Epicenter - Learn about Crypto, Blockchain, Ethereum, Bitcoin and Distributed Technologies - What will Quantum Computing Change?
Episode Date: December 3, 2025Quantum computing is often dismissed as a distant sci-fi future, but Ethereum OG John Lilic and Oxford physicist Stefano Gogioso argue the timeline is shrinking fast with roadmaps converging around 20...30. In this episode, they break down the "woeful" state of quantum readiness in crypto, explaining how Shor's algorithm could eventually shatter the elliptic curve cryptography protecting Bitcoin and Ethereum.They also explore the terrifying concept of "harvest now, decrypt later," which implies that encrypted data and privacy coins like Monero may essentially be compromised already. Finally, they introduce "Quantum Money," a revolutionary form of digital cash developed by Stefano’s startup NeverLocal, which relies on the laws of physics rather than blockchain consensus to prevent double-spending.Topics00:00 Intro03:00 John’s Quantum Awakening08:00 Defining Quantum Computing13:30 Logical Qubits Explained18:15 Crypto’s "Woeful" Readiness23:30 "Harvest Now" Threat28:45 Monero’s Privacy Risk33:15 What is Quantum Money?40:00 Investment & HedgingLinksJohn Lilic on X: https://x.com/LilicJohnStefano Gogioso on X: https://x.com/StefanoGogiosoNeverLocal: https://neverlocal.com Quantum.info: https://quantum.infoGnosis: https://gnosis.io/Sponsors: Gnosis: Gnosis has been building core decentralized infrastructure for the Ethereum ecosystem since 2015. With the launch of Gnosis Pay last year, we introduced the world's first Decentralized Payment Network. Start leveraging its power today at http://gnosis.io
Transcript
Discussion (0)
All of our systems, every single one of them, is at risk when we're in post-contum world.
Most of the classical cryptography community that deals with certification and key exchange protocols
knows this very well, has been working on this for years. They already have protocols that they
could use if quantum happened tomorrow. Unlike the foundations and communities that govern most of the
crypto infrastructure. The Bitcoin community is fairly fragmented and a lot of the big voices are
very opinionated. And so there the cultural elements is the more, I think, important factor.
In Ethereum, it's a technical element that really makes a big difference. There's so much
stack to change. So you put it all together and these roadmaps seem to be converging somewhere
around 2030 where we're going to have enough logical qubits in play to threaten our elliptic
curve. Welcome to Epicenter, the show which talks about the technologies, projects, and people driving
decentralization in the blockchain revolution. I'm Sebass Sink with you, and I'm joined by my co-host,
Brian Crane. So today we're speaking with John Lillick. He's an OG in Ethereum space. It's been around
for over 10 years. He's previously a consensus, was part of Polygon, and has been talking to
Brian and I about quantum cryptography and crypto for a little while now. And so we wanted to get him on
the show to discuss, you know, his thesis for quantum and how it could impact the crypto industry.
And then we'll also have Stefano Gogioso, who's a researcher in quantum cryptography. He's a
department lecturer at Oxford, and he's the co-founder of Neville Local, their company that are
accelerating real-world applications in quantum computing. Hey, guys, thanks for joining us.
Hello. Hello, hello. Great see you guys. Yes, pleasure to be here. So before we get into
the nitty-gritty about quantum computing and how to fix crypto, because I mean, it is a really
super complex topic. And I think like we all have a little bit of a grasp about like what it is and how
it works. But it's I think, you know, for myself and a lot of people, like super hard to kind of
comprehend what quantum computing is and how different it is from your regular computing and what
kind of applications you can have. But before that, this episode is brought to you by NOSIS,
building the open internet one block at a time. NOSIS was founded in 2015 and it's grown from one of
Ethereum's earliest projects into a powerful ecosystem for open user-owned finance.
NOSIS is also the team behind products that had become core to my business and that are so many
others like SAFE and KOWSWAP. At the center is NOSIS chain. It's a low fee layer one with zero
downtime in seven years and is secured by over 300,000 validators. It's the foundation for real-world
financial applications like NOSIS pay and circles. All this is governed by NOSISDAO, a community-run
organization where anyone with a GNO token can vote on updates, fund new projects, and even run a
valetator from home. So if you're building in Web 3 or you're just curious about what financial
freedom can look like, start exploring atnosis.io.
Yeah, I want to ask you, John, what got you interested in quantum computing and what convinced
you that this idea of quantum native finance is something that's interesting, that we should be
looking at, that's possibly investable today, and that it's something that will last into the future.
Yeah, no, no, great question. So, you know, it's kind of like, I mean, we've known each other a very long time and going back to, you know, the beginning of all this stuff, Ethereum and so on. And I remember many years ago, Brian and I were hanging out. I think we're in Germany with Carson, Stoker and a few other people. And we were talking about how amazing smart contracts are and like how everything's going to change, et cetera. And it was like very exciting and new. And we were just, I mean, just so happy to dive into all this stuff, right? Fast forward to today, to some extent, I feel a little bit saturated, almost like, well,
Well, at least in Ethereum, what we're trying to do is just figure out how to re-hypothicate things.
And it's not nearly as cutting edge as it felt maybe, you know, seven, eight years ago.
And so last summer or last year, I guess, towards late summer, early fall, I met Stefano and his co-founder Fabrizio, and I met a few others.
I call it the special Venn diagram, these folks who are quantum physicists, computer engineers, and crypto-natives.
And that's when I had like a mini panic attack almost, like an existential breakdown moment, when in reality, you know, I learned that.
the quantum ecosystem is much more dynamic than I had realized up to that point. And I say this all the time.
It used to be in the back of my mind that it's, you know, 40 years away. It's going to be this
gigantic machine that looks like an alien spaceship that Google builds with the NSA. And I don't
need to worry about things. But in reality, again, if you look at the ecosystem, there's, of course,
the big tech companies in Google and IBM and Microsoft, etc. But then you've got this tremendously
dynamic startup ecosystem. You've got, you know, Cy Quantum, you've got IonQ, you've got so many
these innovative companies, Oxford Ionics, et cetera. And so you sort of then look at, let's say,
the capital markets or the venture fund ecosystem. And you've got the biggest sovereign wealth funds,
the smartest capital, who have for a very long time been investing in this space.
You know, the UAE, for example, with their sovereign wealth fund, has been investing in global
foundries for a long time. And then you look at the policy side of it. And it's kind of like
you've got top, let's say, policymakers, politicians, et cetera, in top leadership positions.
you know, like Governor Pritzer of Illinois, shilling Cy Quantum all the time. They're building this
massive facility in Illinois and so on, you know, elected officials, government leaders all over
the world and all the major companies. You look at what's going on in China, et cetera. And you start
to realize that actually this is super dynamic. There's a ton of capital coming in. The regulatory
and let's say government will is there. The private sector, both with big tech companies and with
startups, is extremely dynamic and moving very, very quickly. And the research,
are just tremendous. You meet some of these people and they're incredible people, very focused on
this stuff. Okay, so what does that mean for us? Well, like in my case and probably many others
watching this, I mean, to some extent or a large extent, our life kind of depends on ECDSA,
you know, whether it's our asset base, our career, I mean, even just crypto being a part of your
daily life that you enjoy, you know, participating in this ecosystem. And that, as it turns out,
is a byproduct of it's a, it's a target of this like incredible ecosystem that's advancing.
And I understand there's maybe contentious views on the actual utility of quantum computing,
whether it's in material science or pharmacy or just making logistics better, etc.
I don't think it's so contentious.
But in any case, it doesn't matter because our elliptic curve that secures everything.
And what I mean by that is, you know, if you know my public key, well, you're never,
going to guess my private key so long as I secure it properly. But with this technology emerging,
then that becomes a very different reality, right? Which is to say if you do know my public key,
you can potentially crack my private key. And so putting it all together. And what I like to say
also is you've got to look at all the roadmaps because it is indeed true that the startups have a
great incentive to say things that sound exciting because they're constantly raising money. But I don't
think DARPA has that incentive or TII, which is kind of like the NSA.
of the UAE. The SEC
just put out a pretty significant
bulletin. You look at
BlackRock increasing
or substantially
enhancing their
quantum risk disclosure. I don't think
Google or Microsoft has a reason to pump things
unnecessarily, Nvidia, etc. So you put it all
together in these roadmaps
seem to be converging somewhere
around 2030 where we're going to have
enough logical qubits in play
to threaten our elliptic curve.
