CD188: CORALLO - STEALING SATOSHI'S SATOSHIS

WEBVTT

NOTE
Transcription provided by Podhome.fm
Created: 01/14/2026 20:31:21
Duration: 5499.794
Channels: 1

1
00:00:32.860 --> 00:00:38.620
Happy Bitcoin New Year, freaks. It's your host, Odell, here for another civil dispatch.

2
00:00:38.780 --> 00:00:42.860
The show focused on actionable Bitcoin and freedom tech discussion.

3
00:00:43.765 --> 00:00:46.405
Today is January 14,

4
00:00:46.965 --> 00:00:51.285
eighteen hundred UTC. The current block height is nine three two two seven six.

5
00:00:52.085 --> 00:00:56.004
Bitcoin is pumping. We're at a thousand 30 sats per dollar.

6
00:00:56.770 --> 00:01:00.530
That is a little over $97,000

7
00:01:00.530 --> 00:01:01.809
per Bitcoin.

8
00:01:01.969 --> 00:01:03.809
Freaks, I know it's been a minute

9
00:01:04.290 --> 00:01:05.970
since the last dispatch.

10
00:01:06.450 --> 00:01:09.170
I was gonna rip some over the holiday, but

11
00:01:10.185 --> 00:01:18.664
work and life got away from me. Just know that I didn't really get much of a vacation. I've been hustling over here. There was a work trip mixed in January.

12
00:01:19.944 --> 00:01:21.145
Did a retreat

13
00:01:21.640 --> 00:01:24.360
off the record retreat with a bunch of good Bitcoiners

14
00:01:24.680 --> 00:01:26.280
and RHR every week.

15
00:01:27.080 --> 00:01:29.400
Rain or shine. Always RHR.

16
00:01:31.720 --> 00:01:36.600
Anyway, freaks, we're gonna hit the we're gonna hit the year pounding

17
00:01:35.805 --> 00:01:37.325
pound in the pavement.

18
00:01:37.885 --> 00:01:41.805
I have a bunch of great conversations lined up for the next few weeks.

19
00:01:42.925 --> 00:01:50.100
Huge shout out to everyone who continues to support the show, shares it with your friend, friends, and family. It really does help. All relevant links are still dispatch.com.

20
00:01:50.180 --> 00:01:51.619
The top two Zaps

21
00:01:51.700 --> 00:01:53.219
from our last show

22
00:01:53.460 --> 00:01:54.820
was man

23
00:01:55.140 --> 00:01:59.619
bit m a n b y t. He's up 10,001

24
00:01:59.619 --> 00:02:06.595
SAS and rider die freak Matt twenty one zapped 10,000 sats. Thank you freaks for supporting the show.

25
00:02:06.995 --> 00:02:08.195
Okay, I got

26
00:02:09.235 --> 00:02:10.915
a good friend return guest.

27
00:02:11.315 --> 00:02:13.875
Matt Corral, Bitcoin dev prolific Bitcoin dev.

28
00:02:14.799 --> 00:02:16.800
You, working at spiral,

29
00:02:16.959 --> 00:02:19.680
Matt Corral out here today. How's it going, Matt?

30
00:02:20.239 --> 00:02:23.760
Good. Yeah. Thanks for having me. What's your title at spiral?

31
00:02:25.040 --> 00:02:33.095
Just Bitcoin engineer, I guess. Bitcoin engineer. I gonna have to, I'm gonna have to change it to fifteen year Bitcoin engineer March.

32
00:02:33.335 --> 00:02:38.615
March will be our, our whole fifteenth year anniversary. Peter and I actually were both gonna

33
00:02:40.980 --> 00:02:47.380
and celebrate both of us reaching 15 around the same time, early March. So when did you start working on Bitcoin?

34
00:02:48.420 --> 00:02:49.299
March

35
00:02:49.299 --> 00:02:50.180
2011,

36
00:02:50.180 --> 00:02:52.260
early March. I think, Peter, it was late March.

37
00:02:53.060 --> 00:02:54.099
March 2011.

38
00:02:55.295 --> 00:02:58.335
There's not many people that are older than that and still around.

39
00:02:59.695 --> 00:03:01.455
Not many. Even fewer who

40
00:03:01.775 --> 00:03:07.375
who are working on it. There's a handful of people who got in to Bitcoin in twenty ten, twenty eleven.

41
00:03:08.980 --> 00:03:11.620
A lot actually started working on protocol then.

42
00:03:11.700 --> 00:03:15.300
Really fucked up your financial planning if you're still doing podcasts

43
00:03:15.300 --> 00:03:16.180
at this point.

44
00:03:16.819 --> 00:03:18.980
And working for a salary. I mean, shit.

45
00:03:19.780 --> 00:03:21.060
What the fuck, Matt?

46
00:03:21.940 --> 00:03:22.660
Yeah, clearly.

47
00:03:23.565 --> 00:03:25.165
Well, anyway, we appreciate

48
00:03:25.245 --> 00:03:33.885
we appreciate your service to the cause. We have a couple well, the main topic today will be quantum. But before we get there, we have some topical things that I just wanted to cover.

49
00:03:36.140 --> 00:03:49.835
Yeah, let's do it. First comes first. There was a recent core bug. I guess the high level overview is if people were using legacy wallets on Bitcoin core and they tried to migrate to the new wallet standard,

50
00:03:49.915 --> 00:03:51.355
wallets would get wiped.

51
00:03:51.515 --> 00:04:01.035
This is like specifically if you have a Bitcoin wallet running within Bitcoin Core. What is your take there? How serious is this? I mean, I think a lot of people have been freaking out about it.

52
00:04:02.400 --> 00:04:10.720
Yeah. I mean, you have to it's a very specific scenario. Right? So you have to have a really old wallet, not just a legacy wallet,

53
00:04:11.440 --> 00:04:18.575
but a legacy wallet that wasn't in a folder. So at some point, Bitcoin Core did this whole multi wallet thing where it can have multiple wallets loaded,

54
00:04:18.895 --> 00:04:23.935
and then it moved from just having a single wallet dot that file in your data directory to

55
00:04:24.415 --> 00:04:32.310
folders with names and then the wallet dot that in those folders. So you have to have the old one. So pre multi wallet, which is very old.

56
00:04:33.669 --> 00:04:45.965
Like how old is that do you think? Is that like ten years or? No, it's not quite that old, but five years or something. Okay. It's pretty old and has to be a legacy wallet. So it has to be pre SQLite, which has been,

57
00:04:46.365 --> 00:04:52.445
I think also something like five years. And then you have to do that, this transition. So you have to do the migration

58
00:04:52.445 --> 00:05:01.350
to the new wallet. Bitcoin Core version 30 finally no longer supports legacy wallets. It can migrate them, but it doesn't support them. And then the migration has to fail for some reason.

59
00:05:01.750 --> 00:05:04.310
So So it's not every migration.

60
00:05:04.389 --> 00:05:06.870
It's specifically a failed migration.

61
00:05:07.750 --> 00:05:25.345
Failed migration. And there's not really a lot of reasons why the migration should ever fail. The one specific reason that people ran into is if you're running a pruned node and you have one of these legacy wallets and the wallet hasn't been synced with the node for a while. So like, let's say you have a backup of the wallet and you're loading the wallet

62
00:05:25.720 --> 00:05:31.560
and it hasn't been synced for a while, such that your pruned node has actually pruned the latest block

63
00:05:31.960 --> 00:05:32.520
that

64
00:05:32.760 --> 00:05:34.120
the wallet has seen.

65
00:05:34.440 --> 00:05:38.995
So like let's say the wallet was last synced at block height 800,000,

66
00:05:39.155 --> 00:05:42.755
and the pruned node only has blocks starting at 900,000,

67
00:05:43.475 --> 00:05:46.915
then the migration can fail. So in this case,

68
00:05:47.795 --> 00:05:50.995
it will delete the file that you loaded in the data directory to migrate.

69
00:05:52.470 --> 00:05:58.870
This is terrible, but in the specific case I described, it doesn't matter because you had the backup, right, you're restoring from a backup. Right.

70
00:05:59.350 --> 00:06:05.110
And your backup is still there. It won't it won't delete your back. It won't go searching your hard drive to delete your backup or something like that.

71
00:06:06.150 --> 00:06:07.430
So it's

72
00:06:07.764 --> 00:06:11.125
bad, and you know, I'm glad they took it seriously and took down

73
00:06:11.604 --> 00:06:16.005
and took the the binary down. They took the binaries off the website until they got it fixed.

74
00:06:16.645 --> 00:06:19.764
But it is a really specific scenario.

75
00:06:20.645 --> 00:06:24.460
I don't think people need to panic about this, excuse me. And

76
00:06:26.060 --> 00:06:26.860
to

77
00:06:27.180 --> 00:06:31.580
as far as I understand, they are not aware of anyone having actually had this problem.

78
00:06:32.060 --> 00:06:40.275
Well, didn't they? Or losing funds. They someone who had this problem, it deleted their file, of course they had a backup because they were restoring a backup.

79
00:06:41.875 --> 00:06:47.075
Yeah. I mean, specifically, I mean, it's very edge there's I mean, I think it's an interesting

80
00:06:48.914 --> 00:06:53.555
lesson in just how many different edge cases you kinda have to test against for these things. Right?

81
00:06:54.310 --> 00:06:56.390
Like, because that is so it's

82
00:06:56.470 --> 00:06:58.230
such a small subset of

83
00:06:58.630 --> 00:07:00.390
like, how do you even test for that?

84
00:07:00.870 --> 00:07:11.075
Yeah. I mean, you don't, right? This is only the only way to protect against this is just defensive coding and that, you know, the code should have been structured better or should have been written better or whatever. These kinds of things happen.

85
00:07:11.395 --> 00:07:25.100
This is why backups are important. You know, if you're dealing with large sums of money, double check what the software is doing. Don't just blindly trust it. Matter what the wallet is, whether it's Bitcoin, or something Backup, test your backups always. Good reminder for that, right? Yeah.

86
00:07:25.980 --> 00:07:26.780
Okay.

87
00:07:27.020 --> 00:07:30.620
Well, glad we covered that. I think, I mean, it's on

88
00:07:31.580 --> 00:07:32.460
the surface,

89
00:07:32.620 --> 00:07:41.525
I don't wanna be dismissive of any kind bugs, but on the surface, it seems very scary. So I think a lot of people freaked out about it.

90
00:07:42.005 --> 00:07:43.205
It's good to just

91
00:07:43.445 --> 00:07:47.445
cover the specifics of who it affects, how it affects it. And

92
00:07:49.610 --> 00:07:51.530
in terms of severity,

93
00:07:51.530 --> 00:07:54.890
it's not as severe as one might originally expect.

94
00:07:55.530 --> 00:07:56.970
Right, right.

95
00:07:58.970 --> 00:08:07.015
Okay, awesome. And the second piece before we get into the meat of our conversation today is you've been following along with the Clarity Act going through

96
00:08:07.415 --> 00:08:10.535
US Congress. I know you've made it kind of a,

97
00:08:11.575 --> 00:08:16.215
I wouldn't say like a hobby project, but a little bit of a passion project for you with

98
00:08:16.819 --> 00:08:21.780
what do you have like a website, save your wallets or something, save our wallets or whose wallets are we saving? Yeah,

99
00:08:22.259 --> 00:08:23.540
saveourwallets.org.

100
00:08:23.780 --> 00:08:31.965
Myself and a few others, honestly, mostly a few others. But we're really pushing because we need to get this to pass. I think it's really important for

101
00:08:32.205 --> 00:08:33.084
protecting

102
00:08:33.084 --> 00:08:36.605
any number of future Bitcoin L2s and current Bitcoin L2s,

103
00:08:37.485 --> 00:08:43.084
you know, whether it's Lightning or Spark or whatever, make sure that they're, they have legal cover and developers

104
00:08:43.440 --> 00:08:46.800
aren't risking prison time for, for operating these services.

105
00:08:47.040 --> 00:08:50.800
So specifically what's important for you is the developer protections component.

106
00:08:51.360 --> 00:08:57.495
Yeah. So, so there's a bunch of stuff in Clarity in this market structure bill, and it's all around like how

107
00:08:57.655 --> 00:08:59.895
tokens are treated legally.

108
00:09:00.135 --> 00:09:05.575
I couldn't care less. I think most Bitcoiners probably couldn't care less, you know, are NFTs a security?

