What will Quantum Computing Change?

Episode Transcript
Available transcripts are automatically generated. Complete accuracy is not guaranteed.
(00:00):
All of our systems, every singleone of them, is at risk when
we're in a post quantum world. Most of the classical
cryptography community that deals with certification and key
exchange protocols knows this very well, has been working on

(00:21):
this for years. They already have protocols that
they could use if quantum happentomorrow.
Unlike the foundations and communities that govern most of
the crypto infrastructure, the Bitcoin community is fairly
fragmented and a lot of the big voices are very opinionated.

(00:41):
And so they're the cultural elements is the more I think
important factor in the theorem.It's a technical element that
really makes a big difference. There's so much stack to change.
So you put it all together in these Rd.
Maps seem to be converging somewhere around 2030, where
we're going to have enough logical qubits in play to
threaten our elliptic curve. Welcome to Epicenter, the show

(01:10):
which talks about the technologies, projects and
people driving decentralization and the blockchain revolution.
I'm Sebastien Quito and I'm joined by my Co host Brian
Crane. So today we're speaking with
John Lulick. He's an OG in Ethereum space,
been around for over 10 years. He's previously a consensus, was
part of Polygon and has been talking to Brian and I about

(01:32):
about quantum cryptography and crypto for a little while now.
And so we wanted to get him on on the show to discuss, you
know, his thesis for for quantumand how it it could impact the
crypto industry. And then we'll also have Stefano
Gogiozo, who's a researcher in quantum cryptography.
He's a department lecturer at Oxford and he's the Co founder

(01:52):
of Neville local. They're a company that are
accelerating real world applications in quantum
computing. Hey guys, Thanks for joining us.
Hello, hello, hello. Great to see you.
Guys, yes, pleasure to be here so.
Before we get into the nitty gritty about quantum computing
and how to fix crypto, because Imean, it is a really super
complex topic. And I think like we all have a
little bit of a grasp about likewhat it is and how it works.

(02:14):
But it's, I think, you know, formyself and a lot of people, like
super hard to kind of comprehendwhat quantum computing is and
how different it is from your regular computing and what kind
of applications do you have. But before that, this episode is
brought to you by Gnosis Building the Open Internet one
block at a time. Gnosis was founded in 2015 and
it's grown from 1 of Ethereum's earliest projects into a

(02:35):
powerful ecosystem for open userowned finance.
Nosys is also the team behind products that had become core to
my business and that are so manyothers like Safe and Cow Swap.
At the center is Nosys Chain. It's a low fee layer one with 0
downtime in seven years and secured by over 300,000
validators. It's the foundation for real

(02:56):
world financial applications like Nosys Pay and Circles.
All of this is governed by NosysDow, a community run
organization where anyone with aGNO token can vote on updates,
fund new projects, and even run a validator from home.
So if you're building a Web 3 oryou're just curious about what
financial freedom can look like,start exploring at nosis dot IO.

(03:18):
You know, I want to ask you, John, what got you interested in
quantum computing and what convinced you that this idea of
quantum native finance is something that's interesting
that we should be looking at, that's possibly investable today
and that it's something that will last into the future?
Yeah, no, no, great question. So, you know, it's kind of like,
I mean, we've known each other avery long time and going back

(03:39):
to, you know, the beginning of all this stuff, Ethereum and so
on. And I remember many years ago,
Brian and I were hanging out, I think we're in Germany with
Carson Shtooker and a few other people.
And we were talking about how amazing smart contracts are and
like how everything's going to change, etcetera.
And it was like very exciting and new.
And we were just, I mean, just so happy to die to all this
stuff, right? Fast forward to today, to some

(03:59):
extent, I feel a little bit saturated, almost like, well, at
least in a theory. And what we're trying to do is
just figure out how to re hypothecate things.
And it's not nearly as cutting edge as it felt maybe, you know,
7-8 years ago. And so last summer or last year,
I guess it was late summer, early fall, I met Stefano and
his Co founder Fabrizio and I met a few others.
I call it the special Venn diagram, these folks who are

(04:22):
quantum physicists, computer engineers and crypto natives.
And that's when I had like a mini panic attack, almost like a
existential breakdown moment, when in reality, you know, I
learned that the quantum ecosystem is much more dynamic
than I had realized up to that point.
And I say this all the time. It used to be in the back of my
mind that it's, you know, 40 years away.
It's going to be this gigantic machine that looks like an alien

(04:43):
spaceship that Google builds with the NSA.
And I don't need to worry about things.
But in reality, again, if you look at the ecosystem, there's
of course the big tech companiesand Google and IBM and
Microsoft, etcetera. But then you've got this
tremendously dynamic mixed startup ecosystem.
You've got, you know, Sai Quantum, you've got Ion Q,
you've got so many of these innovative companies, Oxford
Ionics, etcetera. And so you sort of then look at,

(05:07):
let's say, the capital markets or the, you know, venture fund
ecosystem and you've got the biggest sovereign wealth funds,
the smartest capital who have for a very long time been
investing in the space. You know, the UAE, for example,
with their sovereign wealth fundhas been investing in global
foundries for a long time. And then you look at the policy
side of it and it's kind of likeyou got top, let's say, policy
makers, politicians, etcetera, in in top leadership positions,

(05:30):
you know, like Governor Pritzer of Illinois shilling side
quantum all the time. They're building this massive
facility in Illinois and so on, you know, elected officials,
government leaders all over the world and all the major
companies. You look at what's going on in
China, etcetera, and you start to realize that actually this is
super dynamic. There's a ton of capital coming
in. The regulatory and let's say

(05:50):
government will is there. The private sector, both with
big tech companies and with startups is extremely dynamic
and moving very, very quickly. And the researchers are just
tremendous. You meet some of these people
and they're incredible people, very focused on this stuff.
OK, So what does that mean for us?
Well, like in my case and probably many others, you know,
watching this, I mean, to some extent or a large extent, our

(06:12):
life kind of depends on ECDSA, you know, whether it's our asset
base, our career, I mean, even just crypto being a part of your
daily life that you enjoy, you know, participating in this
ecosystem. And that, as it turns out, is a
byproduct of it's a, it's a, it's a target of this like
incredible ecosystem that's advancing.

(06:32):
And I understand there's maybe contentious views on the actual
utility of quantum computing, whether it's in material science
or pharmacy or just making logistics better, etcetera.
I don't think it's so contentious.
But in any case, it doesn't matter because our elliptic
curve that secures everything. And what I mean by that is, you
know, if you know my public key,well you, you're never going to

(06:55):
guess my private key so long as I secure it properly.
But with this technology emerging, then that becomes a
very different, you know, reality, right?
Which is to say, if you do know my public key, you can
potentially crack my private key.
And so putting it all together. And what I like to say also is
you got to look at all the road maps.
Because it is indeed true that the startups have a great

(07:17):
incentive to say things that sound exciting 'cause they're
constantly raising money. But I don't think DARPA has that
incentive or TII, which is kind of like the NSA of the UAE.
The SEC just put out a, a, a pretty significant bulletin.
You look at, you know, BlackRockincreasing or you know,
substantially enhancing their quantum risk disclosure.

(07:39):
I don't think Google or Microsoft has a has a reason to
pump things unnecessarily, NVIDIA etcetera.
So you put it all together and these Rd. maps seem to be
converging somewhere around 2030where we're going to have enough
logical qubits in play to threaten our elliptic curve.
So that's kind of, yeah, the realization I had last last

(08:01):
summer, last fall and Stefano and Fabrizio and every local
really helped me understand a lot of things and and for that
I'm very grateful. Yeah.
I mean, I'm, I'm a bit like you I guess.
But I guess earlier in the in the exploration of this, I mean,
I remember like just having somehigh level thing of like, oh,
quantum computing could break cryptography.
And I remember actually, I thinkI bought some coin ones that was

(08:21):
called quantum resistant Ledger.That was like, you know,
probably like 6 or seven years ago because I was like, oh,
that's and then never heard fromit again until I think I really
spoke with you. Maybe it's worth just explaining
to people that risk very briefly, right?
So the risk of, you know, today,right, people are familiar, they

(08:41):
have a seed phrase, right in many cases.
And then the seed phrase, you can derive a private key from
that. And then with the private key,
right, you can sign a transaction and then the
transaction basically is or the private key is associated with a
public key. And then you can, you can let's
say half sort of, you know, one big point associated with

(09:03):
Republic key move to private key.
You can sign that transaction, say, hey, I want to transfer
that Bitcoin somewhere else. And then someone else can go and
take that transaction and they can cryptographically verify
that, OK, this is really that private key that's associated
with that public key. And you know, that's, that's
what the whole thing relies on, right?
The whole crypto space. So can can you just explain how?

