is more than 10 times 64. And so if you were to naively do a switch and just go with NIST standardized solutions, it's just not going to work. So Bitcoin for example, would go from 3 TPS to something much, much lower, something closer to 0.3 TPS. And the solution that I think blockchains will have to embrace, essentially all of them is what is known as signature aggregation. So you take multiple signatures, all the signatures in a single block, and you aggregate them. So a typical bitcoin block will have 10,000 signatures. So at 64 bytes per signature, that's 640 kilobytes. But in a post quantum world it would be 6.4 megabytes or something crazy. So instead what we suggest is you have a proof that shrinks everything into a succinct multi signature, if you will, that's on the order of 100 kilobytes. Ironically, for Bitcoiners, moving to post quantum cryptography will be a scalability increase because they'll save the half megabyte from the ECDSA signatures that they're currently paying for. In terms of what will ethereum do with the 1, 2, maybe 3% of assets that that will get stolen. What I've been advocating for is basically maintaining the hard property rights and trying to build the strongest money possible and not being interventionist. And I think we have the luxury to do so because we don't have Satoshi's coins and we don't have another million coins that are from the very, very early days back when Bitcoin was monopoly money and people had very, very bad hygiene with their private keys. So I would estimate that there's basically an order of magnitude difference in terms of coins that could be stolen in Ethereum versus bitcoin. And this gives us an opportunity in some sense to be one for one with bitcoin, where we had the dao intervention and they will have the quantum intervention.

Aseev (42:05)

So you think there's no way that they keep the satoshi's coins? You think that almost certainly it's going to be black hold?

Justin Drake (42:11)

I think there is a way. One possible outcome is that we see the neutral atoms platforms kind of winning. And what will happen is that some big addresses would get drained, but there's not that many big addresses. And then satoshi's coins actually spread across what is it, like 20,000 addresses, each of which have 50 Bitcoin because he was mining in the early days, and back then the reward was 50 Bitcoin. And if it takes a whole week to crack one address, that's actually. It would take many, many years to kind of clear off satoshi's coins. And so there is a possible outcome where quantum computers start breaking some of the keys and the market impact is actually not too bad. Right. Like Bitcoin loses whatever, 30% in value, and then people start thinking longer term and don't want to jeopardize property rights and would rather not intervene.

Aseev (43:08)

So you think if it staggered over a long enough period of time, then maybe bitcoin will just eat it. Assuming that it's like a relatively smooth distribution of those tokens into circulation. Interesting, interesting. Okay, I could see that. Well, speaking of admin keys, as we were just talking about these multisigs, we wanted to come back to the story that we were alluding to previous week. I think last time on the show, as we were just wrapping, we got news of this drift hack. Drift, of course, being the perp Dex on Solana. It was the largest perpdx on Solana. It got hacked for $285 million. And we now know a lot more than we did at the time. I think it was still fog of war at the time that we recorded our last show about what happened.

Tarun (43:46)

I think it. Didn't it happen like three hours before we recorded or something? Two hours?

Aseev (43:50)

Yeah, I think that's right. I think that's right. We now know a lot more about what exactly happened. So just some quick high level facts about the attack. So about 285 million was drained in the span of about 12 minutes. It looks like the on chain staging from the attacker began about three weeks earlier. They were funded with some Ether and Tornado cash. They basically manufactured a fake token called HarbinVote CVT. They put liquidity in there, they took over the admin keys and they used the admin keys to change the collateral properties of this bullshit token they created to allow it to be basically extremely legit collateral, to be worth hundreds of millions of dollars and then using a margin account, effectively borrow all of the assets that were sitting available for borrow on Drift. So essentially the idea is they had some fake token, made it worth a gajillion dollars, borrowed all the assets in the exchange and then ran off. So this has led to a lot of cries where okay, what the hell happened?

Tarun (44:47)

How.