109
00:09:05.815 --> 00:09:12.455
Who the fuck cares? It's not my problem. I mean, there are important legal questions and public policy questions here, but it's not really my problem.

110
00:09:13.670 --> 00:09:14.390
However

111
00:09:15.430 --> 00:09:18.150
however, it also includes language

112
00:09:18.150 --> 00:09:18.870
around

113
00:09:19.590 --> 00:09:36.005
protection for developers and service operators, people who are running services that power non custodial wallets, whether that's a service to backup ancillary data, whether that's an LSP for a Lightning, an ARC service provider for your ARC system, whatever it is,

114
00:09:36.565 --> 00:09:37.045
or

115
00:09:37.445 --> 00:09:38.964
potentially a

116
00:09:39.365 --> 00:09:42.005
some kind of coordinator for a coin joint system.

117
00:09:43.160 --> 00:09:44.280
Those are

118
00:09:44.760 --> 00:09:50.280
self custodial and shouldn't be regulated as money services businesses as as the regulation

119
00:09:50.440 --> 00:09:51.960
designed around

120
00:09:52.520 --> 00:10:00.315
custodial businesses. How do we, you know, those regulations are all built around banks and things that are custodians and how do we regulate custodians?

121
00:10:00.394 --> 00:10:07.115
And now they're trying to apply it, or in some cases trying to apply it to self custodial systems and these ancillary services

122
00:10:07.355 --> 00:10:09.755
that power self custodial systems,

123
00:10:09.755 --> 00:10:37.154
like the Samurai case, like them going to prison over running a self custodial coordinator. They weren't actually operating a wallet. Right. Operating the end user wallets. Right. So these kinds of protections are really important, not just for people trying to run privacy services, but much more important. They're important for people's ability to offer Lightning. Lightning has become a bare minimum for a decent Bitcoin wallet. Like I think at this point, if you're launching a new Bitcoin wallet and it doesn't support Lightning,

124
00:10:37.555 --> 00:10:43.320
that's not a Bitcoin wallet. That's like, okay, maybe it's a wallet purely for self custody, for

125
00:10:44.440 --> 00:10:52.279
long term cold storage. Fine. Maybe you don't have Lightning support there. But anything else, if you're like a consumer focused Bitcoin wallet and a mobile app,

126
00:10:53.035 --> 00:10:56.315
you have to have Lightning support at this point. And all these things

127
00:10:57.035 --> 00:11:02.555
that offer Lightning support, whether it's Freeze using liquid with a swap provider,

128
00:11:02.875 --> 00:11:04.155
whether it's Spark,

129
00:11:04.475 --> 00:11:08.890
whether it's an actual native Lightning, whether it's Arc, some of these are more custodial Phoenix. Than

130
00:11:09.610 --> 00:11:14.330
Good example. Phoenix. Some of these are more custodial than others, but they all have these ancillary services

131
00:11:14.570 --> 00:11:20.170
that power the wallet that hopefully aren't trusted, although in some cases they are trusted. But when they're not trusted,

132
00:11:20.685 --> 00:11:21.885
they shouldn't be

133
00:11:22.205 --> 00:11:34.460
a money service because they shouldn't be regulated as if they're a custodial provider. And so it's really important that we fix the law here. And so the latest version of the market structure draft out of the Senate just dropped the other day.

134
00:11:34.780 --> 00:11:41.660
It looks great. We're It was literally yesterday. Happy with the language. Yeah. I think it might have been yesterday. We're really happy with the language

135
00:11:41.900 --> 00:11:46.540
in whatever it is. Title four, I think, is the no. Wait. I'm wrong.

136
00:11:46.860 --> 00:11:47.820
Title

137
00:11:47.820 --> 00:11:48.140
six.

138
00:11:48.755 --> 00:11:55.075
Title six, protecting software developers and software innovation. We're really happy with the language in title six, section

139
00:11:55.555 --> 00:12:03.395
six zero four, blockchain regulatory certainty act. It's great. It's gone through a few revisions that were not as good. The current version is better.

140
00:12:04.010 --> 00:12:13.130
And so we need to make noise, make sure the Senate hears us, make sure we get this thing passed as is without more changes, hopefully. Certainly without worse changes,

141
00:12:13.290 --> 00:12:17.930
improvements always welcome, but you know, I think we're, we're pretty happy with the language now. So yeah.

142
00:12:18.925 --> 00:12:27.485
Yeah. I mean, was gonna call Warren your Senator. Elizabeth Warren already filed a bunch of amendments and one of them is to remove the developer protections

143
00:12:27.725 --> 00:12:28.365
aspect.

144
00:12:31.004 --> 00:12:32.764
Definitely still being fought on the hill.

145
00:12:33.510 --> 00:12:37.910
It is it is still being fought, and I think that's why it's important that people make their voice heard.

146
00:12:39.270 --> 00:12:43.030
If the senate isn't aware that this is a

147
00:12:43.510 --> 00:12:51.645
a priority for their constituents, and not just Republicans, especially Democrats, frankly. It's more important to call your your Democratic senator

148
00:12:52.125 --> 00:12:55.725
for those in in blue states or at least with a Democratic senator

149
00:12:55.805 --> 00:12:56.605
because

150
00:12:57.405 --> 00:13:12.480
the statistics show that Democrats hold Bitcoin as as much as Republicans do or people who vote in blue. I I hate referring to people as if they're defined solely by the party. But people who vote for Democrats hold Bitcoin about as much as people who vote for Republicans do.

151
00:13:12.720 --> 00:13:13.280
And

152
00:13:15.280 --> 00:13:16.080
those

153
00:13:16.764 --> 00:13:20.365
and the Democratic senators often don't hear that.

154
00:13:20.685 --> 00:13:24.365
And don't hear that these things are priorities for their constituents.

155
00:13:24.605 --> 00:13:33.090
They feel pressure from people on blue sky and whatever who just scream about how Bitcoin is boiling the oceans and killing the babies.

156
00:13:34.690 --> 00:13:38.770
And they, you know, these these senators need to hear, no, a, that's

157
00:13:38.930 --> 00:13:45.010
a, that's not true, but whether it's true or not, this is a priority for me, and I'm not gonna vote for you if you don't. And it's good for America. I

158
00:13:45.890 --> 00:13:52.915
mean, I it's interesting, right? Like, I've saw that study that study to the most recent study that showed

159
00:13:53.475 --> 00:14:00.515
that basically ownership is split across party lines, at least how you vote. I think part of the reason for the perception is maybe,

160
00:14:00.950 --> 00:14:07.750
and I don't have stats on this, but maybe the the louder anti Bitcoin contingent votes votes Democrat.

161
00:14:07.910 --> 00:14:10.390
And so they hear that. There's not that much,

162
00:14:11.430 --> 00:14:16.230
especially post Trump, there's not it doesn't feel like there's that much anti Bitcoin sentiment on the

163
00:14:16.605 --> 00:14:17.965
Republican voting side.

164
00:14:19.005 --> 00:14:38.090
Yeah. I think that's true. And and I think it's just yeah. It's just who's loud on social media. The the Republicans on X are pro or at least neutral Bitcoin, and the Democrats on Blue Sky are strongly anti Bitcoin. But the actual average person who votes Democrat or votes Republican is equally split on Bitcoin.

165
00:14:38.330 --> 00:14:40.410
What about I

166
00:14:40.570 --> 00:14:43.210
saw, I haven't gone through the draft

167
00:14:43.375 --> 00:14:56.175
yet. I mean, who has the time for this shit? And I dropped yesterday, but I saw some things that were all up inside. So do you, did you track, are you tracking anything that says like they, they coupled it with more stringent,

168
00:14:56.490 --> 00:15:02.090
like, surveillance stuff, KYC, AML stuff. Like, I I saw some takes that said that part was really bad.

169
00:15:03.290 --> 00:15:09.450
Honestly, that's possible. I I I Because that's, like, classic government. Right? It's like they give us developer protections,

170
00:15:09.529 --> 00:15:12.010
and then they just fucking tighten the noose everywhere else.

171
00:15:12.764 --> 00:15:16.365
I only read the section on self custodial protections.

172
00:15:18.045 --> 00:15:26.444
I I don't think whether this passes or not, they're gonna continue to want more and more and more k AML KYC on custodial,

173
00:15:26.940 --> 00:15:28.460
you know, exchanges

174
00:15:28.460 --> 00:15:39.500
and all these parties that are money services business and are money transmitters. I don't think there's anything we can, we can fight that and we should fight that, but I don't think we're going to win that fight. What we need to make sure is that

175
00:15:39.820 --> 00:15:41.340
self custodial is

176
00:15:42.524 --> 00:15:43.325
protected,

177
00:15:43.565 --> 00:15:44.524
is available,

178
00:15:45.005 --> 00:15:45.885
is good.

179
00:15:46.045 --> 00:16:03.780
So it has to not just, not just exist, but actually the user experience of self custodial has to be competitive with a custodial product. That's why Lightning is so important. Having the ability to receive to and pay a Lightning invoice means you get instant payments and low fees,

180
00:16:04.500 --> 00:16:10.980
well, lower fees in a wallet. And if all of the self custodial wallets are on chain only

181
00:16:11.165 --> 00:16:15.725
with this ten minute plus block time transaction confirmations

182
00:16:16.125 --> 00:16:26.365
take an hour and the fees are super high, no one is ever gonna use a self custodial wallet. Right? So we have to have competitive user experience and that only can exist if

183
00:16:26.760 --> 00:16:37.640
we have legal protections in place for developers to build these ancillary services that power cell custodial wallets. It that's the only way we win. And so, I I think this is really, really critical because

184
00:16:37.800 --> 00:16:38.360
otherwise,

185
00:16:39.055 --> 00:16:47.535
you know, in The United States, you're gonna be stuck with on chain only, which I know some Bitcoiners like to talk about how it's great, but I mean, you're just Like, a masochist at that

186
00:16:48.495 --> 00:17:06.919
on chain, I I like on chain, but at that point, you're just a masochist. You're showing off that you can like self flagellate and like whack yourself with the whip. Like, I I just it's not No. I love it. On chain's great. Lightning's great too. They have they have their use cases. They do. They do. But for the average person who just wants to move money,

187
00:17:07.320 --> 00:17:08.360
it's lightning or bust.

188
00:17:08.935 --> 00:17:13.815
Of course. Of course. Like if you're like on a day to day basis, particularly if I'm using

189
00:17:14.055 --> 00:17:15.655
it for like,

190
00:17:16.455 --> 00:17:24.695
if I'm using Bitcoin for like merchant processing type of situations, like to buy something or whatever, lightning's I mean, I use silent back for

191
00:17:25.310 --> 00:17:29.150
dinner, whatever it is. I use silent. Link as

192
00:17:29.150 --> 00:17:31.070
my eSIM for my phone,

193
00:17:31.390 --> 00:17:33.789
and just being able to just open the browser,

194
00:17:34.270 --> 00:17:36.830
just quickly and privately just pay a Lightning invoice,

195
00:17:37.505 --> 00:17:43.505
is is a it's just amazing UX when when when you nail it, it's amazing UX. And we just need to

196
00:17:45.425 --> 00:17:55.650
on the consumer side, I think we've been we've it's been coming a lot more accessible, but I 100 agree with you, especially on after tornado cache and Samurai.

197
00:17:56.370 --> 00:18:03.010
There's been a significant chilling effect, and we need explicit developer protections on all open source software.

198
00:18:04.370 --> 00:18:13.884
And I think that will go a long way on the KYC AML piece. Like, look, I think it's gonna be a long fight pushing back against the trend of increased financial surveillance

199
00:18:14.285 --> 00:18:16.445
in the name of anti money laundering,

200
00:18:16.445 --> 00:18:18.284
particularly with regulated entities.

201
00:18:18.365 --> 00:18:31.739
But we do need to make sure it's not used as an end around to go after open source developers that are not custodying funds. I think that's the big concern. That's like the main route that we've seen them take in the past. I mean, if you look at what Samurai pled guilty to,

202
00:18:32.299 --> 00:18:34.139
it was an unlicensed money transmitter.

