Bitcoin Has 3 Years to Survive | Nic Carter on Bitcoin’s Quantum Vulnerability
Inside the episode
🎬 DEBRIEF | RYAN & DAVID UNPACKING THE EPISODE
TRANSCRIPT
Nic:
[0:00] I think the assumption inherent in what Saylor is saying and what others have
Nic:
[0:03] said is we will have a very clear notice period before Q-Day comes. That's the assumption. It's, well, you know, the technology will progress gradually and we will know, we'll be able to do the extrapolations and we'll know, all right, it's going to hit in 2041 or whatever. So all we have to do is target that date. But it's not like Y2K, right? Nobody knows the day or the hour, right? It will just happen one day.
Ryan:
[0:34] Nick Carter, welcome to Bankless once again.
Nic:
[0:37] Hello, gentlemen. Thank you for having me. Is this the seventh or eighth time?
David:
[0:41] Yes. We're approaching double digits. Yeah. But I think this might be the longest gap since we've had you on. I heard you went on a decently long podcast hiatus.
Nic:
[0:51] No, I mean, I've been retired from podcasts. Yeah. But, you know, I heard someone was coming for my record on this show, so.
Ryan:
[0:59] Yeah, I think it's a good time to have you on because I've heard you're bullish on the ETH-Bitcoin ratio, actually.
Nic:
[1:05] Yeah, I mean, I'm already in trouble with the Bitcoiners. So, you know, yeah, I think if nothing changes in Bitcoin, ETH-BTC could look pretty interesting here. I agree.
David:
[1:16] Do you think that there is a window of possibility where Bitcoin really fails this challenge, Ethereum succeeds in overcoming this challenge and then Ethereum takes the number one spot.
Ryan:
[1:30] Wow, David.
Nic:
[1:32] Yeah, I think that's possible. I don't want that to happen.
David:
[1:35] You don't want that to happen, but it's possible. Yeah, I mean,
Nic:
[1:40] The complacency I'm seeing on the Bitcoin side is really disconcerting. And only matched by the Ethereum Foundation's proactiveness, proactivity. I mean, there's a deadline, right, to transition on 2029. Is that what they're saying? Yeah.
Ryan:
[1:57] That's what the Google paper seems to say. We'll talk about this. So I guess that maybe the theme of this episode is saving Bitcoin. We're going to figure out how to save it today.
Nic:
[2:04] Yeah, you know, that's not my base case. That's not my base case. I mean, I think things could go right.
Nic:
[2:10] But the reason I'm getting in so much trouble and fighting so much is because I want things to go right. And it's going to take a lot of work for that to happen.
David:
[2:17] The reason why you're getting into trouble is that the status quo for Bitcoin is something bad happens. And Bitcoin really likes the status quo. like the small blockers or the status quo, they won. Bitcoin always defaults to the status quo. And this is the one instance that we know in Bitcoin history where the status quo does not work. And you're the one who's like pulling the alarm bells, being like, hey guys, the status quo is actually the failure scenario here.
Nic:
[2:49] That's precisely correct. Bitcoin governance is spectacularly unsuited to a threat that is of an uncertain timeline and requires total mobilization. It's not clear if Bitcoin governance can accommodate that, actually. Nobody knows how it works. We're not even sure if it's possible to make a change to Bitcoin, let alone a sweeping set of numerous changes that need to occur. So you, Bitcoin works great when nothing has to change. That's, you know, its strength. But when there is something existential that requires a core infrastructural change, we've actually never dealt with that before. Not in the whole history of Bitcoin, ever. Yeah. This is the first time.
David:
[3:37] Yeah. And it's been the practice of Bitcoin culture to create that reality. And that has been Bitcoin's strength to the detriment of all the other crypto assets, is that it has become incredibly hard to make changes to Bitcoin. And this is the first time where that actually is its weakness,
Nic:
[3:54] Not its strength. Yeah, and one weird dynamic is, you know, Bitcoin is this like evolutionary environment where Bitcoin selects for people that are, you know, relentlessly optimistic, and are willing to ignore FUDs, you know, for lack of a better word. And so now, you know, everybody that's sold because they're worried about something or other, the only people that are left are the people that ignored every successive wave of FOD, whether it's energy or, Bcash, big blocks, or double spend attacks, or like all the various funds over the years. So now you have this ecosystem of people that just are optimistic 100% of the time, and are totally happy with the status quo.
Nic:
[4:37] But that's very ill suited for the predicament we find ourselves in.
Ryan:
[4:41] You know, what's so funny is, what you're describing almost sounds like it's an immune system response, right? And maybe what you're saying is Bitcoin has an overactive immune system, because part of the immune system has been to fight FUD. So David and I just did a recording yesterday with Michael Saylor. And this was post the Google quantum paper coming out. We asked him about it. We were just like, hey, Michael, here's the situation. They say 2029, the Shor's algorithm enhancements have got 20x faster. You know, like, is this something we should be worried about? And you have Satoshi's supply, you know, 2.3 million Bitcoin, according to the paper. seems like a decision will have to be made if quantum happens, right? And his response, which I think Bankless listeners can go listen to it for themselves, was very much like, hey, there's two types of people in the world. There's optimists and there's pessimists. You have to choose which one you want to be. I'm an optimist. Everybody else who's worried about this is an alarmist. That doesn't mean we shouldn't be prepared, but the core devs will figure it out. We always do.
David:
[5:47] We'll come to consensus and we'll find a solution.
Ryan:
[5:50] And so it was kind of the panic intake. Like it was just like, there's a bunch of chicken littles going around. You know, he compared this to kind of like other scares in the past, global warming, other things that haven't come to pass. Why should this time be any different? And maybe that's just part of the default immune system response. Maybe Michael is kind of representing the immune system at some level, kind of the cultural trait that many Bitcoiners share.
Nic:
[6:17] Yeah, there's panicants and there's process trusters. And I'm a process truster, actually, generally speaking, you know, with regards to politics. I trust the process. With regards to this issue, I'm a panicking, which is embarrassing to admit, because you never want to be a panicking. But I just think the data is actually pretty, pretty clear. And trusting the process is great when it's peacetime, but it's not peacetime, it's wartime. And the process in Bitcoin, it's very unclear as to how a change might even be effectuated, how consensus could occur. You know, and I hear the same exact thing from the Bitcoin developers, and I've been hearing from them a lot over the last couple of days. And they tell me the exact same thing. They say, you know, when it's time to make a change, we'll just go with what the community wants. We'll do, you know, the general will. And it's this kind of like incredibly vague concept. It's like, well, how are you going to solicit that input from the people? You know, like what's the mechanism to get this input from my seat? I'm the one providing that feedback, but they're not hearing the feedback, right? So, you know, what happens if Coinbase and BlackRock and et cetera, et cetera, go to the developers and say, hey, we need to fix this? That will be perceived as an attack. So the mechanism that they say leads to success is something that they're also attuned to ignore. So it's very unclear to me how this problem would spontaneously solve itself,
Nic:
[7:42] how they would even measure what the community wants. So we're actually in a kind of a huge pickle.
David:
[7:47] Fortunately for us, we actually were given some solutions by the writers, the authors of the paper that came out on Monday. We'll get to that, I think, further on in this conversation. But let's talk about these two papers that got revealed, released on Monday of this week. One was from Google, one was from another organization called Oratomic, another set of academia authors. Nick, can you just kind of like summarize the significance of these papers? What do we need to know about them as it relates to quantum and Bitcoin and crypto?
