Learn to use AI like a Pro. Learn More

Exploring the Convergence of Quantum Computing and Cryptocurrency

Bitcoin and Quantum Computing Resistance w/ Hunter Beast | MIT Bitcoin Expo 2025

Estimated read time: 1:20

    Learn to use AI like a Pro

    Get the latest AI workflows to boost your productivity and business performance, delivered weekly by expert consultants. Enjoy step-by-step guides, weekly Q&A sessions, and full access to our AI workflow archive.

    Canva Logo
    Claude AI Logo
    Google Gemini Logo
    HeyGen Logo
    Hugging Face Logo
    Microsoft Logo
    OpenAI Logo
    Zapier Logo
    Canva Logo
    Claude AI Logo
    Google Gemini Logo
    HeyGen Logo
    Hugging Face Logo
    Microsoft Logo
    OpenAI Logo
    Zapier Logo

    Summary

    In a compelling presentation at the MIT Bitcoin Expo 2025, Hunter Beast delves into the complexities and implications of quantum computing as it intersects with Bitcoin and its security. He meticulously explains the potential vulnerabilities that quantum computers pose to Bitcoin's cryptographic foundations, particularly focusing on the elliptic curve cryptography that secures Bitcoin transactions. Despite the current limitations of quantum computing, Beast emphasizes the advancements and investments being made in the field, urging the cryptocurrency community to proactively develop robust, quantum-resistant algorithms to safeguard against future threats.

      Highlights

      • Hunter Beast opens up with a call for intellectual honesty and curiosity about the complex topic of quantum computing's impact on Bitcoin πŸ€”.
      • Explains the operation of quantum computers, including the concept of cubits and Hilbert space modeling 🧠.
      • Highlights the potential risk to Bitcoin from quantum computers, particularly through Shor's algorithm 🌐.
      • Emphasizes the need for preparation and design of quantum-resistant cryptographic solutions for Bitcoin πŸ›‘οΈ.
      • Discusses potential solutions like BIP 360 for migrating Bitcoin to quantum-resistant protocols πŸš€.
      • Underscores the seriousness of quantum threats despite their current technological infancy, urging due diligence in cryptographic updates πŸ•°οΈ.
      • Present technology is compared to early computing stages, offering a window of time before major quantum challenges arise πŸ“†.
      • Tech companies are heavily investing in quantum computing, suggesting an inevitable technological progression 🌍.
      • Advocates for non-coercive, practical approaches to encourage updates across the Bitcoin network πŸ“ˆ.

      Key Takeaways

      • Hunter Beast stresses the need for intellectual honesty and curiosity in tackling the Bitcoin-Quantum Computing discussion πŸ€”.
      • Quantum computers use cubits and can solve problems in a mathematical construct called Hilbert space 🧠.
      • The main threat is to Bitcoin's cryptographic security, especially concerning public key exposure πŸ”.
      • Shor's algorithm poses a theoretical threat to Bitcoin's elliptic curve cryptography 🌐.
      • Encourages Bitcoin holders with vulnerable addresses and reuse patterns to update their methods urgently πŸƒ.
      • Quantum computers are compared to early computers, indicating we might have time before they're a real threat πŸ•°οΈ.
      • BIP 360 explores how to migrate Bitcoin to quantum-resistant protocols πŸš€.
      • The ongoing investments by tech giants suggest the race for quantum advantage is intensifying 🏁.

      Overview

      Hunter Beast began his engaging session at the MIT Bitcoin Expo 2025 by emphasizing the need for honesty and curiosity when addressing the intersection of quantum computing and Bitcoin. This dichotomy forms a complex yet deeply fascinating topic as he explains the technical intricacies surrounding quantum computers, notably their structure and operation. With cubits as their fundamental units, these devices offer revolutionary computational capabilities that pose potential challenges to existing cryptographic systems.

        The critical juncture in Beast's presentation lies in the vulnerabilities that quantum computing could introduce to Bitcoin's cryptographic framework. Shor's algorithm was identified as a significant threat due to its potential to undermine elliptic curve cryptographyβ€”the cornerstone of Bitcoin's transactional security. Hunter reinforced the urgency for the Bitcoin community to adopt quantum-resistant encryption methods, particularly those using vulnerable public keys or address reuses.