So that's kind of, yeah, the realization I had last summer, last wall.
And Stefano and Fabrizio and our local really helped me understand a lot of things.
And for that, I'm very grateful.
Yeah, I mean, I'm a bit like you, I guess, but I guess earlier in the exploration of this.
I mean, I remember like just having some high level thing of like, oh, quantum computing could break cryptography.
And I remember actually, I think I bought some coin ones that was called Quantum Resistant Ledger.
that was like, you know, probably like six to seven years ago because I was like, oh, that's,
and then never heard from it again until I think I really spoke with you.
Maybe it's worth just explaining to people that risk very briefly, right?
So the risk of, you know, today, right, people are familiar.
They have a seat phrase, right, in many cases.
And then the seat phrase, you can derive a private key from that.
And then with the private key, right, you can sign a transaction.
And then the transaction basically is, or the private keys associated with a public key.
And then you can, let's say, have sort of, I don't know, one big point associated with a public key.
Even with the private key, you can sign that transaction, say, hey, I want to transfer that Bitcoin somewhere else.
And then someone else can go and take that transaction and they can cryptographically verify that, okay, this is really that private key.
That's associated with that public key.
And, you know, that's what the whole thing relies on, right?
The whole crypto space.
So can you just explain how could quantum computing great this?
Yeah, I mean, the way I like to say it is, okay, by the grace of God, if I'm lucky enough tomorrow morning to wake up still be alive, two things will be true, right?
The sun will be shining and my Bitcoin or my Eith or whatever will be secure, provided that I manage the private key in like a safe fashion.
And so, for example, you get crypto steel, you put your seat phrase on something like that and you put that in an underground vault somewhere in Swiss.
Switzerland that, you know, is very hard to access. And you take safeguards to ensure that your
private key or seat phrase is never in any sort of digital form that can easily be stolen from you.
Like, you know, people who have been in the past put, I don't know, these files in their email,
for example. So as long as you take those safeguards, then basically tomorrow morning, when you
wake up, your Bitcoin will still be there. However, and it'll be very, very, very hard for anyone
to like determine your private key based on your public key.
Okay, even if you take all the classical computing in the world today,
you put it all together, it'll still take billions of years.
And that is the thing that we rely on.
Okay.
Now, what we're talking about here is basically a massive threat to that security assumption
that gives us all comfort in the event that this ecosystem continues to develop
to a point where we have sufficiently powerful enough quantum computers
that can run certain types of algorithms,
wherein just with your public key in a very short period of time, maybe on the order of hours or, you know, minutes or, you know, even less in the future, again, contingent upon this technology maturing.
And this is like a hard problem. I'm not saying it's a piece of cake. But if that state materializes, then you don't have that comfort anymore.
Even if you take very strong precautions to protect your private key, it can still be basically calculated by these computers.
and somebody or some malicious actor could then get your private key and move your Bitcoin or
eth or USDT or whatever.
That's...
Because you're basically just brute force, right?
You'd say like, hey, I'm going to like get a transaction and then I'm going to make up a random private key.
And I'm going to create the sign the transaction of it.
I'm going to check does it verify?
And then, well, probably doesn't.
So I'll try another one.
I'll try another one.
Now, normally with normal computers will take like for error.
but with a quantum computer you could do that fast.
That's kind of the idea, no?
That's the issue.
Yeah, correct.
We are relying currently on, you know, primitives,
cryptographic primitives that are susceptible to this type of computation,
provided that you have a sufficiently powerful quantum computer.
And that assumption is the thing that makes us all sleep at night
and gives us the confidence to build a multi-trillion dollar ecosystem.
And if that confidence is shaken or threatened without, you know, us taking the kinds of measures that we need to take,
then exactly what you described is the problem.
So now I'd like to hand it over to Stefano and maybe let's get some clarity on quantum computing.
What is quantum computing and how does it enable, you know, basically what John is talking about,
which is the ability to brute force a private key in a way that you can't do that with a regular computer?
Yeah.
So the question about the nature of quantum computing itself is,
is quite interesting.
There is a sense in which physicists, fundamental physicists, would say quantum is the real way the universe computes.
And it's just that our classical computing has been built upon an abstraction that is very stable.
So we can have trillions, quadrillions of bits very cheaply.
We can do trillions of computations per second in our large machines.
and we do this with very little fault.
There's few errors.
Errors are very rare unless you're in hostile environments such as space
or under certain sort of ruggedized conditions.
But ordinarily, our current civilization relies on the realization
that if you engineer matter and electricity,
so matter and energy to interact in a certain way,
then it's very stable and it can be used to do lots of things.
That's great.
Underneath it, though, the world, the rules of the universe are quantum.
So quantum is the most successful physical theory we have.
By far, the most successful physical theory.
It explains almost everything that we want to derive.
It might be hard to write down exactly the explanation,
but in principle, people believe that up to some details,
it could be used to do so.
So really, quantum computing is mostly an engineering effort.
It's pushing our ability to make,
matter and energy, so typically photons, but there's various ways to do this, do things for us.
It's the original view by the early fathers of quantum mechanics was that really what quantum
computing does is give us control over reality at its most fundamental level. So in that sense,
it's the most general description of quantum computing is you have very very, very much
very fine grain control over the way that nature works in some really small settings,
some really low energy settings, superconducting circuits cool near absolute zero,
individual atoms, individual photons, with enough precision that the noise doesn't drown
out the entire computation and makes it useful. Now, what people did over the years,
that was the original view of what quantum computing should do. And for many years, I think,
60s, people just thought, okay, one day we might have control over nature.
we will do what physicists want to do. We will predict the outcomes of very complicated
physical experiments without having to do them. In particular, we can understand chemistry and
advanced materials, things that we can't simulate. And then some people came from maths and
computer science and started realizing that really some of those fundamental ways that matter
evolves can be used to do some interesting computational tricks. One of the most famous ones is
Shores Algorithm. Shores Algorithm does not really factor numbers in its entirety. There is a very
specific sub-problem of number factoring. Number factoring is considered hard. It's the basis of RSA,
and one of its generalization is the basis of elliptive curve cryptography, which ultimately brings us
to crypto. But really the observation by some very clever people is that there is a little core
inside the problem, there's one subroutine which relies on a specific property of numbers,
of natural numbers, the way they multiply. And if you could do a certain kind of Fourier transforms,
the same that we use to change and clean up signals, it's what this podcast will use to clear up
our voice track in the end, a very basic piece of technology. But if we can do some of it fast,
exponentially faster, then we could factor numbers release it.
And it turns out that quantum computers are very good at doing that.
It's part of the natural evolutionary quantum systems to be able to perform some of these transformations.
You put them in the right configuration and by themselves, they will do it.
As long as you can control the revolution without too much noise, then that's what the machine does.
And this observation was then turned into a larger algorithm that can factor numbers,
very large numbers with thousands of digits.
That's Shores algorithm.
And then derived algorithms that actually factor points on elliptic curves,
which are the algorithms that give us quantum risk today.
So ultimately, like, quantum computing is just about controlling physics,
which is a fantastic endeavor in itself.
One of the byproducts,
and I think by far the least commercially interesting to these companies,
they really don't, I mean, they say,
they use it as a benchmark, quantum computing manufacturers,
but that's not really a product they will sell.
They're not going to go and say,
here, I'm going to factor some large numbers for you.
They want to sell chemistry applications, materials applications,
pharmaceuticals applications, optimization in some cases.
But one of the byproducts that was discovered in the 90s is that, indeed, you can use it to
break the primitives that we use for all of our cryptography today.
And maybe we can go into the specifics of why this is relevant to crypto in a follow-up question.
Yeah.
Yeah, we definitely want to go into that in a bit.
But I would love if you could expand a bit more on, you know, you mentioned like material, chemical.
I mean, like lots of different.
Like, let's say this quantum computing, you know, it comes about what do you think the impact is going to be on the world and, you know, maybe in five years, 10 years, 20 years and on different areas of society.