Nic:
[8:16] Yeah, so I'll start by being very, very explicitly clear. These are not academics that are saying they have broken elliptic curves. They're not claiming that They've built a scaled quantum computer that can do it. The hardware has not been built, right? No hardware. It doesn't exist. The hardware that exists today is like miniature, tiny versions of this stuff. They can't do anything. Both of these papers pertain to resource estimates for what it would take to run a circuit, to run Shor's algorithm to crack ECC256, which is the core cryptographic algorithm that powers most Bitcoin parts of Ethereum.
Nic:
[8:53] So that's what it is. These are improved resource estimates. So they're trying to estimate how many logical qubits do you need, how many physical qubits, how many Toffoli gates. Actually, I don't know how to pronounce that. I've only ever read the word. I've never heard anyone say it. So if it's Toffoli gates or Toffoli gates, whatever, that just means how many operations need to occur to run the circuit. And from that, you can back out how long it would take in terms of wall clock time. So you devise an algorithm that runs shores to break ECC, and then you make estimates as to what the requirements would be. Based on that, we can kind of look out into the future and say, well, we seem to be improving, you know, the logical qubit count by this much per year, on this modality, you know, because actually one was for superconducting qubits, one was for neutral items, different architectures. So, you know, based on these now lowered thresholds, we can look and say, well, we think actually might be easier than we thought to break ECC256. The Google, Dan Benet, Justin Drake paper was pretty notable in that they didn't actually publish the circuit. They published a ZK proof of
Nic:
[10:04] the circuit because they didn't want to tip their hand to some black hat. So I can go into much more detail, but that's at a high level what the papers are all about.
Ryan:
[10:12] Let's talk about that last piece for a minute. So they didn't publish the circuit. Instead, they published a ZK proof that they had the ability to improve these algorithms in the way that they were stating. Because this is kind of, both methods are an improvement, a software improvement, basically, in Shor's algorithm, the ability to improve potentially attack and break ECC-256. Do you think that this is a mark of these types of breakthroughs no longer being public? There's something to the fact that this was a secret such that they couldn't tell people how they actually did it or else they would inform Black hat or adversaries or maybe nation states outside of the United States, have we also entered an era where some of these breakthroughs may not be so public? I mean, there's almost like if we want to get tinfoil hats on, right? There's kind of like, if we know about this, what might we not know that nation states with cryptographers are actually executing on?
David:
[11:22] Run with that.
Ryan:
[11:23] What do you think it means that they didn't actually publish the algorithms and how they did this?
Nic:
[11:28] Yeah, I like to compare this to the race for a nuclear fission device, aka an atomic bomb, right? So what happened was in 1938 or 1939, someone theoretically proved that fission was possible with uranium isotopes. For the next year or so, all these physicists started self-censoring because they didn't want to tip off their colleagues in Germany that were also working on the same idea. Then the Manhattan Project began and there was an official censorship regime. So then it was a total blackout. We're in the equivalent time. It's equivalent stakes, frankly. And we're in the equivalent of 1940, where basically since 2024, since the Google Willow result, we have known that this was theoretically possible. There were no new physics discoveries that needed to occur. Now we're at the point where we just have to do the engineering. And so you do get scientists that are self-censoring because they don't want China or North Korea or whomever to get this technology. And eventually we'll enter a hard censorship regime too. So then we'll just be in the dark. But yeah, I think it's actually really, I'm glad they did it, frankly. I can tell you these papers are published in consultation with the US government. So NIST and the NSA are fully aware of this and were aware of, you know, well before the publication of the papers. And so this was done with government approval.
Nic:
[12:48] But yeah, it doesn't surprise me that they censored the exact architecture, although it may not actually inhibit that much progress because they're still demonstrating this is possible. So anybody independently working on it, that might be enough information for them.
David:
[13:05] I mean, if I was China, I would be like,
Ryan:
[13:07] Thank you for
David:
[13:08] Informing me that you guys know something. I'm now going to send all of my operatives to try and figure out what that thing is.
Ryan:
[13:14] And I have names on the paper too, so thanks for that.
Nic:
[13:16] Yeah, and it might be easier to hack these labs than actually do the physics work yourself.
Ryan:
[13:22] This comparison to kind of the fission bomb in 1940, I think I saw Scott Aaronson make this comparison as well. So it's not just kind of a Nick Carter drawing these parallels, right?
Nic:
[13:33] Yeah. I mean, it's similar to that in some respects. It's also similar to the discussion around AI superintelligence, especially with regards to hard takeoff versus soft takeoff, right? So that's a huge parallel, which is, If it is the case that AI becomes recursively self-improving really quickly, that's sort of like maybe a very bad outcome. If it is the case that we do not get any kind of gradual runway lead in to a CRQC, cryptographically relevant quantum computer, if it's the case that it's more of a jump, a sudden break, that's also a very bad outcome. So what we're arguing about here, actually the crux of the debate is what is the first derivative? Actually, even the second derivative looks like of growth here.
Nic:
[14:19] If it's abrupt, then we're in huge trouble. And one thing they said in the paper, in the Google paper, is we think it's going to be abrupt.
Ryan:
[14:27] And why did they say that they think it's going to be abrupt?
Nic:
[14:32] Because of the engineering of quantum computers, which is once you sort of solve error correction at scale, you can just kind of add a bunch of logical qubit or physical qubits effectively. And there's a net amount of noise reduction in the system and you can go very quickly from a computer that can break five or 10 bits to 256 bits. So it scales, I think it's polylogarithmic is the scaling model. So that was actually the thing that I read on Monday or whenever it came out that scared me the most was they are explicitly, and these are the best subject matter experts in the world on their respective fields. Dan Benet, Justin Drake, and the Google Quantum AI team, Craig Kidney on the Google team, has written the two prior state-of-the-art papers on this for RSA. He's the guy on this. They are saying collectively, we should assume that it will be a threshold model and that we will not get significant prior notice before a CRQC exists.
Ryan:
[15:36] We will not get significant prior notice. It'll just happen.
Nic:
[15:40] So this is the notice. Actually, this paper is the notice. There's not necessarily anything else.
David:
[15:46] This is our last warning shot. And then the next thing that will happen will be actual real in-production attacks in three
Nic:
[15:53] Or four years.
Ryan:
[15:53] So this difference between a fast takeoff and a slow takeoff really is kind of this engineering problem of kind of scaling the physical and logical qubits. And what I was trying to ascertain was, is this an engineering problem like the engineering problem of fusion, which is it's always like 10 to 15 years out, we can't seem to like figure it out. And it's still hypothetical, you know, may take many more decades for us to do. Or is this more like the engineering problem of like scaling up transformer architecture and AIs which is kind of a known thing which is like you just add a whole bunch of hardware and compute and you get smarter AI and it seems to be more maybe in the AI scaling side than fusion which is like it's hypothetical we may never get quantum computers. Is that your take?
Nic:
[16:44] Yeah, it's kind of a little bit like both and then also not like either one. So like fusion, we sort of need new physics breakthroughs to get to a fusion reaction that produces energy on that, which is actually kind of similar in some ways to scaling up quantum computers so that the amount of net error reduction is negative as opposed to positive. Because there's this problem with quantum computers where you put a bunch of qubits together, it introduces error on net. But that fusion breakthrough type thing, the Willow Google processor in 2024 demonstrated that, my opinion.
Nic:
[17:20] The way it is not like the AI scaling model is that what the transformer architecture showed us in, I think, 2017, was that you can hold some variables fixed and scale up some other variables, like the amount of data for pre-training, and you just get a better loss function mathematically out of that.