203
00:18:35.020 --> 00:18:37.419
Right? It was basically an AML KYC

204
00:18:37.835 --> 00:18:52.075
charge that they ended up pleading guilty to. And so I will say that on the Bitcoin Policy Institute side, I mean, freaks are aware that I'm one of the three founding board members of BPI. It's a major focus of ours, both explicit developer protections,

205
00:18:52.549 --> 00:18:54.630
explicit self custody protections

206
00:18:54.630 --> 00:18:55.989
for end users,

207
00:18:56.309 --> 00:19:04.630
and then also that KYC AML Yeah. That's in there too. Self custody is actually also explicitly protected in this proposed bill that came out yesterday. So

208
00:19:05.385 --> 00:19:06.505
also And important for that

209
00:19:07.545 --> 00:19:10.745
to the freaks that I think rightfully believe the

210
00:19:11.465 --> 00:19:15.945
actionable thing is to focus on tools and usage of the tools, I mean, think it's multi pronged.

211
00:19:16.105 --> 00:19:23.459
I think it's important that we have tools that empower individuals, but it's also important that as Americans raising families in America, building businesses in America,

212
00:19:23.700 --> 00:19:25.299
that we don't have our own government

213
00:19:25.940 --> 00:19:27.539
throwing us in the gulags.

214
00:19:28.500 --> 00:19:32.579
And America should be the place where open source flourishes,

215
00:19:32.659 --> 00:19:49.315
where Bitcoin flourishes. This is good for the country. It's good for everybody. But anyway, Freaks, I just wanted to touch on it briefly because it's topical and Matt's been involved. I will have I'll bring someone on from the Bitcoin Policy Institute side, and we'll we'll go more in-depth. This is not something that's going to happen overnight, especially with midterms coming up, it's going to be a

216
00:19:50.130 --> 00:19:56.289
probably a longer process. And the Bitcoin policy Institute guys are throwing their office opening event today

217
00:19:56.690 --> 00:20:02.049
in DC. So they're a little bit busy with that. It's an all star guest list. It's pretty impressive who's

218
00:20:02.210 --> 00:20:03.810
who's going to be there, but we will

219
00:20:04.144 --> 00:20:06.464
I'll get one of them, I'll get someone on from our

220
00:20:06.945 --> 00:20:07.904
team over there,

221
00:20:08.304 --> 00:20:09.104
sometime Hopefully

222
00:20:10.784 --> 00:20:12.144
we get it before the That'd

223
00:20:12.784 --> 00:20:20.220
be nice. Yeah, we'll see. It could be a midterm thing, you know, it could be a rally of the votes for the midterms, I will see.

224
00:20:20.620 --> 00:20:22.220
Or maybe we get a lame duck

225
00:20:22.780 --> 00:20:28.620
passage. That'd be nice too. I mean, will say on the behind the scenes on the Free Samurai side,

226
00:20:29.660 --> 00:20:30.620
I think

227
00:20:32.220 --> 00:20:37.455
would be a big boost to the constituency, the Bitcoin constituency if Trump pardons

228
00:20:37.455 --> 00:20:38.654
pre midterms.

229
00:20:39.695 --> 00:20:42.174
We're kind of hoping that that leverage helps us.

230
00:20:42.415 --> 00:20:47.695
Okay. The meat of our conversation, the reason we're having this conversation today was a back and forth we had on Noster.

231
00:20:49.320 --> 00:20:50.760
It's

232
00:20:50.760 --> 00:20:54.919
way more productive to have it on high

233
00:20:57.320 --> 00:20:58.679
bandwidth communication.

234
00:20:59.720 --> 00:21:00.200
It

235
00:21:02.040 --> 00:21:02.920
feels like

236
00:21:04.415 --> 00:21:10.335
mainstream wise, I don't even know mainstream wise, but like social narrative wise, like this kind of

237
00:21:10.655 --> 00:21:12.414
came out of nowhere and

238
00:21:14.335 --> 00:21:15.775
got very loud very quickly.

239
00:21:16.320 --> 00:21:24.399
And it's dissipated a little bit with Bitcoin pumping. It's funny how that works. That usually happens, but it's probably going to be a constant conversation. So I think it's important to talk about.

240
00:21:24.880 --> 00:21:26.479
But this is something that

241
00:21:26.799 --> 00:21:30.159
has been on the radar of Bitcoiners for

242
00:21:30.240 --> 00:21:31.120
many, many years.

243
00:21:31.735 --> 00:21:33.494
And that's the risk of

244
00:21:33.815 --> 00:21:41.094
some kind of cryptographically relevant quantum computer coming in and breaking trust assumptions that Bitcoin relies on.

245
00:21:42.375 --> 00:21:45.414
So, don't you set the scene on

246
00:21:46.030 --> 00:21:50.909
what are the real concerns here in terms of quantum and how you look at it?

247
00:21:51.470 --> 00:21:52.190
Yeah.

248
00:21:52.510 --> 00:21:53.070
So,

249
00:21:53.550 --> 00:21:55.710
okay. So I wanna start with

250
00:21:56.430 --> 00:21:57.149
three

251
00:21:57.790 --> 00:21:58.590
facts

252
00:21:59.205 --> 00:21:59.924
about

253
00:22:00.245 --> 00:22:03.525
our options and I think hopefully unambiguous

254
00:22:03.525 --> 00:22:06.404
facts. And then we can talk about scenarios

255
00:22:06.485 --> 00:22:08.404
and what makes sense when.

256
00:22:09.205 --> 00:22:09.845
Deal.

257
00:22:10.005 --> 00:22:12.885
And I think these aren't necessarily

258
00:22:12.200 --> 00:22:15.879
super obvious to everyone. So I think they're they're important to point out. First of all,

259
00:22:17.080 --> 00:22:18.840
in a world where

260
00:22:19.400 --> 00:22:23.480
there's a quantum computer on the horizon or out there and

261
00:22:23.640 --> 00:22:24.519
Bitcoin,

262
00:22:24.600 --> 00:22:34.945
the Bitcoin community that exists at the time, we can't decide this for them in advance. They will decide when this happens or if this happens. And the Bitcoin community that exists at this time says, okay, no, we need to,

263
00:22:35.665 --> 00:22:49.660
we need to burn insecure coins. So coins that the quantum computer is gonna steal, we need to burn them so that they're not available for the quantum computer to steal. It's important to point out that this does not apply to any wallet that was derived from a seed phrase.

264
00:22:50.380 --> 00:22:53.340
So if your wallet has a seed phrase,

265
00:22:53.900 --> 00:22:57.740
and this is basically every major wallet except for Bitcoin Core, you can

266
00:22:59.705 --> 00:23:09.384
it's a whole other discussion. I think seed phrase Bitcoin Core is in many ways right that seed phrases are bad UX, but basically every other wallet uses seed phrases. But if you have a seed phrase,

267
00:23:09.625 --> 00:23:10.424
you can

268
00:23:10.745 --> 00:23:12.825
do a quantum secure

269
00:23:13.230 --> 00:23:18.590
ZK proof that you know the C phrase that derived that public key. After the fact. After

270
00:23:19.309 --> 00:23:37.164
the fact. So if so I mean, you know, how it might happen, I don't know. Maybe the coins are are first frozen and then like there's a hard fork afterwards to restore anyone who had a seed phrase as access, depends on timelines, depends on availability, whatever. But this is possible that the, the stark for this exists.

271
00:23:37.165 --> 00:23:39.085
We know the quantum secure, quantum

272
00:23:39.440 --> 00:23:43.679
computers cannot reverse a hash function. They get a square root speed up. So if you have

273
00:23:44.480 --> 00:23:51.679
28 bit hash function that wouldn't protect you, but if you have a two fifty six bit hash function like SHA256,

274
00:23:52.775 --> 00:23:57.414
it would still be 128 bits of work for the quantum computer to break it, which is more

275
00:23:57.735 --> 00:23:59.975
than is possible. Well, let's,

276
00:23:59.975 --> 00:24:03.174
I feel like we jumped ahead of here first. Like the concern,

277
00:24:03.255 --> 00:24:04.375
and correct me if I'm wrong,

278
00:24:05.020 --> 00:24:10.780
Well, correct me if this is not a good way of putting it. The concern is that you have someone

279
00:24:10.780 --> 00:24:12.940
figures out a quantum computer

280
00:24:13.260 --> 00:24:16.700
that is cryptographically relevant and as a result,

281
00:24:17.179 --> 00:24:18.139
take a

282
00:24:18.460 --> 00:24:19.900
Bitcoin public key

283
00:24:20.595 --> 00:24:25.154
and reverse engineer it to get a Bitcoin private key and spend funds.

284
00:24:25.315 --> 00:24:27.475
Right? That's So the that's

285
00:24:27.475 --> 00:24:29.394
the biggest concern. There's some

286
00:24:29.635 --> 00:24:33.475
tail concerns around proof of work, but we won't get into that right now. But yeah,

287
00:24:34.340 --> 00:24:36.100
a quantum computer,

288
00:24:36.660 --> 00:24:44.899
if one is built in, and know there's a lot of disagreement on how likely this is, but we'll set that aside. Like in the future, there may become

289
00:24:45.220 --> 00:24:50.895
someone who figures out how to build all the engineering challenges to build a quantum computer

290
00:24:51.135 --> 00:24:55.294
that can, has enough qubits and can run for long enough

291
00:24:55.455 --> 00:25:06.220
that it can reverse private, reverse public key. So it can calculate the private key for a public key that it sees either on chain or in the mempool. And then it can of course take the money.

292
00:25:06.620 --> 00:25:08.059
And then specifically

293
00:25:10.140 --> 00:25:12.220
all the older address types,

294
00:25:12.460 --> 00:25:22.825
the older address type has a public key that's exposed by default. The newer ones are then additionally hashed. So those aren't vulnerable. Right. It's the older ones that are vulnerable.

295
00:25:25.305 --> 00:25:26.809
Right. First.

296
00:25:26.890 --> 00:25:28.330
Yes. Plus Taproot.

297
00:25:30.010 --> 00:25:46.284
One of the designs of Taproot was using public keys to improve anonymity set by making the public key an explicit part of the output. And so in the Taproot case, a quantum computer can also calculate the private key for it. Now the oldest address pointing out. And the newest addresses.

298
00:25:47.325 --> 00:25:50.044
Yes. And also most wallets.

299
00:25:50.365 --> 00:25:52.525
Most wallets reuse addresses regularly.

300
00:25:52.880 --> 00:25:59.920
Some wallets exclusively reuse addresses. Because when you spend, you're exposing your public key. When you spend even

301
00:26:00.240 --> 00:26:04.800
no matter no matter the output type, when you spend, you expose the public key. So if you reuse addresses,

302
00:26:05.295 --> 00:26:11.615
it doesn't matter how using. It's reusing an address that you've spent from. Right? Right. Right. Sorry. Yes.

303
00:26:13.135 --> 00:26:21.679
So when you yeah. Once you've spent from it, the public key is now exposed, and then the quantum computer could still use it to steal your future funds to that address.

304
00:26:22.480 --> 00:26:27.840
And the reality is a very large portion of wallets and addresses

305
00:26:27.920 --> 00:26:32.720
have their public key exposed irrespective of the output type. It's just it's a Because sad reality of address

306
00:26:33.365 --> 00:26:38.325
But because of address reuse. Reuse. The sad reality in these wallets shouldn't be used, but people like them. I mean,

307
00:26:38.805 --> 00:26:45.445
you know, you go on the App Store and the first result for a Bitcoin wallet is trust wallet. Yeah. And it only gives you one address. By default.

308
00:26:45.845 --> 00:26:53.999
It's also only they exclusively reuse address. They only ever give you one address. It's because the shitcoin the shitcoins by default reuse accounts.

309
00:26:54.000 --> 00:26:56.559
Right? Which Bitcoiners can think of as addresses.

310
00:26:56.720 --> 00:27:00.559
So like, you're using Solana, you're always reusing the same address.

311
00:27:00.799 --> 00:27:01.919
So UX wise,

312
00:27:02.695 --> 00:27:04.935
if you're coming in from EtherSwana,

313
00:27:04.935 --> 00:27:06.615
you're used to reusing addresses.

314
00:27:07.095 --> 00:27:07.655
Am

315
00:27:08.055 --> 00:27:10.375
I correct that from that point alone,

316
00:27:10.775 --> 00:27:18.619
they're more vulnerable than Bitcoin, no? Because they're just by default constantly reusing addresses? They are. They have a higher concern.

317
00:27:19.019 --> 00:27:20.859
Obviously their APIs are

318
00:27:21.100 --> 00:27:22.299
harder to redo.

319
00:27:22.779 --> 00:27:25.339
That said, of course, they're more centralized.

320
00:27:25.899 --> 00:27:30.059
Generally create things more often, so they can move a little quicker and a bit quicker.

321
00:27:32.245 --> 00:27:34.244
Okay. So that's the main concern.