(09:25):
How could quantum computing break this?
Yeah, I mean, the the way I liketo say it is OK, by the grace of
God, if I'm lucky enough tomorrow morning to wake up,
still be alive, two things will be true, right?
The sun will be shining and my Bitcoin or my ETH or whatever
will be secure, provided that I manage the private key in like a
safe fashion. And so for example, you get

(09:46):
crypto steel, you put your seat phrase on something like that
and you put that in an underground vault somewhere in
Switzerland that you know is very hard to access.
And you take safeguards to ensure that your private key or
C phrase is never in any sort ofdigital form that can easily be
stolen from you. Like, you know, people who have
been the past put, I don't know these files in their e-mail, for

(10:07):
example. So as long as you take those
safeguards, then basically tomorrow morning when you wake
up, your Bitcoin will still be there.
However, and, and it'll be very,very, very hard for anyone to
like determine your private key based on your public key, OK?
Even if you take all the classical computing in the world
today, you put it all together, it'll still take billions of
years. And that is the thing that we

(10:29):
rely on. OK, Now what we're talking about
here is basically a massive threat to that security
assumption. That gives us all comfort in the
event that this ecosystem continues to develop to a point
where we have sufficiently powerful enough quantum
computers that can run certain types of algorithms wherein just
with your public key in a very short period of time, maybe on

(10:51):
the order of hours or, you know,minutes or, you know, even less
in the future, again, contingentupon this technology maturing.
And this is like a hard problem.I'm not saying it's a piece of
cake, but but if that state materializes, then you don't
have that comfort anymore. Even if you take very strong
precautions to protect your private key, it can still be
basically calculated by these computers and somebody or some

(11:13):
malicious actor could then get your private key and move your
Bitcoin or ETH or USDT or whatever.
That's as usual, basically just brute force, right?
You'd say like, hey, I'm gonna like get a transaction and then
I'm gonna make up a random private key and I'm gonna create
the sign, the transaction of it.I'm going to check.
Does it verify? And then, well, it probably

(11:35):
doesn't. So I'll try another one.
I'll try another one. Now, normally with a normal
computer this will take like forever, but with a quantum
computer, you could do that fast.
That's kind of the. Idea.
Now that's the issue, correct? We are relying currently on
primitives, cryptographic primitives that are susceptible

(11:55):
to this type of computation, provided that you have a
sufficiently powerful quantum computer.
And that assumption is the thingthat makes us all sleep at night
and gives us the confidence to build a multi trillion dollar
ecosystem. And if that confidence is shaken
or threatened without, you know,us taking the kinds of measures
that we need to take, then exactly what you described is

(12:18):
the problem. So now I'd like to hand it over
to Stefano and maybe let's get some clarity on quantum
computing. What is quantum computing and
how does it enable, you know, basically what John is is
talking about, which is the ability to brute force a private
key in a way that you can't do that with a regular computer.
Yeah. So the the question about the
nature of quantum computing itself is, is quite interesting.

(12:42):
There is a sense in which physicists, fundamental
physicists, would say quantum isthe real way the universe
computes. And it's just that our classical
computing has been built upon anabstraction that is very stable.
So we can have trillions, quadrillions of bits very

(13:03):
cheaply. We can do trillions of
computations per second in our large machines.
And we do this with very little fault.
There's few errors. Errors are very rare unless
you're in hostile environment such as space or under certain
sort of ruggedized conditions. But ordinarily our current

(13:25):
civilization relies on the realization that if you engineer
matter and electricity, so matter and energy to interact in
a certain way, that it's very stable and it can be used to do
a lot of things. That's great.
Underneath it, though, the world, the rules of the universe
are quantum. So quantum is the most

(13:46):
successful physical theory we have, by far the most successful
physical theory. It explains almost everything
that we want to derive. It might be hard to write down
exactly the explanation, but in principle people believe that up
to some details it could be usedto do so.
So really, quantum computing is mostly an engineering effort.
It's pushing our ability to makematter and energy, typically

(14:11):
photons, but there is various ways to do this, do things for
us. It's the original view by the
early fathers of quantum mechanics was that really what
quantum computing does is give us control over reality at its
most fundamental level. So in that sense it's the most

(14:33):
general description of quantum computing is you have very fine
grain control over the way that nature works in some really
small setting, some really low energy settings, superconducting
circuit school, near absolute 0 individual atoms, individual
photons, which enough precision that the noise doesn't run out

(14:54):
the entire computation and makesit useless.
Now what people did over the years, that was the original
view of what quantum computing should do.
And for many years, I think sixties, 70s, people just
thought, OK, one day we might have control over nature and we
will. Do you know what physicists want
to do? We will predict the outcomes of
very complicated physical experiments without having to do

(15:16):
them. In particular, we can understand
chemistry and advanced materials, things that we can't
simulate. And that some people came from
maths and computer science and started realizing that really
some of those fundamental ways that matter evolves can be used
to do some interesting computational tricks.
One of the most famous ones is Shor's algorithm.

(15:38):
Shor's algorithm does not reallyfactor numbers in its entirety.
There is a very specific sub problem of number factory.
Number factoring is considered hard.
It's the basis of RSA, and one of its generalization is the
basis of elliptic curve cryptography.
Which ultimately brings us to crypto.
But really the observation by some very clever people is that

(16:02):
there is a little core inside the problem.
There's one sub routine which relies on a specific property of
numbers, of national numbers, the way they multiply.
And if you could do a certain kind of Fourier transforms, the
same that we use to change and clean up signals.
It's what this podcast will use to clear up our voice track.

(16:26):
In the end, a very basic piece of technology, but if we can do
some of it fast, exponentially faster, then we could factor
numbers real easily. And it turns out that quantum
computers are very good at doingthat.
It's part of the natural evolution of quantum systems.
To be able to perform some of these transformations, you put
them in the right configuration,and by themselves they would do

(16:46):
it. As long as you can control the
revolution without too much choice, then that's what the
machine does. And this observation was then
turned into a larger algorithm that can factor numbers, very
large numbers with thousands of digits.
That's Shor's algorithm, and then derived algorithms that
actually factor points on elliptic curves, which are the
algorithms that give us quantum risk today.

(17:06):
So ultimately, like quantum computing is just about
controlling physics, which is a fantastic endeavour in itself.
One of the byproducts, and I think by far the least
commercially interesting to these companies, they really
don't. I mean they say they use it as a
benchmark quantum computing manufacturers, but that's not
really a product they will sell.They're not going to go and say

(17:27):
here I'm going to factor some large numbers for you.
They want to sell chemistry applications, materials
applications, pharmaceuticals applications, optimization in
some cases. But one of the byproducts that
was discovered in the 90s is that indeed you can use it to
break the primitives that we usefor all of our cryptography
today. And maybe we can go into the
specifics of why this is relevant to crypto in in a

(17:49):
follow up question. Yeah, yeah, we definitely want
to go into that in in a bit. But I would love if you could
expand a bit more on, you know, you mentioned like material
chemical. I am like lots of different,
like, let's say this quantum computing, you know, it comes
about, what do you think the impact is going to be on the

(18:09):
world? And you know, maybe in five
years, 10 years, 20 years and, and on different, different
areas of society, like how, how will normal people feel about
the world so different now all of a sudden because like quantum
has like just changed things. There are many fields.
I think it's worth making a distinction between quantum

(18:30):
computing, which today really means universal quantum
computing, which is a huge multilike multi $100 billion field
that has been developed for the past 10-15 years.
And quantum cryptography, which is a younger field that is
currently in its early phases, even though some of the
companies have recently exited for a few 100 million valuation.

(18:53):
So that's, that is already quitea lot of investment.
But I would say in terms of whatwe could do there, it's we're
still quite early on. So going to quantum computing,
which is what most people talk about these days, there are
maybe 3 or 4 major areas if applicability that would bring a
direct impact on people's lives.It's not going to be in 20-30,

(19:15):
it may be in 20352040. It really depends on how quickly
they can reach the correct scale.
They are applications. It used to be that they some of
these companies sold applications in terms of
enhancing AI and enhancing optimization.
That was the big hype in like the early twenty 20s.
That is no longer believed to bethe primary revenue stream for

(19:38):
many of these companies because optimization problems, to be
competitive with current classical optimization
techniques, require hundreds of thousands of cubits, logical 10s
of thousands of logical cubits. The number of variables that
you'd have in one of these problem solution techniques that
we use today would have to map essentially to qubits.
And that is that's a scaling that would take a while.