          Amidst rapid advancements in quantum computing by leading tech firms, Beast encouraged an industry-wide pivot towards resilient cryptographic practices. While the current state of quantum technology can be compared to the nascent stage of early computers, he emphasized the importance of strategic preparation and community-wide reform. Implementing BIP 360, a proposal to secure Bitcoin against quantum threats, is a significant stride toward ensuring that the future of cryptocurrency remains secure.

            Chapters

            • 00:00 - 00:30: Introduction to the Talk and Speaker's Intentions The speaker opens the talk by expressing gratitude to the audience for attending. They emphasize their commitment to intellectual honesty and curiosity in exploring the complex and provocative subject matter. The speaker encourages the audience to approach the topic with an open mind.
            • 00:30 - 02:00: Understanding Quantum Computers The chapter begins by discussing the significance of research and thought invested in the area of Bitcoin quantum security. It acknowledges the complexity and the non-obvious nature of quantum computers. Further, it introduces a superconducting quantum computer as a notable example in the discussion of quantum technologies.
            • 03:00 - 05:30: Quantum Computing Risks to Bitcoin The chapter titled 'Quantum Computing Risks to Bitcoin' discusses the complexities involved in cooling quantum computers using liquid helium and liquid nitrogen to achieve temperatures close to absolute zero. This process is essential for maintaining the superconductivity required for quantum computing, which could pose risks to Bitcoin's cryptographic security.
            • 09:00 - 10:30: Shor's Algorithm and Quantum Computing Limitations This chapter introduces the concept of Shor's Algorithm and the limitations posed by quantum computing. It starts with a discussion on the physical aspects of maintaining a quantum computer, touching on the extreme cooling requirements that involve special loops in the wiring to accommodate metal contraction. Furthermore, it explains the basic unit of quantum computing: the qubit, shedding light on the fundamental differences between classical bits and quantum bits in processing information.
            • 10:30 - 14:00: Progress and Breakthroughs in Quantum Computing The chapter discusses advancements in quantum computing, particularly the concept of entangling multiple qubits. This entanglement allows for modeling all the states of a problem within Hilbert space, which is a fundamental mathematical construct in quantum mechanics. The chapter also explains how these qubits can be connected in circuits utilizing gates to execute various quantum computations and logical operations. Examples of such gates include control-not and Hadamard gates.
            • 15:00 - 17:00: Bitcoin's Vulnerability to Quantum Computing The chapter discusses the potential impacts of quantum computing on Bitcoin, highlighting different forms of quantum computation that currently explore the problem space in a probabilistic manner. It notes that quantum computing will become more deterministic as the technology improves. The chapter also mentions IBM's quantum system 2 as an example of commercially available quantum hardware, although there is uncertainty about its effectiveness.
            • 17:00 - 18:30: Proposed Solutions for Quantum Resistance This chapter discusses the capabilities of a quantum computer in terms of qubits, noting it can handle at least 100 and potentially even 1,000 qubits. It mentions the distinction between physical qubits and other types, hinting at further elaboration later. The chapter acknowledges the aesthetics and somewhat intimidating nature of quantum computers before transitioning into a discussion on the risks they pose to Bitcoin, particularly focusing on the main threats.
            • 20:00 - 24:30: Efforts Toward Solutions and Industry Collaboration The chapter discusses the cryptographic principles underlying Bitcoin, specifically focusing on public-private key cryptography, also known as asymmetric cryptography. Central to this discussion is the elliptic curve discrete logarithm problem (ECDLP), which is presumed to provide security for these cryptographic systems. The chapter highlights collaborative industry efforts towards finding solutions in cryptography.
            • 29:00 - 30:30: Concerns and Current State of Quantum Computing The chapter discusses the various assumptions involved in the realm of quantum computing. It touches upon the impact of quantum computing on processes like mining, specifically through Grover's algorithm. However, it is highlighted that Grover's algorithm does not scale as effectively.
            • 30:30 - 34:30: Q&A Session The chapter discusses concerns related to transaction signatures, specifically the process of signing transactions and revealing public keys when receiving and spending coins.