Like, how will normal people feel like, wow, a world's so different now all of a sudden because, like, quantum has, like, just changed things.
There are many fields.
I think it's worth making a distinction between quantum computing, which today really means universal.
universal quantum computing, which is a huge multi, like multi hundred billion dollar field that
has been developed for the past 10, 15 years. And quantum cryptography, which is a younger
field that is currently in its early phases, even though some of the companies have recently
exited for a few hundred million valuation. So that's, there is already quite a lot of investment,
but I would say in terms of what we could do there, it's, we're still quite early on. So going to
quantum computing, which is what most people talk about these days, there are maybe three or four
major areas if applicability that would bring a direct impact on people's lives. It's not going
to be in 2030. It may be in 2035, 2040. It really depends on how quickly they can reach the correct
scale. There are applications that some of these companies sold applications in terms of
enhancing AI and enhancing optimization. That was the big hype in like the early 2020s. That is no
longer believed to be the primary revenue stream for many of these companies because optimization
problems to be competitive with current classical optimization techniques require hundreds of
thousands of qubits. Logical. Tens of thousands of logical qubits. The number of variables that you'd
have in one of these problem solution techniques that we use today would have to map essentially
two qubits. And that is, that's a scaling that will take a while. In terms of AI, there used to be a
speculative belief that there could be an advantage in using quantum systems for quantum AI. And that's
been scaled back a couple of years ago. There's results that say that yes, but mostly for physics
problems, not for general purpose problems. And also we are literally in the AI boom. We have like
$3 billion in data centers being built on a weekly basis. And it's very very,
hard for quantum computing to compete with that in the short term. Maybe in the long term it will,
but in the short term, that's difficult. Where it really seems that quantum computing will have a
direct immediate impact is applications where you are trying to simulate some complicated
physical system that doesn't quite simplify well with existing techniques. So if you want to do
material science today or advanced chemistry today on fairly large atoms or fairly large molecules,
Think nuclear chemistry. Nuclear chemistry involves really complicated atoms. They are very heavy.
They have lots of electrons. They get to the point where the electrons behave relativistically.
You need to take into account the fact that there's so much energy concentrated in the atom and they're so fast.
The quantum computing revolution in that sector will be having machines that are able to just reproduce a physical system.
You make like a digital twin of a quantum system. And then you configure the machine to avoid.
the system like it would in real life, under real conditions.
More slowly, typically, because you want to observe it,
or you want to ask certain questions about the evolution,
like its energy, like the strength of certain bonds.
But you can reproduce, it's like a lab simulation,
but it's a simulation that doesn't incur an exponential slowdown,
because it's made of the same matter.
The slowdown is, there's a factor, of course.
It's slower because it's the machine.
You need to control it.
It has fewer degrees of freedom.
but it's not exponentially slower.
And this is where it will really make a difference.
When you have large molecules
and you want to study interesting quantum effects
that make them activate in an unexpected way,
say metal-organic frameworks in carbocopter,
that was one of the early examples
people wanted to study,
that's something that quantum computers
with sufficient degrees of freedom could do easy.
And so that's where I think
most of the money will go in the early days,
because they don't require tens of thousands
of logical qubits.
Even if you have a few thousand good logic,
degrees of freedom, that is so much more than we can simulate with our classical techniques,
that it will already enable us to do more chemistry, more materials, more medicine.
So I think that's what it will have the earliest impact. But it's not going to be something
you're going to have on your desk any time soon. Can you explain what is a qubit and a logical
cubit? I think that distinction needs some clarity. Yeah, I think that's one of the big controversial
points in corporate announcements these days is the how many logical cubits do we have.
They're all obstructions. Maybe that it's worth starting with that. There's no such thing as a
cubit. But there's no such thing as a cubit in the same way as there's no such thing as a bit,
right? There's not one bit. There are many technologies that when obstructed a certain way,
give you something that behaves as a bit. Typically, you need some physical system that has too
well-defined states, and you have to have some way of moving it between those states, putting many
of these systems together, and change them together. That's how bits work. Like, you have many
technologies that implement them, and all you need are some basic requirements. Similarly, a qubit is
an abstraction. Quantum systems have a lot more degrees of freedom. But what you do is you take a system
which has two degrees of freedom, like two sufficiently separated energy levels, or a photon that
has like polarization in two orthogonal directions, something like that. And as long as you can
modify those degrees of freedom in a practical way, and that's where all these technology is
come into play. Not everything is easy to change. Then you have a qubit. Like a qubit is a physical
system with two sufficiently well-defined states, which you can modify at a quantum level.
So without making it collapse into one of the two states, but maintaining all the various other
states that are physically possible. They're called superpositions typically. So that's really the
physical side of things. And I think most people in quantum computing or quantum information
are happy to leave that to the hardware people. Like somebody comes up with a new idea for quantum
hardware. The first thing they do is tell you how to build qubits and how to perform certain basic
operations on qubits. And then everybody else uses that as the basic abstraction layer and builds on top
of it. So there's really like the hardware people deal with making the like secret sauce,
the basic building blocks and then people build algorithms on top of that. But then there's the
question of are these qubits sufficiently stable? Can you modify them without introducing too much
noise without losing too many of them? If their photons, photons are hard. I mean, photons are great
because they travel for really long distances without interacting with anything else, right?
We have photons from 13 billion years ago. We have photons from the time of last.
scattering in the universe and we still see them as they were. But they're very hard to catch
and they're very hard to do operations on because they travel very fast. And so there's always a
challenge. All of these architectures are a compromise between how many operations you can do,
what kind of error rate you get and so on. If you want to get from, let's say you have your
Google chip, right, it has a bunch of cubits on it. The hardware people made them and there's maybe
100 or 200 of them, and they're very noisy. Like the operations very quickly disturb them
after a few dozen operations, you lose pretty much every information after a few hundred
operations or even a few thousand. That's not enough to do anything useful. And so what you do is
you say, okay, can I take all of these, like 100 cubits, and take a slice across their space
that's robust to noise? Like I create an error correction code by a quantum one. So I don't just
check for the errors. I really try to look at the whole space.
of these 100 cubits that has 2 to the 100 dimensions.
It's humongous.
And I try to find a two-dimensional slice,
so a tiny, tiny slice,
which is really robust to noise,
where I can easily correct errors.
I can bring the states back to this slice very effectively.
And this is the foundation of quantum error correction.
And one of the key results in quantum error correction
is that the moment that you hit a minimum threshold of accuracy,
so your operations go below a certain error,
rate, then error correction starts improving itself. So there is a point at which if your error
is higher than this threshold, then the error correction procedure introduces more errors than it can
correct, and so it will ultimately fail. And there's, if you're below this threshold, then the error
correction will remove more errors than it itself introduces. And so you can just make your
computation longer and correct errors forever. And it's called the treasual theorem. And this is the
basis really of quantum error correction. Now, this is what Google tries to do. When they say that
they almost got one logical qubit, what they mean is that they are close enough to the threshold
with their hardware that soon, I mean, a year to years, but soon enough, they will be able to
perform correction faster than errors accumulating. But there are other ways of making these error
correction codes, and some of them don't really correct all the errors, but maybe you have
30 physical cubits and you have a code that corrects five errors out of 30. That makes it look
like you have 30 logical cubits or 25 logical cubits, but really you don't, not in the same
sense as the Google cubits do. And so there's a lot of subtleties in how people count this. The real
question is ultimately, can you make these logical cubits, these sort of error corrected abstractions
in such a way that they individually behave as single cubits would with no error or
exponentially small errors.
When the answer to that becomes yes,
that's when you get the logical qubits
that are considered in these Shores algorithm estimates.
So people say, how many logical qubits
do I need to run Shores algorithm?
The answer is typically a few thousand.
And then you have to think,
okay, a few thousand logical qubits
really mean a few hundreds of thousands.
If it's one to a hundred, a few million,
if it's one to a thousand,
really depends on the architecture.
But you have to multiply
by some large factor to estimate how many physical cubits
these companies have to manufacture before they can run this kind of schemes.
But then there are some additional improvements that people have made over time.