Nic:
[17:40] We don't have that level of certainty yet where you can hold a bunch of variables, fix, you increase one initial variable and you get a better output. Well, we don't have that yet in quantum computing because there's like 30 different variables that you, all these different levers that you're pulling. And there's also six different major modalities like types, like what these things are made of, you know, so the two papers actually exemplify this. You have superconducting qubits. This is a Google paper. Those are just atoms that are super cooled to like 0.000 Kelvin, 0.1 Kelvin or whatever. The challenge with scaling that up is you have to cool these atoms to incredibly, like literally colder than outer space, right? So that's why it looks like this big chandelier thing. All of that is cooling, refrigeration. And so it's really hard to scale that up and keep it super cold, right? The other paper, the Oratomic Caltech paper, they have a neutral atom modality. So it's a totally different architecture, doesn't have the same cooling requirements, but the clock speed is much slower. So way slower computation. So all of, and there's like five other modalities. There's.
Nic:
[18:59] Photonics and there's trapped ions. There's all kinds of stuff. So for each of these modalities, there's a different lab or a dozen or so labs working on it. So what we don't have is this equation where more X yields more Y because there's so many variables.
Ryan:
[19:16] These modalities, I'm just kind of beginning to understand it, but the difference between the Google quantum paper and the Oratomic paper was a difference in kind of a fast clock versus a slow clock. That's kind of what you're saying. And some of the implications, so for the Google paper, there was like a 20x reduction or improvement in Shor's algorithm for a fast clock type of attack. And that would literally mean if you're trying to crack an ECDSA key, it would take like nine minutes. This would also, they said in the paper, give you the ability to intercept transactions before they confirm, right? Because you can do it in nine minutes. So if I'm sending Bitcoin, this is what I took it to mean, if I'm sending Bitcoin from myself to you, Nick, a quantum computer running this with enough logical and physical qubits could actually intercept that message. That's the fast attack. The other modality was kind of the slow attack
Ryan:
[20:17] It would take longer to crack a key,
Ryan:
[20:19] Like a few days maybe to crack a key. You couldn't do that intercept transaction type of maneuver, but that's another whole path that can be pursued. And you're saying there's even more than these two paths. There might be like close to half a dozen of these paths, almost like mini transformer type architectures that could be pursued. Is that somewhat of the picture here?
Nic:
[20:40] Yeah. That's why quantum computing is so hard to analyze is it's actually not just one thing. There's so many different approaches to the problem, and they're actually proliferating. So like the superconducting qubit thing, that's like what most of the big labs do. That's what Google does. That's what IBM does. That's what you think of when you think of a quantum computer. But in recent years, we've discovered better ways to get high fidelity, less noisy qubits. But yeah, they introduce different trade-offs. So yeah, what you're talking about, the on-spend attack is what they called in the paper. I called it a short-range attack. This was actually the thing when I read the paper, I'm like, oh my God, I didn't expect that this would be the case. This whole time I've been studying quantum computing and its relevance to blockchains, I thought on-spend attacks would not be possible, right? I thought the first attack, and this is based on modeling that Project 11 has done, for instance.
Nic:
[21:39] I thought that the first attacks we would see on ECC would take 200 days. So like really long range attacks or maybe a month, a few weeks at least. I'd never ever seen a result with a low amount of logical qubits like the Google paper where they're saying, no, this could be done in nine minutes. So it completely changes the threat model, right? My threat model going into this was we have to worry about the long range of taxes and the coins that are published on the blockchain that we can't unpublish. So the Satoshi coins. But this model now threatens all transactions because when you spend Bitcoin, only on Bitcoin, by the way, not Ethereum or Solana. When you spend Bitcoin, you publish your public key to the world and you give the attacker a window of time to take the public key, reverse engineer the private key, broadcast a different high fee transaction and steal the coins.
Ryan:
[22:33] This on-spend attack, this short range attack, that is basically like an ender of Bitcoin transactions.
Nic:
[22:42] It means that you have to fully transition the whole network into a post-quantum exclusive regime before that computer is built.
David:
[22:52] Because we have
Nic:
[22:53] Less time than we thought.
David:
[22:55] It doesn't. Because draw the example of like, we're in a post-quantum world, Bitcoin hasn't made the transition, and I'm just a normal guy making a normal Bitcoin transaction, and there's a motivated attacker who's got a quantum computer.
Ryan:
[23:08] You get yoinked if you try to send it.
Nic:
[23:10] Your Bitcoin gets yoinked. So you can kind of protect yourself from a quantum computer just by practicing good wallet hygiene, right? Like you use one of the newer types and you don't reuse addresses. So you don't want to expose your public key. But that becomes irrelevant in the world of on-spend attacks. So the whole system has to be 100% fully post-quantum. If you are to protect against short-range attacks. Otherwise, even if I'm spending out of a protected hashed address, I'm still exposed for the 10 minutes or 20 minutes it takes for that to confirm.
Ryan:
[23:45] One other difference worth highlighting between these two papers, and again, they represent two modalities of quantum that can each be pursued and probably will be pursued in parallel, right? So we had the fast clock from Google and the slow clock from Oratomic. The fast clock method, the Google method, they both use Schwarz's algorithm, but the Google method was a 20x reduction in qubits, I believe, from what was perceived before. The Oratomic approach was a 50x reduction and improvement in the efficiency of Schwarz's algorithm. So was I reading that correct? And by the way, I didn't read the Oratomic paper. This is Claude helping me read this, okay? Because it was out of my depth. Okay, but like that even has a lower threshold in terms of the amount of logical qubits required to actually go crack some of our cryptography. Was I reading that correctly?
Nic:
[24:42] Yeah, I mean, as someone that is primarily concerned about long range attacks, because that's the easier threshold to get to, right? So I'm worried about what does the first attack look like and when does that happen, right? What does the quantum computer look like that that attack is possible on? The Oratomic Caltech paper is the more concerning of the two. Because neutral atom systems, the biggest neutral atom array that exists already is 6,000 physical qubits.
Ryan:
[25:13] Does that collapse down with kind of air correction, like 50 or something logical?
Nic:
[25:19] Yeah, so it's 6,000 physical, unclear what the exchange rate is logical. That's like the source of uncertainty. This oratomic paper doesn't actually talk about logical at all. It just says... ECC could be cracked with between 10K and 26K physical qubits. The prior estimates we had, state-of-the-art, was half a million physical qubits, millions of physical qubits. So this is a vast, vast reduction. And it's with the neutral atom, which in my circles is considered the most promising approach, actually.
Ryan:
[25:57] Why is this? Because we don't need refrigeration, and kind of like, you know, zero Kelvin temperatures and such?
Nic:
[26:03] Because they're more stable, yeah, and they have a lower noise ratio. So it seems, based on the Oratomic paper, that you're getting a really good exchange rate between physical and logical. And so you could get to as few, they say as few as 10K physical, which is basically in the kind of range that we're in state-of-the-art today. And I'm not saying this is going to be broken next week at all, by the way. I know people think I'm an alarmist, but I mean, you just have to read the papers and then compare them to what exists. It is quite frightening.