(20:02):
In terms of AI, there used to bea speculative belief that there
could be an advantage in using quantum systems for quantum AI,
and that's been scaled back a couple of years ago.
There's results that say that, yes, but mostly for physics
problems, not for general purpose problems.
And also we are literally in theAI boom.
We have like trillion dollars indata centers being built on a

(20:25):
weekly basis and it's very hard for quantum computing to compete
with that in the short term. Maybe in the long term it will,
but in the short term that's that's difficult.
Where it really seems that quantum computing will have a
direct immediate impact is applications where you are
trying to simulate some complicated physical system that
doesn't quite simplify well withexisting techniques.

(20:49):
So if you want to do material science today or advanced
chemistry today on fairly large atoms or fairly large molecules,
think nuclear chemistry. Nuclear chemistry involves
really complicated atoms. They are very heavy.
They have lots of electrons. They get to the point where the
electrons behave relativistically.
You need to take into account the fact that there's so much

(21:10):
energy concentrated in the atom and they're so fast.
The quantum computing revolutionin that sector will be having
machines that are are able to just reproduce a physical
system. You make like a digital twin of
a quantum system, and then you configure the machine to evolve
the system like it would in reallife under real conditions, more

(21:32):
slowly, typically because you want to observe it or you want
to ask certain questions about the evolution, like it's energy,
like the strength of certain bonds, but you can reproduce.
It's like a lab simulation, but it's a simulation that doesn't
incur an exponential slowdown because it's made of the same
matter The slowdown is there's afactor, of course it's slower

(21:53):
because it's the machine you need to control it.
It has fewer degrees of freedom,but it's not exponentially
slower. And this is what it will really
make a difference when you have large molecules and you want to
study interesting quantum effects that make them activate
in an unexpected way, say metal organic frameworks in carbo
capture. That was one of the early
examples people wanted to study.That's something that quantum

(22:15):
computers with sufficient degrees of freedom could do with
it. And so that's where I think most
of the money will go in the early days because they don't
require 10s of thousands of logical qubits.
Even if you have a few thousand good logical degrees of freedom,
that is so much more than we cansimulate with our classical
techniques that it will already enable us to do more chemistry,
more materials, more, more medicine.

(22:38):
So that's, I think that's what it will have the earliest
impact, but it's not going to besomething you're going to have
on your desk anytime soon. Can you explain what is a qubit
and a logical qubit? Think that distinction needs
some clarity? Yeah, I think that's one of the
big controversial points in in corporate announcements these
days is the how many logical qubits do we have?

(23:01):
There are obstructions maybe that it's worth starting with
that there's no such thing as a qubit, but in there's no such
thing as is a qubit in the same way as there is no such thing as
a bit, right? There's not one bit.
There are many technologies thatwhen obstructed a certain way,
give you something that behaves as a bit.
Typically you need some some physical system that has two
well defined States and you haveto have some way of moving it

(23:24):
between the states, putting manyof the systems together and
change them together. That's how bits work.
Like you have many technologies that implement them and all you
need are some basic requirements.
Similarly a qubit is an abstraction.
Quantum systems have a lot more degrees of freedom, but what you
do is you take a system which has 2° of freedom, like 2
sufficiently separated energy levels or a photon that has like

(23:49):
polarization in two orthogonal directions, something like that.
And as long as you can modify those degrees of freedom in a
practical way, and that's where all these technologies come into
play, not everything is easy to change.
Then you have a cubit, like a cubit is a physical system with
two sufficiently well defined states which you can modify at a

(24:09):
quantum level. So without making it collapse
into one of the two states, but maintaining the all the various
other states that are physicallypossible.
They're called superpositions typically.
So that's really the physical side of things.
And I think most people in quantum computing or quantum
information are happy to leave that to the hardware people.

(24:31):
Like somebody comes up with a new idea for quantum hardware,
the first thing they do is tell you how to build qubits and how
to perform certain basic operations on qubits.
And then everybody else uses that as the basic of structure
layer and builds on top of it. So there is really like the
hardware people deal with makingthe like secret sauce, the basic

(24:52):
building blocks. And then people build algorithms
on top of that. But then there's the question of
are these qubits sufficiently stable?
Can you modify them without introducing too much noise,
without losing too many of them?If their photos, photos are
hard. I mean, photos are great because
they travel for really long distances without interacting
with anything else, right? We have photos from 13 billion

(25:13):
years ago. We have photos from the time of
loss scattering in the universe.And we, we still see them as
they were, but they're very hardto catch and they're very hard
to do operations on because theytravel very fast.
And so every, there's always a challenge.
All of these architectures are acompromise between how many
operations you can do, what kindof error rate you get and, and
so on. If you want to get from, you

(25:35):
have your, let's say you have your Google chip, right?
It has a bunch of qubits on it. The hardware people made them
and there's maybe 100 or 200 of them, and they're very noisy,
like the operations very quicklydisturb them After a few dozen
operations, you lose pretty muchevery information.
After a few 100 operations or even a few thousand, that's not

(25:56):
enough to do anything useful. And So what you do is you say,
OK, can I take all of these like100 qubits and take a slice
across their space that's robustto noise.
Like I create an error correction code, but a quantum
1. So I don't just check for the
errors. I really try to look at the
whole space of these 100 qubits that has two to the 100

(26:16):
dimensions. It's humongous.
And I try to find a 2 dimensional slice, so a tiny,
tiny slice which is really robust to noise, where I can
easily correct errors. I can bring the states back to
this lies very effectively. And this is the foundation of
quantum error correction. And one of the key results in
quantum error correction is thatthe moment that you hit a

(26:36):
minimum threshold of accuracy, so you your operations go below
a certain error rate, then errorcorrection starts improving
itself. So there is a point at which if
your error is higher than this threshold, then the error
correction procedure introduces more errors than it can correct,
and so it will ultimately fail. And there's, if you're below

(26:58):
this threshold, then the error correction will remove more
errors than it itself introduces.
And so you can just make your computation longer and correct
errors forever. It's called the threshold
theorem. And this is the basis really of
quantum error correction. Now this is what Google trusted
when they say that they almost got 1 logical qubit.
What they mean is that they are close enough to the threshold

(27:20):
with their hardware that soon, Imean a year, 2 years, but soon
enough they will be able to perform correction faster than
errors accumulate. But there are other ways of
making these error correction codes, and some of them don't
really correct all the errors. But maybe you have 30 physical
qubits and you have a code that corrects 5 errors out of 30.

(27:42):
That makes it look like you have30 logical qubits or 25 logical
qubits. But really you don't.
Not in the same sense as the Google qubits too.
And so there's a lot of subtleties in how people count
this. The real question is ultimately,
can you make these logical qubits, these sort of error
corrected abstractions in such away that they individually

(28:03):
behave as single qubits would with no error or exponentially
small errors. When the answer to that becomes
yes, that's when you get the logical qubits that are
considered in these Shor's algorithm estimates.
So people say, how many logical qubits do I need to run Shor's
algorithm? The answer is typically a few
thousand. And then you have to think, OK,

(28:26):
a few 1000 logical qubits reallymean a few hundreds of thousands
if it's one to 100, a few million if it's one to 1000,
really depends on the architecture.
But you have to multiply by somelarge factor to estimate how
many physical qubits these companies have to manufacture
before they can run this kind ofschemes.
And then there are some additional improvements that

(28:46):
people have made over time. You can connect smaller modules
and the way that these qubits are put together can be made
more performing than just building a large chip.
All in all, the the strategy is always trying to figure out, can
I build enough physical qubits such that they have a
sufficiently low noise and I take enough of them together and
I can collapse them into fewer logical qubits.

(29:09):
But they're really, really good,yeah.
This is one of the things I say for, you know, us regular kind
of crypto ugents who are, you know, thinking about this stuff.
There's certain checkpoints, things you look for, OK, error
correction is one of them. The Google Willow news was
really big. I don't know that everybody
really understood it. Stefano explains her very
elegantly. But when we get to that point,

(29:30):
that is one of the key requirements.
And I think it's going to be oneof the massive accelerators of
our ecosystem really waking up. I mean, it's a critical
component and everybody's working on it, so.
John, earlier, you know, we weretalking about the, the state of
quantum readiness in the crypto space.
Like by your estimation, what does that look like?
How many projects are taking quantum seriously in order to

(29:53):
prevent some of these, these attack services that we, that
we, that you described earlier? And yeah, what's your, what's
your sense of, you know, how this, how this space is treating
or addressing this issue? Well, let me preface by saying I
have a tremendous amount of respect for all the researchers,
Ethereum Foundation, Solana, everywhere near, etcetera.
I think those are wonderful people.
However, in my opinion, just my opinion, but I think we're in a

(30:16):
woeful state and I'll give you some concrete examples on the
Ethereum side, you know, the whole vertical program just got
cancelled not too long ago. And actually Stefano and
Fabrizio, Stefano's partner for many years was, you know,
telling these guys, hey, you're going to have to redo the
plumbing eventually. They figured it out.
But you know, after however manyyears, however much money and

(30:38):
more importantly, precious research, you know, researcher
time. So even just getting blockchain
networks and ecosystems to understand this risk, take it
seriously and invest accordinglyU to this point, I don't think
that's happened to to sufficientscale, not even close.
We are starting to see some early indications.