            Bitcoin and Quantum Computing Resistance w/ Hunter Beast | MIT Bitcoin Expo 2025 Transcription

            • 00:00 - 00:30 thanks everyone for coming so first uh I just want to say that I'm doing my best as anyone can to have the uh uh intellectual honesty and also the curiousness that this uh you know uh uh subject deserves it's a very complex subject it's uh also uh very um provocative and uh I just hope that people approach us with an open mind and uh in particular um just uh
            • 00:30 - 01:00 uh appreciate uh some of the thought and research that goes into this that went into this so I want to talk about Bitcoin quantum security um first I'm going to start off with what is a quantum computer because you know it's it's it's not like very obvious in some ways like what they are uh when we talk about these things uh the what's pictured here is a is a superconducting quantum computer so it uh uh has a uh
            • 01:00 - 01:30 chip at the bottom that gets cooled to uh sort of like uh very close to zero Kelvin so absolute zero and it uses uh liquid helium liquid nitrogen to cool itself so two coolants additionally uh it's uh uh so so it gets covered with this uh um uh doer that then uh uh is called a dilution
            • 01:30 - 02:00 refrigerator and because this thing gets so cold uh they're actually like little loops in the wires that help with the uh uh like when metals contract um so yeah uh what does a quantum computer do so quantum computers have what are called fundamental units of quantum computing called cubits and they uh they're they're they're uh they're essentially when you're able when when
            • 02:00 - 02:30 you entangle multiple cubits together you're able to essentially model uh all the states of a problem in a mathematical construct called Hilbert space and you can actually uh then connect these in circuits with gates that can perform various quantum computations uh and uh logical operations like control not gates or uh header gates
            • 02:30 - 03:00 different like you know kind of like forms of quantum computation that allow allow that that explore this problem space in a probabilistic manner um but eventually it'll it'll get more deterministic actually as they get better uh the picture here is the IBM quantum system 2 this is a commercially available piece of hardware uh it's anyone's guess if it's any good um it it
            • 03:00 - 03:30 uh it can do at least 100 cubits u maybe even closer to a thousand uh but these are uh physical cubits and I'll get into that in a minute but uh uh it's um that that said it it's kind of pretty to look at and uh also somewhat imposing uh how does quantum computing pose a risk to Bitcoin uh well so essentially uh the major thing to
            • 03:30 - 04:00 consider is that uh there's uh there there's public private key cryptography used in Bitcoin also known as asymmetric cryptography and uh this uh depends on uh a property called the elliptic curve discrete log problem or ECDLP which is something that Nha uh mentioned earlier and in an earlier talk today and uh there's kind of like this assumption that this is going to be secure uh
            • 04:00 - 04:30 there's also a lot of assumptions that go into uh the all the things that go into making this uh uh concept of quantum computing a thing so uh plenty of assumptions to go around I suppose um one thing I want to address first off is that yes uh while technically quantum computing can affect mining uh through what's called Grover's algorithm Grover's algorithm doesn't scale as well
            • 04:30 - 05:00 as uh this other algorithm I'm going to talk about so it's just not as uh a big a concern at the moment uh one of the bigger concerns is how trans how signatures work in particular transaction signatures uh so when you go and receive some coins to an address and then you want to spend them later you have to uh sign the transaction and also reveal your public key and uh uh there's
            • 05:00 - 05:30 an algorithm called shores that we've known since 1995 well it was originally uh explained in 1995 the thing that they discovered in 1995 Peter Shaw explained was uh that this was one of the first instances that had been theorized in that a quantum computer can demonstrate uh what's called quantum advantage now uh uh and also later uh we discovered or
            • 05:30 - 06:00 maybe around the 2000 2001 it was explained to the cryptography community or people people to just kind of found out or considered uh that elliptic curve curography which was a like burgeoning field at the time uh the SEC P 256K1 paper for example was written in 2000 uh or you know the the specific ification was was published in 2000 uh and that's
            • 06:00 - 06:30 the one that's used by Bitcoin uh around 20201 uh it was also revealed that or considered that um uh quantum computers could pose a threat to elliptic curve cryptography and so essentially elliptic curve photography as being the thing that's that that gives us the concept of public keys uh well it makes it so that um in particular when you whenever you expose your public keys that makes coins