David:
[26:36] So to summarize things, as I understand it, and correct me if I'm wrong, we have two attack vectors that we need to account for. We have the long range attacks, which is all exposed wallets that are exposed as of today, notably the Satoshi coins. But there's also a very large supply of otherwise dormant coins that have some chunk of them that are very likely to be lost and therefore are not going to move in the face of a quantum computer. These are the long range attacks. The operator of said computer has infinite amounts of time to crack these wallets. And so we just assume that they're going to get cracked. That's one problem. That's the long range problem. That's going to be perceived to be the first problem that we run into. And then there's the short-range attacks is eventually once quantum computers scale up so incredibly powerfully, like no one is safe because your address, which you have to reveal to make a Bitcoin transaction, gets revealed and then a quantum computer starts racing to crack your private key before your transaction lands. These are the complete set of problems. Is there anything else?
Nic:
[27:41] Yeah, I mean, those are some big problems, though.
David:
[27:43] The big problems, but I just want to make sure that we have
Ryan:
[27:45] Them accounted for. You know what's something that's nice, though, David? Some good news is my reading of the Google paper, there was no problem with proof of work. So I remember a few years ago, there was some speculation that quantum computers could kind of like nerf through like Grover's algorithm, could kind of like nerf Bitcoin mining and hashing. And that doesn't seem to be a near-term horizon problem.
Nic:
[28:05] Yeah, I mean, it is true that Grover's is a more efficient way to search for the pre-image of a hash, but it's only quadratic at best. So take the square root of Bitcoin mining and you have a slightly better Bitcoin miner, No one that has an insanely good quantum computer would waste it on Bitcoin mining.
Nic:
[28:24] Yeah. Like, that'd be a terrible misuse of resources. So.
David:
[28:28] Okay.
Ryan:
[28:29] Because they can...
Nic:
[28:29] Proof works fine, whatever. We're all for it about it.
David:
[28:33] So we're down to these very... To low number of each respectively very large problems. I'll also say, even though it's not the best outcome, the long-range attacks, the Satoshi coins... At least it doesn't break the whole blockchain. Like the blockchain still runs. Then with the short range attacks, then we start getting into the conversation of like, oh, is Bitcoin, I can't even store my value on Bitcoin if there's a short range attack all the time,
Nic:
[29:02] Right? Yeah, I mean, it breaks the core assumption underpinning Bitcoin, which is that the person with knowledge of the key is the owner of the coins. And that's pretty key, you know.
David:
[29:13] Okay, so Nick, it's April 2026 right now. The Google paper, two weeks before Google released the paper, they released a statement saying, hey, we are accelerating our quantum transition plans from where I think it was at 2032 to 2029. So they have moved up their own standard of when they are transitioning all of their systems to be post-quantum. Do you think that that also means Bitcoin needs to become post-quantum by that same timeline? Or is Bitcoin on a different timeline? What timeline do you think Bitcoin is on?
Nic:
[29:47] I mean, undoubtedly, it'll be slower. I think it would be a little bit embarrassing if Bitcoin is trailing Google and Cloudflare has already migrated, by the way. Probably this internet infrastructure that we're using right now is post-quantum.
Ryan:
[30:04] The U.S.
Nic:
[30:05] Government has this window of 2030, 2035, critical functions by 2030. You know, every CSO on the planet, every bank, and this is something Bitcoiners say, oh, quantum breaks everything. No, dude. Everyone else is aware of this and actively mitigating it. Apple is on it. Cloudflare has already done it. Google has set themselves this incredibly near, that's 2.7 years away for the biggest internet company on the planet.
Nic:
[30:33] So I think it would be quite embarrassing if Bitcoin was much later, because we like to think we're the state-of-the-art cutting-edge guys, but we're actually going to be the laggards. So yeah, and the problem is this transition for Bitcoin is, you know, there's a chain code paper about it. They said a reasonable time horizon is seven years. And they said maybe you can rush it and do it in two years, but there's so many parts of this that are slow. We have to agree that we're going to do it. we haven't even agreed. We have to pick some kind of cryptographic function. We have to determine how we're going to make the change. And we don't have any consensus on how changes get made in Bitcoin anymore. The last three soft forks all happened different ways, different activation pathways. Then everyone has to migrate their coins. Every single address on Bitcoin has to turn over. Every single one. That's 50 million addresses. They'll take three months if blocks are full the whole time. And then you want to give people time to migrate before deprecating their old coins, which you don't want to, you know, commit theft, right? And then we also have to debate and deliberate and decide what we're going to do about these Satoshi coins that can't migrate.
Nic:
[31:44] That's a huge debate on its own. That's a fundamental debate. How long do you think all that would take? Five years, 10 years. So yeah, I mean, I don't see it happening for Bitcoin before 2030.
Ryan:
[31:58] Can I just add another problem to that list just to make sure we're cataloging it or I'm understanding it, which is it seems like some of the post-quantum hashing algorithms that Bitcoin might need to adopt are radically less efficient than the cryptography it's adopting right now. So Justin Drake came on the podcast and said, you know, like by way of estimate, if Bitcoin is doing three transactions per second or something, if we use LatticeBase or something, that could drop it under one second, right? Bitcoin transactions per second could be 0.3. And so there's also the challenge of can we actually find performant cryptography for a blockchain-based system? At least I think that's a problem. Google mentioned it in the paper, at least.
Nic:
[32:41] Yeah, no, you're right. I mean, the NIST, the government body that standardizes things, They've helpfully provided with us three post-quantum algorithms. There's lattice-based cryptography. MLDSA is a variant of that. There is hash-based cryptography, which Bitcoiners like, and I actually think the Ethereum people like as well, as far as I can tell, because it introduces no additional new assumption. We already trust hashes, right? So lattices, we don't trust them. We think that probably they're hard to break, but it's actually the same model as elliptic curves. We don't really have a proof that elliptic curves can't be reverse engineered.
Nic:
[33:25] So, but we just trust them because they've been around for a while. Lattices are the same. So it's kind of an unknown. Lattices are smaller, much smaller, but much bigger than elliptic curve. Elliptic curve signatures are tiny, like less than 100 bytes. So you're going to deal with a minimum 10x deterioration or increase in signature sizes and byte terms all the way up to maybe 1000x. So obviously work is being done on this. But if you use hash-based signatures like Sphinx, You know, you might be dealing with 100 to 1,000x additional resource requirements. Of course, if this happens, there would be an offsetting block size increase. So, because that's not going to be controversial anymore because we're already changing so much, right?
Ryan:
[34:13] Okay, there wouldn't be another block war, you think, if there was a block size increase?
Nic:
[34:17] No, because the fight around what we're going to do with quantum is a much more contentious thing. If we agree we're going to fix quantum, then it's just understood that there would be a block size increase. That's like a tiny detail you know it's a footnote but yeah this is going to be a problem for actually every blockchain and it's it's sort of it's a problem for bitcoin but relatively speaking it's actually more of a problem for the super high performance blockchains that are hyper optimized around tiny signatures and specific variants so i mean not to like name names but solana is going to have to rebuild everything from scratch. And they've already massively optimized hardware around these signatures, which they're going to have to rip out and replace. So if you're a very performant blockchain, it's actually a big problem because now you have these slow, ugly, clunky signatures.
David:
[35:11] So the deadline for Bitcoin to get over these hurdles, to solve these problems is Q day. Q day is defined, loosely defined as the day that a quantum computer becomes sufficiently capable that they can actually do these some of attacks. But it's not actually a particular day. There's not a date in the future.
David:
[35:30] It's a prediction of when Q day actually does arrive. But we do know that there is something out there. It's going to be called Q day. And it's when these attacks start to come online. So Nick, do you have a sort of just predictive deadline, just an arbitrary date that you kind of think it would be in the best interest of Bitcoin, of hitting that date of becoming post-quantum?