(30:59):
Let me give you another sort of simple example, and this is just
my, you know, dummy D Gen. math here.
But let's say we have a $3 trillion ecosystem.
Let's say you ascribe a 1% chance to, I don't know, the ion
Q road map being accurate, whichcalls for 2500 logical qubits in
2028. And let's assume that results in
100% loss or close to it, OK, interms of crypto market cap,

(31:24):
because I think that if confidence is shaken in our
elliptic curve, you know, capital is going to flee very
quickly, OK? Rationally, you sort of take 3
trillion * 1% * 100% loss. We should be spending 30 billion
a year right now on this, OK? We're not spending anything.
You look at, for example, Bitcoin and there's a guy named

(31:44):
Hunter Beast, great guy of lot of respect for him and he's
leading the BIP 360 initiative. And you know, a few other people
as well in the mix, you look at a guy like Jameson Lopp.
Jameson Lopp, I like to say is the most constructively correct
Bitcoiner I know. I mean, he's technical, he's
rigid, he focuses on security. I mean, he's a great Bitcoin

(32:05):
ambassador and he's come out over the last few months, you
know, at conferences and so on, surfacing the risk and I think
talking about it in a very articulate and truthful manner.
And you know, it's no his, it's no secret, right?
I've had lots of fights with pixel Bitcoin maximalist over
the years, but a lot of Bitcoin maximalists have turned into
like fundamentalists where everything is a scam and they

(32:25):
just reject everything. And I understand there's utility
in that. I mean, it's it can be an
important thing because, you know, you just sort of hold your
Bitcoin and you don't get duped into like rug poles with all
these other meme coins and so on.
So I get that. But when you just outright
reject everything, including like these technological like
innovations where basically you call physicists and serious

(32:47):
people grifters, what happens isit lowers the rating is
potential for Bitcoin itself as a community to accept what's
going on and take it seriously. And so, you know, there is a
political or let's say, community based component to
this because it's not like banks, Oregon financial
institutions where I mean, they can upgrade in a much, let's

(33:07):
say, more simplified path because they don't have
decentralization, they don't have coordination problems like
we do or coordination costs. So even getting communities to
wake up to this is, is hard and has been hard.
There is some, let's say, progress recently.
And then when you get even deeper into it and you sort of
dig through all of their Rd. maps and implementations and
current, you know, working groups and so on, there's very

(33:29):
little, I have to give credit tothe Ethereum Foundation that
just had an event in Cambridge. I, I tweeted about it and stuff
and it was really excellent. Vitalik, you know, is signalling
their intention to be quantum ready.
Justin Drake and some others, Antonio who leads the Ethereum
Foundation as as their lead quantum researcher.
Wonderful guy by the way. So there there's things

(33:51):
happening there on the Solana side, as far as I understand.
I talked to Matt Zorg, great guy, VP of technology.
They're they're prioritizing BLS.
My understanding the current state is very hard or not really
knowing how to aggravate post quantum signatures, certainly
not at the scale that they wouldneed and BLS in any case would
need to be redone. I can understand and why they're
going in that direction now in terms of performance and

(34:13):
obviously that's Solana's edge. But if you have to then redo the
plumbing a couple few years fromnow and at the same time the
point Stefano just made about error correction, we start to
see these headlines coming in oflike these, you know, tremendous
innovations. You then have to pivot very
quickly. And the problem there is you
would have lost precious time. And you go down the line.

(34:35):
And, you know, I mean, not to denigrate Justin Sun in any way
or anything like that. I mean, I think he's a great
businessman. But like, Tron isn't exactly a
bastion of technological innovation.
Exactly. And yet it hosts, what, $100
billion worth of stable coins and so on, right.
So the problem is quite complex.You look at Etherium and this is
the analog I like to use as far as our L2 ecosystem, you know,

(34:59):
path. I mean, when when we launched
Etherium, it was 1024 shards of the L1, we're going to have this
world computer and so on. But the reality is that proved
to be very hard. And then a couple few years
later we get, you know, maybe 1 Shard and now this kind of like
L2 ecosystem and so on. And even that's taken 7 or 8
years. And there's a lot of controversy
around how efficient, you know, that technological kind of
delivery challenge has been executed against.

(35:21):
OK. So this is hard.
It's complex. It requires users to take
action. It requires a lot of social
coordination across multiple networks.
And I say this, that we're all in it together.
You look at Bitcoin, most Bitcoin price discovery is
against stablecoin pairs. Like, not a lot of USD is
actually traded against Bitcoin.Where do all those stablecoins
live? They live on other networks.
So it's all intertwined. And I think when you look at it

(35:44):
in aggregate, you know, our ecosystem is just that the
genesis of taking this seriously, woefully under
invested in this space. And you know, half of the people
in our communities think this isall a grift and a scam.
So I'm not super optimistic at the moment to be perfectly
honest with respect to our quantum readiness.

(36:04):
So. Let's just, I mean this scenario
we talked about beforehand, right?
Where basically someone can calculate, you know, someone who
doesn't have your private keys can create a transaction to
basically move your bitcoins to somewhere else, right, to their
own address. And now I mean that of course, I
mean seems to I, I guess there would really be a kind of a flip

(36:27):
right where like from one day tothe next, basically the entire
network becomes like untrustworthy, right?
Because like someone could move all of like Satoshi's coins and
your coins and my coin and why is anyone going to buy any
Bitcoin then if they can just betaking in a way again, right?
Like, of course, that also brings up the question, oh,
like, how can you benefit from that as an attacker?

(36:48):
Well, probably the best way would be just a short Bitcoin,
right? If you could go like very short
Bitcoin on some like traditionalfinancial system options, short
the ETF or something, I guess I don't know because like stealing
the Bitcoin is kind of pointlessnow.
Depends if you're caught. Right.

(37:08):
It depends if you're caught. Right, If you of course, if
you're early, right, like let's say you, you, you have the keys
beforehand and you can steal some and you can sell it and you
can do it before people realize what's going on.
Then then maybe there's a high Yeah.
And you could, you could probably do some sort of data
analysis, right? That you're going to go try to

(37:31):
steal some that people hopefullywill not realize that there's
because they're not paying attention.
I mean, of course you get asked to Toshi's coin, although people
will watch that. Yeah, I think that's that's what
you say when. OK, I think John is is also sold
on this scenario. You wouldn't move them

(37:51):
immediately. You you do this in a secret way.
You do it on coins that have notbeen moved for a while.
Probably nobody would notice andit would be one of those news a
whale finally decided to move their Bitcoin.
Is it quantum? Is it not quantum?
Do we know? I'm not sure people would
immediately suspect it. And you could go on for quite a

(38:13):
while and you could make quite alot of money outside of the
ecosystem in the meantime and then?
You could really go with this, right?
Because I mean, maybe you think no one is noticing, but then
like, you don't really know, right?
And then it's pretty quick. I mean it.
Well, let me, let me, let me paint you another picture in
terms of a state actor. And I wrote this article.

(38:35):
It's an open letter to JD Bands.I'm sure he'll never see it.
He was at the Bitcoin Vegas conference.
He said, OK, putting Bitcoin into the US economy with all
these ETFs and all these financial products is an
advantage over China because they're not doing it.
And China's never going to embrace Bitcoin and crypto
because they're afraid of capital flight and they have
these control mechanisms. OK, I accept that is generally
true. However, if you accept the

(38:56):
potential for let's say, anotherbig pump in our ecosystem, we
get to 10/15/20 trillion. Now there's so much, so many
trillions leveraged into the US economy with Bitcoin as the
underlying with all these stablecoins, etcetera.
For a state actor, Bitcoin becomes a military target.
Now here's the thing, Bitcoin will not, in my opinion, warrant
a military response or any kind of detente.

