Unchained - Is Nic Carter Exaggerating Bitcoin's Quantum Risk? Yes, Says One Core Dev
Episode Date: February 22, 2026Matt Corallo says “the community that exists at the time” will make decisions on how Bitcoin deals with the threat of quantum computing. Thank you to our sponsors! Figure Cryp...to Tax Girl Fuse: The Energy Network When it comes to the quantum computing threat to crypto, the focus is often on Bitcoin and for good reason. The blockchain lacks a defined governance structure and the vulnerability around Satoshi's and other abandoned and lost coins is far greater than on any other chain. Furthermore, influential figures like Nic Carter have accused developers of sleeping at the wheel. Bitcoin Core contributor Matt Corallo argues that it won't take much to make the network quantum-resistant and, contrary to popular narrative, says work is already underway. Find out why Corallo says quantum-proofing Bitcoin requires only two steps ”you burn old lost coins, you burn anyone who hasn't migrated.” Guest: Matt Corallo, Open Source Engineer at Block/Spiral Links: Unchained: Why Bitcoin Developers Are Not Incentivized to Talk About the Quantum Threat Q-Day Is Imminent. Can Bitcoin Survive the Quantum Threat? Solana Deploys Post-Quantum Signatures on Testnet Cracking Bitcoin Encryption Is Getting Much Easier, Google Says Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
At Medcan, we know that life's greatest moments are built on a foundation of good health,
from the big milestones to the quiet winds.
That's why our annual health assessment offers a physician-led, full-body checkup
that provides a clear picture of your health today,
and may uncover early signs of conditions like heart disease and cancer.
The healthier you means more moments to cherish.
Take control of your well-being and book an assessment today.
Medcan. Live well for life.
Visit medcan.com slash moments to get started.
Can Bitcoin developers say we're working on this?
I mean, yeah, like, yes.
I mean, people are working on this.
I can point to many people working on this.
So here's my formal statement, but like people are working on.
Name all of them.
Please name all of them right now.
Hi, everyone.
Welcome to Unchained, your no-hype resource for all things crypto.
I'm your host, Laura Shin.
Thanks for joining this live stream.
Before we get started, a quick reminder,
nothing you hear on Unchained is investment advice.
this show is for informational and entertainment purposes only,
and my guest and I may hold assets discussed in the show.
For more disclosures, visit Unchained Crypto.com.
Did you know that figure is giving away $25,000 in USDC?
There are a decentralized digital asset platform for earning, borrowing, and lending.
Download the Figure Markets app using our link.
Figure Markets.com.
slash unchained DP. Deposit into their democratized prime pools and earn about 9% APY paid hourly while you enter.
Every dollar you keep in for 25 consecutive days counts as an entry.
Again, the link is figure markets.com slash unchained DP for full details.
The energy network is an intelligent, decentralized grid that coordinates smart devices to balance supply
and demand. Energy Dollar is the native token of the network from one of Europe's fastest growing
energy startups. Follow at Fuse Energy on X to find out more. Quick note before we get into today's
episode. Bits and Bips now has its dedicated feeds. We're spinning off from the unchained feed and moving
to a new podcast and YouTube channel. So if you want to keep up with our weekly live streams and
macro meets crypto breakdowns, make sure to subscribe to Bits and Bips directly. We won't publish
until March, but subscribe today so you can be ready for launch. Be sure to subscribe to the new
feeds at Unchained Crypto.com slash bits and bibs. Today's guest is Matt Corrello, open source engineer
at Spiral. Welcome, Matt. Thanks for having me. Last fall, Nick Carter of Castle Island Ventures
started making a lot of noise about how he didn't think the Bitcoin core developers were
prioritizing the quantum computing threat to Bitcoin enough. One of his essays on this topic was
called Bitcoin developers are sleepwalking towards collapse. He outlined some different threats that he
felt were specific to Bitcoin in particular. He also talked about the Bitcoin culture and said,
quote, it's a very real possibility that Bitcoin is the only blockchain left exposed on Q-Day.
You wrote me and you felt that Nick was overstating the issue and that you wanted to pushback
on what you were calling FUD. So why don't you start by saying what you're saying what you
you think Nick is getting wrong and what you think the true state of work is amongst Bitcoin
core devs on the post-quantum Bitcoin.
Yeah, I think there's two main important points to recognize.
The first point is actually that most crypto wallets use derivation schemes that are quantum
safe.
So those crypto wallets, both Bitcoin wallets included, use seed phrases, right, 12, 24,
words, and the way that wallet goes from the seed phrase, those words, into a private key,
is quantum safe. So there is, in fact, already something the wallet has that ties its ownership,
that gives it ownership, that allows it to prove ownership in a way that's quantum secure.
Obviously, the derivation from the private key to the public key and what appears on chain is not,
and the quantum computer can calculate the private key from the public key,
could forward a transaction.
But what this fact allows is it means you could do a soft fork in Bitcoin,
and similarly in any other crypto, in fact, that uses seed phrases,
and require proof of seed phrase.
So you can say, okay, we're going to do a soft fork.
It's great that you have the private key, but we don't really trust that anymore
because there's a quantum computer or there's high risk of quantum computer.
And in fact, now you have to prove that you knew the seed phrase that was used to drive that private key.
We could do this relatively quickly.
Wallets don't have to upgrade.
You know, I think the big fear is that there's like this 10-year, 20-year time horizon that's going to take for wallets to upgrade and iteratively move all of their coins over to new address types.
And the reality is for most wallets, that's probably not required.
There's a lot of nuance and complexity to get there, but in fact, that could be done pretty quickly.
I think the other point...
Sorry, go ahead.
No, go ahead.
I was going to say, I think the other point in terms of understanding where we are on this
is that there has been a lot of work done.
You know, there's...
I think it can be hard to tell sometimes when you look at Bitcoin to figure out who's relevant, you know, what devs.
of what devs are just kind of in free,
which devs are spending all the time on social media and posting
and not actually doing real work,
so they don't have kind of respect and they're not actually,
they don't matter.
And I think the easiest way to identify that
is to look at the large funding organizations,
so organizations like ChainCode Labs,
organizations like Brink, Blockstrom Research,
that fund a lot of Bitcoin Core developers, Spiral as well.
There's Spiral funds less Bitcoin Core developers
and some other kind of layer two stuff.
And then look at what those organizations overall are doing.
Do they have people who are working on this problem,
or are those organizations totally ignoring it?
And the reality is most of those organizations
do have people who've spent a material amount of time
on this post-quantum question for Bitcoin.
Blogstream research especially has a few cryptographers
who spent time on it.
Chain code labs has also spent a good chunk
a time on mapping out what a post-quantum future for Bitcoin looks like. They had a research report
last year, mid-last year or so. And then someone even linked me to an image of the growth of
post-quantam posts on the Bitcoin-Dub mailing list. And over the last number of years, it's been
basically a linear increase to the point that's now it's 30 or 40 percent of all the posts
on the mailing list are talking about post-quantum. So I think there's clearly quite a bit of
quite a bit of discussion going on on how this should look, what should be done. And then it's
important to recognize that we could, in fact, move rather quickly if we had to.