Nic:
[35:56] Yeah, I mean, we don't know when Q-Day is, of course. We do know that it just got a lot closer. Everyone agrees. Everyone agrees. We don't know when it is. We can only rely on what these companies building quantum computers expect, so their own internal published roadmaps, so we can look at what they're saying. So they're saying they expect to get to a scaled functional quantum computer, for the most part, they all say around the early 2030s. So if you ask IBM or you ask Google or Microsoft or Continuum or QERA or SciQuantum, generally late 2020s, early 2030s. But, you know, maybe they're biased because they're selling a product or, you know, they're raising money. You look at what the U.S. government and, frankly, most other governments are, they're putting the window in the early 2030s. Google's now put their deadline in 2029, which is very aggressive.
Nic:
[36:53] So one nuance there, though, is... You might want to upgrade long before you think Q-Day will happen, right? Because if you're the U.S. Government, what China could do is just monitor your communications, read or store all your encrypted data, and then later decrypt it. So what you might want to do is just make sure that the encryption that protects that data is post-quantum long before Q-Day comes. So the U.S. government saying they want to upgrade between 2030 and 2035 doesn't necessarily mean they think Q-Day is falling in that range. But if I had to guess, I believe they will revise this forward, actually. So I think it's going to change to become earlier. But yeah, to answer your question, based on my analysis and the modeling I've done, which is primitive, I think it'll happen in between 2030 and 2035 based on extrapolating progress rates. Because you're looking at two curves, the declining resource requirement curve, and then the increasing hardware curve. So if you plot those, you get an intersection in the early 2030s.
Ryan:
[38:08] I'll remind listeners, 2030 is only four years away. So not a lot of time. You guys are both talking about QDay as if, there's an inevitability about that day. Like it's going to happen. Like quantum computers are going to happen. There have been some that are pushing back on that. And so Anatoly, you know, founder of Solana, I saw him saying, look, it's still hypothetical. We haven't really solved that engineering problem of us being able to scale up qubits in kind of a meat space. And therefore it's kind of a hypothetical. The same way AI doomers will talk about, hey, what's your PDOOM? Is AI going to kill us all or not? It's something that can't really be known at this stage. What's your reaction to that? I mean, is there some probability in your mind, Nick, that quantum computers will never happen or not in your lifetime? It could still be decades out. We'll find something. There's some reason on the engineering side that we won't be able to scale this out in the physical space.
Nic:
[39:17] Yeah, that's certainly possible. That's definitely possible. The consensus of experts appears to be that it probably will happen. But of course, there might be a fat, you know, right tail on when it happens. I mean, Scott Aronson is a guy that I trust on this. He's a very well known professor of quantum computing and other disciplines. And he says, he said in recent months, like, it's just an engineering challenge. There's no sort of fundamental physics things that need to be discovered.
Ryan:
[39:46] And that's notable for him because he's been basically a skeptic of any kind of real-world quantum scaling up to this point.
Nic:
[39:53] 100%, yeah. And he's really dramatically changed his tone in recent events, including reaction to this new paper. So, yeah, I mean, I think it's certainly possible, but...
Nic:
[40:04] Why would we as Bitcoiners, so we're meant to have a pretty paranoid outlook, right? Why would we want to be extremely lackadaisical about something that every other organization is preparing for? We look lazy, by contrast. You know, if the U.S. Government has a mandate that all cryptography running through its veins be post-quantum, if Google is doing it and Cloudflare, why would Bitcoin, this software project that defines money as a valid cryptographic signature exclusively, why would we not transition when everyone else is? We look terrible. There's something ironic about being.
David:
[40:44] Paranoid about paranoia. Like it's self-terminating. Bitcoin culture is paranoid. And then they are pointing paranoia at people being paranoid about quantum. There's something self-referential about that.
Nic:
[40:59] Yeah, there's a conspiratorial tone inherent in Bitcoin culture, which is unfortunate. I mean, I find it actually really bizarre. You know, Bitcoin Core used to be the most paranoid organization on the planet. You know, they would write their own implementations of, I think they wrote their own implementation of ECDSA because they didn't trust anyone else. They didn't want any dependency. And the whole thing is just architect of this intensely paranoid approach. Yet when it comes to the whole notion of the, you know, all of the underlying cryptography being undermined, there is a real laissez-faire attitude to it. It's very puzzling.
Ryan:
[41:39] What's your answer to that same question of why wouldn't they treat this more seriously? Why are they not more paranoid? Why?
Nic:
[41:45] Institutional incentives is my answer. I've been really wondering about this. I mean, now I'm at odds with the whole Bitcoin community again for some reason. I don't know why this keeps happening. I think as far as core developers are concerned, they don't want to take responsibility for the protocol. They don't want to be seen as the leaders. That has caused them a huge amount of problems, legal, harassment. You know, like right now, there's a BIP 110 people that are harassing the core devs. So the reaction of the core devs is a disclaim responsibility. Say, don't target me. I'm not in control. I'm not the guy in charge. The same with Craig Wright legally harassing the devs. A lot of them retired or semi-retired in response to this. Their reaction to the legal threats was to be like I am not in control I have no responsibility so you end up with this enormous power vacuum and, You know, this is reflected in the lack of updates to Bitcoin. It's been two changes in the last decade, right? So the system is now in a state of total stasis with people that are influential and they matter, but no one will admit that they have real influence over what gets implemented in Bitcoin. So that's one issue. And also there's this, you know, culture of like, well, if you want to change something, do it yourself. You know, you write the code. I think it's like an absurd thing. It's like, really, the only way to contribute to Bitcoin is to write a BIP? Like, that's a waste of time. Nobody ever, they wouldn't look at my BIP, right? So they're incapable of, like, taking feedback from the market.
Ryan:
[43:14] It's really weird.
Nic:
[43:15] Then the incentive of individual holders, including the largest holders in the world, is to deny that there's a problem because they don't want to admit that there's anything that could undermine Bitcoin. Because to them, like, Bitcoin is ontologically perfect, you know.
Nic:
[43:31] So inherently, it's, you know, a perfect money. There could never be any problem with it. So they're insulted that someone might say, hey, this whole thing has a huge tail risk attached to it. They don't want to convey any weakness to the market, you know, because a lot of these people's jobs is to basically sell Bitcoin to third parties. So I think that's why there's been this reaction.
Ryan:
[43:56] Something else we heard from Michael Saylor was in addition to don't worry about the alarmists and the Fudsters and the Panikins, was this idea that the cure could be worse than the disease. And so we shouldn't rush anything. And I've heard this from Bitcoin developers as well. Just like, hey, we're looking at it now. Sure, quantum computers could happen at some point in the future. Maybe they will. Maybe they won't. But there's no real need to rush things. Let's take this slowly. And look, we're upgrading all of the cryptography here. Let's make sure we do the right thing before we commit to something.
Nic:
[44:36] Yeah. I mean, the cure is not going to be pleasant. As you guys know, like if you've seen the Ethereum roadmap, it's not like a fun exercise to go through. The new signatures are more annoying and harder to work with than the old signatures. But I think the assumption inherent and what Sailor is saying and what others have said is we will have a very clear notice period before Q-Day comes. That's the assumption. It's, well, you know, the technology will progress gradually.