You can connect smaller modules.
And the way that these cubits are put together can be made more performant than just
building a large chip.
All in all, the strategy is always trying to figure out,
can I build enough physical cubits such that they have a sufficiently low noise
and I take enough of them together
and I can collapse them into fewer logical qubits
but they're really, really good.
Yeah, this is one of the things I say
for, you know, us regular on a crypto fugens
who are, you know, thinking about this stuff.
There are certain checkpoints, things you look for, okay?
Error correction is one of them.
The Google Willow News was really big.
I don't know that everybody really understood it.
Stephano explains her very elegantly.
But when we get to that point,
that is one of the key requirements
and I think it's going to be one of the massive accelerators of our ecosystem really waking up.
I mean, it's a critical component and everybody's working on it.
So, John, earlier, you know, we were talking about the state of quantum readiness in the crypto space.
Like, by your estimation, what does that look like?
How many projects are taking quantum seriously in order to prevent some of these attack services that you described earlier?
And, yeah, what's your sense of, you know, how this, how this,
basis treating or addressing this issue? Well, let me preface by saying, I have a tremendous
amount of respect for all the researchers, Ethereum Foundation, Solana, everywhere near, etc.
I think those are wonderful people. However, in my opinion, just my opinion, but I think we're in
a woeful state. And I'll give you some concrete examples. On the Ethereum side, you know, the whole
Virgil program just got canceled not too long ago. And actually Stefano and Fabrizio, Stefano's partner for many
years was, you know, telling these guys, hey, you're going to have to redo the plumbing. Eventually,
they figured it out, but, you know, after however many years, however much money, and more
importantly, precious research, you know, researcher time. So even just getting blockchain
networks and ecosystems to understand this risk, take it seriously, and invest accordingly,
up to this point, I don't think that's happened, you know, to sufficient scale. Not even
close. We are starting to see some early indications. Let me give you another.
sort of simple example, and this is just my, you know, dummy D-Gen math here, but let's say we
have a $3 trillion ecosystem. Let's say you ascribe a 1% chance to, I don't know, the IonQ roadmap
being accurate, which calls for 2,500 logical qubits in 2028. And let's assume that results in
100% loss or close to it, okay, in terms of crypto market cap, because I think that if confidence
is shaken in our elliptic curve, you know, capital is going to flee very,
quickly. Okay. rationally, you sort of take 3 trillion times 1% times 100% loss. We should be
spending $30 billion a year right now on this. Okay? We're not spending anything. You look at, for example,
Bitcoin, and there's a guy named Hunter Beast, great guy of a lot of respect for him, and he's leading
the BIP 360 initiative and, you know, a few other people as well in the mix. You look at a guy like
James and Lopp. James and Lop, I like to say, is the most constructively correct bit coiner I know.
I mean, he's technical, he's rigid, he focuses on security.
I mean, he's a great Bitcoin ambassador, and he's come out over the last few months,
you know, at conferences and so on, surfacing the risk.
And I think talking about it in a very articulate and truthful manner.
And, you know, it's no secret, right?
I've had lots of fights with Bitcoin maximalists over the years.
But a lot of Bitcoin maximalists have turned into like fundamentalists where everything is a scam
and they just reject everything.
And I understand there's utility in that.
I mean, it's it can be an important.
thing because, you know, you just sort of hold your Bitcoin and you don't get duped into like
rug poles with all these other meme coins and so on. So I get that. But when you just outright,
I reject everything, including like these technological like innovations where basically you call
physicists and serious people grifters. What happens is it lowers the readiness potential for
Bitcoin itself as a community to accept what's going on and take it seriously. And so, you know,
there is a political or let's say community-based component to this because it's not like banks or
financial institutions where, I mean, they can upgrade in a much, let's say, more simplified
path because they don't have decentralization. They don't have coordination problems like we do or
coordination costs. So even getting communities to wake up to this is hard and has been hard. There is
some, let's say, progress recently. And then when you get even deeper into it and you sort of dig through
all of their roadmaps and implementations and current working groups and so on. There's very little.
I have to give credit to the Ethereum Foundation. They just had an event in Cambridge. I tweeted
about it and stuff and it was really excellent. Vitalik is signaling their intention to be quantum
ready, Justin Drake and some others, Antonio, who leads the Ethereum Foundation as their lead quantum
researcher. Wonderful guy, by the way. So there's things happening there on the Salana side. As far as I
understand. I talked to Matt Zorg, great guy, VP of technology there. They're prioritizing BLS.
My understanding at the current state is is very hard or not really known how to aggregate post-quantum
signatures, certainly not at the scale that they would need. And BLS, in any case, would need to be
redone. I can understand why they're going in that direction now in terms of performance, and
obviously that's Solana's edge. But if you have to then redo the plumbing a couple few years from now,
and at the same time, the point Stefano just made about error correction, we start to see these headlines.
coming in of like these, you know, tremendous innovations, you then have to pivot very quickly.
And the problem there is you would have lost precious time. And you go down the line and, you know,
I mean, not to denigrate Justin Son in any way or anything like that. I mean, I think he's a
great businessman, but like, Tron isn't exactly a bastion of technological innovation, exactly.
And yet it hosts, what, $100 billion with a stable coins and so on, right? So the problem is
quite complex. You look at Ethereum, and this is the analog I like to use as far as our L2
ecosystem, you know, path. I mean, when we launched Ethereum, it was 1,024 shards of the L1,
we're going to have this world computer and so on. But the reality is that proved to be
very hard. And then a couple of few years later, we get, you know, maybe one shard and now this
kind of like L2 ecosystem and so on. And even that's taken seven or eight years and there's a lot
controversy around how efficient, you know, that technological kind of delivery challenge has
been executed against. Okay.
So this is hard. It's complex. It requires users to take action. It requires a lot of social
coordination across multiple networks. And I say this, that we're all in it together. You look at
Bitcoin. Most Bitcoin price discovery is against stablecoin pairs. Like not a lot of USD is actually
traded against Bitcoin. Where do all those stable coins live? They live on other networks. So it's
all intertwined. And I think when you look at it in aggregate, you know, our ecosystem is just
at the genesis of taking this seriously, woefully underinvested in this space, and, you know,
half of the people in our communities think this is all a grift and a scam. So I'm not super
optimistic at the moment, to be perfectly honest, with respect to our quantum readiness.
So let's just, I mean, the scenario we talked about beforehand, right, where basically someone
can calculate, you know, someone who doesn't have your private keys can create a transaction
and to basically move your bitcoins to somewhere else, right, to their own address.
Now, I mean, that of course, I mean, seems to, I guess there would really be a kind of a flip, right,
where like from one day to the next, basically the entire network becomes like untrust for you, right?
Because like someone could move all of like Satoshi's coins and your coins and my coin and why is anyone going to buy any Bitcoin then if they can just be taken away again, right?
like, of course, that also brings up the question, oh, like, how can you benefit from that as an attacker?
Well, probably the best way would be just short Bitcoin, right?
If you could go, like, very short Bitcoin on some, like, traditional financial system,
options short the ETF or something.
I guess, I don't know.
Because, like, stealing the Bitcoin is kind of pointless, no.
I...
It depends if you're caught.
Right?
It depends if you're caught.
Right.
If you, of course, if you are early, right?
Like, let's say you have the keys beforehand and you can steal some and you can sell it
and you can do it before people realize what's going on.
Then maybe there's a high, yeah, and you could probably do some sort of data analysis, right?
You're going to go try to steal some that people hopefully will not realize that there's
because they're not paying attention.
I mean, of course, you could have to Toshy's coin, although people will watch that.
Yeah, I think that's what you say when, okay, I think John is also sold on this scenario.
You wouldn't move them immediately.
You do this in a secret way.
You do it on coins that have not been moved for a while.
Probably nobody would notice.
And it would be one of those news, a whale finally decided to move their Bitcoin.
Is it quantum?
Is it not quantum?
Do we know?