            • 06:30 - 07:00 vulnerable so when are public keys exposed well we have uh four cases the first one is uh early addresses like the pay to public key coins uh they start with 04 or technically also 02 or 03 um they these are like hex encoded public keys that are just sitting on chain uh for anyone to see uh these also are known as Satoshi's coins they're also uh just any CPU miner uh uh operating at
            • 07:00 - 07:30 the time uh anybody who hasn't spent their coins yet from those addresses well please do so now um uh reused addresses are also a concern so um uh pretty much any type except for the one I'm I'm going to talk about soon actually um is uh that when uh when when you publish your transaction the public key goes onchain along with your signature and that can
            • 07:30 - 08:00 be recovered and uh um uh go into that shores algorithm there tapered addresses are also uh an entire public key just encoded in an address form uh it's not a hash of an address or hash of a cup key like many other uh uh addresses types are in particular uh pay towitness public key hash is perfectly fine and those start with bq uh and they're a bit shorter than
            • 08:00 - 08:30 tapered addresses those actually I shouldn't say are perfectly fine because there's another uh threat uh potential concern is whenever you go to spend them anything that goes in the me pool will need to reveal its public key in order to be validated and relayed and uh packaged up into a block by miners and uh consensus past consensus things like that so um yeah so that's um that's kind of the high level there one thing I also
            • 08:30 - 09:00 want to mention about Shor's algorithm is Uh it's not great right now in fact quantum computers aren't really great right now they're uh like uh at least commercially available ones are [Music] uh the they're there's they're they're kind of at the state of where vacuum tubes and maybe get moving into transistor like uh the IBM system 360 of the 1950s or 60s like like that that era
            • 09:00 - 09:30 is might might be the best way to describe where we're at now uh and so Shor's algorithm is kind of somewhat limited at the moment but uh it it's possible that at some point it might not be because of just the rate at which technology progresses and all the techn all the the money and time and energy being put into this problem uh in particular uh uh there are a number of companies working on this uh in addition
            • 09:30 - 10:00 to IBM uh Intel Amazon Google Microsoft Regetti Ionq Syquantum those are all like just pouring billions into this and also it's worth mentioning that Rathon and Honeywell have been working on this problem for like probably over 20 years now so we we we have no idea what they have actually because those aren't necessarily very public about their intentions or their technology
            • 10:00 - 10:30 uh and this is also uh like a a fraction of the companies that are currently working on this technology this is not all of them uh there's some omitted so uh that's uh that's also a concern because there's lots of companies here on the slide now coming back to Bitcoin Peter will uh in year 2019 uh said that he you know he sufficiently powerful quantum computers and other elliptic curve discrete log
            • 10:30 - 11:00 problem breaks he calls them uh are hypothetical and if they do happen there will likely be a long series of incremental breakthroughs that give us time for more fundamental solutions and what's interesting is that in the six years since this has been posted there have been and will continue to be a long series of interamental breakthroughs and uh eventually we're going to need to establish fundamental solutions uh in
            • 11:00 - 11:30 response to these incremental breakthroughs uh some of these include the Microsoft Myurana 1 announcement um many physicists are I I will say are are skeptical of what they've they've uh produced in particular I think Sabine Hosenfelder uh has published some very skeptical and uh uh pieces about it and maybe rightly so uh that said I also am uh uh skeptical that Sati Nadella maybe
            • 11:30 - 12:00 I'm wrong but uh I I don't think he would lie to his investors or shareholders you know so um I would imagine that he has like a some fiduciary responsibility not to lie about uh all the bullish stuff he said about the development and so um maybe somewhere that some the truth lies somewhere in the middle as it usually does but uh uh we'll see about that one also Google Willow uh back in December Google uh announced a a development
            • 12:00 - 12:30 where they uh uh were able to use AI to uh sort of implement really compact quantum error correction codes uh and like to the point where like they only needed a 49 like a 7 by7 grid of uh c of physical cubits to approximate one logical cubit uh that and a logical cubit being one that is error corrected and noise isolated uh one of the