Nic:
[45:06] And we will know, we'll be able to do the extrapolations and we'll know, all right, it's going to hit in 2041 or whatever. So all we have to do is target that date. But it's not like Y2K, right? Nobody knows the day or the hour, right? It will just happen one day. So unfortunately, we have to make a decision under conditions of uncertainty, a very costly decision, right? Because it's going to be very hard to do this. But the problem is, this is the crux of it. There is no one with the executive ability in Bitcoin to coordinate this. Not like Ethereum, there's a foundation, there's a guy who makes the decisions. Not just one guy, of course, but there's more order in terms of the governance. In Bitcoin, the governance is deliberately, People disclaim responsibility by choice. If you talk to any individual core developer that I have, they will all say, I'm not in charge. We're going to let the community decide. So the whole structure is leaderless, enormously leaderless. I mean, the thing's running on autopilot, basically. And so that's the problem. We have something where someone needs to step up to the plate and say, we have to make this costly decision today. And the system can't accommodate that structurally.
David:
[46:21] Let's talk about what we actually have to do. Once we get consensus that we have to do something, what do we actually have to do? So we are at A.
Ryan:
[46:31] We need to
David:
[46:31] Be at B by 2030, 2032, sometime around then. What is actually A to B? What are the things that we actually need to get done?
Nic:
[46:41] Yeah, people keep asking me for my roadmap. It's like, I don't know, man. I feel like I can just be the guy that pulls the fire alarm and doesn't do anything else. but if I have to give one.
Ryan:
[46:53] We need to settle on a signature scheme.
Nic:
[46:55] And it could be more than one, actually. There's no reason why we couldn't have two signature schemes. So what I think it will actually look like in practice is a period where you can sign a transaction with a traditional signature plus maybe a hash-based signature or a lattice-based signature. And those live in parallel for a time. And maybe after X years of that, enough people have moved over to the new signature scheme and you can deprecate elliptic curves entirely. In parallel, we also need to decide what the fate of the Satoshi coins is going to be. And that's going to be a huge fight. So that's going to take years. So, you know, eventually then you would just turn off the legacy signatures and retain exclusively the new signatures. I mean, that's like broadly what it's going to have to look like, but it's going to be a mess, of course.
Ryan:
[47:49] At some level, the technical challenges of upgrading the cryptography are less scary to me than kind of the social issues of what to do with the Satoshi coins. And let's talk about what that is. So this is from the Google paper again. It was nice of them to quantify all this for us too.
Nic:
[48:06] It was a great paper.
David:
[48:07] I was shocked
Ryan:
[48:08] At how much they knew about our crypto-like systems, right? This is coming from Google. I did not expect this level of debt.
Nic:
[48:15] Well, I think that's why they brought in Justin.
Ryan:
[48:18] Yeah, I wonder if that's part of the intel here, but their numbers were 6.9 million Bitcoin that would be vulnerable to this, which is one third of all supply. But of course, those could be transitioned to different addresses. But there might be 2.3 million Bitcoin that are kind of the Satoshi keys, the loss keys, the, you know, we cannot be moved. And I don't know, that's like 10%, 10 to 15% of all Bitcoin supply. And to the question for the Bitcoin community to somehow cut find consensus is what do we do with the Satoshi coins and these lost coins? They gave four options. The do nothing option, the burn option, which is you just take the Satoshi coins, you just burn them forever. You make them permanently unspendable. The do nothing option is obviously you just wait for the first quantum attack to go get the booty and they win the treasure. Congratulations. They also had two other approaches, one called an hourglass, where it's kind of like a, you just slow down the dormant coins, the slow down the speed at which they can be sent. You just avoid the quick confiscation. And then they had another approach they called bad side chain. This is like you take the Satoshi supply, you put it in some pegged side chain. And then if an owner shows up later, they can prove ownership somehow cryptographically and like unlock their coin. So these were the four options. Which of those is best to you? Are there more than those four options? How do you think this gets resolved?
Nic:
[49:47] Yeah, I mean, I think this is actually the question. Like, I think basically in a few months from now, everybody in Bitcoin is going to agree with me and we'll all understand that there's important. We need to transition to PQ. So I think that'll happen. But this is the thing that'll be outstanding is like the immensely powerful. Tricky question of like, how do you save Bitcoin from this without undermining Bitcoin's core values? Because you would be. If you burn the Satoshi coins, we've now arbitrarily changed Bitcoin supply from 21 million to 19 point something million. That's an enormous change. The whole point of Bitcoin is, you know, no one's meddling with the money supply, right? That's a huge, huge issue. I think what is likely to happen is that I think, you know, Once the institutions get involved, they'll just say, okay, we're burning the coins. We will only support a fork where the coins are burned. So that will canonically become Bitcoin. Wow.
Ryan:
[50:42] Okay, so what would that look like? You say the institutions coming together. So I'm imagining like Brian Armstrong this morning tweeted, hey, this is something we're going to have to look into. I'm personally looking into this. He was talking about the quantum issue. We had Michael Saylor on earlier. He didn't really have a comment on this piece other than it's kind of like FUD, but I'm sure BlackRock will have a perspective. I'm sure all of the major exchanges will have a perspective. CZ yesterday tweeted out, well, one thing we could do is maybe just burn the supply. He just threw that out as a floater on Twitter. What does that practically look like when you say the institutions will all come together and likely want to burn this supply? Yeah.
Nic:
[51:21] I mean, it's really unprecedented times, truly. But I think it'll happen, actually. And I don't have any private knowledge of conversations behind the scenes, but my guess is that, 10, 15, 20 most important custodians of Bitcoin on.
David:
[51:37] The planet will sign a letter
Nic:
[51:39] Saying, we will only honor a fork where the Stochi coins are burned, period. That will be BTC, Bitcoin, ticker Bitcoin, that will be Bitcoin. The other thing will be something else. And you can go buy that one, but we're not going to support it. It's not going to be on exchange. The ETF, the thing that the ETF holds is going to be this new Bitcoin thing. That's going to canonically be Bitcoin.
David:
[52:04] Is that the institution is kind of just like strong arming the whole rest of the ecosystem?
Nic:
[52:10] Well, someone's going to have to do it. Someone, you know, these times call for a dictator. I'm sorry. Like we can't have this like passive, oh, I'm not in charge. Maybe he's in charge. No, I'm not in charge. Like that's not going to work, right? And I'm not saying, I'm not advocating for this. I'm not saying I want to be the dictator. I'm not telling anyone to do this. I'm just saying I think this is how it's going to play out.
Ryan:
[52:36] Why? Because the incentives line there, that's good for everyone, I suppose, at some level. If you can coordinate, then you have over 19 million and everyone gets positive, whatever the opposite of dilution is, positive.
Nic:
[52:48] Yeah, reverse dilution. Yeah, no, that's a real thing. I mean, yeah, I mean, of course, like, of course you'd prefer that there be fewer Bitcoins. But yeah, I mean, this is what people don't understand. These custodians, exchanges, etc., especially custodians, they are fiduciaries. They have a responsibility for their clients' coins. And they can't accept a situation where China or whoever steals 1.7 million bitcoins and market sells them. A situation that's a foreseeable total wipeout, loss of value that's catastrophic for these companies. So they are forced into one of two choices, right? They can delist Bitcoin and not support it. So they can just end their Bitcoin business completely. Probably that will happen too. Or they can go to the Bitcoin community and say, hey, look, man, my hands are tied. I can only do this. So there's only two things they can do. D-list Bitcoin or insist that the coins be burned. Those are their options.
Ryan:
[53:50] Do the miners have a role in this or are they weaker powers here?
Nic:
[53:54] Yeah, I mean, the miners are price takers. You know, they're basically irrelevant today.