Okay. So we're going to get into the details around kind of the technical stuff in a little bit.
But before we do that, I just wanted to ask you, so I, like, you know, to me, like,
there's just so many topics to cover.
You know, there's the technical part.
There's like the roadmap.
There's a lot of things.
But really thinking about it, it sort of felt like the number one biggest disagreement
was sort of this characterization around how seriously the Bitcoin core developers
are taking this threat.
So I just kind of wanted to understand, like, is your appearance on this show one in
which you're representing what your personal perception is of the situation?
Or have you talked with other core developers, you know, either?
as a group or even with some subset of the larger group.
And were you kind of designated as like a person to represent the views of Bitcoin devs?
No.
Yeah.
I don't think there's almost ever been a case where anyone is designated to represent the views of Bitcoin devs.
I can only speak to conversations I've had with people, what my understanding is of where
people's views are.
But I think that's probably pretty close to accurate.
I don't really work much on Bitcoin Core anymore, but I do spend a lot of time hanging out with
the people who do and chat with a lot of people who do pretty regularly.
And obviously I've been around working on Bitcoin open source protocols for 15 years now.
So yeah, I mean, I can speak to conversations I've had, and I think I can fairly accurately
represent what other people's views are or what, I mean, I wouldn't say there's a strong
consensus yet, but I think there's a consensus forming in terms of approaches. And so I can speak to
that. Okay. So let me ask you then, you know, you started to lay out how you thought it might be
actually fairly easy to prepare Bitcoin for a post-quantum world. And I did, you know,
want to kind of question a little bit of what you said there because, you know, it's not just
that there would have to be this step where, you know, I guess various wallets would say,
hey, you know, your public, sorry, your private key is no longer sufficient. We need the seed phrase.
But it seems like before that there would have to be a lot of other technical issues that would
need to be addressed. From what I understand, in order to prepare Bitcoin for a post-quantum world,
there would be much higher data requirements. So, you know, obviously given the block size wars
that have been back in the day, it does seem like Bitcoin core developers are quite conservative
when it comes to how they want to approach the data requirements of the network. There would be,
like choosing a post-quantum scheme, which, you know, I don't even think that is like a very
simple thing to do. I think there's kind of a lot of different options. Justin Drake of the Ethereum
Foundation came on the show when he talked about how he actually had chosen a scheme that is higher
on data, but then they have a way to make it, you know, light in terms of the data requirements
on Ethereum. It seems like there might be multiple soft forks that might be required. And, you know,
then, of course, there's the fact of just Bitcoin culture, which Nick pointed out in his
articles that the only two upgrades over the last 10 years have been Seguet, and that took two
years to debate, development, develop, and test, and then Taproot, which took three years.
And then, you know, there's this whole period of, like, deprecating addresses, rotating addresses,
and then getting all the different holders to do this.
I haven't even gotten to the lost and abandoned coins,
which are like 5% of the network,
the whole Satoshi's coins issues.
There's just kind of a lot of different things
that need to be decided before we get to the point
that you described about just like rotating the addresses
and addressing the wallet issue.
Am I wrong?
I'm not a tactical person.
Yeah.
There were a lot of things you threw out there.
I think, so first of all, yeah, it's obviously not trivial to just snap our fingers and say,
we're done, you know, this is no big deal. We've solved the problem. But some of the steps you
mention aren't, I think some of them are clear for now, and then some of the steps you mentioned
maybe aren't as required as some people maybe think. So maybe let me lay out.
Yeah, why don't you lay out like, yeah, what you think the roadmap would have to be to, yeah, to address the threat?
So, yeah, I mean, obviously, as I mentioned, you know, there's, I think there's starting to be some kind of consensus for this kind of roadmap.
You know, I, there's obviously a large Bitcoin community out there. There's lots of people who have opinions.
So things are likely to change somewhat. But I think, um, so first of all,
I don't think there's much of a question right now in terms of which post-quantum scheme to enable.
All of the post-quantum schemes that exist outside of hash-based signatures are fairly early cryptographically.
And having them – and there's a decent chance that they just get broken classically, right, that a normal computer could break them, that we have some cryptographic breakthrough.
They're starting to get some years on them, but they're still fairly young, as far as cryptography goes.
So I think that's not really a question.
I think right now the only thing to do would be to add hash-based signatures in Bitcoin.
But we don't have to start relying on them.
So you mentioned the large data requirement of hash-based signatures.
It's true.
They're fairly large compared to existing signatures.
somewhere between three, four, and ten, twenty times larger,
depending on exactly which type of wallet you might have.
And so what we could do is we could say, look,
you can start using addresses that commit to the post-quantum hash base signature.
But you don't have to use them yet.
They're there, they're hidden, they're not even revealed on chain.
And for now, you just start using these new signatures and it's free, it doesn't cost you anything,
it's just silently committed in your public key.
And then in the future, when a quantum computer, a cryptographically relevant quantum computer
becomes a more urgent risk, at that point, the network could soft fork out the original
signature scheme and say, okay, actually now you have that hash-based public key committed to
in your output. Now you have to reveal it and start signing with it. So you can't just keep using
the old scheme. And so for now, it's free. And I think this is most likely outcome. If 10 years
go by and we start to get a little closer to the cryptographically relevant quantum computer
world, it hasn't kind of suddenly appeared, then at that point,
we could say, okay, actually some of these lattice schemes or some other post-quantum scheme is actually
really compelling, we're a lot more confident in the cryptography, then we could add that and
people can start using that much more efficiently at that time. But having a hash-based scheme now
lets people start migrating for wallets that don't have a seed phrase, which is fairly rare. It's just
kind of these weird specialty wallets. But for some of these weird wallets, they could migrate.
So just in my opinion, it sort of feels like letting it get to a point where the quantum threat exists and then kind of changing things as you go along and expecting people to know that they can't just transact with their bitcoins the way that they normally do.
Like that to me just sounds like a recipe for a lot of people losing their money, right?
No, I mean, the wallets, so the wallets would start using, so two points, the wallets would start
embedding those post-quantum public keys now. So they know how to sign with it, they could sign
with it, they just don't have to yet, so that the cost is zero, right? So you're not adding a ton of
extra data on the blockchain, you know, possibly 10 years away from a quantum computer. You're not,
you know, one of the concerns is that wallets are going to, maybe,
you kind of reasonably look at this and say, well, a quantum computer is still always off.
You want me to start using a relatively inefficient post-quant quantum signature scheme.
That's just going to add more fees for me. It's going to result in bigger transaction,
slower, whatever. I'm not going to bother doing it. I'll upgrade later. So you really want
a upgrade path that is free for now until a quantum computer becomes a more urgent threat.
And I think that's fairly straightforward, right?
You just start committing to these keys.
The wallets know how to spend with it.
They know how to build these keys, how to sign with these keys.
They just don't have to use it yet.
And then at some point when the risk becomes more urgent,
then the switch is flipped and the wallets continue as they were before.
No big deal.
They just have to start signing with the other scheme that they already knew how to do.
Okay.