            • 12:30 - 13:00 interesting things about the Myana one uh announcement was that myana or what they call topological cubits are uh sort of um isolated from noise uh pretty much entirely and so uh uh so long as they're cooled uh to the correct temperature it's also worth noting that people have thought about sort of a timeline of quantum emergency uh right now hopefully we're in the middle of preparation and design and
            • 13:00 - 13:30 implementation that's kind of where we're at uh and um that there there's there's also been a proposal that I'll go into in a second we're working on getting consensus for that proposal uh that takes time and energy and work and uh in some ways this talk is a bit of that work so um uh the and hopefully there will be plenty of time uh between the first two steps uh after once those are done and we have an activation
            • 13:30 - 14:00 client and we've activated it that there will be a migration of coins in some way uh that uh hopefully we have plenty of time for so that might be one reason why to sort of I I hate to use the word rush I don't want to like rush this we want a very good reliable comprehensive solution uh but there is a sense of urgency and the sooner the better because uh there will be time needed to update all the nodes and applications and wallets and things like
            • 14:00 - 14:30 that there's also um uh commercial uh there's a CNSA 2 uh.0 timeline so uh there the the the government is very concerned about this thing it's very interesting how concerned they are because you just have to wonder like why are they so concerned and uh maybe there's I don't know it's it's really hard to say but it seems like they were concerned about this before we even had good solutions for
            • 14:30 - 15:00 these things uh in terms of postquantum cryptography uh but regardless they have um uh timelines that go out to 2030 2033 uh in particular they hope to sunset entirely RSA and elliptic cryptography uh by the year 2035 uh as for Bitcoin uh what is uh like one one thing you might be thinking is like how severe is this concern um we estimate about 4 million coins are uh
            • 15:00 - 15:30 vulnerable somewhere between 4 to 6 million coins are vulnerable uh at present on chain against what are called long exposure attacks and uh whereas like a short exposure attack on the other hand would be just a a transaction that's been signed and submitted to the memp pool uh without having been mined yet and the reason there's a distinction is because the kind of quantum computer that's required to uh sort of recover
            • 15:30 - 16:00 the key uh behind a uh transaction that's in the me pool within a timely manner is a very much more powerful quantum computer than one that could just take as much time as it needed to look at co keys coins onchain the one thing I'd like to stress is just that this is not something we can fix overnight it will take a lot of time
            • 16:00 - 16:30 it'll take a lot of it's it's a big it's it's kind of an immense coordination problem and uh you know in some ways like hopefully we're very early to this problem and uh we're uh going to have plenty of time to implement satisfactory solutions and answer everybody's questions and implement nodes and wallets and uh layers especially fixes to layers because a lot of them use taper anybody using tap routt should be very concerned
            • 16:30 - 17:00 about this uh issue so what do we do uh because I don't want to like just scare you guys and then like leave you you know uh so first of all let's just uh give you an idea of how big uh elliptic curve uh cryptography signatures and public keys are they're not big as you can see 33 bytes 70 bytes 32 bytes 64 bytes but chronic crytography on the other hand it's more
            • 17:00 - 17:30 like hundreds or thousands of bytes uh in particular in BIP 360 uh which implements a a uh uh uh what's called pay to quantum resistant hash uh it specifies three uh NIST al approved algorithms uh one we originally came up with uh it was called ski sign we had it also in the spec uh later we come to came to
            • 17:30 - 18:00 find that uh ski sign took 15,000 times longer to verify than elliptic curve cryptography and so these other ones not nearly as bad but they're still quite large and expensive uh so I was really curious about like not just curious but also like one of the big problems where we uh we have is uh sort of like how do we have a a sort of ergonomic and
            • 18:00 - 18:30 comprehensive solution for uh implementing these algorithms the specific ones that are specified in the BIP uh and so I I made a library called Lip Bitcoin PQC uh you can find it uh um you can find it on GitHub uh/cryptoquick/lacoinbqz and uh it implements uh FNDSA also known as Falcon
            • 18:30 - 19:00 MLDDSA also known as crystals lithium and SLHDSA also known as uh Sphinx and to give you a better idea of the performance comparison between these uh there's like some factors there that you can kind of get a sense for um I'll also like I'd like to publish these slides uh so maybe go on on a uh uh X and maybe Nostraster i'll I'll also I I side note I'm not a big fan of Nostra