(39:19):
OK, you don't send a nuke into the US 'cause you can be sure
they're going to send 1000 back at you.
So there's a detente and nuclearattacks don't happen for that
reason. Bitcoin is not like the CIA,
it's not the Federal Reserve, nobody owns it.
And so it becomes the perfect military target in that
scenario. As a state actor, what you're
attempting to do is 'cause damage into your rival or

(39:40):
adversaries economic system and if we have trillions leverage
into our system and now Satoshi's coins.
So this is an example of wantingto do a quantum attack, not
necessarily to profit, but to cause maximum, let's say,
cascading waves of liquidations and so on.
And in order to cause economic damage.
I can imagine a certain scenariowhere, you know, the PLA assigns

(40:02):
their quantum cloud to the Lazarus Group, who obviously,
you know, has been very adept atcrypto hacks for a long time now
for this purpose. Moreover, when you look at other
networks, Etherium hosts all thestable coins.
Excuse me, Etherium is a nonprofit foundation in
Switzerland. OK, Switzerland is not going to
go to war with China or North Korea or anybody else over an
attack. To that kind of an entity, same

(40:25):
thing with Solana and so many ofthese other things which are
constructed as offshore nonprofit foundations, OK.
There is no Detente element to, you know, basically preventing
an adversary from causing economic damage as we continue
to lever up the stuff into our economy.
And no question, I think if the capability becomes available,

(40:45):
people will use it, I mean for whatever motivations they have.
But is there, I mean, what is the way to deal with this?
Can you can you somehow upgrade let's say Bitcoin or Ethereum to
prevent that risk? And how would?
Some of it, some of it the the reality is that some of the risk

(41:05):
comes from attacking addresses and getting, you know,
compromising the part of the stack that's the cryptographic
at the station. That's where you sign
transactions. That's where you sign operations
on smart contracts. That can be fixed because what's
happened until now is recorded on the Ledger and as long as we

(41:26):
switch to quantum resistant cryptography, we can prevent it
from happening in the future. There are challenges there which
we can discuss. It's not a straightforward as
changing the public certification stack that we rely
on for Internet or or any of oursecure transactions.
Although that's also non trivial, but people have talked

(41:47):
more about it because. Crypto is like.
No, sorry. Yes.
Oh yeah, OK. This is not crypto.
This is everything like you connect to a website, you use
HTTPS. That's how these days you rely
on the fact that there's not going to be somebody in the
middle altering your transmission.

(42:09):
Now once there's the initial phase really of the of the
communication, which is where you establish A symmetric key,
that is done by using certificates.
So things that rely on public key cryptography that are
quantum weak. If you get into that stage, then
that's it. You can play like you can play
replays, you can put yourself inthe middle of a conversation and

(42:30):
pretend to be both parts. You can do whatever you want.
Our entire technology relies on this.
Updates to Windows rely on this.Updates to anything actually
rely on this. Signatures are like digital
certificates and the chain of certifications that we have
created are the basics for the entire world communication
network. And so that's all week.

(42:53):
So why are it's easy to think it's crypto?
I mean, it's a when, when John and I were talking about this a
couple of weeks ago, my argumentwas that like, you know, crypto
in, in comparison to everything else that can be impacted by
this is such a minuscule kind ofpart of the economy that that
effects a minuscule portion of the population.

(43:14):
When in reality, it's like all of our systems, every single one
of them, is at risk. When, when when when A post
quantum world? Yeah.
But if you think about it from like let's say wealth
perspective first of all, right.And I mean, I guess a lot of
people here, probably a lot of people listening, right, they
will have a lot, lot of their assets in in crypto.

(43:36):
So if that just gets wiped out to zero, well, that's pretty
significant event. It is pretty significant, but I
mean, I got like chaos in the streets starts happening much
earlier when like everyone's bank accounts don't work right
Or like you see what I'm saying?Like, I mean, there's like much
more visible kind of risks to the entire global economy with

(43:59):
very little functions. For most people, if their coins
are gone. Right, I think.
But the reality is that there's really three, well, 2 main
reasons why this is different. The main one, the really big 1,
is a cultural one, or political I, I don't know how we want to
call it, but let's say cultural.Most of the cryptography
classical cryptography communitythat deals with certification

(44:23):
and key exchange protocols knowsthis very well, has been working
on this for years. They already have protocols that
they could use. If Quantum happened tomorrow,
they would be able to deploy thechanges to the browsers.
They're already experimental features of some of the major
browsers. You can enable it yourself if

(44:43):
you want to try it. They wouldn't incur a huge
computational cost, blah blah blah blah blah.
There's a lot of things that they've already done.
Unlike the foundations and communities that govern most of
the crypt infrastructure, the older, more traditional Web 2
infrastructure, let's say, is handled by people that already
took this very seriously and already like plugged the holes

(45:06):
to some extent. It will be problematic if it
happened from one day to the next, but you have centralized
authorities, you have banks thatwould just refuse to transact
for a day or something like that.
But really, too OK, this is a cultural problem.
We could solve it tomorrow. We could all agree that quantum
risk is real, and tomorrow we dosomething.

(45:28):
What do we do? How do we switch the
cryptographic primitives used byweb tree?
Because web 3, unlike web 2, made its most of it.
Maybe not its entire fortune, but most of it from very clever
new applications of cryptography.
Some of these are really really sophisticated, like it's
elliptic curve cryptography. Used to do lots of fancy stuff

(45:50):
like 0 knowledge proofs. Now not not all of them are ECC
based, but some nice ones are. We built an economy on advanced
cryptography and therefore there's a lot of primitives that
people from outside web tree don't really care about it, like
they've not worked on it becausethey don't need them.
And so it's up to the chase thatuse them to figure out how

(46:13):
they're going to replace them ina quantum resistant way.
This is what the Cambridge workshop for the Ethereum
Foundation was about. It was figuring out which parts
of the stack need changing. What are the candidates and how
we can do it in a way that makeseverybody happy?
And so even if everybody suddenly believed that quantum
risk is real and they understoodthe potential impact on the

(46:34):
economy, even if they all agreedto do something, which is super
hard because the entire point ofthe centralization is that there
are so many different voices andso many different opinions that
have to sort of coalesce for something to happen.
Even then, it would be challenging to change some of
the infrastructure. But for example, for Bitcoin,
most of the risk is in one place.

(46:55):
It's in the at the station part,it's in the signatures.
We could agree to pick one of the new schemes and that might
be relatively easy. There are there are various
mitigations and there are proposals that have been put
forward that are really well studied that would fix this in
one way or another. But the problem there is the
Bitcoin community is fairly fragmented and a lot of the big

(47:20):
voices are very opinionated. And so they're the cultural
elements is the more I think important factor in Ethereum.
It's a technical element that really makes a big difference.
There's so much stack to change.So my question here, so let's
say if you look at Bitcoin, so it's what will be needed that,

(47:41):
you know, the core developer make some changes to the Bitcoin
protocol and maybe the wallets and the miners obviously have to
like switching new software, something like that.
Or is it something where, you know, you didn't also need to
have, you know, the individual Bitcoin holders, you know, kind
of take action and, and like, let's say, for example, transfer
their coins to, you know, some kind of new accounts that are

(48:08):
now quantum proof? Yeah, you'd have to depends on
the proposal. There are proposals that are
less invasive, but to some extent at least some of the
users would have to make active migration.
That is the biggest of it. Actively migrate.
And if you can steal the coins of those who don't actively
migrate. I mean, that's like almost

(48:29):
impossible. How do you like imagine it from
from the point of view of how the game would look, you
changed. Let's say that everybody agrees
we have some new system. However, it is some new system
that we put in place at some point.
We fork Bitcoin, we patch Bitcoin, everybody migrates.

(48:49):
Now we have a new authenticationsystem.
There's a new cryptographic at the station that is quantum
secure contour resistant. How do you make sure that you
migrate the wallet contents fromthe old system to the new
system? Whatever you do, somehow each
wallet owner has to establish that they are the owner of the

(49:13):
new system. Now for many of the accounts,
this is doable by relying on something which is already
quantum resistant. For example, the derivation of
the private key for many modern wallets comes from a seat
phrase, and you can build proofsthat you know the seat phrase
coming up. Like going back to the seat

(49:35):
phrase from even the private keyis hard.
And so in some derivation branches, but they, they exist,
people use them. And so you could in principle
say, OK, if you want access to your funds again after the fork,
you produce a proof that you knew the, that you knew the seat
phrase without revealing the seat phrase because that would
break the security of your account.

(49:57):
Some proposals exist. I, I think Vitalik backed one
some time ago for Etherium that would do something like this.
That's fine, except for the earlier accounts that we're not
based on this particular mechanism.
And for those, what do you do? Do you freeze them?
Do you return the coins to the ecosystem?

(50:17):
Some of those may legitimately be dead and never used, and so
taking them out of circulation might be a way to handle it.
The threat that they would have to be burned might be enough to
push the original owners to do the migration.
But at the same time, for some of these people, revealing that
they are the owners of those coins is a problem.