322
00:27:34.485 --> 00:27:39.124
Right? So that's the concern. The concern is a quantum computer exists and then it steals

323
00:27:39.924 --> 00:27:41.604
half of all the Bitcoin.

324
00:27:41.924 --> 00:27:43.125
Well, wouldn't it be that much?

325
00:27:44.820 --> 00:27:53.299
It's pretty close. When you consider the address reuse, it's pretty damn high. I think it's without address to use, it's like 1,800,000.0

326
00:27:53.460 --> 00:27:55.220
Bitcoin and vulnerable

327
00:27:55.860 --> 00:27:57.539
address types without reuse.

328
00:27:58.735 --> 00:28:06.734
And then somebody had said it's like 40% of addresses, not by balance, but by count that have money have the public key exposed.

329
00:28:07.135 --> 00:28:09.534
So it's all about Bitcoin.

330
00:28:09.934 --> 00:28:13.934
Mean, I think Whatever the number is. It's To make it multi million Bitcoin.

331
00:28:14.630 --> 00:28:16.870
Make it a more productive conversation.

332
00:28:17.510 --> 00:28:27.750
I mean, I think on the education side, the risk of address reuse being that you could be vulnerable to a quantum computer could end up reducing address reuse, specifically because a lot of it is

333
00:28:28.174 --> 00:28:40.734
is like corporate based. Right? Whether it's a trust wallet maintaining a you know, they could update to HD wallets or like Coinbase and all these exchanges, like a ton of exchanges are reusing addresses. So I think it's

334
00:28:43.860 --> 00:29:07.075
think it's I kind of productive to say, okay. We can get and also, if a quantum computer exists that can do this shit, I don't think it's gonna happen overnight. So I think, like No. It's could probably move those people. And then the second part is the second part is there's a concern that I've heard, which is, okay, you're not using reusing addresses. You don't have a vulnerable address type. So you're not using Taproot or legacy.

335
00:29:07.315 --> 00:29:11.475
Right? You're you're actually you're using a hashed a paid a public key hash,

336
00:29:12.210 --> 00:29:18.769
like a three address or whatever SegWit address or BC one or BC one or whatever native SegWit or wrap SegWit.

337
00:29:19.250 --> 00:29:23.250
But when you spend your public key is exposed in mempool.

338
00:29:23.250 --> 00:29:30.705
And as a result, could have an active attack. I think that's also probably can just be thrown out of the discussion for now. Because

339
00:29:31.265 --> 00:29:34.865
that would happen way later from any kind of break on

340
00:29:35.345 --> 00:29:41.309
already exposed like the idea that you have a quantum leap that could do it in like, thirty minutes or forty minutes,

341
00:29:41.710 --> 00:30:01.164
is like, I just got to be so much more advanced than one that is just like sitting there grinding for like a year or something on an already an exposed address. I think that's unclear. It depends a little bit on the type of quantum computer. I mean, one of the challenges with a quantum computer is that they don't maintain coherence for very long. So basically your computer is short lived and it might be the case that

342
00:30:01.725 --> 00:30:02.445
the

343
00:30:02.525 --> 00:30:06.605
first quantum computer to reach cryptographic relevance

344
00:30:07.290 --> 00:30:11.930
is one that moves pretty quick just because of, in practice,

345
00:30:12.250 --> 00:30:20.170
the only way to make it work is for it to move quick because it, the coherence falls apart too fast. So I think that's unclear.

346
00:30:20.170 --> 00:30:22.810
It certainly depends, but I do agree that like,

347
00:30:23.985 --> 00:30:33.745
you know, for part of the problem with the quantum discussion is you very quickly get into like all of these potential future scenarios and what happens if it happens suddenly versus slowly versus,

348
00:30:33.985 --> 00:30:36.225
you know, X, Y, Z. And it becomes

349
00:30:37.290 --> 00:30:38.170
a very

350
00:30:38.490 --> 00:30:53.275
useless discussion because you have all of these scenarios that is not You can so narrow the problem set. It's like, I feel like the productive way is to narrow the problem set. So then I think I think the thing that people agree with, most people agree with, I think there's decent

351
00:30:53.275 --> 00:30:54.154
consensus.

352
00:30:54.155 --> 00:30:59.195
And I think it'd be probably one of the easier things to implement just from a consensus point of view

353
00:30:59.914 --> 00:31:00.634
is

354
00:31:01.115 --> 00:31:06.730
some kind of quantum resistant address type or wallet structure.

355
00:31:07.290 --> 00:31:20.845
Think there's some proposals that you could do it through the existing taproot trees. Right? So like you could just have a taproot address that is quantum resistant and then people could opt into choosing to move to that if they want to. Is that correct?

356
00:31:21.405 --> 00:31:23.725
So that, that kind of gets into my second

357
00:31:24.365 --> 00:31:33.080
point that I want to raise that I think is important to set context. And that is that the exact, the options available to us depend

358
00:31:33.320 --> 00:31:36.840
on whether we assume a future Bitcoin community

359
00:31:37.480 --> 00:31:38.360
freezes

360
00:31:38.360 --> 00:31:39.320
or burns.

361
00:31:39.904 --> 00:31:45.745
Quite I'm trying to narrow the problem set here because I think that's actually really controversial. So should we argue about Or that

362
00:31:47.585 --> 00:31:48.304
Or is

363
00:31:49.424 --> 00:31:51.505
see, problem so I think the

364
00:31:52.600 --> 00:31:56.199
so first of all, we can't decide that. Right? Like we can't decide

365
00:31:56.440 --> 00:31:57.879
here and now today

366
00:31:58.200 --> 00:31:59.079
whether

367
00:31:59.799 --> 00:32:04.679
Of course not. Know, in in ten years when there's a quantum computer on the horizon,

368
00:32:05.195 --> 00:32:08.235
or if in ten years there's a quantum computer on the horizon,

369
00:32:09.275 --> 00:32:14.315
does the Bitcoin community say, okay, actually that quantum computer is gonna take

370
00:32:14.795 --> 00:32:16.955
$1.02, 3, whatever million Bitcoin,

371
00:32:17.539 --> 00:32:23.940
they're gonna dump it on the market and they're gonna wreck the price and this, you know, I don't want that Bitcoin. I'm gonna, we're gonna freeze those coins.

372
00:32:27.539 --> 00:32:29.539
But the problem is

373
00:32:30.195 --> 00:32:36.035
we do kind of have to predict that because what's available to us depends on that. So if

374
00:32:36.275 --> 00:32:38.034
Why? We assume

375
00:32:38.275 --> 00:32:38.994
that

376
00:32:39.155 --> 00:32:41.794
a future Bitcoin community will

377
00:32:42.179 --> 00:32:43.059
freeze,

378
00:32:43.220 --> 00:32:43.940
burn

379
00:32:44.100 --> 00:32:45.379
these coins,

380
00:32:46.179 --> 00:32:46.899
then

381
00:32:47.539 --> 00:32:51.059
we can do it simply the way you described. So we add a new

382
00:32:51.460 --> 00:32:54.019
TapLeaf. So we add some opcodes to

383
00:32:54.100 --> 00:32:54.659
TapScript.

384
00:32:55.525 --> 00:32:56.245
And

385
00:32:56.645 --> 00:33:03.684
simple, just a hash based signature. We can do this today. And it can be entirely transparent. So wallets today,

386
00:33:03.765 --> 00:33:07.765
or, you know, with the software designed, could start adding this TapLeaf

387
00:33:07.765 --> 00:33:09.845
to all of their Taproot outputs

388
00:33:10.450 --> 00:33:12.130
and to their Taproot addresses.

389
00:33:12.850 --> 00:33:22.050
It's just a new thing that they derive from your, from your existing seed phrase. So there's no new derivation. There's no new wallet, whatever. Just a different address.

390
00:33:23.545 --> 00:33:29.304
Same address format. Nothing has to change. Everybody already supports it or everybody who supports Taproot already supports it.

391
00:33:29.705 --> 00:33:31.065
And then in

392
00:33:31.705 --> 00:33:32.424
the future,

393
00:33:32.905 --> 00:33:34.105
if and when

394
00:33:34.505 --> 00:33:38.745
a quantum computer becomes a risk and the insecure spend paths are disabled,

395
00:33:39.330 --> 00:33:41.009
at that point, the

396
00:33:41.409 --> 00:33:47.649
wallets switch to just using this backup. And they already have it. It's already in place. All of their coins are already secured by it.

397
00:33:48.210 --> 00:33:49.489
Everybody's happy. See what you're saying.

398
00:33:50.130 --> 00:33:55.744
But if you don't freeze, then you could just spend via the insecure path. If you don't freeze, they can take the money.

399
00:33:56.065 --> 00:33:56.624
So

400
00:33:56.945 --> 00:34:01.744
if you don't freeze, wallets today have to start using

401
00:34:02.065 --> 00:34:02.784
this

402
00:34:02.865 --> 00:34:04.224
in some scheme,

403
00:34:04.225 --> 00:34:12.920
some actual post quantum scheme, which is relatively more expensive. Right? It's gonna be a new address. It's gonna be a new address type, it's gonna be a new output type. Higher fees,

404
00:34:13.160 --> 00:34:14.360
more data. The transactions

405
00:34:16.280 --> 00:34:16.840
are,

406
00:34:17.240 --> 00:34:17.880
I mean,

407
00:34:18.440 --> 00:34:31.685
potentially stateless, which is a whole other quagmire is, you can have the data only be something like 10 X. Your transaction fees only be, thanks, bigger signatures. I don't know, fraud a number of five X or something, bigger transactions

408
00:34:31.765 --> 00:34:44.010
and higher fees. But then the transactions are stateless. So then you can't reuse addresses or your private key leaks to classical computer, not even a quantum computer. So you literally just cannot reuse addresses with that type of address type. Right. Or

409
00:34:44.730 --> 00:34:45.770
you pay

410
00:34:46.090 --> 00:34:55.665
a much higher fee. So instead of 10 times bigger signatures, something like a 100 times bigger signatures, or maybe it's 50. I don't know. Have to go read the doc. And

411
00:34:56.545 --> 00:34:58.305
then you don't have this statefulness

412
00:34:58.305 --> 00:34:58.945
problem,

413
00:34:59.505 --> 00:35:09.859
but then your fees are very high. So this is obviously not ideal. And I think a big part of the problem is if we are designing a software today

414
00:35:10.260 --> 00:35:12.980
to enable future post quantum support,

415
00:35:14.339 --> 00:35:41.600
I think it only makes sense if we think people are gonna adopt it. Right? If we think wallets are actually gonna start using it, rolling it out, and having it as an option today to secure the coins in the future. Because if that's not true, if people are just gonna wait, well then there's not really much reason to bother with anything today. Like, well, you know, when we get, when we get to that point, we can roll out some soft work and then the large custodians, your Coinbase, your whatever, they'll have no problem switching

416
00:35:41.760 --> 00:35:52.734
just to using it, not worried about them. It's the long tail of people with self custody and cold storage who might forget about something or might not get to it in time, might not be paying attention to Bitcoin.

417
00:35:52.815 --> 00:35:55.295
It's those wallets that I worry the most about.

418
00:35:55.855 --> 00:36:06.860
And for those wallets, what we want is we want to roll out a change today that they start using today, consistently that they all start using today, So that in ten years or however long it takes,

419
00:36:07.579 --> 00:36:16.619
that's it's already there and we don't have to worry about it. A third option that kind of straddles the difference here. So there's kind of a third option. There's there's a like,

420
00:36:17.214 --> 00:36:17.935
okay,

421
00:36:18.175 --> 00:36:25.855
we'll do both. We'll say it's a new Taproot version, Taproot version two, SegWit version three or four, whatever we're at. And it

422
00:36:26.575 --> 00:36:41.900
will work the same as I described earlier. So it's just Taproot, still has a public key. It still uses SecB, and it just has a new TapLeaf that that is QuantumSafe. But the only difference is just the version number. There's no consensus meeting to the difference. It's just a different version number.

423
00:36:42.220 --> 00:36:53.135
But by using that version number, you explicitly opt in. You raise your hand, you say, hey, I'm ready. There is a secret tap leaf here. You don't have to worry about it, but it exists. I I promise you it exists. And if it doesn't, that's fine. That's my problem.