I mean, I guess like to me, and again, because I'm not technical, sometimes I'm like sort of questioning what I'm thinking here. So please correct me. But as far as I understand, so Nick said this. Justin Drake was on my show said it. Chris Pichert, who is one of the experts in lattice-based cryptography. He explained this as well. It just feels like anybody who develops quantum competing capability,
could keep it secret while they sort of, you know,
kind of get their plans in place to sort of maximally benefit from being first.
So it doesn't feel like a feasible kind of prevention measure to say,
oh, well, wait until it becomes a threat and then it sort of feels like then you're just
leaving all these holders vulnerable to this threat.
That's, I mean, look, it's possible that a quantum computer is developed in secret.
Obviously, in that world, it's probably a nation state.
They're probably not trying to steal Bitcoin.
They're probably trying to decrypt communication so that they can spy on everyone.
But I think this is true no matter what blockchain you look at, and in fact, no matter what
cryptographic protocol you look at broadly, you know, there has to be a point at which point
People say, okay, now the risk is more urgent and we need to stop accepting the old signatures from the old coins, old schemes, whatever.
Yeah, but so what I guess I disagree with you on is like you're saying, oh, well, this applies to any blockchain.
But, you know, as I'm sure you're very well aware, the Ethereum Foundation has come out.
They have a priority.
They have kind of, you know, around this.
They have a group of people that are dedicated to working on this.
They have a deadline of when they want to have, you know, kind of made all their changes.
They even already have already...
But that's not different than Bitcoin still, right?
Like, they have a bunch of...
Yes, there's also a bunch of Bitcoin developers working on plans and designs
and pushing forward potential changes to Bitcoin.
Can you...
The question in both cases is, when do you...
So we have...
BIP 360, which is just to address some quantum vulnerability in taproot that, you know,
for whatever reason got implemented.
So it's sort of like reversing.
P360 is a new address format for, uh, for post quantum anything.
Okay.
It's not related to tap root.
No, it's just a new address format.
Like any other post-quantum, any change to crypto, any crypto or Bitcoin, uh, you have to
start allowing people to commit to post quantum public keys and then potentially use them
and BIP 360 is that.
Okay.
So there's that.
List the other things that are kind of in place that they're like you said that they seem
to be working on.
Yeah.
So I think that, well, the interesting question for every cryptocurrency, whether it's
Bitcoin or Ethereum or anything else, is at what point do old public key?
keys no longer get accepted.
At what point, and this is the burden question, right?
This is at what point do you say, okay, there's all these old coins, whether it's Ethereum,
Bitcoin, or any existing cryptocurrency today, there's all these existing coins that are
possibly lost, maybe just old holders that are held on keys that are only elliptic curve
cryptography, right?
Only vulnerable to a potential cryptographically relevant quantum computer.
At what point do you say we're no longer going to accept that?
And that is a question that every cryptocurrency has to contend with, and every
cryptographic system has to contend with.
It's not specific to cryptocurrency that's true of TLS and literally everything on the internet
that's cryptographic.
And at some point, you have to flip that switch.
And there is not really a lot unique about any cryptocurrency, whether it's Ethereum or
Bitcoin or anything else, about the decision.
of when to flip that switch.
But so have the Bitcoin developers chosen a date?
Because, you know, the Ethereum Foundation does have specific deadlines.
I don't think you can really choose a date in advance
because ultimately the community that exists at the time
is going to evaluate the risk.
Right.
Like we can say, okay, well, you've got five years.
Or we can say, okay, you've got eight years or 10 years or two years,
whatever we say, kind of doesn't really matter because it's up to the community that exists at the time, right?
I'm sure the Bitcoin community will look at the Ethereum community and say, okay, well, have they moved?
No.
Okay, well, you know, where is Google's quantum computer?
Where is IBM's quantum computer?
This most of the quantum computers that exist are being developed in public.
Right.
So you're talking about like the moment that you flip a switch.
But so let's put it another.
way. So Coin Telegraph just published an article quoting Bitcoin Core developer Ethan Heilman.
And in that, he said that he expected that optimistically, Bitcoin would take seven years to
upgrade to post-quantum. He's also the author of the BIP 360. You know, so seven years from now is the
He's referring to migration, right? And there's, if you do.
do a burn, you don't have to rely on migration, right? You could rely on seed phrases.
Wait, if you don't do a burn, what does that mean? If you do, if you do burn, if you do disable
insecure spend pass, you disable old addresses and you burn old lost coins, you burn anyone who hasn't
migrated, then in that case, you actually don't have to burn everyone. You just burn non-seed phrase
wallets, which is fairly few.
Okay.
So, okay.
But I mean, I don't think the community has really discussed what to do with the old
lost or abandoned coins, which, you know, that's 5% of all Bitcoins.
It's 1.7 million Bitcoins.
So, like, do you think that the community is just going to be like, sure, let's just
burn them all without much discussion?
I don't know.
It feels like that alone would take like three years for Bitcoin to decide how to deal with
those coins.
Yeah, I think obviously that, again, this is something that gets decided by the community
that exists then.
Like we can't, it's true of Ethereum and every other cryptocurrency.
We can't decide now.
It's up to the community that exists then.
But I think the important thing to recognize in Bitcoin,
and every other cryptocurrency, but especially in Bitcoin, is that it's ultimately up to the market.
Wait, I'm so sorry.
I need to understand when you say this is up to the community that exists then.
You don't see this as a multi-year process that would start now, or even just multi-month.
I don't know the exact time frame, but you don't, you feel like let's just wait until the post-quant, until, you know,
Q-Day is here, and then that community does.
There's two separate points, right?
So there's the question of, you know, when you start migration, when you enable,
when you add hash-based signatures to Bitcoin, whatever, that should happen soon, right?
And there's people working on that, targeting, enabling that soon, getting that done soon.
There's a number of developers working on that.
And, yeah, that, I mean, that'll happen in the next tower many years, hopefully soon.
Then there's the question of when do you flip a switch and require that?
When do you say, okay, now if you haven't migrated and your wallet's not seed phrase-based,
then you can't spend your coins anymore.
They're not your coins anymore.
And again, that's a question Ethereum and every other blockchain has to contend with.
In Bitcoin, especially, but also every cryptocurrency, it's ultimately decided by the market.
Right? And so when a quantum, when a cryptographically relevant quantum computer is a material risk is kind of potentially in existence or going to be soon, someone is going to propose the fork without question on every blockchain, but especially Bitcoin, someone will propose that fork. Someone will write the fork.
But what if like 10 people propose 10 different types of forks?
Yeah. Yes. But also in practice, that's,
not what we've ever seen. People just, you know, if they all kind of agree that this should happen,
they all pretty quickly coalesce. I mean, the block-sized thing took like, I only remember three
years, I think, to hash through. Yes. And at every step, there was kind of only one serious
alternative proposal. But most importantly, it wasn't urgent. It was throughout the time.
entire block size wars.
It was not a like, okay, well, we either disable these spend paths or the market for
Bitcoin gets crushed in a year when this quantum computer comes online.
Those are two very, very different scenarios.
And once someone proposes the fork, I think it's very clear which one the market is going
to prefer her, right?