Aseev (44:47)

How could this compromise have taken place? There was an admin key or sorry, Security Council that had a 2 of 5 multisig with no time lock. For those who don't know, a time lock is basically when there is a change to the protocol. A time lock is an automatic timer that prevents that change from going to effect immediately. And it's considered to usually be best practice for these kind of security councils or admin keys to have some time lock in place in case there a compromise of this kind that any change gives people time to say, oh, something's about to happen, get your money out. Because the admin keys have been compromised. There was no time lock in the case of Drift. So they came up with an incident report and we learned something very surprising, which is that it looks like, according to forensics, which has now been done by CrowdStrike and a few others, that this was first and foremost a social engineering attack that was perpetrated by North Korea. Particularly the way in which the social engineering attack took place is that six months prior there was a quant trading firm that met the Drift team in person. They met at multiple conferences, deposited a million dollars of their own capital and built trust over time that they were going to be one of the users of the protocol and they needed some custom integrations. Apparently they were not North Korean nationals. This was some kind of third party firm that maybe had some relationship or were paid by North Korea in some way. They supposedly the attack vectors involved a malicious code repo that the Drift team ended up collaborating on as well as a fake test flight app. Simply opening a file folder or repository in the editor of VS code that was the editor that they used was sufficient to silently execute arbitrary code with no prompt or indication to the user. This attack was attributed to a group called UNC4736, which is the same group that attacked Radiant Capital. So it's one of the subsidiaries of North Korea and has led to a lot of people saying, holy shit, that is the most insane attack I've ever heard. Sounds much more sophisticated than we were expecting in terms of the in person degree of trust building and compromise. Very different from what we were previously expecting of a lot of these attacks that took place entirely online and has led to a lot of people saying that, hey, how do you defend against an attack like this? Now that said, Tay, who I quoted earlier today, pointed out that actually one of the big issues with Drift was that any EDR solution, EDR stands for Endpoint Detection and Response. Any EDR solution, which is kind of like enterprise grade device management, would have caught this attack because this thing was clearly very invasive malware that took place through this attack supply chain. But the way in which the supply chain was activated was incredibly, incredibly difficult to detect. Thoughts on the Drift hack? Actually, Justin, I'll start with you seeing an attack with this kind of sophistication. What do you tell people in the ecosystem how to defend against something like this?

Justin Drake (47:41)

Yeah, I mean, I invite people to be much more paranoid. I have had experience in multiple security councils and I was generally the most paranoid person. I had this policy that by default I would never sign a message unless you could prove to me that this was the correct message to sign. And there were things like there's a telegram group with a coordinator and there's like all of the committee members, a coordinator would say, hey, can you please sign this message? And then people were saying, done, done, done, done. And there was almost no due diligence. And so I'm actually surprised that we haven't seen more hacks that target the security councils. In terms of social engineering, that's very difficult. I guess that's just an educational thing. Within the foundation, we have a dedicated ops team that helps us with security and it's just a very long process. In terms of North Korea sometimes exploiting bugs, that is a very, very scary thing. And in the last few days, with all of the bugs that are being found with AI, I've just been checking for upgrades to Google, Chrome and to my operating system, basically every single. And just you want to upgrade these things as quickly as possible. One data point is that the Geth team is receiving about 10 security reports per day, about one of which is valid, roughly speaking. So they're getting one valid security report per day, which is extremely scary. And Some of the reports are like critical things that have been in the code base for roughly a decade. So we're in this inflection point where

Aseev (49:26)

all of the bugs have been inflecting

Justin Drake (49:29)

something like a few weeks ago. I don't know exactly. Wow.

Aseev (49:34)

Okay. Huh. Is this from, you know, the new unreleased anthropic model or from the labs? Or is this just coming from like random people pointing.

Justin Drake (49:44)

Random people.

Aseev (49:46)

Random people. Okay. Interesting. Interesting.

Justin Drake (49:49)

Yeah. And, you know, I was also chatting with the Lighthouse team and it's a similar situation for them. So, you know, in the last few weeks they've been putting out these kind of emergency security fixes. I don't know the details, but yeah, I think as an industry, we're just going to find all of the bugs, fix all of them. And then the step after this, which I'm very excited about, especially in the context of Lean Ethereum, is formal verification where not only the software has no bugs, but you also have a proof that there are no bugs, which is the ultimate endgame.