424
00:36:53.935 --> 00:36:56.655
Please freeze my coins. So I'm gonna opt into

425
00:36:56.815 --> 00:36:57.535
having

426
00:36:57.694 --> 00:37:05.230
the insecure spend path disabled on this this output type. So that's kind of the third option, you know, it Kinda like that. We're back to we're

427
00:37:05.230 --> 00:37:18.095
back to wrecking the the privacy of of Taproot. Right? One of the the calls of Taproot was for every output to look the same on chain, and suddenly we're we're wrecking that. But it Well, every post quantum output would look the same. They would all right?

428
00:37:19.055 --> 00:37:29.375
Yes. So if you supported post quantum, you would set this flag and it would look the same. And presume like everyone who's using Tapper would do that. So why wouldn't they? There'd be no cost. Mean, I think

429
00:37:29.970 --> 00:37:30.610
Some

430
00:37:30.770 --> 00:37:31.730
wallets probably

431
00:37:32.450 --> 00:37:37.010
wouldn't as much, you know, something like Lightning might not just because it wallets that

432
00:37:37.650 --> 00:37:39.650
are very actively managed

433
00:37:39.730 --> 00:38:00.345
probably don't worry as much because they're gonna not gonna have a problem transitioning to a new output type if and when a quantum computer happens. So maybe they wouldn't. I mean, look, it's just, it's slow to roll out output types. Wallets are very slow to adopt things. Some wallets still don't support Taproot sending, let alone receiving. Receiving is fairly rare, in fact, in wallets today. So

434
00:38:01.359 --> 00:38:09.760
it would take a lot of time and we would have some privacy loss, but potentially that's a third option that kind of straddles the line. I kind of like that. I like the third option.

435
00:38:11.359 --> 00:38:18.825
Yeah. I don't, I mean, I'm not a So let's talk about so, so my belief and first of all, the actual solutions,

436
00:38:18.825 --> 00:38:24.825
I'm the first person to admit are like a bit way above my pay grade. Like, I'm not a cryptographer.

437
00:38:25.385 --> 00:38:25.545
Know,

438
00:38:27.030 --> 00:38:38.950
I'm technically aware, I try my best, but that is not where I'm coming from on this stuff. In regards to being productive and narrowing the problem set, like, I just do not think we should operate under the expectation,

439
00:38:39.350 --> 00:38:40.150
or the assumption,

440
00:38:40.755 --> 00:38:44.275
or the belief that we're going to go out there and just proactively

441
00:38:44.275 --> 00:38:51.714
basically steal a bunch of people's Bitcoin. Like, I don't think I don't think that's an ethos of Bitcoin. I don't think that's part of the social contract.

442
00:38:52.194 --> 00:38:55.555
I don't think that's part of the value prop. I think it breaks a lot of narrative things.

443
00:38:56.600 --> 00:39:01.320
And I just think it's plain old fucked up. And I think if you look at it, if you think about it,

444
00:39:02.280 --> 00:39:14.455
like for that to be effective, you'd have to be proactive about it. So we're talking about something like an industry that's filled with a ton of hype. The biggest concern is some kind of sudden quantum break

445
00:39:14.535 --> 00:39:16.215
that people aren't expecting.

446
00:39:16.775 --> 00:39:20.055
I don't know how we'd ever be able to objectively

447
00:39:20.935 --> 00:39:28.180
decide that that was happening unless Bitcoin was being stolen. But even if Bitcoin was being stolen, it's like if Satoshi moves his Bitcoin tomorrow,

448
00:39:28.820 --> 00:39:33.860
like, was that quantum or was that Satoshi moving his Bitcoin? Like, there's no way for you to really know.

449
00:39:34.420 --> 00:39:43.115
I don't so I don't think that that's the most likely scenario. And I think the scenario we should focus more on is a scenario where

450
00:39:43.755 --> 00:40:00.310
we see it coming for a few years. Because I think that's been the history of Quantum. I mean, it's primarily been funded by private enterprises who like to talk about their work because they need investment. They have to continue to attract investment. It's wildly expensive to build these things. And so they

451
00:40:00.549 --> 00:40:02.230
brag a bar about

452
00:40:02.630 --> 00:40:06.869
their progress so that they can talk about it. And so, you know, I think it's

453
00:40:07.510 --> 00:40:09.109
very, very likely that

454
00:40:09.425 --> 00:40:13.185
if and when a quantum computer becomes cryptographically relevant,

455
00:40:13.585 --> 00:40:31.990
we'll have years of notice. But be clear that it'll be clear that like it's continuing to increase the number of available qubits, the coherence time, the whatever, it's continuing to increase and we can plot a graph. At that point, we'll be able to plot a graph and like, you know, draw a line and be like, okay, when this graph reaches this line, we're screwed.

456
00:40:32.470 --> 00:40:45.565
And we'll be able to put some error bounds and say like, well, it's gonna happen in the next three years, between three and five years based on past trends. I think with high likelihood, that's the kind of scenario we should worry about. And like, what does the community do three So years

457
00:40:46.365 --> 00:40:50.925
like, I think I've, first of all, fundamentally disagree with that. Like, I don't think that like, I think,

458
00:40:51.405 --> 00:40:54.045
first of all, it's yet to be seen how

459
00:40:55.150 --> 00:40:56.430
startups

460
00:40:56.430 --> 00:40:58.510
will actually be able to monetize any

461
00:40:58.750 --> 00:41:03.630
cryptographic relevance. I don't understand how they monetize it short of attacking Bitcoin.

462
00:41:03.870 --> 00:41:05.550
And then the second piece is,

463
00:41:05.950 --> 00:41:12.015
I think that's an investor scam to begin with. But like, I think who could really benefit is governments,

464
00:41:12.495 --> 00:41:13.855
specifically the

465
00:41:13.935 --> 00:41:14.815
majors,

466
00:41:15.135 --> 00:41:16.895
US, Israel, China,

467
00:41:17.215 --> 00:41:23.695
maybe throw Russia in there. The majors have a lot of have a lot of reasons for why they would want to be able to break,

468
00:41:24.320 --> 00:41:25.120
you know,

469
00:41:25.440 --> 00:41:29.360
basic crypto primitives and they would be doing it in secret.

470
00:41:29.680 --> 00:41:38.480
And maybe the reason that I think the reason that we see so much quote unquote transparency on research and stuff, like you said, is because people are raising, but also because it's so far away from being

471
00:41:39.185 --> 00:41:43.745
cryptographically relevant that they don't have an incentive to go dark yet. Like, assume

472
00:41:43.984 --> 00:41:51.585
anyone who's serious about it would be would go dark anytime they got close to it. I don't think they'd be telling people from the rooftops like,

473
00:41:52.440 --> 00:41:54.440
we're about to attack

474
00:41:54.440 --> 00:41:58.440
your message encryption or attack your attack your Maybe such a problem with

475
00:41:59.960 --> 00:42:04.520
That will continue to be very expensive. Even if, like, even if you're like, okay,

476
00:42:05.184 --> 00:42:06.465
and you'll see it too.

477
00:42:07.265 --> 00:42:07.984
Google's

478
00:42:08.145 --> 00:42:16.385
quantum lab, Google didn't make any public announcements about killing it, but they stopped releasing any information about their progress three years ago. That's

479
00:42:16.385 --> 00:42:16.944
suspicious.

480
00:42:17.470 --> 00:42:33.675
Come on. I mean, like we can see these things and the reality is, yes, you're right. You know, there's governments might want it. I think there's two points. People have raised the point that if governments do get a cryptographically relevant quantum computer, they're not going to waste their time stealing Bitcoin. They're gonna,

481
00:42:33.835 --> 00:42:36.235
they're gonna use it to break encryption

482
00:42:36.395 --> 00:42:43.994
so that they can spy on everyone in the world and not worry about trying to steal money because that's worth a lot less to them than

483
00:42:44.450 --> 00:42:52.289
breaking everyone's encryption everywhere in the world. But I think much more importantly, the reality is the private market is winning this. The governments

484
00:42:52.289 --> 00:42:55.170
have not been at the forefront of this kind of research,

485
00:42:55.410 --> 00:42:57.010
most physics, of most

486
00:42:57.329 --> 00:42:58.450
private research

487
00:42:58.805 --> 00:43:05.125
because the actual capitalism is a much better system. The reality is capitalism is better than socialism.

488
00:43:05.205 --> 00:43:12.645
And so these, these companies have done a better job raising money from investors to build this privately versus, versus governments. So,

489
00:43:14.160 --> 00:43:25.680
yes, I mean, you're, you're right that there will be a higher incentive to kind of quote, go dark as they start getting closer. But again, like we'll be able to see that they went dark. Right. And these communities,

490
00:43:26.145 --> 00:43:29.905
you know, there'll be people in the quantum community who leak.

491
00:43:30.305 --> 00:43:34.465
Right? This is one of the biggest challenges of large scale things,

492
00:43:34.705 --> 00:43:36.545
especially in private enterprise

493
00:43:36.865 --> 00:43:37.585
is

494
00:43:37.745 --> 00:43:44.810
leakers. Like in government enterprise, leakers can be heavily punished. You can throw them in prison. In private enterprise, they can just say stuff,

495
00:43:45.210 --> 00:43:53.130
there's not a lot you can do. You can sue them, but it only goes so far. Well, you can if a national security thing, you can still black bag them.

496
00:43:54.385 --> 00:43:59.425
If it's a government thing, yeah, sure. Well, if it's private enterprise, it doesn't matter.

497
00:44:00.305 --> 00:44:03.345
I'm not as worried about And governments using it to steal

498
00:44:07.040 --> 00:44:13.360
it's just not, it's not been the history of quantum. Like we've seen, it's not the history of physics. Right? It's not like

499
00:44:14.000 --> 00:44:16.640
people didn't know The US was building

500
00:44:16.880 --> 00:44:25.415
an atomic weapon before they were. Like everyone in physics knew the Germans and the Americans were building an atomic weapon because the research

501
00:44:25.734 --> 00:44:29.494
to, oh crap, I think we can, you know, physicists

502
00:44:29.494 --> 00:44:32.694
saw all of this public research that was being shared internationally.

503
00:44:32.694 --> 00:44:34.535
That's like, oh, wait,

504
00:44:34.535 --> 00:44:35.974
if you do that,

505
00:44:36.295 --> 00:44:39.470
I think you could, like, use this to build a bomb. Right?

506
00:44:40.030 --> 00:44:54.415
And then it only takes a day of thinking about it before you're like, yeah, every country in the world is trying to build this bomb. There's no way anyone's not doing this. Sure. You might not know actually how far they are and how close they are to building a bomb. Yeah. It was theoretical.

507
00:44:54.415 --> 00:44:55.695
Everyone's doing it.

508
00:44:57.215 --> 00:44:59.375
You know everyone's doing it and you know it's not

509
00:44:59.855 --> 00:45:13.090
that potentially that far off. And certainly governments knew it wasn't far off. So I don't, I just, you know, yes, maybe we'll start seeing progress and then it'll go dark, but that'll also be really strong indication.

510
00:45:14.450 --> 00:45:18.690
Well, anyway, I think if it happens, I'll be on the record that

511
00:45:18.945 --> 00:45:20.225
I think if it happens,

512
00:45:20.465 --> 00:45:26.545
it'll be dark. And then first of all, it'll be a government that uses it. It's gonna be a government. It's not gonna be a If

513
00:45:27.665 --> 00:45:33.505
it's a government, I'm not worried about it. Well, the the startup is gonna attack Bitcoin. The startup will be absorbed.

514
00:45:34.630 --> 00:45:42.630
The startup will be absorbed by governments. The startups will be absorbed by governments way before anything cryptographically relevant happens.

515
00:45:44.070 --> 00:45:46.310
Quite possibly. And in that case, probably

516
00:45:46.550 --> 00:45:47.430
they won't

517
00:45:48.065 --> 00:45:58.144
do anything to Bitcoin until it's like in the New York Times. Well, that's the other piece that's like ridiculous about all of this is like, I don't like, how does this theoretical

518
00:45:58.144 --> 00:46:00.865
attacker monetize? Like, I just do not think

519
00:46:01.450 --> 00:46:09.610
they're a, you can't dump, you're not gonna be able to dump 4,000,000 Bitcoin or 2,000,000 Bitcoin, whatever the number is on the market at once.

520
00:46:10.730 --> 00:46:23.185
No. But you can do it slowly over time. Right. And really depress the price of Bitcoin. I think this is one last thing that I wanted to to raise. Unless the market realizes what's going on, and then you can't.