I'm not sure people would immediately.
suspected and you could go on for quite a while and you could make quite a lot of money outside of
the ecosystem in the meantime and then long you could really go with this right because i mean maybe
you think no one is noticing but then like you don't really know right and then it's pretty
pretty in it well let me let me let me let me paint you another picture in terms of a state actor
and i wrote this article it's an open letter to jadu vans i'm sure he'll never see it he was at the
Bitcoin Vegas conference, he said, okay, putting Bitcoin into the U.S. economy with all these
ETFs and all these financial products is an advantage over China because they're not doing it.
And China's never going to embrace Bitcoin and crypto because they're afraid of capital flight
and they have these control mechanisms. Okay, I accept that is generally true. However, if you accept
the potential for, let's say, another big pump in our ecosystem, we get to 10, 15, 20 trillion.
Now there's so much, so many trillions leveraged into the U.S. economy with Bitcoin as the underlying,
all these stable coins, et cetera. For a state actor, Bitcoin becomes a military target. Now,
here's the thing. Bitcoin will not, in my opinion, warrant a military response or any kind of
detaunt. Okay? You don't send a nuke into the U.S. because you can be sure they're going to send
a thousand back at you. So there's a detaunt and nuclear attacks don't happen for that reason.
Bitcoin is not like the CIA. It's not the Federal Reserve. Nobody owns it. And so it becomes
the perfect military target. In that scenario, as a state actor, what you're attempting to do is
cause damage into your rival or adversary's economic system.
And if we have trillions leverage into our system and now Satoshi's coins, so this is an
example of wanting to do a quantum attack, not necessarily to profit, but to cause maximum,
let's say, cascading waves of liquidations and so on in order to cause economic damage,
I can imagine a certain scenario where, you know, the PLA assigns their quantum cloud to
the Lazarus Group, who obviously, you know, has been very adept at crypto-haping.
hacks for a long time now for this purpose. Moreover, when you look at other networks, Ethereum
hosts all the stable coins. Excuse me, Ethereum is a nonprofit foundation in Switzerland, okay?
Switzerland is not going to go to war with China or North Korea or anybody else over an attack
to that kind of an entity. Same thing with Solana and so many of these other things, which are
constructed as offshore non-profit foundations. Okay, there is no detaunt element to, you know,
basically preventing an adversary from causing economic damage as we continue to lever up
this stuff into our economy.
No question.
I think if the capability becomes available, people will use it.
I mean, for whatever motivations they have.
But is there, I mean, what is the way to deal with this?
Can you, can we somehow upgrade, let's say, Bitcoin or Ethereum to prevent that risk?
And how would...
Some of it, some of it.
The reality is that some of the risk.
comes from attacking addresses and getting, you know, compromising the part of the stack,
that's the cryptographic attestation. That's where you sign transactions. That's where you sign
operations on smart contracts. That can be fixed because what's happened until now is recorded
on the ledger and as long as we switch to quantum resistant cryptography, we can prevent it
from happening in the future. There are challenges there, which we can discuss. It's not
not as straightforward as changing the public certification stack that we rely on for internet
or any of our secure transactions, although that's also non-trivial.
But people have talked more about it.
Because crypto...
Is it like...
No.
Oh.
No, sorry.
Yes.
Oh, yeah.
Okay.
This is not crypto.
This is everything.
Like you connect to a website, you use HDPS.
That's how these days you rely on the file.
that there's not going to be somebody in the middle
altering your transmission.
Now, once there's the initial phase, really,
of the communication,
which is where you establish a symmetric key,
that is done by using certificates.
So things that rely on public key cryptography
that are quantum weak.
If you get into that stage, then that's it.
You can play replays.
You can put yourself in the middle of a conversation
and pretend to be both parts.
You can do whatever you want.
Our entire technology,
relies on this. Updates to Windows rely on this. Updates to anything actually rely on this. Signatures are
like digital certificates and the chain of certifications that we have created are the basis for
the entire world communication network. And so that's all week. But it's easy to think about
crypto. I mean, when John and I were talking about this a couple of weeks ago, my argument was
that like, you know, crypto in in comparison to everything else that can be impacted by this,
is such a minuscule kind of part of the economy that affects a minuscule portion of the population,
when in reality it's like all of our systems, every single one of them is at risk when we're a post-contum world.
Yeah, but if you think about it from like, let's say a wealth perspective, first of all, right?
And I mean, I guess a lot of people here are probably all of people listening, right?
they will have a lot of their assets in crypto.
So if that just gets wiped out to zero,
well, that's pretty significant event.
It is pretty significant.
But I mean, I got like chaos in the streets starts happening much earlier
when like everyone's bank accounts don't work, right?
Or like, you see what I'm saying?
Like, I mean, there's like much more visible kind of risks to the entire global
with quantity.
It's pretty visible for most people if their coins are gone.
I think the reality is that there's really three, well, two main reasons why this is different.
The main one, the really big one, is a cultural one or political.
I don't know how we want to call it, but let's say cultural.
Most of the classical cryptography community that deals with certification and key exchange protocols
knows this very well, has been working on this for years.
They already have protocols that they could use if quantum happened tomorrow.
They would be able to deploy the changes to the browsers.
They're already experimental features of some of the major browsers.
You can enable it yourself if you want to try it.
They wouldn't incur a huge computational costs.
There's a lot of things that they've already done.
Unlike the foundations and communities that govern most of the crypto infrastructure,
the older, more traditional web two infrastructure,
sure, let's say, is handled by people that already took this very seriously and already, like, plugged the holes to some extent.
It would be problematic if it happened from one day to the next, but you have centralized authorities, you have banks that would just refuse to transact for a day or something like that.
But really, too, okay, this is a cultural problem. We could solve it tomorrow.
We could all agree that quantum risk is real and tomorrow we do something.
what do we do?
How do we switch
the cryptographic primitives used by Web3?
Because Web3, unlike Web 2,
made most of it,
maybe not its entire fortune,
but most of it from very clever
new applications of cryptography.
Some of these are really, really sophisticated.
Like, its elliptive curve cryptography
used to do lots of fancy stuff,
like zero knowledge proofs.
Now, not all of them are ECC-based,
but some nice ones are.
we built an economy on advanced cryptography
and therefore there's a lot of primities
that people from outside WebTree don't really care about
like they've not worked on it because they don't need them
and so it's up to the chains that use them to figure out
how they're going to replace them in a quantum resistant way
this is what the Cambridge Workshop for the Ethereum Foundation was about
it was figuring out which parts of the stack need changing
what are the candidates and how we can do it in a way
that makes everybody happy.
And so even if everybody suddenly believed
that quantum risk is real
and they understood the potential impact on the economy,
even if they all agreed to do something
which is super hard
because the entire point of decentralization
is that there are so many different voices
and so many different opinions
that have to sort of coalesce for something to happen.
Even Daniel would be challenging
to change some of the infrastructure.
But for example, for Bitcoin,
most of the risk is in one place.
the attestation part. It's in the signatures. We could agree to pick one of the new schemes,
and that might be relatively easy. There are various mitigations and there are proposals
that have been put forward that are really well studied that would fix this in one way or another.
But the problem there is the Bitcoin community is fairly fragmented. And a lot of the big
voices are very opinionated. And so there the cultural elements is the more,
I think important factor.
In Ethereum, it's a technical element that really makes a big difference.
There's so much stack to change.
So my question here, so let's say if we look at Bitcoin,
so is what would be needed that, you know,
the core developer makes some changes to the Bitcoin protocol
and maybe the wallets and the miners obviously have to like switch it
new software or something like that?
Or is it something where, you know, you then also need to have,
the individual Bitcoin holders, you know, kind of take action and like, let's say, for example,
transfer their coins to, you know, some kind of new accounts that are now quantum proof.
Yeah, you'd have to.
Depends on the proposal.
There are proposals that are less invasive.
But to some extent, at least some of the users would have to make active migration.
That is the biggest of it.
If you actually not actively migrate, and if you can steal the coins,
of those who don't actively migrate,
I mean, that's like almost impossible.
How do you, like, imagine it from the point of view
of how the game would look?
You changed, let's say that everybody agrees.
We have some new system, however it is,
some new system that we put in place at some point,
we fork Bitcoin, we patch Bitcoin,
everybody migrates.
Now we have a new authentication system.
There's a new cryptographic at the station that is
quantum secure, quantum resistant.