(50:40):
And they do have a private voicein the process.
And they might just oppose it. Or there's just the legitimate
concern that this might fail in some way, or it might impact
some people too heavily that have a stake but not a visible
one in how the ecosystem is updated.
So it's it's challenging. At some point something needs to
be done to link the old, the oldproof to the new proof, because

(51:02):
the proof has changed. And anybody, otherwise anybody
who has a quantum computer couldjust say, oh, yes, I am, I am
Satoshi. Hello.
Now, probably that wouldn't be believed or it would be subject
to huge scrutiny. But there are many such cases.
Not a huge majority, not even, Idon't think it's a large
minority even, but enough that we are still discussing how to

(51:26):
do this. There is a privacy component to
this as well that I think I certainly didn't realize.
And it's this idea that you, youcan harvest large amounts of
encrypted data, doesn't have to be crypto.
It could be anything. It could be your signal chats,
could be your, you know, encrypted vaults on cloud
storage and that when quantum computing is here that we'll be

(51:48):
able to decrypt those. And John, you've, you've talked
about allegedly governments and and sort of the nation states
acquiring and harvesting tons ofencrypted data for potential
decryption later. How big is this threat and what
do we know about it actually happening right now?

(52:08):
Well, that's a great question. So let me start by saying I'm a
big fan of Monero and Z cash andyou know Zuko and and so on and
all those communities. OK, I had a conversation on
Twitter with fluffy Pony recently.
I guess he goes by just Ricardo now, but I was thinking of as
fluffy Pony great guy. And I asked him point blank and
to his credit, he was very upfront.
They have a road map OK for postquantum.

(52:30):
However, it cannot account for the past.
OK, so if you are using Monero today, it's broken, in other
words, and I'm not saying look, privacy is normal.
I'm not saying it's not. I'm saying that it's also easy
to infer that probably some people are using, you know,
something like Monero in an illicit way.
And it's no fact, it's no secret.
I mean, this isn't me saying anything controversial, but the

(52:51):
Dark Mark is favoring Monero. So anyone who's using it right
now for anything illicit, the tax avoidance, selling drugs,
whatever, they don't have a way to obfuscate the past, meaning
that in the future when they go post quantum, the past can be
ultimately revealed. OK, so in a sense, Manero's
already broken from that standpoint.
And, and this is coming straightfrom Fluffy Pony.

(53:12):
I mean, he tweeted at me and I could, I could send you guys a
link later and I read their stuff and everything and they
have a great road map and so on.But this is an issue, right?
So basically it's very simple. All of the encrypted
communications, transactions, etcetera happening now, which
are indeed currently safe and secure that can be harvested.
And I'm certain, I mean, I thinkit's preposterous to think it's

(53:34):
not being harvested and then later it can be unlocked and
revealed. OK.
So that is a big problem that currently exists.
I think specifically as it relates to the scenario I just
described for certain kinds of transactions.
I'm not sure that people understand this issue yet, but
that is another kind of meta that I think will enter into the

(53:55):
ecosystem at one point in the not too distant future.
I mean, if I can add one more point to that, this is a
problem. Again, it's useful to compare
the issues we have in Web three with the issues that exist in
the broader economy, in the broader Internet, in in Web 2
technologies in what we use today for everything.
It is a fact, an established fact, a certain large government

(54:18):
organizations have been harvesting lots of data, but
that's mostly data that's in transit.
And so while it is easy to harvest to some extent for
somebody who is really tapped into most of the global notes,
it is not necessarily easy to harvest it in such a way that
you have all of the pieces that are necessary to ultimately
decrypted. We've been using sort of forward

(54:39):
secrecy for a while in classic Web 2 communications.
There's this problem has been known for decades.
It wasn't patched immediately, but it was patched a while ago.
There's also a lot of private data though, and that private
data is technically somewhere some data center at if you're a

(55:03):
bigger government organization, perhaps you can compel the
company to give it to you, perhaps you can't.
Some of these companies are compliant.
Other companies make it businesspoint to not be compliant and so
they will try their done. It's best not to make that data
available in such a way that it can be easy to decrypt.
There's a challenge. There's a cost associated to
doing this at scale. In classical infrastructure, we

(55:24):
built an entire ecosystem where we keep all of our data on a
large database that's distributed across 10s of
thousands of nodes for the very purpose of making it available
to everybody at all times. It's literally the way we
structured our application C webtree that anybody can get the
whole history of Monero from thevery start.

(55:46):
In fact, they have to if they want to run a full node from the
very start and they can just, you know, keep it.
All they have to do is ask someone else who has it and they
will get it. So it's very easy.
If you have a quantum computer and you're a private company and
you're not, let's say a large government organization, it's
really easy to at least do this.You can very much take

(56:09):
sufficiently powerful computer, 1015 of them.
You run a full node for each oneof the 15 biggest things and
then you keep it synced. That's all you have to do.
You keep them in like a small warehouse for the next 5-10
years. And when you have access to
quantum computing capabilities, you start decrypting from the
start. And most of that will probably
be useless. It's just people who wanted

(56:30):
privacy in their transactions ortheir communications and not all
of it. Some of it will be criminal.
John correctly says there. Some of these technologies have
been used for illicit transactions to various degrees,
like not everything is arrangingassassinations.
There's also some like, milder cases of tax optimization, let's

(56:53):
call it. Let's take this the least
problematic 1 is still interesting to governments
because they're like, OK, yeah, this person is not going to go
to jail, but we're simply going to send them a bill for the
money that they haven't paid yet.
And there's a revenue in that they might be like willing to
pay a private company to providethis data.
But more interestingly, these platforms are used by people who

(57:14):
don't trust traditional infrastructure because not
because they're doing something illicit per SE, but because
they're doing something which isnot OK with the current
government or with other governments they might be
exposed to. So think activists, think
resistant groups. We have a few active conflicts
in the world. Some of these people coordinate

(57:36):
through encrypted channels that rely on liptic cryptography.
Some of the information exchangewill be relevant in five years
or even in 10 years. And so that information is
already broken. If you are a previously focused
application today and you settleyour services as privacy basal
elliptic curve cryptography, I mean, you're putting some people
in danger, significant danger ifthe information has to remain

(57:57):
private for sufficiently long. We don't know how long, right?
We don't really know if Psych Quantum has quantum computers
today. They don't have public machines,
but they did start building fabrication centers.
They have their fabs. So exactly how far can they
possibly be with the investment they have?
Maybe they will not get there. Maybe they've already gotten

(58:19):
there. The point is, you might not know
for a really long time. Yeah, when I was, you know,
after I spoke with John in in Cannes and afterwards I
mentioned it to a few people, right, sort of in the next day,
you know, what about quantum? What do you think about the
quantum rest? Like talked a little bit about

(58:40):
the conversation, you know, kindof, you know, technical L1
founder, so a bunch of people who are like, you know, sort of
that very technical key crypto people.
And and I think that the most common response we got about was
like basically, and you know, I remember John, you were saying

(59:01):
like, well, it could be like 2028, right?
Like it like a few year or maybe20-30, but like it was close,
right? So I think the most common
response I got was again, yeah, I'm aware of quantum and I know
it's a problem and then I know it will come.
But like it's way further away, right?
It's more like, you know, 2035 or like it's, it's basically far

(59:25):
enough away that like I don't really have to worry about it
now. I guess that is like really the
crux of the question, right? Because if it is 2028 pretty
close right now. I remember actually, you know, I
think you John was saying like, well, I don't really want to
invest in anything where I'm going to be locked up for four

(59:45):
years, right? Because like that might be, you
know, my mean you're going to belocked up when when sort of that
happens. So yeah, I would love to get
your takes on on this timeline. Like what do you guys personally
think is likely? And and how wide is the range

(01:00:07):
here in terms of opinions that the experts have?
Well, maybe I'll give market oriented answer and and Stefano
can give you a much more detailed answer.
But OK. One of the things I say is in my
opinion quantum readiness will be one of the most bullish
indicators of price going forward.
So if you're an L1 founder or community, there is a tremendous

(01:00:29):
incentive in my opinion to signal quantum readiness and
indeed, so here's the scenario. Ethereum is quantum ready,
Solana is not. Two years from now, some big
news comes out of a breakthroughand smart capital allocators.
You know, you look at a guy likeGivgani, Gachberg, RE-7, you
look at Gauntlet, etcetera. They're deploying hundreds of

(01:00:50):
1,000,000 billions of stable coins in the Defy and generating
yield and building great businesses.
This is smart money. They're going to look at
something like that and they already are starting to pay
attention to the stuff and they're going to say, OK, all
the TVL we have on Solana put that on Ethereum even though we
don't have. One that that relies on that two
year. I mean, the the thing of quantum

(01:01:10):
readiness being a real factor only only is the extent that
people think it's a massive issue and it's an issue soon,
right? If people think it's an issue
further down the line. And of course, it also depends
on what do you think other people think, right?
So correct. That is true.
But here's the thing, and I wrote this article called the

(01:01:30):
institutional force function. Now that public companies and
all these big institutions, theyhave fiduciary responsibilities.
And so the quantum risk disclosures, you know, BlackRock
significantly updated and others, etcetera.
If you're, if you're one of these institutions, you
definitely don't want to be suedin the event something happens.
And when you're in a situation where like that event, when that

(01:01:50):
will happen is unknown, but you have pieces of information like
Google Willow was a big piece ofinformation.
The point Stefano made earlier about error correction, if we
get to that threshold and we seethat also proliferate, right?
It gets public and everyone talks about it, that is another
point of information. So in terms of reducing your
liability for these large institutions, you don't want to

(01:02:12):
get sued where somebody says, well, you had all this
information and you didn't take action.
OK. So there's a lot of motivators
that I think will flow funds to networks that are quantum ready,
even though we don't exactly know when something might happen
as we keep going along and we get more and more information,
more and more news and so on. And just one more quick point to

(01:02:32):
make on that. As far as when and so on, I
don't think it's a conspiracy. And I think Stefano agrees that
the first run of this kind of capability will go to the
military intelligence apparatus,you know, the CIA then and say
whatever, etcetera. OK, you look at the example I
use is the Sr. 71 Blackbird, that super futuristic spy plane.