521
00:46:23.665 --> 00:46:28.225
And then what? Bitcoin goes to zero because no one wants to buy this thing? I mean, yeah. Okay. That that's possible.

522
00:46:29.940 --> 00:46:36.820
Right? But that that's what you're describing. Like, can't sell it because Bitcoin has gone to zero. Well, that'd not zero, but like significantly down.

523
00:46:37.300 --> 00:46:41.620
Sure. I think that's possible. But I think there's one last point here that that's worth raising.

524
00:46:42.555 --> 00:46:49.355
In a future world where Bitcoin is now, where quantum computer exists, whether it's become,

525
00:46:49.355 --> 00:47:02.960
whether people are like, oh, it's gonna be here in three years based on public knowledge, whatever, or whether it's the coins are being dumped and like, there's some leaker who's claiming that it's quantum and like, yeah, it's That's what it would be like, because we wouldn't know. Maybe.

526
00:47:03.200 --> 00:47:16.865
In either case, there will be a fork. Right? Like someone is going to write the code to make a fork that freezes all the quantum insecure spend passes. Steals those Bitcoin. Yeah. Whatever it is. Right? I mean,

527
00:47:18.224 --> 00:47:23.345
if a quantum computer exists, they're gonna be stolen one way or another. Right? It doesn't matter whether they're frozen or stolen.

528
00:47:24.230 --> 00:47:33.030
They're not going to go to the original owner, but there will be, this fork will exist. And so it'll ultimately be up to the market to decide. Right? It's not, we don't get to decide

529
00:47:33.349 --> 00:47:34.790
and it's not some like

530
00:47:35.030 --> 00:47:41.185
philosophical discussion within the community. Yes. That feeds into the market, but ultimately

531
00:47:41.345 --> 00:47:45.505
the market is going to decide which of these two potential Bitcoins

532
00:47:45.505 --> 00:47:46.465
is the

533
00:47:47.105 --> 00:48:00.430
real Bitcoin. It is the most valuable. There's a large part of Bitcoin value, Bitcoin's value comes from the that there is only one. And so I think one is going to dominate. We saw this in the peak cash flow. Agree with that. There's one that that will immediately take One a look wins.

534
00:48:00.910 --> 00:48:04.750
One will win. At some point. And then it's the other one trends to zero at that point.

535
00:48:05.645 --> 00:48:06.285
And

536
00:48:06.525 --> 00:48:09.165
so it's really a question of this competing

537
00:48:09.805 --> 00:48:12.925
trade. Like is your view Bitcoin

538
00:48:13.085 --> 00:48:15.005
must never freeze these coins

539
00:48:15.165 --> 00:48:18.925
because it's against Bitcoin's philosophy to freeze coins.

540
00:48:19.340 --> 00:48:27.180
It's seizure, asset seizure is against Bitcoin's philosophy, and this is asset seizure, and thus it must not happen, and thus this Bitcoin is valueless. Or

541
00:48:27.660 --> 00:48:34.300
this other Bitcoin has a million and a half less supply, and that million and a half Bitcoin is about to be on the market,

542
00:48:35.075 --> 00:48:38.195
whether immediately or over the next however many years,

543
00:48:38.515 --> 00:48:41.155
depressing the price over the next however many years.

544
00:48:41.954 --> 00:48:52.530
I do not buy for a second that that argument doesn't win. This Bitcoin has 10% less supply. Actually not. Right? So it's important again to point out that

545
00:48:52.930 --> 00:48:55.410
it's only wallets that didn't use a seed phrase.

546
00:48:55.809 --> 00:48:58.930
Right? So wallets that use the seed phrase are totally fine.

547
00:48:59.809 --> 00:49:08.244
They can claim their money, they can get their money back. And so even when we're talking, so what we're really talking about is just the really old coins, just the Satoshi era, 2011

548
00:49:08.244 --> 00:49:09.365
era stuff,

549
00:49:10.085 --> 00:49:16.005
which is I guess, you know, something like a million coins, right? So there's 10, there's 5% less supply on this Bitcoin

550
00:49:16.430 --> 00:49:19.390
that no, Satoshi no longer has his coins.

551
00:49:19.870 --> 00:49:21.470
And then there's this other Bitcoin

552
00:49:21.870 --> 00:49:24.110
where there's 5% more supply,

553
00:49:24.270 --> 00:49:29.710
not only more supply in like theory, but more supply actually on the market. So 5%

554
00:49:29.790 --> 00:49:32.190
additional Bitcoin

555
00:49:31.625 --> 00:49:50.760
available for purchase on the market is probably X more Bitcoin available for purchase on the market. The vast majority of Bitcoin's not available for purchase. People are diamond handed to us, right? Or certainly not available for purchase at current prices. All of a sudden you have X more Bitcoin being sold every day. Don't buy that that one's gonna win it. And they don't buy that that one's gonna win because the philosophical

556
00:49:50.760 --> 00:49:54.680
debate isn't clear. Right? It's not just this black and white

557
00:49:54.920 --> 00:50:02.200
asset seizure bad. This is asset seizure. I agree. Asset seizure is bad. The whole point of Bitcoin is to prevent that from ever being a consideration.

558
00:50:02.735 --> 00:50:03.295
But

559
00:50:04.095 --> 00:50:20.650
it's not black and white because these coins are gonna be stolen. Like, options aren't We don't know that. Freeze the coins, assuming assuming there's a quantum computer and it's But you wouldn't know at that point. You wouldn't know at that point. It'd be proactive. It'd be by design proactive. You would not know if those coins would be stolen or not.

560
00:50:21.690 --> 00:50:23.050
You'd be making think an educated

561
00:50:24.730 --> 00:50:27.130
that's potentially true that it's

562
00:50:27.609 --> 00:50:30.089
unclear. And I think in that case You can't do it afterwards. Right?

563
00:50:32.655 --> 00:50:43.375
I mean, you can wait. Right? It's like, okay, well, you know, 10,000 of Satoshi's coins have moved and this leaker is claiming that a quantum computer

564
00:50:43.850 --> 00:50:45.130
exists and

565
00:50:45.450 --> 00:50:52.490
Google was making good progress towards a quantum computer until five years ago when they stopped announcing it, but they didn't stop investing in it.

566
00:50:53.130 --> 00:50:57.930
You know, you can make us, you'll be able to make a very cohesive argument that a quantum computer exists.

567
00:50:58.704 --> 00:51:02.545
Cryptographically relevant quantum computer exists. Sorry. And then at that point,

568
00:51:02.785 --> 00:51:06.065
it'll be a question of which one has more value. I,

569
00:51:07.585 --> 00:51:13.585
you know, this is speculation, but I think you'll be able to make a very cohesive argument. And because you'll be able to make a very cohesive argument,

570
00:51:14.070 --> 00:51:14.790
the,

571
00:51:15.350 --> 00:51:16.870
the philosophical

572
00:51:17.110 --> 00:51:18.550
debate around

573
00:51:18.950 --> 00:51:21.110
whether this is asset seizure

574
00:51:21.350 --> 00:51:22.390
will lose

575
00:51:22.710 --> 00:51:37.555
because it will no longer be black and white because it will be, no, no, no. I don't think this is asset seizure because the alternative is that the assets are just stolen. Not that the original owner gets to keep their money. They're just, they're just, they're not gonna be held by the owner either way.

576
00:51:38.115 --> 00:51:44.740
I mean, I, I mean, I, first of all, I, we're just making speculation based on market dynamics.

577
00:51:44.980 --> 00:51:45.620
But I

578
00:51:46.980 --> 00:51:49.140
don't believe the case is that strong that

579
00:51:49.540 --> 00:51:51.460
the side that freezes

580
00:51:51.460 --> 00:52:04.165
a ton of Bitcoin, including the creator of Bitcoin's Bitcoin would win in a fork. Like I don't believe that's necessarily the case. I think if first of all, by the way, like if someone does, if someone does

581
00:52:04.565 --> 00:52:06.165
compromise those keys,

582
00:52:06.565 --> 00:52:13.590
I think they have a pretty strong incentive not to immediately dump in a fork situation because they have no Bitcoin on the other side of the fork.

583
00:52:13.910 --> 00:52:17.750
I think they have a decent argument to be very loud about that.

584
00:52:18.950 --> 00:52:20.230
I would argue

585
00:52:20.550 --> 00:52:21.670
if you're correct,

586
00:52:22.070 --> 00:52:23.910
if you're correct that that fork would win,

587
00:52:24.575 --> 00:52:26.895
then Satoshi's coins are already frozen.

588
00:52:29.375 --> 00:52:32.974
Satoshi woke up tomorrow and started spending his Bitcoin,

589
00:52:33.295 --> 00:52:37.214
is someone going to propose a fork and say that it was quantum that's making him move?

590
00:52:37.694 --> 00:52:58.035
Is his Bitcoin is moving because of quantum? Because the price would start dumping as soon as Satoshi moves his Bitcoin tomorrow. Right. But but I think, like, no one can make a good argument today that it's a quantum computer cryptographically relevant quantum computer. Well, the the key of their argument would be Satoshi's coins moving because that's probably the single biggest thing that could break through hype on quantum.

591
00:52:58.275 --> 00:53:02.195
I don't I I don't even know I would believe quantum exists

592
00:53:02.355 --> 00:53:05.395
unless old coins were stolen in the first place.

593
00:53:06.275 --> 00:53:29.815
Yeah. I mean, I think you have to be able to it has to be plausible. Right? Like, it is it is like if Satoshi's coins move tomorrow, I would bet that it's Satoshi moving their coins or that there is some some classical computer issue. Maybe maybe the the randomness making the the coins wasn't secure or whatever, like, but not on a quantum computer based on all of the evidence we have of it seems

594
00:53:30.934 --> 00:53:31.895
relatively

595
00:53:31.974 --> 00:53:36.375
compelling that the best public quantum, the best quantum computer,

596
00:53:36.694 --> 00:53:47.430
the best state of the art quantum computer is publicly known. And But we don't know that's true. We don't know that's true, but it seems like a pretty safe bet. I think most Do you think the Chinese would would tell people?

597
00:53:49.109 --> 00:54:04.565
If the government had one, no. But again, like the in practice, these communities are small and these communities are open. Right? The reality of any, any niche thing is that generally the communities are small and open. And so the

598
00:54:04.565 --> 00:54:08.325
people who show up at quantum computer conferences

599
00:54:08.885 --> 00:54:12.244
know each other and they know who's building what.

600
00:54:12.930 --> 00:54:18.690
And yeah, it's possible the Chinese have some secret lab that's next smarter than

601
00:54:18.930 --> 00:54:21.810
all of the other labs in the West.

602
00:54:22.130 --> 00:54:23.090
It's possible.

603
00:54:23.410 --> 00:54:28.290
I mean, it's certainly not likely though. You know, it's not saying Chinese people are dumb, but like

604
00:54:28.535 --> 00:54:35.975
they're, they have one lab and it's gonna be, you know, 10 labs building different types of quantum computers in the West. Unlikely,

605
00:54:36.135 --> 00:54:38.295
you know, I think there's

606
00:54:38.295 --> 00:54:41.255
tons of smart PhD quantum researchers in China,

607
00:54:42.119 --> 00:54:44.839
but are they gonna be better than

608
00:54:45.640 --> 00:54:47.400
10 times more approaches

609
00:54:47.400 --> 00:54:49.560
in the West? Probably not.

610
00:54:49.880 --> 00:54:50.839
So I

611
00:54:54.920 --> 00:54:56.119
have another

612
00:54:56.445 --> 00:54:58.365
question for you. So like

613
00:54:58.685 --> 00:54:59.405
why

614
00:54:59.725 --> 00:55:03.165
from your logic, right? Okay. So if you freeze Bitcoin

615
00:55:03.565 --> 00:55:05.485
that is vulnerable to being stolen,

616
00:55:05.725 --> 00:55:07.005
then clearly

617
00:55:07.965 --> 00:55:13.820
there's less Bitcoin on the fork that has it frozen, right? Because by

618
00:55:14.540 --> 00:55:16.380
design, you're freezing a bunch of Bitcoin.

619
00:55:17.580 --> 00:55:20.540
Why is it the fascination that like,

620
00:55:20.780 --> 00:55:22.380
with quantum specifically,

621
00:55:22.380 --> 00:55:24.540
we're freezing potentially stolen Bitcoin.

622
00:55:25.145 --> 00:55:30.505
But with every other method of stealing Bitcoin is never even contemplated freezing Bitcoin.