            • 19:00 - 19:30 just because every profile is a public key um so uh that said it's very cool and I do have an account i'm just expecting that one day I might not be able to trust it uh and yeah and so uh this is a slight comparison there's also uh uh this is just like an overview of some bips uh picorn resistant hash i'm going to talk about hourglass in a second and then we'd also need cubid activation maybe some for Q derivation PSPs is a
            • 19:30 - 20:00 very complex and difficult endeavor arglass in particular I want to discuss because uh it's essentially a consensus level change that I want to introduce to Bitcoin as a potential uh uh solution for um the problem of there being 34,000 pay to public key coins out there that um contain about like 1.6 or 1.8 8
            • 20:00 - 20:30 million bitcoin and uh these are largely considered either lost coins or satoshi's coins and uh what what I would I would want to do is I I wouldn't want to disable all of the P2P coins uh that would be like essentially burning them which has been proposed uh uh not a lot of people like that uh it's sort of like taking everything over 21 million and being like "Oh actually no it's actually
            • 20:30 - 21:00 everything over 21 million minus some subset of coins." Um which is just not as doesn't sound as good uh and uh instead just let's just first of all disable making new ones because you know that's bad and then uh spend uh make it so that people can only like anybody who has the key let's just say that for one of these in for one of these uh coins they can only include one
            • 21:00 - 21:30 one P2PK input per block and so instead of having 34,000 transactions hit uh Bitcoin within a span of a few hours we get to spread that across eight months at a minimum and uh it cannot be more than one block we can't just be like "Oh let's you know solve this problem for like like one a day and then we can solve it for 80 years." Unfortunately that that uh messes with the mining incentives but we uh I I've discussed
            • 21:30 - 22:00 this at length with a few miners and I think that this this proposal is incentive compatible with miners and I'd be very interested in hearing your uh everyone's thoughts on this uh potential solution to the problem also at surround systems we worked on something called Satoshi Shield we're looking essentially at uh how many Bitcoin are there out there are are there out there that are in P2PK keys and also how many UTXOs are out there that are that have uh P to public
            • 22:00 - 22:30 key commitments and uh this this graph is unfortunately not complete uh I'm still working on building a better indexer for this but uh uh that's about as far as I've gotten so far and uh once it's done then uh uh hopefully there will be a um uh like a a website people can go to to just kind of monitor you know how many of these these coins are out there so that you know uh once
            • 22:30 - 23:00 they're moved the this graph goes lower and you kind of get a sense for oh no is this is this actually happening you know um so you know that of course like we have to in order for this to to work out we we need to convince certain stakeholders uh individual node runners economic node runners exchanges in particular have cold wallets that are reused addresses uh many of the top addresses are reused um in terms of like their their address balances also
            • 23:00 - 23:30 enthusiasts investors influencer we have to like convince a meaningful in more like more than meaningful like a vast majority of these people that this is a worthwhile uh thing for them to do and I think you know generally speaking uh it is just be maybe I'm biased but I just think that you know even if there's a one in 10,000 like a 90 a 0.1% chance that quantum computers can't come to break Bitcoin in our lifetimes um yeah I
            • 23:30 - 24:00 think it's it's such a serious problem that we should do our best to try to solve it as soon as we can in a way that balances uh all all the considerations and everybody's happy and this is an an optional uh non-coercive uh sort of uh um approach uh that's hopefully less controversial and more approachable and and
            • 24:00 - 24:30 practical so yeah uh that's um uh that's all I have uh uh please check out surmount.systems systems and also uh follow Sermont Systems on X and uh that's my nonprofit and uh also Isabelle you want me to say something oh yes of course bip 360.org please check out the BIP thank you [Applause]
            • 24:30 - 25:00 hey uh FYI I think you can find that chart that you want on txtstats.com uh it has the pay to pub key uh chart so there's like 1.72 million Bitcoin across 45.8,000 UTXOs 45.8,000 wow uh so uh that's basically a year's worth of UTXOs then yeah uh good point thank you uh I've I've seen that