(01:02:53):
They started building that in the 50s.
OK, when you look at it today, it looks like an incredible
modern aircraft, but you know, it flew at Mach 3IN in in the
60s and 70s and so on, right? So I think advanced states of,
you know, basically strategic technology is something that,
you know, these governments definitely, you know, focus on.

(01:03:15):
So what I'm saying is I don't think there's any good reason to
suggest that we're going to know, OK, in some very public
way when this capability exactlyexists, because I think it'll go
to this military intelligence apparatus first, and they may
have strong incentives to keep things quiet.
But here's another scenario, andthis is about confidence.

(01:03:36):
If the confidence, if people start to get nervous, that's
enough for cascading waves of liquidations and the prices to
trend to 0. Even if your coins are quantum
safe, but everybody's scared andyou're holding your crypto and
it's just losing 50 percent, 60%, etcetera, that's already
bad enough. And what I'm saying is when you
look at, for example, Ross, OK, and the Silk Road thing, the FBI

(01:03:58):
agents went to jail too, right? I'm not accusing any government
official of doing something nefarious.
I'm just saying there's a lot ofdifferent ways this stuff can
leak. And so even if the military
intelligence apparatus gets the capability first and somehow
that gets out, that is enough tocause concern and a loss of
confidence. Anything along those lines will

(01:04:20):
start to send prices trending down.
And that's when I think smart money allocators and others,
they're going to just, you know,not have as much risk on chain
in various positions and so on. So that is another element to
this too. Even before we have the quantum
computers, that perception and that is definitely an unknown
and it's something that I think people are going to start
factoring into their risk calculations.

(01:04:41):
Stephanie, I want to give you the opportunity to also talk
about Neverlocal and this idea of contextual cryptography.
Yeah, what? What is what?
What is your vision for Quantum Money and how are you guys
building this? Yeah, First, I I'd like to add 1
like the technical point to whatJohn just said just briefly.
We don't think that quantum riskwill come in the early twenty

(01:05:05):
30s because we have some opinions with most of us are
scientists. We look at what the progression
is, what the timelines projectedby the companies are and whether
they're on track. And if there's a line that kind
of goes straight and it continues to go straight and the
points continue to fall on the line month after month, year
after year, and there's a spreadacross some companies, but

(01:05:26):
they're roughly all in the same neighborhood.
I mean, then you draw that line to like the twenty 30s and you
ask, when will we hit the magic number?
And that's not in the 20 forties, that's not in the 20
fifties, that's in the mid twenty 30s.
Very realistic. So I just wanted to say it's
there's a lot of perception risk.
Like people at some point just switch and say, oh, this is real

(01:05:48):
because of some announcement, because of some demonstration,
because of some sudden information.
But even if you don't have that,you just have lines going up
pretty much on track. You have the cost of the
algorithms going down because people make more and more
efforts to make them practical. Now that the end is insight.
And I mean, you draw an intercept and try to figure out
roughly where they meet. There is the risk is there.

(01:06:11):
It's not it's not really a matter of opinion anymore.
It's a matter of, I mean, peoplepublish timelines, Dots fall on
timelines, Timelines say 2035 S In that sense, it's a, it's a
simple consideration to make these days.
There's so much progress that you can track it.
It will happen. Maybe it won't happen.
There's going to be some roadblocks, who knows, But there

(01:06:33):
is some numerical evidence. 5 But then who knows, it could be
faster. But 35 is where roughly they go.
But they might have an acceleration, they might not be
telling you exactly what capabilities they have or they
might be lying about it. That's also possible.
They might just all be over hyping what they're doing.
There's a spread of course, but at the very least we know that

(01:06:55):
in principle that's the that's where the line hits the target.
But yes, sorry, never local. So this is where we switch from
quantum computing to what I initially said is, is quantum
cryptography, which is slightly different discipline, slightly
different investment pool more than anything else.

(01:07:16):
The underlying technology is similar in many ways, but the
applications and potential customers and the efforts to
bring it into the world are different.
They're they're at the differentstage in terms of development.
They're different in terms of the applications that people
want. So the state of things today is
that there's quite quite a few providers of quantum network

(01:07:41):
infrastructure. What people call the quantum
Internet doesn't yet exist, but there are small versions of the
quantum Internet. There's large companies,
Toshiba, Mitsui that go around and put some small geographical
fiber optic networks in place for some early customers that

(01:08:01):
buy access to these networks anduse it for some prototype
applications. They go to some company that
sells them some quantum key distribution equipment of more
or less accurate versions. And they, I'm not sure what they
do with it, honestly. They they try to integrate it
with their infrastructure and they start seeing what the

(01:08:22):
challenges are and whether they could use it to get more secure
communications. The state of it is there is one
large company that that makes quantum key distribution
hardware. There are many smaller companies
that make quantum key distribution hardware.
The large one, the most well known one is ID Quantique.
ID Quantique was acquired maybe was it 2 1/2 years ago at this

(01:08:43):
point by SK Telecom for around fifty $60 million.
That was the valuation at the time.
It was recently sold to Ion Q for $250 million.
And that's a fairly strong indicator that if the ecosystem
is growing, then there is an interest in having applications
running on this ecosystem. Some of it is academic or

(01:09:04):
government LED. China has the largest network
for this kind of applications onthe coast.
It's a mix of fiber optic and satellite based.
There's some Europe, there's some in the US, It's growing.
It's very early stage. What we realized when we started
thinking about what do people dowith quantum technology in
cryptography with Fabrizio, was that there is really one

(01:09:28):
application that gets sold, which is this quantum key
distribution. It's a quantum version of the
key distribution protocols that we use today to secure our
communications. It's establishing symmetric
keys, but it has in principle a very useful property, which is
called the vice independent cryptography.
It's device independent security.

(01:09:49):
It's the idea that you can establish these keys without
trusting the hardware. So imagine that you you're a
large organization and you want to put a significant amount of
money on some private communication between you and
some other parties. You're a casino, let's say in
the in Switzerland, and you don't want to be exposed to

(01:10:12):
supply chain risks, which today I really very much a
possibility. You buy some specialized chips
from somebody. If there's enough money, someone
will try to put a backdoor on it.
So you don't want that. And you say, is there a way to
do so where I can verify that the protocol works, I can test
it and I don't need to trust themanufacturer or the people who

(01:10:34):
shipped it to me. And the answer to that is no if
you use classical hardware, but yes, if you use quantum
hardware, which is really revolutionary.
It's a big difference between classical and quantum
cryptography. You can reduce the trust to
operating the protocol, but not the hardware that implements it.
And quantum key distribution is sold with this promise today.