623
00:55:30.665 --> 00:55:31.545
For instance,

624
00:55:32.025 --> 00:55:34.505
the speculation right now is that Maduro's government had

625
00:55:35.944 --> 00:55:36.744
600,000

626
00:55:36.744 --> 00:55:37.145
Bitcoin.

627
00:55:37.580 --> 00:55:43.500
Let's just put it out there. Let's say that's the case. I think that's overstated, but let's say that's the case. Why

628
00:55:44.140 --> 00:55:54.075
does the US government dropping Delta Force on his headquarters and seizing the Bitcoin that way? How is that any different? Like, why is that? Why aren't we freezing their Bitcoin?

629
00:55:54.954 --> 00:56:04.234
Then if the US government secretly built a quantum cryptographically relevant quantum computer and stole Maduro's Bitcoin that way? Like, why is it? I think because

630
00:56:04.400 --> 00:56:07.280
an in system question versus an out of system question.

631
00:56:07.520 --> 00:56:10.000
It's like if in a world where they

632
00:56:10.400 --> 00:56:12.800
asked cryptographically relevant quantum computer,

633
00:56:12.880 --> 00:56:15.520
it is impossible to use the Bitcoin we have today.

634
00:56:16.080 --> 00:56:17.520
Right? Like anyone who

635
00:56:18.065 --> 00:56:27.185
has any Bitcoin, no matter the address type, they start moving their coins instantly stolen before they can do anything. Bitcoin Well, that's why it's important have that they can steal.

636
00:56:27.665 --> 00:56:28.785
Yes. But it's

637
00:56:29.265 --> 00:56:30.385
if you if you

638
00:56:31.070 --> 00:56:33.950
play it out, right, a quantum computer isn't just

639
00:56:34.190 --> 00:56:47.325
something that can steal from some people by sending in guns or whatever. A quantum computer is something that breaks the whole system and makes the system totally untenable and totally unusable in any way, shape or form.

640
00:56:48.845 --> 00:56:51.165
And I think the same is true

641
00:56:51.404 --> 00:56:52.285
for

642
00:56:53.325 --> 00:56:59.580
any kind of cryptographic break that results in the vast majority of Bitcoin being stolen.

643
00:56:59.580 --> 00:57:03.900
Yeah. But that that can be solved without freezing Bitcoin. Like that can be solved by

644
00:57:04.540 --> 00:57:05.420
having

645
00:57:05.500 --> 00:57:14.235
a that, you know, like a quand Here too, there are shades of gray. Right? Your your v three method. Right? Your v three method could solve that

646
00:57:14.715 --> 00:57:19.755
without freezing people's Bitcoin who didn't opt in to being having their Bitcoin frozen.

647
00:57:20.235 --> 00:57:23.915
Right. There are shades of gray. Right? So if

648
00:57:24.190 --> 00:57:24.830
there's

649
00:57:25.710 --> 00:57:28.590
I think, I think the, the point about

650
00:57:29.150 --> 00:57:33.470
seed phrase based wallets is also important to consider though. Right? Where it's okay,

651
00:57:33.710 --> 00:57:39.805
your options are, you know, assume we know a quantum computer is about to be built. You know, there's one that has

652
00:57:41.245 --> 00:57:46.445
just shy of enough bits, 96 instead of 128 qubits or whatever it is. Right?

653
00:57:47.165 --> 00:57:54.270
It's making good progress. It's shown consistent growth. It's very clear that they're just engineering challenges at this point.

654
00:57:56.190 --> 00:57:56.750
And

655
00:57:58.109 --> 00:57:58.830
okay,

656
00:57:59.150 --> 00:58:00.750
some wallets have switched,

657
00:58:01.069 --> 00:58:14.015
but certainly not all of them. And some coins have moved, but certainly not all of them have moved to this new, you know, it's Taproot version two, just an extra signaling bit to indicate that you're secure.

658
00:58:14.975 --> 00:58:16.335
Your options are

659
00:58:18.255 --> 00:58:24.290
freeze coins that don't have a seed phrase proof that can't do the seed phrase proof technique,

660
00:58:26.690 --> 00:58:29.010
such that the quantum computer doesn't get

661
00:58:29.250 --> 00:58:30.210
any money

662
00:58:31.010 --> 00:58:31.970
or

663
00:58:32.050 --> 00:58:33.490
don't. In which case,

664
00:58:33.970 --> 00:58:35.810
many Bitcoiners

665
00:58:35.890 --> 00:58:38.930
have old wallets, they

666
00:58:38.184 --> 00:58:39.865
weren't paying much attention,

667
00:58:41.065 --> 00:58:46.825
and they don't move their coins. So if it's like 10 Bitcoin

668
00:58:47.305 --> 00:58:48.825
in the old style

669
00:58:48.825 --> 00:58:54.670
address format in total, then like, yeah, okay, whatever. Let the quantum computer steal this end Bitcoin.

670
00:58:54.910 --> 00:58:57.630
It's not worth the hassle. It's not worth debating,

671
00:58:57.630 --> 00:58:58.109
whatever.

672
00:58:58.430 --> 00:58:59.310
If it's

673
00:58:59.789 --> 00:59:00.670
5,000,000

674
00:59:00.670 --> 00:59:01.630
Bitcoin,

675
00:59:02.589 --> 00:59:07.655
then we have to have a very different conversation. So I think it really is shades of gray and it's part of why

676
00:59:08.055 --> 00:59:13.655
I harp on the, like, we can't decide for the future Bitcoin community. Not just because like we can't decide, but

677
00:59:14.215 --> 00:59:32.210
also because there's so much nuance to exactly the scenario of like how many coins have moved over, how many wallets supported versus, you know, are there a bunch of wallets that just never bothered to do this? How quickly does the quantum computer appear? Is it sudden? Do we discover some secret quantum computer that we didn't know about that had already existed?

678
00:59:32.369 --> 00:59:36.905
You know, there's so many pieces to the scenario that feed into that decision

679
00:59:37.225 --> 00:59:37.945
that

680
00:59:38.105 --> 00:59:42.585
I think we can't predict it. And I do think there are very

681
00:59:42.585 --> 00:59:44.025
likely scenarios

682
00:59:44.105 --> 00:59:47.785
where the Bitcoin community is gonna wanna freeze those coins. I think that's very likely.

683
00:59:48.450 --> 00:59:51.250
I just I think it's a distraction

684
00:59:51.410 --> 00:59:52.770
that people think

685
00:59:54.130 --> 01:00:05.805
that it's even tenable to freeze the Bitcoin without consent. Like I the the V three mode or whatever, I think it could be I think it can very well be tenable because you're consenting like I want

686
01:00:06.285 --> 01:00:09.565
the quote unquote, insecure spend paths to be frozen,

687
01:00:09.805 --> 01:00:15.325
whenever the network dictates, and I can still access my Bitcoin. I reject the premise

688
01:00:16.010 --> 01:00:19.530
that freezing a bunch of Bitcoin makes the underlying

689
01:00:20.010 --> 01:00:22.970
chain more valuable because there's less Bitcoin.

690
01:00:23.369 --> 01:00:27.530
Because it's a slippery, it's just straight up a slippery slope. And I think that if you think

691
01:00:29.165 --> 01:00:31.165
pigeonholing it as philosophical

692
01:00:31.165 --> 01:00:32.125
is wrong,

693
01:00:33.165 --> 01:00:47.920
because it's much more than that. It's the core value problem of Bitcoin. It's being able to use it in a permissionless way, whether you wanna spend or save it. And I'll go back to the Maduro example. Let's pretend we didn't drop Delta Force on them already, which we did. But let's say it becomes

694
01:00:47.920 --> 01:00:50.240
obvious that they have 600,000 Bitcoin.

695
01:00:50.480 --> 01:00:56.720
And they have 600,000 Bitcoin that they stole from their people, right? A bunch of that Bitcoin was either stolen from miners directly,

696
01:00:57.474 --> 01:00:58.515
or was,

697
01:00:58.675 --> 01:01:00.115
you know, the corrupt

698
01:01:00.115 --> 01:01:00.835
government

699
01:01:00.994 --> 01:01:12.915
squirrelling away oil and gold resources and stuff and converting it to their own Bitcoin wallets, no matter how you cut it, like Maduro's assets are stolen assets from his people. If we were to freeze those if BlackRock,

700
01:01:14.810 --> 01:01:15.930
Coinbase,

701
01:01:16.090 --> 01:01:17.210
MicroStrategy,

702
01:01:17.210 --> 01:01:27.635
Block came together and was like, we were gonna freeze those, and now there's gonna be 600,000 less Bitcoin on the market on our side of the fork, I think that fork will lose. I think China,

703
01:01:27.635 --> 01:01:34.355
I think a bunch of other actors would be like, well, what's going to stop them from freezing my Bitcoin? What's going to stop them from saying,

704
01:01:34.435 --> 01:01:38.675
we have to do KYC AML on every address. And if you don't do the KYC AML,

705
01:01:38.755 --> 01:01:43.840
then we're going to freeze your Bitcoin. And I think it becomes You're totally right. Unless it's incredibly

706
01:01:43.840 --> 01:01:44.560
obvious

707
01:01:44.640 --> 01:01:45.760
that quantum,

708
01:01:45.760 --> 01:01:50.000
you know, in a real way. And I don't know how that could ever be obvious.

709
01:01:50.560 --> 01:02:11.740
Right. So I think that's the core of the disagreement. Like, I think you're totally right that fork would lose. I hope I certainly, not only do I believe you're right, but I certainly hope you're right because if you're not, then like, I don't find Bitcoin valuable at all. I mean, I think we saw this with, with the Bcash fork where Bitmain plowed something like a billion dollars into propping up the Bcash price, and it failed horrendously

710
01:02:11.900 --> 01:02:12.700
because

711
01:02:12.940 --> 01:02:15.900
tons of Bitcoiners who had lots of coin

712
01:02:16.460 --> 01:02:29.195
said, this is not the Bitcoin I want to see. This is a valueless Bitcoin to me for various reasons and sold it and wrecked the price of it. And I think you're totally right that the same would happen in the case of Venezuelan

713
01:02:29.195 --> 01:02:39.360
Bitcoin or something like that. And I think you might also be right if it's quantum hype and it's not clear. And I think that's really the core of the disagreement is,

714
01:02:39.440 --> 01:02:40.480
you know, if it's,

715
01:02:41.040 --> 01:02:41.920
well, you know,

716
01:02:43.200 --> 01:02:47.200
how obvious it is. If it's, well, you know, it's just speculation

717
01:02:47.200 --> 01:02:48.000
and there's

718
01:02:48.725 --> 01:02:50.485
some coins moving,

719
01:02:50.645 --> 01:02:51.045
but it,

720
01:02:51.845 --> 01:02:59.445
there's not real, no one's really like claiming they really have it. And, know, maybe it's just like in a Russian lab somewhere.

721
01:02:59.525 --> 01:03:01.365
I think you're right that that might

722
01:03:01.765 --> 01:03:02.805
very well not happen.

723
01:03:03.549 --> 01:03:10.990
Very likely wouldn't happen. And it's probably a good thing. But if it's super obvious, if it's like, here, look, we've got this running in a lab.

724
01:03:11.230 --> 01:03:13.630
Let's take you on a video tour on YouTube.

725
01:03:13.869 --> 01:03:20.325
Let's live factor Satoshi's coins and demonstrate that we can steal Satoshi's coins live on YouTube, then,

726
01:03:21.045 --> 01:03:25.045
like, you can't argue at that point that you're gonna happen.

727
01:03:25.525 --> 01:03:28.005
But sure. Actually, I think that's very likely.

728
01:03:30.005 --> 01:03:32.405
Think You they don't think they would steal the coin first?

729
01:03:34.250 --> 01:03:42.970
If Bitcoin hadn't frozen at that point, sure. But they would instead factor, you know, 96 bit key or something. Instead of instead of a key with more

730
01:03:43.290 --> 01:03:45.530
entropy, they would demonstrate we

731
01:03:45.690 --> 01:03:51.425
have a quantum computer that can factor almost a real private key, and we've shown demonstratable

732
01:03:51.425 --> 01:03:53.985
growth over the last five years. Within

733
01:03:53.985 --> 01:04:01.185
two to three years, it's going to be cryptographically relevant for real world crypto. I think that scenario is very likely.

734
01:04:02.010 --> 01:04:04.650
And I think in fact, the most likely,

735
01:04:05.370 --> 01:04:07.290
but maybe not. Maybe not. I

736
01:04:08.090 --> 01:04:11.530
think that's, yeah. I mean, that's, it's just speculation. Right? We,

737
01:04:12.330 --> 01:04:13.050
whatever.