There's either the fork with insecure spend paths disabled, or there's the fork with, as you
note several million additional coins on the market, supply and demand is pretty clear, right?
One has massive supply for this Bitcoin token and one has, you know, today's normal supply
for this Bitcoin token and the market is going to prefer the one that disables the coin.
So I don't think while there is some discussion of it in Bitcoin, it's not really ambiguous
as to what the outcome of that will be and what will happen there.
So you feel like there isn't really much debate about what to do with the old coins that everybody will just agree that they should burn them?
Oh, I'm sure many people will disagree.
I'm sure many people will be very sad about it, we'll scream about it, whatever.
But my point is it doesn't really matter because it's up to the market.
And that's true of every blockchain and every cryptocurrency.
It's up to the market.
The market can decide, well, look, we're going to sell this one and we're going to buy this one.
and now this one has all the value.
And so we're not going to call that thing that has no value of Bitcoin.
This is Bitcoin.
And it's pretty clear with supply and demand that one has orders of magnitude more supply
live on the market, maybe 5% more coins, but those 5% of coins are going to be on the
market available for sale, which is going to be, you know, an order of magnitude or
two more coins on the market.
Okay.
Yeah, I just hearing you talk about this, it does feel like, it feels like you're saying,
well, we'll just decide that at a certain point.
But I feel like there would, there is another way to do it where there could be a plan
of like, you know, here are all the steps.
And our deadline to reach step one is this, our deadline to reach step two is that,
et cetera, et cetera, until you get to the point where you've kind of cleared all the hurdles to prepare
for everything. And that's not what I'm hearing, but it feels like, like you're-
There's only, I think what I'm saying is there's only two steps. There's only two relevant
steps for post-quant security in Bitcoin. The first relevant step is, the first relevant step is
just adding the ability to commit to a post-quantum public key. I think that should be done soon.
I think there's starting to be some level of agreement.
Maybe not exactly BIP 360.
There's still some debate about the exact format of it,
but it's not super relevant.
It's just a way to commit to a post-quantum public key.
But you didn't include the decision of which type of post-quantum scheme, right?
Oh, I think there's unambiguous, pretty strong consensus for hash-based signature,
for some ash-tree-based signature.
Okay, but which one?
like how long would that step take?
Which specific hash-based signature?
So there was Jonas Nick at Blockstrom Research proposed a variant of sphinx
that actually marries some of the benefits of sphinx
with the option to do a stateful signature,
which is much smaller, called shrinks.
So probably shrinks.
There's not really a lot of kind of
different options you have when it comes to hash-based signatures, the available set of options is
pretty mined out. So I probably shrinks. I don't think it matters that much exactly which one.
They're all pretty close to each other in terms of performance and size and whatever else.
Okay. So you're saying you don't think it will take too much discussion to settle on that?
Yeah, I don't think there will be a lot more discussion aside from just
doing shrinks. You know, there has been a lot of discussion over the last few years on
exactly how to allow the commitment, whether it's an attack rate leaf, whether it's BIP 360
or something similar to it. I think we're starting to round the corner on that discussion.
You know, so that should happen soon in Bitcoin terms. It doesn't necessarily mean this year,
but hopefully soon. You know, I'm optimistic.
that there's a fairly concrete proposal that has kind of growing consensus this year.
And then hopefully makes good progress towards activation.
Yeah.
Okay. Okay.
All right.
So in a moment, we're going to discuss just a lot more questions about the Bitcoin situation with the quantum threat.
But first, we're going to take a quick word from the sponsors who make the show possible.
Want a chance to win $25,000 in USC?
Figure, a platform to earn yield, borrow against crypto, and access lending markets is running a $25,000
USDC sweepstakes tied to their democratized prime product.
Here's how it works.
Your market's app using our link, figuremarkets.co slash unchained DP, deposit into a democratized
prime lending pool, and leave your funds there for 25 consecutive days.
Every dollar equals one entry, so $1,000 equals 1,000 chances.
While your funds stay in the pool, you're also earning around 9% APY, paid out hourly.
To learn more and enter, go to figuremarkets.com slash unchained DP, which is also available in the world.
The world is about to see one of the largest infrastructure shifts of the century.
New technologies are using more energy than ever before, but our legacy grids can't supply the demand.
And we are barreling towards a global bottleneck.
So Fuse is rebuilding it.
The energy network is an intelligent, decentralized grid that coordinates smart devices to balance supply and demand.
The network harmonizes existing infrastructure, increases grid capacity, and unlocks low-cost, clean energy.
Energy dollar is the native token of the network.
The more electricity the world needs?
The higher the demand for the energy network, the value of energy dollars may fluctuate.
from one of Europe's fastest growing energy startups.
Follow at Fuse Energy on X to find out more.
Back to my conversation with Matt.
So I did want to ask, you know, about the views amongst the Bitcoin core devs.
It seems like you are saying that they are actively working on this,
that there are plans in the works, that there's, you know, active discussions, all this stuff.
And I understand that this kind of thing could be sort of difficult to prove, at least in this interview.
But I just at least wanted to look at the public statements that have been made and also to hear if you have any personal insight to share on the views of these people.
I'm sure you saw or I'm not sure you saw.
So I want to ask, Nick published a post in which he ranked the Bitcoin Core developers in order of what he personally assessed as their importance.
And then he listed different public statements they made on the quantum thread, although, you know, about half of them actually haven't really said much.
So I'm just going to name the 11 that he had at the top.
There were like, I think like 30 or 40 in total.
Peter Woolley, I don't know how to say his name, was in a category of his own.
And then the other 10 labeled as very high influence were Greg Maxwell.
Jonas Nick, Anthony Towns, Adam Back, Alex Morcos, Michael Ford, Marco Falke, Andrew Pulsra,
Mara Vanderlian, and Peter Todd. And he said of this group, quote, if you can't convince
basically everyone on this list of the importance of your update, it won't happen. So, you know,
when he then went through their public statements, so Peter Wolley, these were all statements
that Peter made in 2025. He said, quote, I certainly agree there is no
urgency right now. He also said, I'm unconvinced about the practicality of Ethan Heilman's proposal.
And that's the one that we talked about earlier, about the quantum vulnerable addresses.
And then the third statement that Nick found was...
No, that would have been in reference to a previous version of the 360. It's been rewritten several
times.
Okay. Okay. The third statement was, quote, I believe the main quantum-related threat to Bitcoin,
at least in the medium term, is not the actual materialism.
of a cryptographically relevant quantum computer,
but the belief whether one may exist soon after.
I don't mean to imply that such a machine won't ever appear,
but I do believe the fear that one may exist
will likely have a more meaningful impact.
So would you agree with Nick
that it seems like Peter doesn't view the quantum threat is urgent?
I think you have to separate the...
So a lot of these kinds of comments
that Nick keeps pointing to,
are often in response to people claiming that a cryptographically relevant quantum computer
is on the two to five-year horizon.
Or in fact, in many cases, people were claiming two years ago that we're going to have
ASI in one year, which would have been a year prior to now, and then that ASI is going to figure
out room temperature superconductors, and then from there have a few more technological breakthroughs,
and then we're going to have a quantum computer in like three years.