            • 25:00 - 25:30 side i just you know Yeah thank you uh yeah so uh question though um I guess one the first issue that comes to mind with the sort of hourglass gating of spinning stuff is sure I guess you can gate it by UTXO but not by value right uh have you looked at the value distribution across uh correct uh well the average value of these outputs is about 50 bitcoin because that was the first block award yeah so as I don't know as far as you're
            • 25:30 - 26:00 aware you haven't seen too much else consolidation uh I think the one was it the the guy whose hard drive is in a landfill for example i I think that he consolidated about 8,000 coins into one UTXO so there's probably a few of those okay good to know thank you James uh what kind of uh number of cu logical cubits uh is it for speeding up the hashing and that's like a quadratic uh scaling instead of like an exponential
            • 26:00 - 26:30 speed up for correct doing grovers yeah for grovers yeah and then I guess uh another question too is uh how many like cubits you know once we break or use shores to break uh ECC uh how far does that get to between the short term and like just breaking it is that you know like a couple orders of magnitude uh so the gap between shores and grovers I'm not quite sure I can answer but what
            • 26:30 - 27:00 I can say about shores in particular um is that I think it takes about 2,000 or so at a very minimum uh logical cubits logical cubits uh to run shores over ECC and so 2,00 3,000 that's going to be a number we're going to want to watch also uh for like uh physical cubits uh uncorrected cubits we might be more like 100,000 and so uh
            • 27:00 - 27:30 those are both like kind of numbers to keep an eye out for in the news I guess see how close we're getting to i actually just want to add to that um so Juan Malden the guy who did the 80 ads CTF paper he actually wrote a paper on this and he showed that it's about 7,000 logical cubits to simulate a black hole and that's about the same for actually breaking RSA so like if you want to I forget the name of the paper but it's it's super interesting and it's interesting that he he wrote that paper because it's uh he's he really knows about all the mathematical details of of
            • 27:30 - 28:00 those types of models so that's not my question though um um yeah it's interesting that it doesn't seem like there's a lot of concern from Bitcoin cores like for instance Taproot was introduced like they knew that quantum computers in theory could be coming um and they they seem to be like pushing a lot of people into Tap Routt for privacy reasons um how do you how do you deal with the fact that it seems like no one really seems to be taking the the problem seriously well uh one way to deal with that is just to come to places
            • 28:00 - 28:30 like this and try to explain the problem and advocate for it and another way is also just to build the solution and put it out there for people to evaluate upon its merit and hopefully you know it is it is the uh the right thing also one thing I I forgot to mention is uh and this is a little bit alpha for this conference is that I have been joined by a co-author uh Ethan Halman uh so he will be helping me co-author this paper this uh bit 360 yes so thank you i just
            • 28:30 - 29:00 want to add one more which is uh um it seems like again because of no one's taking it as as seriously they you know tap one of the big benefits of tap routt was um they're trying to get more and more people to use it for the privacy enhancement because like it it be it kind of all of the um you know it just becomes a single pup key you can't really tell the difference between a script spend and a a regular key spend so do you see the community like should we still be pushing it for the privacy reasons or should we be more cautious like it it seems like it's you don't get
            • 29:00 - 29:30 as many of the privacy benefits if we're not really pushing tap routt right well yeah what's what's interesting about taper in particular is like it is so good like we have shnore signatures and those are so good like we don't know how good we have it when we compare it to you know the current state of postquantum cryptography uh signature aggregation or key aggregation uh like uh things like frost multi-igs musk 2 uh lightning channels that are
            • 29:30 - 30:00 indistinguishable from ordinary taproot spends That's just so cool yeah it's just kind of depressing because you know man uh they are so vulnerable um and uh anyway anybody who's really into tap routt should be definitely taking it a look at this BIP i want to maintain tap routt compatibility just add on uh postcrytography as kind of like additional locks for those transactions
            • 30:00 - 30:30 that you can commit to in an address and so in Bit 360 we basically allow you to generate multiple public keys and multiple uh uh against uh these multiple signature algorithms and combine them and use them to secure your coins in a way that's uh hopefully somewhat compact and efficient awesome that's all the time we have for Hunter so thank you