Aseev (50:24)

Okay, so I'm just going to bundle this with the anthropic story because this has also caused a lot of consternation among people.

Tarun (50:31)

Today was security. Security all the way down, minus Adam. Bob.

Aseev (50:34)

Yeah, yeah, yeah, yeah. Well, you know, he doesn't believe in security or doesn't believe in quantum. So that's the connection there. But so there's this story about this project called Mythos. Mythos is a new anthropic model which is called Mythos Preview, which is their preview version of the model. It is a model that they decided that they are not going to release. They are instead running a project called Project glasswing, which is an initiative bringing together a bunch of enterprises including AWS, Apple, Broadcom, Cisco, CrowdStrike, Google, JP Morgan, Linux Foundation, Microsoft. And what they are doing is they're giving access to Mythos Preview to only these groups. And the reason why is that they found that Mythos Preview is one of the largest jump in capabilities they have ever seen, specifically on cyberattack. What they claimed is that Mythos Preview was able to find vulnerabilities in every single major operating system and every single major browser. They found a 27 year old bug in OpenBSD that would allow them to break OpenBSD wide open. They said they did not explicitly train Mythos Preview to have these capabilities, but they were able to get 595 tier 1, tier 2 crashes, some tier 3, tier 4 and 10 tier 5 control flow hijacks on patch targets. They had north of an 80% success rate in getting it to attack major operating systems and browsers. There are some crazy stories in their model card where they talk about it escaping a sandbox and emailing its own researcher while the researcher was out eating a sandwich in the park. It has stories of them breaking out of sandboxes and taking actions that were ostensibly disallowed and then concealing that it ever tried to break those things. This thing basically looks like the most powerful security researcher ever created. Almost certainly this is better than any security researcher anywhere in the world. And it is so powerful that they're just like, we cannot let this out in the wild because it will lead to just total pandemonium.

Tarun (52:34)

Yeah, CrowdStrike's stock went down a lot after their announcement.

Aseev (52:38)

Is that right? I didn't see that. This is actually. We literally talked about this on the show where I said like, all of these open source pieces of software will have to go under the stewardship of large corporations because it's just like the amount of compute that you'll be able to direct at these things relative to the amount of usage is going to become more and more lopsided. They basically gave I think 100 million in free compute to all of the companies to run within glasswing to run Mythos Preview on their software or software that they use. And all of this seems to be just a sign of where things are going. Is that okay? Anthropic is here now. Maybe it won't be long before GPT 5.6 or 6 or whatever is there. And then what about Quinn? What about Kimmy? What about all these open models that are just going to be like, well, we distilled on Mythos Preview, we hacked some guy inside or we got access to Mythos Preview, we distilled on it and now we've got 90% of the benchmark and it's open source. Where's this going? What's coming next? Tarun, what's your take on all this?

Tarun (53:42)

I think I agree with Justin. Autoformalization, I mean, obviously I'm a little biased here, but I think auto formalization of being able to prove theorems about your code is going to be just necessary in a world where code is cheap to produce. Verifiability is the only thing that's expensive. And being able to verify Lean proofs, being able to verify other forms of formal logic proofs that code does exactly what it says and there's not some side channel is going to be much more important. I think when I started full Time in crypto in 2018, I probably came in with two beliefs which were like, quantum computers aren't going to break elliptic curve stuff. And then also formal verification is going to be too hard. No one's going to be able to do it. And I think both of those things, I think I have changed in eight years on, and I now think that that is going to. It's going to become the standard.

Tom (54:33)

For one, I was surprised there weren't any crypto companies in Project glasswing because it also seems like the largest, most lucrative sort of attack candidate for someone who has access to these models. And so I don't know, that was kind of disappointing to me that some of these things, it's like monetizing. The actual attack is a little bit trickier, but obviously for crypto, it's more direct. So seems like something that, as we're sort of seeing, there's a lot of scrutiny around. Yeah, I don't know. Again, I want to kind of be in this nothing ever happens camp. Again, I kind of comp it to even earlier software development or web development, where it's like, standards were so lax. Nothing was encrypted and apps weren't sandboxed and was just like, yeah, that's just

Aseev (55:16)

the way it is.