And I think the actual quantum experts, when you ask them, they're still giving 10-year time horizons.
The NSA is still giving 10-year time horizons of when people should plan to be done with pre-quantum cryptography.
Actually, actually, so NIST has asked government agencies to deprecate the use of quantum vulnerable cryptographic schemes by 2030, which is in 1430.
years, and then to end all reliance on them by 2035, which is nine years.
Right.
So about a decade that they say that you need to be quickly migrating off in the next
five years, and then you should be completely done with pre-quantum stuff in a decade
when they think quantum computers is moderately likely or fairly likely.
And so I think there's often a response from Bitcoiners, not necessarily always
Bitcoin devs, but popular Bitcoin personalities on social media, and sometimes Bitcoin devs as well,
where people will raise the quantum question and their response is, it's not happening today or
tomorrow or in the next two or three years. So first of all, calm down. But then that is not
the same as saying, we shouldn't do anything. We shouldn't do anything now. If you look at especially
More recent statements like conversations in the last few weeks on BIP 360, which only finally
kind of took its current form relatively recently. I'm not sure if it was this year or late last year.
Then conversations tend to be more around, you know, what is it look like in when the cryptographically
relevant quantum computer is more urgent? You know, what is the Bitcoin community doing then?
and less about what to do now,
there seems to be kind of an implicit to just, yeah, sure,
we could do hash-based public keys and commit to them.
It's not really a huge deal.
Well, okay, so if you were to lay out all of the steps end-to-end,
how long do you think that would take?
Do you agree?
Shoot, who was this?
There was, it was, it was, what's his name, Ethan?
It was Ethan who said that he expected it would take seven years for Bitcoin to upgrade to post-quantum.
Do you agree with that seven-year timeframe?
Yeah, I think that might have been from the chain code quantum report from last year, I think early last year,
which really focused on a migration path, right?
So really focused on this idea of, okay, you know, do a soft fork, add post-conform.
quantum signatures and then have all, all really materially all wallets migrate to using them and,
you know, get that whole process through. And I don't think that that's necessarily a requirement,
again, because seed phrases can be used as an alternative signature scheme. Now, we don't want to
rely on that. And so because they're fairly expensive, you have to do stark proofs, right, ZK proofs.
And so ideally, yeah, we do want wallets to start migrating.
And again, I think that's why people are working on it now and starting to make good progress, I think.
But, yeah, I mean, if we want to get wallets to substantially migrate, substantially all active wallets to migrate, I think, yeah, that takes many years.
And I think that's why people are working on it now.
Okay. Okay. So I did also then want to ask about some of the other statements of the,
11 most influential people as, you know, named by Nick.
As ranged by Nick.
Yes.
So you can dispute, you know, if you think any of this people.
I didn't read his specific new article, but he apparently changed his list materially
because when he was arguing with me on X, his list included, I think, 10 people, and of them
six or seven don't work on Bitcoin anymore or have never materially contributed to Bitcoin
core.
So I think he's rewritten his list a few times.
Okay, okay.
So I understand, yeah, people might quibble with the list.
The 11 people, though, at the top, I would say I've heard of pretty much all of them except
like one or two.
So I don't think, like, just from what I know, it didn't seem crazy to me.
But I'm going to just name some of the other statements that he flagged here.
In July of 2025, so, you know, what is that, like nine months ago or eight months ago?
Peter Todd said, quote, for all the claims of progress on quantum computing hardware,
the fact still remains that no one is even close to demonstrating cryptographic relevant
quantum computing capabilities, and the actual cryptographic relevant capability as a real
hardware are laughable. And then in November, which is just three months ago, Adam...
I think Peter Todd is a great example of someone who is never materially contributed to Bitcoin
Core. I think Adam is a great example of someone who has never contributed to Bitcoin
core. And he'll happily tell you this.
He's the CEO of Blockstream.
He's not an active engineer who contributes to Bitcoin.
Okay, okay.
But just to get this on the record, Adam tweeted when somebody asked him about the threat
from Quantum, again, this was in November.
He tweeted, quote, probably not for 20 to 40 years, if then.
So, you know, compared to how the government is saying, you know, four years from now,
you need to hit your first milestone.
and nine years from now the next one,
and he's saying 20 to 40 if even,
like that,
it just feels like a,
so you're disputing with,
you're disputing Nick's ranking here.
You feel like some of the people that mean,
obviously some of the people on the list are super relevant
and very substantial contributor to Bitcoin development.
I don't think Adam is one.
I don't think he would quibble.
I don't think he would complain about that characterization.
But yeah,
I mean, I think I disagree with him on the 20 to 40-year time horizon.
Certainly, to be clear, it's very possible that the cryptographically relevant quantum
computer will take 20 to 40 years.
It's also possible that it will take less.
And obviously, we should be ready with the also possible it will take less scenario.
Okay, okay.
So, so again, I understand you are quibbling with the 11 people that he named his most
influential.
But what was interesting is actually six of them don't really even have any direct public statements about it.
Some of them had said things that were super limited in scope or kind of like theoretical.
So these six are Anthony Towns, Andrew Polstra, Alex Morcos, Michael Ford, I guess this is five, sorry, and Marco Falke.
So, you know.
And I think those people are all developer, well, the exception of Morcos who doesn't really work on Bitcoin anymore.
But those people are all developers who mostly focus on their day-to-day work
and are out making grand public statements about the future of Bitcoin.
That's not really something that has ever been a thing in Bitcoin development.
You know, there are, I think you can count,
I think there's maybe been two or three public statements on behalf of Bitcoin Core ever.
And so you don't really see.
see people making statements. Now there's conversations, and I think the real question,
I think maybe the important distinction to push back on Nick's characterization, you know,
I think you quoted him, and forgive me if I'm misquoting slightly, as saying something like,
if these people don't agree with your change, it's not going to happen.
Or support or something like that.
Right. I think that's a slightly, slight mischaracterization because I think the reality is more if these people or a handful of other people potentially don't materially disagree with your change, it might happen. Right. Most Bitcoin developers, yeah, I think there are many Bitcoin developers who don't have strong feelings about what to do about quantum, whether it's an immediate risk, whether to do anything now, whether to wait, whatever.
or they maybe have jobs and they're focused on other things
and they're maybe not as focused on this.
But that doesn't mean you have to convince them
that this is the most important problem
and they need to drop their existing work and work on this
in order to make changes to Bitcoin to support quantum.
I mean, there are a number of developers working actively
on what a post-quantum Bitcoin should look like,
what the short-term plan should be,
what a long-term plan might be.
and those people just have to finish their work, have a concrete plan, propose it more formally,
and that there's, I mean, there's the 360, I think there's maybe some more work to be done there,
but they just have to propose it more formally, and then it can start making progress.
And I think the people who have maybe not been loud about this or maybe aren't as active on
formulating their own opinions,
that doesn't change what happens in Bitcoin, right?
If they're strongly opposed to it, that's one question, one, that's a problem, right?
They would, if they're strongly opposed to it, then maybe that's going to slow things down
or maybe prevent things from happening.