How do you make sure that you migrate the wallet contents from the old system to the new system?
Whatever you do, somehow each wallet owner has to establish that they are the owner of the new system.
Now, for many of the accounts, this is doable by relying on something which is already quantum resistant.
For example, the derivation of the private key
for many modern wallets comes from a seat phrase
and you can build proofs that you know the seed phrase.
Coming up, like going back to the seed phrase
from even the private key is hard.
And so in some derivation branches.
But they exist.
People use them.
And so you could in principle say,
okay, if you want access to your funds again after the fork,
you produce a proof that you knew the seat.
phrase without revealing the seat phrase because that will break the security of your account.
Some proposals exist. I think Vitalik backed one some time ago for Ethereum that would do something
like this. That's fine, except for the earlier accounts that were not based on this particular
mechanism. And for those, what do you do? Do you freeze them? Do you return the coins to the ecosystem?
them. Some of those
may legitimately be dead and never used
and still taking them out of circulation might be
a way to handle it.
The threat that they would
have to be burnt might
be enough to push the original
owners to do the migration.
But at the same time, for some of these people
revealing that
they are the owners of those
coins is a problem.
And they do have a private voice in the process
and they might just oppose it.
Or there's just the legitimate
concerned that this might fail in some way or it might impact some people too heavily that have
a stake but not a visible one in how the ecosystem is updated. So it's challenging. At some
point something needs to be done to link the old proof to the new proof because the proof has
changed. And otherwise anybody who has a quantum computer could just say, oh yes, I am I am
Satoshi. Hello. Now probably that wouldn't be believed or it would be subject to huge scrutiny
but there are many such cases, not a huge majority,
not even, I don't think it's a large minority even,
but enough that we are still discussing how to do this.
There is a privacy component to this as well
that I think I certainly didn't realize,
and it's this idea that you can harvest large amounts of encrypted data.
It doesn't have to be crypto, it could be anything,
could be your signal chats,
could be your encrypted vaults on cloud storage,
and that when Cronton,
computing is here that we'll be able to decrypt those. And John, you've talked about,
allegedly, governments and sort of the nation states acquiring and harvesting tons of encrypted
data for potential decryption later. How big is this threat? And what do we know about
it actually happening right now? Well, it's a great question. So let me start by saying I'm a big fan
of Monero and Zcash and, you know, Zucco and so on and all those communities.
communities. Okay. I had a conversation on Twitter with Fluffy Pony recently. I guess he goes by
just Ricardo now, but I was thinking of his fluffy pony, great guy. And I asked them point
blank. And to his credit, he was very upfront. They have a roadmap, okay, for post quantum. However,
it cannot account for the past. Okay. So if you are using Monero today, it's broken. In other
words, and I'm not saying, and look, privacy is normal. I'm not saying it's not. I'm saying that
it's also easy to infer that probably some people are using, you know, something like Monero.
in an illicit way.
And it's no fact.
It's no secret.
I mean, this isn't me saying anything controversial,
but the dark market's favoring Monero.
So anyone who's using it right now for anything illicit,
tax avoidance, selling drugs, whatever,
they don't have a way to obfuscate the past,
meaning that in the future, when they go post-quantum,
the past can be ultimately revealed.
Okay, so in a sense, Minero's already broken from that standpoint.
And this is coming straight from Fluffy Pony.
I mean, he tweeted at me,
and I could send you guys the link later,
and I read their stuff and everything, and they have a great roadmap and so on, but this is an issue, right?
So basically, it's very simple.
All of the encrypted communications, transactions, et cetera, happening now, which are indeed
currently safe and secure, that can be harvested.
And I'm certain, I mean, I think it's preposterous to think it's not being harvested.
And then later, it can be unlocked and revealed.
Okay.
So that is a big problem that currently exists.
I think specifically as it relates to this scenario I just,
describe for certain kinds of transactions. I'm not sure that people understand this issue yet,
but that is another kind of meta that I think will enter to the ecosystem at one point
in the not too distant future. I mean, if I can add one more point to that, this is a problem.
Again, it's useful to compare the issues we have in Web3 with the issues that exist in the broader
economy, in the broader internet, in Web 2 technologies, in what we use today for everything.
It is a fact, an established fact, that certain large government organizations have been harvesting lots of data.
But that's mostly data that's in transit.
And so while it is easy to harvest to some extent for somebody who is really tapped into most of the global notes,
it is not necessarily easy to harvest it in such a way that you have all of the pieces that are necessary to ultimately decrypted.
We've been using sort of forward secrecy for a while in classical web two communications.
This problem has been known for decades.
It wasn't patched immediately, but it was patched a while ago.
There's also a lot of private data, though.
And that private data is technically somewhere, some data center.
If you're a bigger government organization, perhaps you can compel the company to give it to you.
Perhaps you can't.
Some of these companies are compliant.
Other companies make it a business point to not be compliant.
and so they will try their darnness best not to make that data available in such a way that it can be easy to decrypt.
There's a challenge, there's a cost associated to doing this at scale in classical infrastructure.
We built an entire ecosystem where we keep all of our data on a large database that's distributed across tens of thousands of nodes
for the very purpose of making it available to everybody at all times.
It's literally the way we structured our application C Web3 that anybody, anybody,
can get the whole history of Monero.
From the very start, in fact, they have to, if they want to run a full note,
from the very start, and they can just, you know, keep it.
All they have to do is ask someone else who has it, and they will get big.
So it's very easy if you have a quantum computer and you're a private company
and you're not, let's say, a large government organization.
It's really easy to at least do this.
You can very much take a sufficiently powerful computer, 10, 15 of them.
You run a full node for each one of the 15 biggest chains, and then you keep it synced.
That's all you have to do.
You keep them in like a small warehouse for the next five, ten years.
And when you have access to quantum computing capabilities, you start decrypting from the start.
And most of that will probably be useless.
It's just people who want privacy in their transactions or their communications, but not all of it.
Some of it will be criminal.
John correctly says there some of these technologies have been used.
used for illicit transactions to various degrees.
Like not everything is arranging assassinations.
There's also some like milder cases of tax optimization, let's call it.
Let's take the least problematic one is still interesting to governments because they're like,
okay, this person is not going to go to jail, but we're certainly going to send them a bill
for the money that they haven't paid yet.
And there's a revenue in that.
They might be willing to pay a private company to provide this data.
But more interestingly, these platforms are used by people who don't trust traditional infrastructure
because, not because they're doing something illicit per se, but because they're doing something
which is not okay with their current government or with other governments they might be exposed to.
So think activists, think resistant groups.
We have a few active conflicts in the world.
Some of these people coordinate through encrypted channels that rely on Leptic Cup cryptography.
Some of the information the exchange will be relevant in five years or even in 10 years.
And so that information is already broken.
If you are a privacy-focused application today and you sell your services as privacy
based on Lipto-Kircropography, I mean, you're putting some people in danger, significant
danger if the information has to remain private for sufficiently long.
We don't know how long, right?
We don't really know if PsyQuantum has quantum computers today.
They don't have public machines, but they did start building.
fabrication
centers,
they have their fabs,
so exactly how far
can they possibly be
with the investment they have?
Maybe they will not get there,
maybe they've already gotten there.
The point is,
you might not know
for a really long time.
Yeah,
when I was,
you know,
after I spoke with John
in Khan,
and afterwards,
I mentioned it to a few people,
right,
sort of in the next day,
you know,
what about quantum?
What are you thinking about?
Quantum rest?
Like,
little bit by the conversation, you know, kind of, you know, technically, you know, L1
founder, so a bunch of people who were like, you know, sort of, very technical,
were key crypto people. And, and I think that the most common response we got, it was like,
basically, and, you know, I remember John here saying like, well, it could be like 2028, right?
Like, it's like a few years, maybe 2030, but, like, you know, it's close, right?
I think the most common response I got was like, yeah, I'm aware of quantum and I know it's a problem and then I know it will come.
But like, it's way further away, right?
It's more like, you know, 235 or like it's basically far enough away that like I don't really have to worry about it now.
I guess that is like really the crux of the question, right?