Tom (55:17)

And then over time, okay, this becomes widespread enough and attractive enough that we need actually more standards to make this software secure by default. And I want to believe maybe we're going through that same kind of generational shift, but this actually feels very different in some ways. And now obviously, also just the install base and the depth of software is orders of magnitude larger than it was 30 years ago. And that's kind of the scarier part. It's just like everything is now connected and online and exposed in some way.

Aseev (55:47)

I mean, it's scary that the prophylactic against this kind of capabilities jump is anthropic. Being nice guys and basically being altruistic in the way that they're trying to do Project Last Wing is kind of invite only. They're vetting everybody who's getting access. They're giving free credits to just hardened software in preparation of what's coming. Because this is coming. And I wrote a tweet yesterday where I compared it to this is Covid, but for software where essentially it's like lab leak level, this is going to go everywhere. It's going to attack everything. And if you have not inoculated yourself against it and gotten the shot, you are fucked. You are absolutely fucked if you do not have Mythos Preview level defensive security, pointed at your software, proactively looking for vulnerabilities, then something that's this smart is going to find them, right? It's literally like we're a bunch of children, like, writing software and then putting it out on the Internet and going to some CTF and saying like, hey, I wonder if you guys will be able to break this? And the answer is like, yes, we definitely will. We definitely will be able to break it. Almost everything. Think about everything in crypto. I mean, Justin, what you're telling me is that kids just vibe coding on cloud code are finding vulnerabilities in geth every single day. What is this thing going to find? Which is probably going to be just like a menagerie of bugs that each of which could cause enormous havoc in their own. Right? And on some level, okay, you go break some software, maybe you can. I mean, what's weird is that we've gotten to this point where in the stock market, if a company gets hacked, mostly the stock barely responds. It goes down like 1 2%. Maybe it's like, oh, it's bad. If you're crowdstrike and you take down the entire world for a couple days, like happened last year, it's like, oh, no, your stock is down a little bit. Please fix it. Like, crypto is not like that crypto. It is another level, the amount of damage that can be caused. Justin, to wrap up the show, just want to get your reaction to what should we expect from Ethereum in a world with Mythos is running around?

Justin Drake (57:55)

Well, in the short term, we're going to be relying on client diversity. So even if there are bugs, generally speaking, they're uncorrelated, meaning there's. They're not the same bugs. Exactly. So client diversity has saved Ethereum multiple times. And this is why we have this perfect 100% uptime record over the last decade. And this is something that's especially valuable right now. But as you said, we're very lucky to have altruistic actors on our side. And ironically, it's possible that AIs, especially once we have formal verification, will do the opposite thing for diversity, which is that it will make it at least much less valuable. So historically, the main reason why we had diversity was to hedge against bugs. But in the future, there will be no need for that. And so we kind of need to rethink the value of diversity. And in my opinion, a big part of that is governance. I also think that because AIs will be able to produce code which has zero bugs. The. The social layer will change quite a bit. So today we have relatively beefy teams, like 10 people teams that are building these clients. In the future it could be two or three people and they would mostly be potentially engaged in building a community, engaging in governance more the mimetic layer or just shepherding the project technically, with the heavy lifting being done by AI, One of the things that Tarun said is that he didn't expect ECDSA to break. There is a potential outcome here where it's not quantum computers that break ecdsa, it's actually AI. And the reason is that AI is becoming extremely good at mathematics and it will soon be better than any human mathematician or all the human mathematicians combined. And it's not implausible that a highly structured object like an elliptic curve could have some sort of mathematical shortcut to solve the discrete log problem. And so part of the rush in some sense is not just to make Ethereum post quantum secure, but it's also to make it post AI secure.

Aseev (60:06)

First time I've ever heard that. It's fascinating, but we are on time, so we have to end. But Justin, maybe we'll bring you back if we ever get a paper about the discrete log problem. It might be a good excuse to do this again. But Justin, thanks for joining us and we'll see you guys. As he turned, shaking his head. We'll see everybody back next week. Week.

Justin Drake (60:25)

Thanks guys. Bye.

Aseev (60:26)

Thanks everyone.