But I don't think, as you know, most of these people haven't made any comments about it because
it's not their focus.
So, you know, so one of these developments,
I forget who said that they felt like the public perception of the threat is more of a more of a
threat to Bitcoin than the quantum thing. So do you do you think that there would be value if the
Bitcoin core developers did something similar to what the Ethereum Foundation did where they said
we've, you know, set aside these group of people to focus on this. They, you know, we've set aside
this amount of resources, you know, whatever it is, just like signal to the public that
this is being worked on in a dedicated fashion with, you know, real timelines to hit, like real,
you know, goals and metrics or, you know, whatever the thing is. Like, do you feel like that might be a value?
Yeah. So first of all, to, yes, Peter has said a number of times that in the short term, the bigger risk of Bitcoin is fear over quantum,
not necessarily an immediate cryptographically relevant quantum computer, because it might lead people to do irrational.
things, it might lead people to panic and change Bitcoin in a material way that's harmful to Bitcoin.
And I think that's fair. In the short term, yeah, a cryptographically relevant quantum computer
is not a material risk in the next two or three or four years. In fact, it's almost zero a risk,
right? But that's also not what Peter has said about whether a quantum computer will exist
in 10 years or 20 years. And so, in terms of...
your broader question on, you know, whether Bitcoin should make a statement. I think that kind of defeats
the point of Bitcoin. Like, I don't know what, there's no one who can make a statement on behalf of
anyone, right? There's people at Blockstream Research who do work on this, who are, I think one of them,
sadly just went on Pat leave, but as far as I understand, intends to make this a full-time job.
Jonas Nick has written several things on this, just came out with a whole new cryptographic
scheme. Again, chain code has written the Bitcoin quantum report to analyze different directions
Bitcoin can go and what options it had. This is a while ago. This is about a year ago.
So I think it's maybe a little out of date now. But, you know, you know, you.
You can look to organizations who contribute to Bitcoin and look to what they're doing.
And I mean, I guess Blockstream Research could make a statement that says they have people working on this.
I don't think that necessarily is exactly what Nick is looking for.
But there's just no one who can make a statement on behalf of Bitcoin.
I mean, what if, you know, just people on the core dev mailing list got together and said,
hey, we're going to form a committee or maybe like, yeah, not, I know, okay, bad word choice.
You can't decide, right?
But, but they could say, hey, we're just going to form a group that is going to focus on this.
There's four or five of us, you know, whatever the number.
If you're interested, join us.
You know, it could be something like that.
And then they could just say, they could publicly, they're not speaking on behalf of Bitcoin,
but they could just publicly tweet that they're doing it just so people know,
because right now, I don't know if you're aware, but this is something a lot of people are concerned
about. This is something that a lot of people who do research on different blockchains, they are
kind of looking at the landscape and they're feeling like, well, you know, amidst this kind of
revolution we're seeing an AI, it looks like and news from the quantum world itself saying
that there are these leaps that are happening and they're happening quickly.
they're looking at this and they're saying Ethereum is looking prepared or whatever blockchain
doesn't have to be Ethereum.
And, you know, Bitcoin, it feels disorganized.
It feels like it's being downplayed.
It sort of feels like it's, yeah, just not really being paid.
I mean, I think that's totally fair.
If you look at like your average bitcoiner on social media, you're right, that the responses
are often, in some cases, quantum will never happen.
quantum computers are impossible, it defies the laws of physics. I mean, just kind of nonsense,
let's say. Certainly uninformed takes, but your average random Bitcoin are on social media is
probably not the best source for what's going to happen on Bitcoin. And yeah, I mean, look,
can Bitcoin developers say we're working on this? I mean, yeah, I'll like, yes, I mean,
People are working on this. I can point to many people working on this.
So here's my formal statement that like people are working on...
Name all of them. Please name all of them right now.
So Jonas Nick.
Who else?
Yeah, Jonas Nick and Tim Ruffing on the cryptography side.
So Tim Ruffing wrote a good paper formalizing
tap roots, quantum security of the commitments in TAP route.
So that means that a quantum computer can calculate the private key for a taproot output,
but it can't forge alternative leaves within the hash tree that's committed to in taproot,
which allows us to commit.
Just list all of that.
So Tim Ruffing wrote a good paper there, and I think he's going to work on this more too.
Obviously, Ethan and his co-contributors on VIP 360.
There's three authors on Bit360.
And again, I think...
So, first of all, most softworks in Bitcoin took two or three or four people.
Once they got moving, they had more contributors, obviously.
And I think there's more people working on post-quantum security in Bitcoin
than most softworks had in their early days.
And I don't think it's complicated.
Like, Bit 360, I...
Again, I don't think it's quite the right answer in whole right now.
But it's straightforward.
Like, it's not, there's not a lot of implementation complexity.
So you reached out wanting to come on the show after you saw a clip in which Nick said that he felt that the outcome of what he viewed as the Bitcoin developers kind of lackadaisical attitude toward the quantum threat would likely be, as he put it, that Black Rock would fire the Bitcoin developers.
developers. And I was curious, so obviously I know in the world of decentralization, that is not a thing.
But, you know, I'm just curious for your view on this. Do you consider Black Rock and, you know,
other institutions that are fiduciaries to their customers whose Bitcoin they are custodying?
Do you view those entities as being some of the primary stakeholders whose, you know,
either views or opinions or desires should influence either the Bitcoin core devs,
if not decisions, at least like their plans or their, you know, the timeline on which they
will make changes.
Yeah, I mean, I say the most important stakeholder, no.
But are they a stakeholder like any Bitcoin owner and user who might care about Bitcoin
and might have valuable feedback worth listening to, of course.
You know, Bitcoin development, I think, unlike some other cryptocurrencies,
is still operated very much in a kind of traditional open source fashion,
and that's to say that developers work on what they think is important.
And if you think something is important,
you either have to convince an existing contributor that that thing is important
or start working out of yourself or pay someone to work on it.
Those are all options that BlackRock has.
think they have materially contributed, if at all, to Bitcoin development. But some other
ETFs actually have, you know, Bitwise and ARC have funded some Bitcoin development efforts.
And but at the same time, I mean, look, like the reality is Bitcoin developers are working on
this stuff. And so I don't think that BlackRock has an incentive to fire anyone. I
do think they become a little more relevant when we start talking about that second step of
disabling and secure spend paths, right? Because there, the economic, you know, there will be a fork.
I have no, I'm not under any illusion as to think that there will not be Bitcoiners who disagree.
There certainly will be people who disagree with disabling and secure spend paths and
prefer the fork with the quantum computer stealing, stealing,
old Bitcoin, but it's ultimately decided by the market. And I think BlackRock will play a role
in deciding that because they're a market participant. Now, they're obviously a fiduciary and
people will presumably take some of their coins to vote them themselves and they might lean on BlackRock
to vote one way or another. And maybe BlackRock, it will be complicated. And, you know,
BlackRock hopefully isn't just voting on their own, voting on their own or, you know,
selling one side, one fork and buying the other.
You know, probably they'll just hold both until it's clear and then, you know,
other market participants will really decide.