David:
[54:00] In the absence of the Bitcoin community being proactive and coming up with a solution ahead of institutions strong arming, I actually do feel some... Level of comfort that it seems like these institutions will provide a solid backstop of, you know, Q days around the corner. We haven't come up with a solution. Therefore, you know, we're in charge here and we're going to strong arm you guys. It seems like there could at least be space for, you know, BlackRock, Anchorage, all the custodians to say, to like give space for Bitcoiners to come up with their own organic solution. But if they don't, then they pull the fire alarm and like, okay, this is what we're doing now.
Nic:
[54:41] Yeah, that's what's happening right now. Every single Bitcoin institution on the planet has a perspective on this already. So they're watching, they're waiting, and they're hoping that the devs get it under control. But if they don't...
Ryan:
[54:53] Why is that so bad? So the burn option, let's say. So everyone gets reverse diluted. You know, there's a world where maybe Bitcoin holders are excited about that. If you have Bitcoin, you have a greater percent of the network after that. Why is this a bad thing? What are the cons to this?
Nic:
[55:12] The con is that we permanently ruin the thing that we said we were doing, which is maintaining an absolutely immaculate supply schedule. You know, remember the amount of crap that Ethereum people got for the DAO hack remediation? You guys remember, right? Yeah. This is like that times a trillion.
David:
[55:33] Yeah, but this is the self-referential part about that is Bitcoiners talking to the Ethereum community and the Ethereum community talking back to the Bitcoiners. And that was in 2016. And like, yes, Bitcoiners have elevated the role of property rights and the story of Bitcoin's immaculate conception and the 20, like all this espousing of the cool things about Bitcoin. And now we're in 2026 and now we got BlackRock and then the ETF, we got Michael Saylor and, and, and, Maybe the market, the world just doesn't give a fuck nearly as much as Bitcoiners think that they do. We're in the real world now. We're out of the imagination. If we go from 21 million units to 18.5 million units, everyone actually has a larger share of the network. People are profit motivated. People are pragmatic. Who cares about the property rights being violated the one time that we had an- The one time.
Ryan:
[56:30] It's only a one-time thing.
David:
[56:31] The one time with- I promise. a very valid reason, like, fuck it, like, we're doing the thing, and all the Bitcoiner intellectual masturbation about, like, for strong property rights can stay inside of that silo, but we're in the world of, like, pragmatism. Like, I don't see- I would care.
Nic:
[56:49] I would care.
David:
[56:50] Okay.
Nic:
[56:50] Okay. All right. I mean, I'm not, like, falling in on one side or the other, but I think it basically ruins Bitcoin as this, you know, true ideological project. I think it's over at that point. And it's become something that's effectively captured and any feature of the system can be changed arbitrarily. And it would be the greatest theft in human history. That would be on our conscience. You know, it's like me and Tissatoshi.
Ryan:
[57:13] Is it captured in like the quote unquote, the right direction, which is it's not captured in a way that's inflationary to some unaccountable third party? I guess maybe in a way it is sort of, right? Because you're benefiting existing holders.
Nic:
[57:28] Yeah, it's no different from some socialist, you know, being elected and saying, we're just going to steal all of Jeff Bezos's wealth. And like, yeah, okay.
David:
[57:37] It is different, though, because this assumption, the presumption is that Satoshi doesn't actually have those coins.
Nic:
[57:45] They're Satoshi's coins, no matter what, or his estate.
David:
[57:49] I think Satoshi needs to wake up and say that in order for that to be valid.
Ryan:
[57:55] Satoshi's not waking up, though.
David:
[57:57] Which is why it's okay.
Nic:
[57:59] It would be really great if Satoshi came back right about now. I think I know who it is, and I don't think they are. But yeah, unfortunately, I think this is how it's going to be, and that'll be the end of the Bitcoin project, in my opinion.
Ryan:
[58:11] What about this other approach then, the sidechain type approach where you don't confiscate it forever. You just take that supply, you shove it somewhere else. And if a holder, if Satoshi comes back and provides the cryptographic proof, then Satoshi gets coins back.
Nic:
[58:27] Yeah, I mean, that's what should happen actually in a more legalistic and less cryptographic way. So I wrote a short story about this called Trillion Dollar Salvage. I recommend you guys read it.
Ryan:
[58:38] I have read it. It's fantastic. I feel like I should read it to my kids, a little bedtime story.
Nic:
[58:44] I put a lot of work into it. I think what should actually happen is what happens to shipwrecks. Like the Titanic is a good example. The Titanic, there's this legal doctrine called salvoar and possession, where one company was granted basically the right to salvage and protect the wreck. And, you know, they were not granted ownership of it. So it's like the stuff in there is not theirs, but they're the custodians of it. So something similar could play out. And this is actually how a lot of shipwrecks end up, is like basically you, as the person doing the salvage, you get a finder's fee, like 10%.
Ryan:
[59:24] But the, you know,
Nic:
[59:25] The gold or the doubloons still belongs to whoever the original owner was. And this can trace over hundreds of years, by the way. And so what I think should happen is the government should effectively appoint someone or some lab to salvage the coins, hold them in trust for Satoshi or Satoshi's estate, and the person doing the salvage entity should get 10% or 15% or whatever. And then if Satoshi does come back, then they can claim their coins. And if not, they get cheated, I think is the word, and actually the government gets them. So I think that would be a much more neat solution that does not involve ruining Bitcoin at the protocol level.
Ryan:
[1:00:10] So with salvage law, how is it governed internationally in kind of the, you know, the law of the jungle that we find ourselves in, which is like who gets to make the rules from an international perspective.
Nic:
[1:00:22] Yeah, I mean, this is a very well-established international law on this, actually. So there was this big famous shipwreck that this guy in the 80s found had $500 million worth of gold from a Spanish ship from 200 years earlier. Spain got all that gold, actually, because Spain was considered to be the unbroken owner that had not, even though it was the Empire of Spain, and then it became Spain. It was like the Empire fell.
Ryan:
[1:00:46] And who found it? Like what nationality found it?
Nic:
[1:00:48] This Floridian guy.
Ryan:
[1:00:50] Okay, so an American found it.
Nic:
[1:00:53] Tommy Thompson was his name.
David:
[1:00:55] Sounds like a fake name.
Nic:
[1:00:57] Actually, sorry, I might be mixing up two cases, but yeah, sorry, I'm thinking about the Nuestra Senora. This was sunk in 1804. 500 million was recovered in 2007. Spain declared sovereign immunity. They said they had an unbroken ownership claim over the ship, and all of that gold went back to Spain. Okay.
Ryan:
[1:01:15] So, this is the thing.
Nic:
[1:01:17] The courts, generally, they have an extremely high bar for what's considered abandonment. They actually need the owner to come out and say, I have abandoned this. And no one ever says that. So, unless Satoshi says that, the new owner, I don't think, would get everything.
Ryan:
[1:01:33] If I recall in your story, it was like the ones who were able to salvage it was actually like U.S. domiciled. So, it was a U.S.-based company. And ultimately, kind of the U.S. government got it. And I can see the scenario you're talking about with international law working among allies, right? And then your scenario, by the way, had a nice happy ending, I think, right? Which was- Well, it was supposed to be kind of dark
Nic:
[1:01:54] In a way, but- Yeah, yeah.