Because if it is 2028, pretty close.
right now I remember actually
you know
I think you John
was saying like well I don't really want to invest
in anything where I'm going to be locked up for
four years right
because like that might be
you know might mean you're going to be locked up
when
when sort of that happens
so yeah I would love
to get your takes on this timeline
like what do you guys personally
think is likely
and how
wide is the range here
in terms of opinions that the experts have.
Well, maybe I'll give a market-oriented answer,
and Stefano can give you a much more detailed answer.
But, okay, one of the things I say is, in my opinion,
quantum readiness will be one of the most bullish indicators of price going forward.
So if you're an L1 founder or a community,
there is a tremendous incentive, in my opinion,
to signal quantum readiness.
And indeed, so here's a scenario.
So Ethereum is quantum ready.
Solana is not.
Two years from now, some big news comes out of a breakthrough.
And smart capital allocators, you know, you look at a guy like Gennie Galkberg,
RE7, you look at Gauntlet, etc.
They're deploying hundreds of millions, billions of stable coins into defy and generating yield
and building great businesses.
This is smart money.
They're going to look at something like that and they already are starting to pay attention
to the stuff and they're going to say, okay, all the TVL we have on Solana, put that on
Ethereum, even though we don't have...
That relies on that two-year.
I mean, the thing of quantum readiness being a real factor,
only is the extent that people think it's a massive issue and it's an issue soon, right?
If people think it's an issue further down the line.
And of course, it also depends on what do you think other people think, right?
Correct.
That is true.
But here's the thing.
And I wrote this article called the Institutional Force Function.
Now that public companies and all these big institutions,
they have fiduciary responsibilities.
And so the quantum risk disclosures,
you know, BlackRock significantly updated and others, et cetera,
if you're one of these institutions,
you definitely don't want to be sued in the event something happens.
And when you're in a situation where, like, that event,
when that will happen is unknown,
but you have pieces of information.
Like Google Willow was a big piece of information.
The point Stephano made earlier about error correction,
if we get to that threshold and we see that also proliferate
right, it gets public and everyone talks about it. That is another point of information. So in terms of reducing your liability for these large institutions, you don't want to get sued where somebody says, well, you had all this information and you didn't take action. Okay, so there's a lot of motivators that I think will flow funds to networks that are quantum ready, even though we don't exactly know when something might happen as we keep going along and we get more and more information, more and more news and so on. And just one more quick point to make on that as far.
as when and so on. I don't think it's a conspiracy and I think Stefano agrees that the first run of
this kind of capability will go to the military intelligence apparatus, you know, the CIA, the NSA,
whatever, etc. You look at the example I use is the SR 71 Blackbird, that super futuristic
spy plane. They started building that in the 50s, okay? When you look at it today, it looks like
an incredible modern aircraft, but it flew at Mach 3 in the 60s and 70s and so on, right? So,
I think advanced states of, you know, basically strategic technology is something that, you know, these governments definitely, you know, focus on.
So what I'm saying is I don't think there's any good reason to suggest that we're going to know, okay, in some very public way, when this capability exactly exists, because I think it'll go to this military intelligence apparatus first, and they may have strong incentives to keep things quiet.
But here's another scenario, and this is about confidence.
If the confidence, if people start to get nervous, that's enough for cascading waves of liquidations and the prices to trend to zero.
Even if your coins are quantum safe, but everybody's scared and you're holding your crypto and it's just losing 50%, 60%, etc., that's already bad enough.
And what I'm saying is when you look at, for example, Ross, okay, and the Silk Road thing, the FBI agents went to jail too, right?
I'm not accusing any government official of doing something nefarious.
I'm just saying there's a lot of different ways this stuff can leak.
And so even if the military intelligence apparatus gets the capability first and somehow that gets out,
that is enough to cause concern and a loss of confidence.
Anything along those lines will start to send prices trending down.
And that's when I think smart money allocators and others,
they're going to just not have as much risk on chain in various positions and so on.
So that is another element to this too, even before we have the quantum computers, that perception.
And that is definitely an unknown.
And it's something that I think people are going to start factoring into their risk calculations.
Stefan, I want to give you the opportunity to also talk about Never Local and this idea of contextual cryptography.
Yeah, what is your vision for quantum money and how are you guys building this?
Yeah.
First, I'd like to add one, like the technical point to what John just said.
just briefly. We don't think that quantum risk will come in the early 2030s because we have
some opinions. Most of us are scientists. We look at what the progression is, what the timelines
projected by the companies are, and whether they're on track. And if there's a line that kind
of goes straight and it continues to go straight and the points continue to fall on the line,
month after month, year after year, and there's a spread across some companies, but they're roughly
all in the same neighborhood.
I mean, then you draw that line to like the 2030s and you ask when will we hit the magic number.
And that's not in the 2040s. That's not in the 2050s. That's in the big 2030s very realistic.
So I just wanted to say there's a lot of perception risk.
Like people at some point I just switch and say, oh, this is real because of some announcement, because of some demonstration, because there's some insider information.
But even if you don't have that, you just have lines going up pretty much on track.
you have the cost of the algorithms going down
because people make more and more efforts
to make them practical now that the end is in sight
and I mean you draw an intercept
and try to figure out roughly where they meet
so there is a risk is there
it's not it's not really a matter of opinion anymore
it's a matter of I mean people publish timelines
dots fall on timelines timelines
timelines say 2035
so in that sense it's a
it's a simple
consideration to make these days
there's so much progress that you can track it.
It will happen.
Maybe it won't happen.
There's going to be some roadblocks.
Who knows?
But there is some numerical evidence.
But then, who knows?
It could be faster.
20305 is where roughly they go, but they might have an acceleration.
They might not be telling you exactly what capabilities they have.
Or they might be lying about it.
That's also possible.
They might just all be overhyping what they're doing.
There's a spread, of course.
But at the very least, we know that in principle,
that's where the line hits the target.
But yes, sorry.
Never local.
So this is where we switch from quantum computing
to what I initially said is quantum cryptography,
which is slightly different discipline,
slightly different investment pool more than anything else.
The underlying technology is similar in many ways,
but the applications and potential customers
and the efforts to bring it into the world
are different.
They're at a different stage in terms of development.
They're different in terms of the applications that people want.
So the state of things today is that there's quite a few providers of quantum network infrastructure.
What people call the quantum internet doesn't yet exist,
but there are small versions of the quantum internet.
There's large companies, Toshiba, Mitsui, that go around and put some,
small geographical fiber optic networks in place for some early customers that buy access to
these networks and use it for some prototype applications. They go to some company that sells
them some quantum key distribution equipment of more or less accurate versions. And I'm not sure
what they do with it, honestly. They try to integrate it with their infrastructure and they start
seeing what the challenges are and whether they could use it to get more secure communications.
The state of it is there is one large company that that makes quantum key distribution
hardware. There are many smaller companies that make quantum key distribution hardware. The large
one, the most well-known one is ID Quantique. ID Quantique was acquired maybe was it two and a half
years ago at this point by SK Telecom for around $50, 60 million. That was the valuation at the time.
It was recently sold to IONQ for $250 million.
And that's a fairly strong indicator that if the ecosystem is growing,
then there is an interest in having applications running on this ecosystem.
Some of it is academic or government-led.
China has the largest network for this kind of applications on the coast.
It's a mix of fiber optic and satellite based.
There's some in Europe.
There's some in the US.
It's growing.
It's very early stage.
What we realized when we started thinking about what do people do,
with quantum technology in cryptography with Fabrizio,
was that there is really one application that gets sold,
which is this quantum key distribution.
It's a quantum version of the key distribution protocols
that we use today to secure our communications.
It's establishing symmetric keys.
But it has, in principle, a very useful property,
which is called device-independent cryptography.
It's device-dependent security.
It's the idea that you can establish these keys without trusting the hardware.
So imagine that you're a large organization and you want to put a significant amount of money on some private communication between you and some other parties.
You're a casino, let's say, in Switzerland.
And you don't want to be exposed to supply chain risks, which today are really very much a possibility.
You buy some specialized chips from somebody.
If there's enough money, someone will try to put the backdoor on it.
So you don't want that.
And you say, is there a way to do so where I can verify that the protocol works?
I can test it.