I'm sorry.
So there's going to be a hard fork, too, not just soft forks?
Even in the case of a soft fork, I mean, there's still, it's still decided by the market, right?
So we saw this with even before, kind of, I mean, I know Segwit 2X with the hard fork,
but we saw this with Segwit 2X where it was decided by the futures market long before the fork came about.
And so there's, you know, there will be market participants will get to decide which coin they prefer.
And in the short term, there will probably be some hash power on both that tries to keep them going and they'll pay for one and one will advance pretty quickly.
Okay.
Okay.
I just in the interest of time, I do want to ask you a few other questions.
So I want to know like when Bitcoin developers think about their work, who do they view
as their core constituents?
And it could be, you know, like five different ones.
And if so, then I want to hear how they're ranked in, you know, in your mind.
Yeah.
I certainly depends on the individual contributor.
I think that most contributors try to focus on the Bitcoin that they think holds up Bitcoin's
principles the best. So principles like censorship resistance, like minimizing third-party trust
in the maximal way possible, you know, I think they're really more focused on the principles
rather than a specific constituency. I do think that, you know, hopefully the vast majority of
people who've bought Bitcoin and own Bitcoin do so because of those principles.
Like the reason they've invested in Bitcoin is because of those principles.
And so ultimately, they are by reinforcing and focusing on those principles, really working
for the people who hold Bitcoin and furthering their economic interests as well.
But I think it's more about the principles rather than a specific constituency.
Okay.
And then I also want to understand.
And by the way, I'm going to let the audience know, Alex Prudent of Project 11, which is this company that is trying to help the crypto world become quantum.
I know if resistant is the word, but to prepare for that phase.
And he was on the pod a few weeks ago.
He came up with this framework of questions, which I just thought was brilliant.
And he and I, you know, when I saw these questions, I thought these were amazing.
He and I were curious.
So what type of Bitcoin are Bitcoin developers optimizing for?
There's a type of Bitcoin where it should be like gold and it should change as little as possible.
There should be or there could be a type of Bitcoin where it tries to be the type of gold as an investment,
in which case then it should be somewhat future proof to perpetuate this investment,
like, you know, something long term. Or the third could be, you know, a type of Bitcoin where it's,
you know, this is like the, you know, something where it's decentralized. And so it's an antithesis
to large financial institutions. So, you know, what type of Bitcoin do you think developers
should be aiming for? Yeah, I can only speak for myself. There. Obviously, different people have
very different views and there's lots of different people who contribute to Bitcoin for different
reasons. They came at Bitcoin from a different reason and for different principles that they think
are valuable. But at least speaking for myself, I mean, it always comes back to this concept
of trustlessness of how do we make sure that you can hold and transact in Bitcoin without counterparty trust,
or with minimal possible counterparty trust.
And when it comes to quantum, that's obviously complicated, right?
Because there's the question of kind of pushing people to upgrade
and people shouldn't have a counterparty,
even in the sense of being forced to do something.
But on the flip side, you can't call it trustless
if a quantum computer can steal 5% of the coins and dump them on the market.
that does impact people's ability to trust the system and ability to use the system in a way that isn't trusting someone else or in this case trusting a quantum computer operator.
So I think that's the most relevant part. There was one other thing I wanted to say, but I forgot what it was.
Well, so I asked you whether it should change as little as possible, whether it should be more like a long-term investment.
Yeah, I think those are, I think that's the wrong axis to look at it.
I think trustlessness is the right answer.
And obviously, that does mean it should change fairly infrequently
because rapid changes are going to introduce various risks
that might require you to trust third parties,
whether it's developer community around Bitcoin,
or if you have to change wallets,
you're maybe being forced to trust some new wallet developer.
So there's reasons why you don't want it to change very quickly
that are very important, but that's not necessarily.
the goal. The goal is to be able to transact without trust.
Okay. Okay. Yeah, because, I mean, there is a view. Again, this is Alex. This was his lens.
He said, you know, there could be a view that in a way like the price is a little bit of a product,
and that goes to that kind of like goals as an investment sort of thing. And, you know,
it just sort of feels like some of the decisions that the developers are making here,
here will affect that.
And so in this situation with BlackRock where they have a fiduciary duty, this is,
this is, I think, why I think this is why that there's, first of all, some perhaps
overhang on the price right now because of this perception that the Bitcoin developers
are not prioritizing this.
And maybe like a cultural clash or difference, you know, around.
kind of what Bitcoin is for or like what it should be prioritizing.
So yeah, so I,
A, I strongly disagree with the characterization that Bitcoin's current price is
materially because of some kind of quantum risk.
There's obviously a lot of concern around long-term quantum risk,
but in terms of short-term price action,
when you actually go talk to market makers, it's not higher.
on the, it's not high on the list.
Okay.
Well, just, just to, but anyway.
Just so you know, just so you know, this tweet is from yesterday, Charles Edwards of Caprioli
investments tweeted, the only reason Bitcoin is down 50 plus percent against equities and
gold in the last year is quantum computing.
Nothing else is a substantial factor.
But if that were true, then Ethereum would be up substantially on Bitcoin.
And that's not true, right?
So I'm very skeptical of that.
There's a lot of bitcoins who want to blame something, blame someone for lackluster performance in this bull market.
Or lackluster, I mean, it still, I think, performed fairly well,
but it didn't have the kind of crazy bull run that you had in the last two cycles ago, let's say.
But the reality is Bitcoin is competing for capital in a way that it hasn't in the last few cycles.
Like, AI is super capital intensive.
There's this massive new investment class that is substantially competing for capital.
There's a lot of interest in value accrual that will happen because of AI in traditional equities.
Look, Bitcoin is competing for capital.
In 2020, Bitcoin wasn't competing for, in 2020, whatever, 2022,
the coin wasn't materially competing for capital.
Instead, we had massive stimulus pouring into Bitcoin,
among other asset classes.
So yes, it has had an impact,
but to say that it's the bulk of the price action,
I think is just looking for someone to blame.
Okay.
So I did also want to ask,
but I was going to answer really quickly,
you raise this question as like, is the price a product? And I mean, I think in the kind of short-term,
no, right? Does the short-term price matter to developers or developers trying to pump the
Bitcoin price in the short-term, no. That is not relevant, right? The goal is these principles
that matter. But on the flip side, you know, I also talked about, like, the market decides
forks. And so if you have some fork where maybe the principles are ambiguous as to which one
is more important and one has, or maybe the principles kind of favor one, but the other one has
substantially more lower supply on the market, then that one is probably going to win, right?
And so the price is relevant. And if we're talking about a world where you have a Bitcoin where a
quantum computer operator can steal millions of coins and dump it on the market, that is relevant
even just to the ability of people to transact with Bitcoin. If Bitcoin is being dumped to zero,
well, people can't really usefully transact with it. If Bitcoin goes down a little bit and your
purchasing power goes down 50%. That's not a thing to fix in the short term. But if in the long
term, there's this massive crash that's interfering with your ability to use the system, then yeah,
I think that's relevant. Yeah, I think the issue is, so obviously, you know, Satoshi has their
coins and, you know, it seems like they've abandoned them, but there are other people who
may feel that they've lost coins, and then at some point in the future, they may find the keys,
and if after that, you know, it's like, oh, your keys got burned or, you know, or your coins got
and then, you know, they're not going to be happy.