(01:10:55):
But really the versions that aresold make a certain make
compromises to become practical already, and those compromises
erode some of these security promises to some extent.
But in principle, you could makeit so that there is no trust
left in the infrastructure. There is no trust left in the
hardware. You as long as you operate it

(01:11:17):
and the counterparty operates it, and you both make sure that
the environment in which you operate them is secure,
something you can do in your basement, let's say, or in your
data center. Then the rest of the network is
obstructed away and you don't have to care.
You don't have to care about people splashing into your fiber
optics. You don't have to care about
people bugging or backdooring the hardware that was sent to

(01:11:37):
you, because the protocols exploit fundamental properties
of quantum systems in such a waythat you can get security out of
fundamental randomness, as it's called.
It's it's an interesting technological advancement.
I watched one of your talks and the way you describe Quantum
money I think is sort of resembles a little bit the idea

(01:12:00):
of cash where when you accept like a 5 year old bill or a
dollar or whatever, you don't need any external verification
to verify that these funds are that, that this is a legitimate
payment instrument and that you now own this payment instrument,

(01:12:21):
which we we sort of need with with block chains, we need that
the verification of a consensus.Whereas with Quantum money you
wouldn't need that the owner, the very ownership of the
instrument would be an indicatorthat it is legitimate and that
you own it. Is that a good way to look at
it? Yes.
A simplified way to put this is to say that you can't clone

(01:12:42):
quantum states. That's the toy version of
quantum money. You have a.
It's one of the fundamental properties of quantum states
that the information encoded within cannot be copied.
You can modify it, you can destroy it, but you can't really
copy it in a deterministic way. Now, of course, this is too
simple. It's the basis of the original
protocol for one to money, but it's too simplistic for

(01:13:02):
practical 1 to money. And so you have to do other
things to make it practical. But ultimately it is yes, it's
truly peer-to-peer digital cash.That's the that's the way to put
it. It's something you want, you
want cash to be digital. You want value to be
transferable both locally and across networks, because you

(01:13:26):
don't want to be bound by the fact that we are physical beings
carrying a wallet around. Otherwise it's easy that that's
cash. You wanted to be unclonable.
You wanted a value to be anchored to something which
retains like the truth of who owns it.
Ownership has to be unequivocal.You cannot manufacture new

(01:13:46):
currency. You cannot copy the currency you
have. The cash you have is the cash
you have. Of course, physical cash like
let's say paper banknotes are anapproximation of that.
But over time we have evolved mechanisms to protect the
copying of value in lock step with the technological
advancements of the various erasthat we've gone through.
So we had things that were hard to get, then coins which had

(01:14:10):
some manufacturing techniques that made them recognizable,
then we made banknotes, then harder banknotes, then more
security features in banknotes. And we are today with our
current cash. What we did unfortunately in the
move to the digital commerce world, so in the digital
commerce era, is to sacrifice quite a lot of these features.

(01:14:34):
The ability to transact without intermediaries, the ability for
self custody, all of these were features of cash for ages.
You had your own value. You carry it around, you can
give it to anybody you want. There's pretty much an agreement
that that is the value and it's for prices to determine the
exchange rates. But but the value of the bank

(01:14:57):
note you carry around is almost undisputed.
When we move to digital commerce, we decided to
sacrifice some of this for transactability across
distances. We created intermediaries and
those intermediaries got more and more control over it.
And we lost quite a lot of what we had with physical cash to the

(01:15:19):
point that today if you talk to,let's say mainstream finance
analysts, the commonly held viewis that cash is essentially an
obligation by somebody to pay you.
That's that's how they see cash.They say, OK, cash is not really
cash. The value is the network value
and cash is the obligation to somehow be able to redeem it,
which it didn't used to be the case.

(01:15:41):
You could carry around cash thatthe bank didn't play any role.
If once we centralized cash, it was the pound, you didn't, it
didn't matter whether you were banking with Barclays or with
HSBC london-based. That's why I'm picking like UK
banks. It didn't matter you you went to
the shop and you paid with the with the bank.
Nobody cared where it came from and it wasn't an obligation by a

(01:16:02):
specific bank. Now we turned it into that and
that has a number of side effects that we may or may not
like. And what are the things that can
be done with quantum technologies?
Restore most of those propertiesis make something which can
retain value because it cannot be copied and can be potentially
carried around. If we improve certain parts of

(01:16:24):
the quantum information, quantumcryptography stack, the Harbor
stack enough, we could even haveit in our pockets in wallets and
retains the digital nature that our modern worldwide Internet
based commerce demands where youwant to be able to exchange
value across a distance as well as in person.

(01:16:47):
And so it's hard to design something like that classically
because classic information can always be copied and so you have
to rely on something on top of it.
Consensus is the solution we came up with in Web Tree.
Thanks. That is, that is very, very
interesting point. And I feel like at some point it
will be, you know, worth going deeper and maybe doing some

(01:17:08):
follow up conversations on that.And I think on sort of the
possibilities that get unleashedwith Quantum, we've gone for a
long time. We just want to maybe one very
brief last question for you, John.
You know, we spent like 2-3 minutes on it or something.

(01:17:29):
So you know, you're obviously aninvestor as well, right?
So you've been investing in crypto for for a long time.
What is like how does that impact your approach to
investing in your portfolio sortof all your your knowledge and
your views on the impact of quantum?
Yeah. I mean, you know, I think about

(01:17:50):
it as a paradox. On the one hand, you know, it's
kind of like there's this and you could look at it at a
governmental level, for example,ADGM, and I've talked to them
about this. They're funding investment into
quantum computing. And at the same time, they're
developing this crypto ecosystem.
Everybody's in the UAE, and so they're funding their own
demise. And so you need a hedge, OK.

(01:18:13):
The hedge is, first of all, knowledge to the best of your
ability, understand this stuff. You know, this kind of a podcast
is 1 great start. Everybody who is in our space
and went deep into understandingsmart contracts and ZK and all
these things. They have to start to understand
what, you know, quantum information systems mean one
time programs, one time applications, etcetera.

(01:18:35):
OK. And so the knowledge base has to
go up. But then aside from that, you
need to act. In my opinion, you need to put
together a plan, OK? I believe that we are still safe
for quite some time. I think we have another big
let's say pump left in our ecosystem, maybe a couple.
I think we're going to get to 10trillion, maybe even 30.

(01:18:57):
And so definitely I want to participate that and I continue
to, you know, hold Bitcoin and other assets, Ethereum and so
on. I continue to invest in
projects, but the time horizon has changed.
Yeah, it's true. Like I don't really do crypto VC
deals anymore if like my tokens are four or five years out from
now. And as a VC you assume that risk
and that's fine, but not if these assumptions around

(01:19:19):
security are in question. And so that's one change, okay.
Another change is I've definitely pivoted.
I mean, I did the precede round for never local.
I was very fortunate to be in that position.
I'm actively looking at other areas, you know, in a similar
kind of direction, right? I think it's very hard to get
into the big quantum deals, but you can do things like buy
shares of side quantum and secondary markets and so on.

(01:19:42):
So I think constructing some part of your portfolio to cover
this as well. And then, you know, closely
monitoring, I mean, I've, I'd coded this silly little thing,
it's called quantumready.info, you know, and I'm trying to kind
of like basically show the readiness of all the different
block chains. I monitor that stuff on a daily
basis. In the event that I see things

(01:20:03):
that I deemed to be like significant in terms of, yeah,
like Stefano said before error correction and so on, then I
have this knowledge base to inform what I'm going to do with
my crypto assets. I right now in this moment would
be lying if I told you that in 2028, for example, I'm going to
be comfortable like I am now having my, you know, wealth on

(01:20:25):
chained. So maybe at that point I kind of
step back a bit, go off chain, go into quantum safe bank
account and just observe and seewhat happens, right?
I don't know, maybe, maybe not. But I think it's very important
for all crypto investors to not have it.
Just in the back of their mind is this vague, nebulous idea of
like 40 years away and then justbe comfortable with that.

(01:20:47):
It's exciting and it's interesting and it's
intellectually stimulating to learn and get into this stuff on
a daily basis. And then it helps inform how you
construct your portfolio and manage your risk.
And I think that's like the appropriate way to think about
it, at least for me at this. Time Well, thanks guys.
Thanks for this very lengthy conversation.
It's been really, really fascinating and I think we will

(01:21:09):
need to touch back touch, touch base again in the future about
this topic as as things continueto to evolve.
So John, keep us updated on the latest and and Stefano would be
happy to have you back on at some point as well to track
progress on Never Local. Thank you very much to you both,

(01:21:30):
it was a pleasure.

All Episodes

Episode Transcript

Popular Podcasts

Stuff You Should Know

My Favorite Murder with Karen Kilgariff and Georgia Hardstark

Dateline NBC

.css-15opob5{left:0;position:absolute;top:0.8rem;} All Episodes

.css-14f5ked{margin:0;word-break:break-word;display:-webkit-box;-webkit-box-orient:vertical;box-orient:vertical;-webkit-line-clamp:2;overflow:hidden;}What will Quantum Computing Change?

Episode Transcript

Popular Podcasts

.css-r6mb8g{margin:0;word-break:break-word;display:-webkit-box;-webkit-box-orient:vertical;box-orient:vertical;-webkit-line-clamp:1;overflow:hidden;}Stuff You Should Know

My Favorite Murder with Karen Kilgariff and Georgia Hardstark

Dateline NBC

All Episodes

What will Quantum Computing Change?

Stuff You Should Know