And I don't need to trust the manufacturer or the people who shipped it to me.
And the answer to that is no if you use classical hardware, but yes, if you use quantum hardware,
which is really revolutionary.
It's a big difference between classical and quantum cryptography that you can reduce.
the trust to operate in the protocol, but not the hardware that implements it.
And quantum key distribution is sold with this promise today,
but really the versions that are sold make a certain,
make compromises to become practical already,
and those compromises erode some of these security promises to some extent.
But in principle, you could make it so that there is no trust left in the infrastructure,
there is no trust left in the hardware.
as long as you operate it and the counterparty operates it
and you both make sure that the environment in which you operate them is secure,
something you can do in your basement, let's say, or in your data center,
then the rest of the network is abstracted away and you don't have to care.
You don't have to care about people splashing into your fiber optics.
You don't have to care about people bugging or backdooring the hardware that was sent to you
because the protocols exploit fundamental properties of quantum systems
in such a way that you can get secure.
out of fundamental randomness, as it's called.
It's an interesting technological advancement.
I watch one of your talks and the way you describe quantum money,
I think, kind of resembles a little bit the idea of cash
where when you accept a five-year-old bill or a dollar or whatever,
you don't need any external verification to verify that these funds are,
that this is a legitimate payment instrument
and that you now all in this payment instrument,
which we sort of need with blockchains.
We need that the verification of a consensus,
whereas with quantum money, you wouldn't need that.
The very ownership of the instrument
would be an indicator that it is legitimate and that you own.
Is that a good way to look at it?
Yes.
A simplified way to put this is to say
that you can't clone quantum states.
That's the toy version of quantum money.
You have a, it's one of the fundamental properties of quantum states
that the information encoded within cannot be copied.
You can modify it, you can destroy it,
but you can't really copy it in a deterministic way.
Now, of course, this is too simple,
it's the basis of the original protocols for quantum money,
but it's too simplistic for practical quantum money,
and so you have to do other things to make it practical.
But ultimately, it is, yes, it's truly peer-to-peer,
digital cash. That's the
way to put it. It's something
you want cash to be digital. You want
value to be transferable both locally
and across networks because you don't want to be
bound by the fact that we are physical beings carrying a wallet
around. Otherwise it's easy. That's cash.
You want it to be uncronable. You want
the value to be anchored to something which retains
like the truth of who owns it.
Ownership has to be unequivocal.
You cannot manufacture new currency.
You cannot copy the currency you have.
The cash you have is the cash you have.
Of course, physical cash, like let's say paper banknotes,
are an approximation of that.
But over time, we have evolved mechanisms
to protect the copying value
in locks that with the technological advancements
of the various eras that we've gone through.
So we had things that were hard to get,
then coins which had some manufacturing techniques that made them recognizable,
then we made banknotes, then harder banknotes, then more security features in banknotes,
and we are today with our current cash.
What we did, unfortunately, in the move to the digital commerce world,
so in the digital commerce era, is to sacrifice quite a lot of these features,
the ability to transact without intermediaries,
the ability for self-custody.
All of these were features of cash for ages.
You had your own value, you carry it around,
you can give it to anybody you want.
There's pretty much an agreement that that is the value,
and it's for prices to determine the exchange rates,
but the value of the banknot you carry around is almost undisputed.
When we moved to digital commerce,
we decided to sacrifice some of this
for transactability across distance.
We created intermediaries and those intermediaries got more and more control over it,
and we lost quite a lot of what we had with physical cash.
To the point that today, if you talk to, let's say, mainstream finance analysts,
the commonly held view is that cash is essentially an obligation by somebody to pay you.
That's how they see cash.
They say, okay, cash is not really cash.
The value is the network value and cash is the obligation to somehow be able to redeem it.
which it didn't use to be the case.
You could carry around cash that the bank didn't play any role.
If once we centralized cash, it was the pound.
It didn't matter whether you were banking with Barclays or with HSBC.
I'm London-based.
That's why I'm picking UK banks.
It didn't matter.
You went to the shop and you paid with the bank.
Nobody cared where it came from it.
It wasn't an obligation by a specific bank.
Now we turned it into that.
And that has a number of side effects that we may or may not.
And one of the things that can be done with quantum technologies restore most of those properties
is make something which can retain value because it cannot be copied and can be potentially
carried around if we improve certain parts of the quantum information, quantum cryptography stack,
the hardware stack, enough. We could even have it in our pockets, in wallets.
and retains the digital nature that are modern, worldwide internet-based commerce demands
where you want to be able to exchange value across a distance as well as in person.
And so it's hard to design something like that classically because classical information can
always be copied and so you have to rely on something on top of it.
Consensus is the solution we came up with in WebTree.
Thanks.
That is a very, very interesting point.
and I feel like at some point
it will be
you know worth going deeper and maybe
doing some follow up conversations on that
and I think on sort of the possibilities
that get unleashed with quantum
we've gone for a long time
we just want to maybe
one very brief last question
for you John
you know we spent like
two three minutes on it or something
so you know you're obviously
an investor as well right so you've been
investing in crypto for for a long time. What is like how does that impact your approach to
investing in your portfolio, sort of all your knowledge and your views on the impact of quantum?
Yeah, I mean, you know, I think about it as a paradox. On the one hand, you know, it's kind of like
there's this and you could look at it at a governmental level, for example, ADGM. And I've talked to
them about this. They're funding investment into quantum computing and at the same time they're
developing this crypto ecosystem. Everybody's in the UAE. And so they're funding their own demise.
And so you need a hedge. Okay. The hedge is first of all knowledge to the best of your ability,
understand this stuff. You know, this kind of a podcast is one great start. Everybody who is in our
space and went deep into understanding smart contracts and ZK and all these things, they have to start
understand what, you know, quantum information systems mean, one-time programs, one-time applications,
etc. Okay? And so the knowledge base has to go up. But then aside from that, you need to act,
in my opinion, you need to put together a plan, okay? I believe that we are still safe for quite some
time. I think we have another big, let's say, pump left in our ecosystem, maybe a couple. I think
we're going to get to $10 trillion, maybe even $30. And so definitely, I want to be.
want to participate that and I continue to, you know, hold Bitcoin and other assets, Ethereum and so on.
I continue to invest in projects. But the time horizon has changed. Yeah, it's true. Like, I don't really
do crypto VC deals anymore if like my tokens are four or five years out from now. And as a VC,
you assume that risk and that's fine. But not if these assumptions around security are in question.
And so that's one change. Okay. Another change is I've definitely pivoted. I mean, I did the pre-seed round
for Never Local. I was very fortunate to be in that position. I'm actively looking at other areas
in a similar kind of direction, right? I think it's very hard to get into the big quantum deals,
but you can do things like buy shares of Cy Quantum and secondary markets and so on. So I think
constructing some part of your portfolio to cover this as well. And then, you know, closely monitoring.
I mean, I vide coded this silly little thing. It's called quantum ready. info. You know, and I'm trying to kind of like
basically show the readiness of all the different blockchains. I monitor that stuff on a daily
basis in the event that I see things that I deem to be like significant in terms of, yeah,
like Stefanos said before, error correction and so on. Then I have this knowledge base to inform
what I'm going to do with my crypto assets. I right now in this moment would be lying if I told
you that in 2028, for example, I'm going to be comfortable like I am now having my, you know,
wealth on chain. So maybe at that point, I kind of step back a bit, go off chain, go into
quantum safe bank account, and just observe and see what happens, right? I don't know. Maybe,
maybe not. But I think it's very important for all crypto investors to not have it just in the
back of their mind as this vague nebulous idea of like 40 years away and then just be comfortable with that.
It's exciting and it's interesting and it's intellectually stimulating to learn and get into this
stuff on a daily basis, and then it helps inform how you construct your portfolio and manage your
risk. And I think that's like the appropriate way to think about it, at least for me at this time.
Well, thanks, guys. Thanks for this very lengthy conversation. It's been really, really fascinating.
And I think we will need to touch back, touch base again in the future about this topic.
As things continue to evolve. So John, keep us updated on the latest. And Stefan will have to have
happy to have you back on at some point as well to track progress on Never Local.
Thank you very much to you both. It was a pleasure.