If your wallet used a seed phrase, probably you're going to be okay.
If your wallet is old enough that it predates seed phrases, you were going to get your
coins back.
At that point, it will have been 15, 20 years, 30 years.
Yeah.
Okay.
You were going to get back.
So I know we're over time, but I just want to ask you one last question and then one very short one.
So you kind of alluded to this earlier when I had Justin Drake on the show.
talking about quantum stuff, he mentioned that as possible that AI could kind of create some kind
of mathematical breakthrough that would also pose a threat to the cryptography in Bitcoin, even
before quantum computers arrive, and not just Bitcoin, but, you know, blockchains generally.
And he was saying that blockchains even needed to try to migrate to a post-AI cryptography.
And I wondered if that was a threat that Bitcoin developers were looking at.
I mean, certainly, I think this has been raised many times in the quantum discussion is, well, what's the probability of there just being a traditional classical breakthrough leading to cryptographic issues with existing?
But are people actively working on trying to prevent that?
I mean, there's a limit on what you can do here, right? Because you could, like, really the only thing you can do is you could say, actually, we're going to require everyone.
you can't just use one signature scheme, you have to use two.
And we pick two very different signature scheme so that hopefully at least one survives, right?
This is what some people are doing for post-quantum.
They're saying you have to use both.
It doesn't really work as well in a blockchain because you have a lot of additional overhead.
And that's basically the only thing you could do.
I don't...
Yeah, I don't think there's much we can do there, basically, is the real answer that any
cryptocurrency can do there. There is a shot that, okay, EC cryptography is broken,
SECP is broken, and all these things we talked about for quantum computers, we have to use
them. So maybe in some way, hash-based K-proofs are still secure. Hashes are still secure,
and SECP is broken. That's possible. That's basically the quantum computer scenario, right?
And so we can do the like emergency solution version of the quantum computer scenario.
But yeah, I mean, there's just kind of a limit.
Like if all hash functions are broken, okay?
I mean, there's just not much we can do to prepare for that.
In some cases, there's an emergency things you could do,
but there's not a lot you could do to prepare for it.
And it depends a lot on the scenario and the exact cryptographic primitive that's broken
and how it's broken.
And is it an overnight breakthrough?
that usually cryptographic primitives are broken overnight.
They're broken progressively over years,
and it doesn't seem like AI is going to necessarily change that behavior,
at least with current tooling and the short-term progression of LLMs.
They don't seem to be on the kind of crazy ASI progression right now.
They're kind of a very, very important tool to potentially massively unlock human
productivity, but yeah.
Okay, okay.
So last question, hopefully this is a short one because I know we're over time.
But so, you know, as I mentioned at the Ethereum Foundation, Justin said that, you know,
not only are they working on this, but he described kind of how they're thinking about how to
resolve this.
And hopefully I am not mischaracterizing this because I didn't get to fully write my question
out.
But I think it's that they're going to hash the public keys and then they're going to
to like snarkify them or something to make them lighter weight because, you know, this data
issue about how post-quantum measures what will just create a lot more data for the blockchain.
That's like a second piece of it.
He also said he's organizing a three-day post-quantum workshop.
He's hoping to have more than one Bitcoin developer there.
And one other thing that he said was in his ideal world, both Bitcoin and Ethereum would
use the same post-quantum strategy and that he hoped that all the other blockchains would follow.
And I wondered just generally, you know, what you thought of that whole plan, whether you
think, you know, Bitcoin would be open-ness saying the developers, yeah, just all those things.
Yeah, I wasn't aware they were doing this workshop. There was obviously another post-quantum
cryptography workshop with a bunch of Bitcoin developers at it late last year, October last year, I think.
So, yeah, I mean, a bunch of work has been done.
Yes, I mean, I'm not 100% sure exactly what scheme he was referring to,
but it sounds like they were talking about using hash-based schemes to hash-based
cryptography schemes and then using snarks to compress them so you could do rather than having
some kind of post-quant-ZK proof in every, or a full hash-based signature scheme in
every single transaction on the blockchain, you can use a hash-based snark or a hash-based
ZK-proof. I remember it another detail. He said to hash all the signatures in a block or something
like that for all the transactions. So it would be like one hash for all the transactions in a
block, something like that. Yeah, I assume he was referring to using a post-quantum ZK-proof scheme
to prove validity of all the signatures rather than having to embed all of them.
You know, that certainly might be something that Bitcoin utilizes at that time,
especially if we're talking about a scheme where people can retain access to their coins
using proof of seed phrase, where that isn't just a small amount of additional data.
It's a really substantial amount of additional data.
And so there, yeah, you probably want to do some kind of post-quantum ZK proof to compress it.
I'd be curious to know exactly which scheme he was referring to,
what their thinking is.
But yeah, I think it also might be more relevant to Bitcoin in kind of the medium term,
not necessarily the immediate short term.
I think, again, there's kind of this two stage, right, where we want to first get people
to have the ability to commit to post-quantum public keys, have wallets be theoretically able
to use them, even if they're not using them today.
We want to get that done relatively quickly.
And then optimizing that so that when QDAY happens, the kind of blockchain isn't super limiting on the number of transactions overnight is something that can happen a little more slowly because it only really has to happen by QDA.
And in the worst case, you could do a block size increase accompanying that to maintain some kind of sensible block size.
So that is a little bit of a less immediate pressure.
Wow. Okay. That threw me for a loop that you said that they might increase the block size.
Well, I mean, I'm obviously speculating it depends on a lot of factors. It depends on what other options we have.
But, you know, the block size exists for many reasons and it's not only to limit IBD size, it's also
to make sure there's fee pressure for minors
and then a limited block space
so that miners get paid and other related issues.
And yeah, so it depends, it also depends a lot of
what kind of hardware is available at the time, right?
If every transaction is gonna 10x in size
and hardware is 10x better,
then probably the hardware,
the block size could be increased pretty substantially,
potentially by something like 10x,
because then you're not recognizing
minors, you're not wrecking the fee market, and you're not wrecking people's ability to do
IBDE because computers are 10x faster. So there's a lot that goes into a block size change,
of course, but in a kind of naive scenario, you could imagine the block size being increased.
Okay, okay. All right, Matt, well, we covered a lot of ground. I don't feel like I got to ask
every single thing, but we covered a lot. And I appreciate that you went over time.
I think this is an issue that people care about a lot.
And so I really, really, really appreciate that as a core developer, you came on the show
to talk about, you know, the viewpoint of at least yourself and potentially maybe some other
core developers, because I think people really care.
And like I said, in this world where we're seeing AI increased by leaps and bounds,
it does feel like the quantum thing could come sooner than people expect.
so thank you so much.
Possible.
Yeah.
Thanks so much for coming on the show.
Yeah, of course.
Thanks for having me.
All right, everyone.
Thanks for joining this live stream, and we'll catch you next week.