Ryan:
[1:01:55] The U.S. government got a portion of it. Bitcoin kind of like dipped in price for a time. Then everyone realized, oh, the U.S. Government has it and there's the strategic Bitcoin reserve and things resumed on the ascent. However, what happens if an adversary gets it? So what we're talking about is not necessarily kind of Western alliance type companies. I mean, Russia could crack the Q-Day stuff or it could be China or something. And are they going to respect salvage laws? Isn't this like an international race, I guess? And it's more akin to kind of the law of the jungle unless the U.S. Unilaterally is able to marshal the tech to make this happen?
Nic:
[1:02:33] Yeah, I mean, hell, you know, Europe may not like honor our laws after what we've done with them recently. Right. Yeah, I mean, in the story, actually, the reason the government authorizes the theft is because they know that China is just right around the corner. And this is actually what's happening in the quantum race in the real world. You know, we are racing against China to get it the same way we're racing for AGI. So quantum is much more important than just Bitcoin, of course. It's the ability to spy on your enemies completely you know with with impunity and the ability to make these amazing breakthroughs in physics and material science and chemistry and stuff so we are actively racing them they're spending
Nic:
[1:03:13] tens of billions of dollars a year on this stuff do.
David:
[1:03:16] You know who's spending more us or them
Nic:
[1:03:19] It's about the same, but it's mostly private sector in the US and it's mostly public sector in China. Sure, sure. So there's a race. And does China like really care about Bitcoin? I don't think so. I think they actually dislike Bitcoin. So people always say to me like, well, who would rationally steal the Bitcoin? They won't be able to sell it. China doesn't care about that. They're not, you know, they might just want to embarrass us, you know, if Bitcoin is perceived to be a very American thing. So you can't trust that the first entity who gets a quantum computer is altruistic or benevolent. So, you know, if they get there first, we're in trouble.
David:
[1:03:57] So let's say that at the end of all of this, the Bitcoin, the Satoshi coins, all the dormant coins, the ones that are exploitable by a quantum computer, they do get exploited and they either end up inside of the Bitcoin strategic reserve in America or they end up getting markets sold by China. Add those two properties together, probabilities together, what is the total probability of either of these two outcomes happening?
Nic:
[1:04:24] My modal outcome is that we freeze the coins. So I think it would actually be pretty unlikely that we don't. But I mean, I'm totally guessing.
Ryan:
[1:04:33] Your modal outcome is the institutions come together and they opt for the burn option.
Nic:
[1:04:38] I don't think the Bitcoiners will do that spontaneously.
Ryan:
[1:04:41] This will cause a fork.
Ryan:
[1:04:42] We get freeze and burn. This will cause a fork. There will be some Bitcoin Classic out there. Will there not?
Nic:
[1:04:48] Yeah, but nobody will support it, right?
David:
[1:04:50] Right. It'll be worse. It will be a fork, but it will be like Ethereum.
Ryan:
[1:04:53] You'll support it, Nick.
Nic:
[1:04:54] You'll be out there. Look, I supported Ethereum Classic. It didn't go well for me.
David:
[1:04:59] You might ideologically support Ethereum Classic, but you're going to also hold the Bitcoins that are having the market value,
Nic:
[1:05:06] Which is going to be that one. That's okay. Yeah, I'll go with Ticker Bitcoin. Ticker BTC. whatever that is, you know?
Ryan:
[1:05:13] You said at the beginning of the episode, Nick, that Ethereum, you saw the EF is positioning things better. It's funny because on the Ethereum side, I think it's a pastime to complain about the EF or it has become so lately. I've seen that, yeah. All right, what are you seeing from the outside that Ethereum is doing right and maybe the EF is doing right on this issue?
Nic:
[1:05:31] Whenever I talk to anyone in Ethereum, they're like, oh, Ethereum is so messed up. Like they're making us sign this woke pledge to like be trans or something. I don't know.
Nic:
[1:05:44] Like it's completely indecipherable from where i said but i did see a very cool website called pq ethereum.org or whatever and the fact that justin is on this paper is also quite telling i mean it's a night and day you know ethereum it's basically you know in bitcoin it's just me worrying about this and like a half dozen other people in ethereum that's already been decided the transition is going to occur. So I mean, it's just, and the roadmap is, it's like, I was reading the blog on the PQS theorem, so I'm like, I could have written this. Like, I completely agree with every word written on here.
Nic:
[1:06:20] And I think, you know, Ethereum is also a beneficiary in the sense that it has not gone for this relentless optimization route. So like some of the like high bandwidth or high throughput blockchains have, because they're going to suffer from this, as I said. The transition is more complex for Ethereum though. It's multi-layered, as you know. It's not just the address layer. It's also, you know, the consensus layer and the roll-up layer. I think the push towards account abstraction is actually really helpful, though. That means it's easier to kind of like hot swap out underlying algorithms whilst, you know, having one address that's consistent.
Nic:
[1:07:00] So yeah, I was very impressed by the roadmap. I hope you guys can do it by 2029. I mean, it's going to be very painful because we're still standardizing these cryptographic functions. We haven't picked the good ones yet. So that's the hardest part is you want to rush, but you also want to wait for the functions to get better.
Ryan:
[1:07:21] Nick, there's kind of a final question, I think, to wrap all this up. And it's sort of the question of like, does Bitcoin, do you think Bitcoin survives this? And I want you to put maybe your investor cap on, right? I've heard Ray Dalio talking about Bitcoin whenever he's asked. He's like, I prefer gold because it can't be hacked. Part of what he might mean is kind of quantum hacked.
Ryan:
[1:07:39] Do you think
Ryan:
[1:07:39] Bitcoin survives this? And what's like the investment case, right? Is there a case in your investor mind to just like maybe not be bullish on crypto until there's demonstrated capability that our chains will upgrade to quantum? Like maybe you hedge to gold for a period of time until this is resolved. Round this out for us and tell us what you think this means for investors.
Nic:
[1:08:05] Yeah. I mean, I'm all in on crypto, obviously my career, my fund, everything, you know, So I, you know, I'm not a panicking at the core. I have the confidence we'll be able to surmount this. And I think it's actually very helpful that Ethereum has shown what a roadmap looks like. I think as ETH BTC rallies, that's like a dagger into the heart of the Bitcoin process trusters. And eventually Bitcoin will come around purely through price signals. It'll have to happen. And, you know, the scary thing is what has to happen in Bitcoin is unprecedented. And it basically will be commandeered by corporate interests, I think. So I think Bitcoin can and will survive, but it'll be changed in the process. And it won't be the same way it was before. You know, the ideology will probably have to be compromised. But yeah, you know, as an investor, this is the number one question I get now from, you know, big investors.
Nic:
[1:09:01] And I think, you know, it is ultimately an opportunity for blockchain to show that, yeah, we can be very rigid and anti-fragile and not change very much, but also we can adapt when it is necessary. We've seen that Ethereum and to a lesser degree, Solana are willing to adapt. We haven't seen the willingness from Bitcoin. It is the thing that has scared long-time Bitcoin is the most, for sure. A lot of the people I talk to, their faith is being shaken, but luckily there's still time to react. So I hope that the devs come around.
Ryan:
[1:09:36] Well, thanks for sending the smoke signals, Nick, and for your tireless work, you know, fighting for this issue. We appreciate you stopping by.
Nic:
[1:09:43] Yeah, thanks, guys.
Ryan:
[1:09:44] Bankless Nation, gotta let you know, of course, crypto is risky. You could lose what you put in, hopefully not to a quantum computer. We are headed west. This is the frontier. It's not for everyone, but we're glad you're with us on the bankless journey. Thanks a lot.