738
01:04:13.130 --> 01:04:19.905
We can't really debate that or conclude who's right or wrong there. It's only speculation. And that that's,

739
01:04:20.305 --> 01:04:24.545
you know, in that kind of thing will feed into the discussion and the decision

740
01:04:24.545 --> 01:04:25.905
by the Bitcoin community.

741
01:04:26.224 --> 01:04:29.345
While we're in, the realm of speculation

742
01:04:29.345 --> 01:04:30.305
theoreticals,

743
01:04:30.240 --> 01:04:35.920
I'm kind of curious on your opinion just because it's a fun theoretical. US government has a dark program

744
01:04:36.160 --> 01:04:38.320
to break crypto. They succeed.

745
01:04:38.720 --> 01:04:39.920
You know, they break

746
01:04:40.480 --> 01:04:47.735
Chinese message encryption and whatnot. They use it to spy on a bunch of people, enemies and non enemies alike, spying everybody. Right? They're just using it.

747
01:04:48.295 --> 01:04:55.415
Get to a point where they're like, holy shit, like, we think someone else is going to get this capability, right? Because that's always the things like you find it in dark.

748
01:04:56.055 --> 01:05:06.910
And then you have a window of opportunity where you can use it until someone else also has access to it. And so you're trying to take advantage of it. So they like come to the conclusion like, okay, people are gonna figure out that we have access to it.

749
01:05:07.390 --> 01:05:14.270
So then they steal a bunch of Bitcoin, and they probably don't start stealing with Satoshi's Bitcoin, right? They steal with other vulnerable addresses

750
01:05:14.415 --> 01:05:30.740
that are not as heavily watched, and might actually have larger amounts in it because a bunch of Satoshi's Bitcoins are coin based transactions. There's smaller amounts in a single address. So like, reuse addresses, stuff like that. And they have a little bit of plausible deniability like, oh, like those, maybe, you know, that company was

751
01:05:31.380 --> 01:05:38.820
mismanaged or cold storage. Like, that's why there was a break or whatever. And so they gobble up a bunch of Bitcoin, put it into secure addresses.

752
01:05:39.380 --> 01:05:50.734
And then they announced to the world, we have taken the we discovered quantum actually three years ago. We've used this for American dominance and, you know, American dynamism

753
01:05:50.734 --> 01:05:55.055
as a 16 z likes to say. And we've taken this Bitcoin Korea's

754
01:05:55.055 --> 01:05:55.535
Bitcoin.

755
01:05:55.880 --> 01:06:01.720
And we've taken Yeah, we've taken this Bitcoin, and we put it in the strategic Bitcoin reserve alongside all the other stolen Bitcoin we have.

756
01:06:02.120 --> 01:06:03.160
Because that's

757
01:06:03.320 --> 01:06:07.160
SBR is just stolen Bitcoin. That's what it stands for the stolen Bitcoin reserve.

758
01:06:07.560 --> 01:06:10.440
And they announced the world we're not going to sell it. It's for America's future.

759
01:06:11.415 --> 01:06:16.215
Does a fork that freezes their Bitcoin succeed in that situation? Does it even get proposed?

760
01:06:18.135 --> 01:06:22.375
Yeah. I mean, I'm sure it gets proposed. Really good question. I assume it would fail.

761
01:06:23.510 --> 01:06:24.070
But,

762
01:06:24.390 --> 01:06:27.589
yeah, I don't know. A fork would fail. Right? They would just have a Like, dispute

763
01:06:29.430 --> 01:06:30.070
they

764
01:06:30.470 --> 01:06:43.085
you know, because they would steal North Korea's Bitcoin. Right? They wouldn't steal, like, Coinbase's Bitcoin. If they stole Coinbase's Bitcoin, Coinbase would sue them and get the money back. Right? Like the courts would give give them their money back. But there's some sense of property rights in the country. Right.

765
01:06:43.325 --> 01:06:52.685
They'd steal North Korea's Bitcoin. They'd steal Russia's Bitcoin, whatever. Or they would claim it's North Korea's and Russia. Whether it is or not, it's a separate question. But they would claim it's North Korea's and Russia's Bitcoin. And

766
01:06:53.690 --> 01:06:57.530
I don't think that people would be so motivated

767
01:06:57.930 --> 01:06:58.650
to

768
01:06:58.890 --> 01:07:00.650
freeze those coins

769
01:07:02.250 --> 01:07:09.585
when it's North Korea and Russia's Bitcoin. They're just like, yeah, that's North Korea's Bitcoin. Like, I mean, personally, I would be happy for North Korea to have less Bitcoin.

770
01:07:09.825 --> 01:07:10.385
Like,

771
01:07:10.625 --> 01:07:11.185
in

772
01:07:11.585 --> 01:07:30.140
general, like I would like North Korea to have less Bitcoin. Would that would make me happy. Now there's not anything I can do about that, but like in general, I want I want them to have less Bitcoin. So I think the the like political will and motivation of people to say, no, no, no, we're gonna steal we're gonna seize those coins and give them back to North Korea

773
01:07:30.619 --> 01:07:32.220
is just not gonna be there.

774
01:07:33.579 --> 01:07:34.060
Obviously,

775
01:07:34.380 --> 01:07:37.180
I think at that point there it would likely be the case that

776
01:07:37.785 --> 01:07:39.785
freezing insecure spend paths would happen

777
01:07:40.345 --> 01:07:47.305
for future for other coins, so they can't steal any other coins. But I would guess that the political will just wouldn't be there to do it.

778
01:07:47.944 --> 01:07:49.305
So that in that situation,

779
01:07:51.130 --> 01:07:53.850
we would have wasted a ton of mental cycles

780
01:07:53.930 --> 01:07:56.250
under the assumption that we're gonna freeze Bitcoin

781
01:07:56.890 --> 01:08:01.130
when really the path forward should just be focused on No. What we can

782
01:08:02.970 --> 01:08:17.305
I think I think they would steal North Korea's Bitcoin? They would announce it, and then we would freeze all the other. We would freeze Satoshi's coins. Or maybe they would steal Satoshi's coins, but we would then freeze Coin bases, like, insecure If they could freeze if they stole Satoshi's coins, then those wouldn't be frozen.

783
01:08:18.070 --> 01:08:26.230
I I think at that point, it would just be like, well, this is too complicated. Because also, it's So it's like a quantum attacker that's not the US government would have to steal.

784
01:08:26.710 --> 01:08:28.710
I I think it's also probably,

785
01:08:28.710 --> 01:08:32.150
it's largely impractical to freeze coins after they

786
01:08:32.725 --> 01:08:39.204
have been stolen. Exactly. Right? Because you announce a soft fork and you're like, this UTXO, I'm gonna freeze this UTXO.

787
01:08:39.205 --> 01:08:44.565
And then they immediately spend it and like mix it with a bunch of other coins before the soft fork activates.

788
01:08:44.725 --> 01:08:49.889
And now what do you do? Like that doesn't, you just can't do that. Like it's not By design, it wants be proactive.

789
01:08:50.290 --> 01:08:51.730
It only works if it's,

790
01:08:52.450 --> 01:08:54.530
you know, you can be proactive. And again,

791
01:08:54.530 --> 01:09:02.614
I think in practice, if it were a US government lab, they would just take North Korea's Bitcoin, be done with it, and we would disable all the other insecure spend paths.

792
01:09:06.295 --> 01:09:07.014
Interesting.

793
01:09:09.975 --> 01:09:11.495
Yeah. I mean, I just think

794
01:09:14.830 --> 01:09:17.869
yeah. Except for your one scenario

795
01:09:18.429 --> 01:09:19.150
where

796
01:09:19.790 --> 01:09:21.550
it's extremely

797
01:09:21.550 --> 01:09:22.590
obvious that

798
01:09:22.910 --> 01:09:24.269
it's about to happen,

799
01:09:24.670 --> 01:09:30.030
which I just don't think is a real you think is the most realistic scenario. I think it's the least realistic scenario.

800
01:09:30.475 --> 01:09:31.994
Besides that scenario,

801
01:09:31.995 --> 01:09:37.514
I don't think it's a logical assumption to assume that a fork with freezing

802
01:09:38.955 --> 01:09:53.249
a large portion of Bitcoin would ever succeed over one that doesn't. Maybe I'm wrong. I think you're, I think I probably agree with you. I think we largely agree on that point. I think the only other note I have and part of the reason

803
01:09:54.210 --> 01:09:56.770
why I wanna focus on that scenario

804
01:09:56.885 --> 01:10:00.725
is because it's the also the only scenario we can really do anything about.

805
01:10:01.685 --> 01:10:09.285
Like if if a quantum computer suddenly appears tomorrow in a secret lab and they just start stealing Bitcoin,

806
01:10:09.860 --> 01:10:22.820
You know, it's not somebody who's just going to take North Korea's money and then be fine with it. It's someone who's really just trying to steal all the coin they can, maximize profit, dump it on the market as quickly as they can before Bitcoin can react.

807
01:10:23.139 --> 01:10:24.579
I think Bitcoin is just dead.

808
01:10:25.335 --> 01:10:29.175
I think that's it. There's there is no there's nothing left for Bitcoin.

809
01:10:29.495 --> 01:10:32.215
If we have ways to spend post quantum

810
01:10:32.295 --> 01:10:33.974
without freezing? So

811
01:10:35.575 --> 01:10:39.550
because no wallets will adopt it. Right? So, so the

812
01:10:39.790 --> 01:10:41.230
things we can do today,

813
01:10:41.710 --> 01:10:46.110
I described earlier, right, but we, we can, we can add a way for people to

814
01:10:46.350 --> 01:10:47.070
have

815
01:10:47.230 --> 01:10:48.349
quantum security

816
01:10:49.070 --> 01:11:02.065
if a future community flips a bit. You know, maybe it's opt in, so it doesn't have any of these questions around seizure. Yeah. But they have to take some active action. They have to deploy a self fork before the quantum computer starts stealing all the coins.

817
01:11:02.945 --> 01:11:03.425
Or

818
01:11:06.440 --> 01:11:12.840
we do some and that that's nice because it's that doesn't impact transaction sizes today. Wallets do it transparently.

819
01:11:12.840 --> 01:11:20.280
So people actually adopt it. They're not people will actually Very adopt few people are gonna adopt this stuff if it's it's way more expensive and you don't know if it's actually expensive.

820
01:11:21.225 --> 01:11:31.385
That's the only other option we have and no one's gonna use that. Sure. Okay. Maybe Coinbase custody will use that, but I don't care. Coinbase custody, if, if,

821
01:11:31.785 --> 01:11:35.465
if a quantum computer appears, Coinbase custody can move quickly.

822
01:11:36.010 --> 01:11:42.330
Anything that becomes available to secure coins, Coinbase custody will be the first people to adopt.

823
01:11:42.810 --> 01:11:48.970
And so I don't, I'm not worried about them. I'm worried about the average Bitcoiner who has coins in self custody.

824
01:11:49.775 --> 01:11:52.255
Maybe they're not paying that much attention to Bitcoin.

825
01:11:52.735 --> 01:11:59.215
You know, they care about Bitcoin, but it's not their full time job. They have a job. They do something else during the day. Maybe their

826
01:11:59.454 --> 01:12:08.050
coins are backed up in a safety deposit box halfway around the world at their parents' house or in a bank in Zurich, you know, they can't move quickly necessarily.

827
01:12:08.050 --> 01:12:18.770
And most of them won't move quickly. Those coins are the ones we need to protect. And those coins will also never adopt something that's ten, fifty X more expensive today.

828
01:12:18.930 --> 01:12:36.470
They're gonna wait. And most wallets won't adopt it period anyway. Ignore the, whether the end user will adopt it. The wallet developer won't adopt it because they don't want a wallet that has that much worse user experience than everybody else. A few of them, there will be some options. There'll be a few wallets that have it, but most of them won't.

829
01:12:36.630 --> 01:12:43.590
And so I So don't that think number three path, like opt in Taproot path makes it doesn't that make the most sense?

830
01:12:44.070 --> 01:12:46.870
I think it makes sense to deploy something like that,

831
01:12:47.590 --> 01:12:47.830
but

832
01:12:48.784 --> 01:12:50.465
it only makes sense

833
01:12:50.705 --> 01:12:55.425
if the future community has a chance to respond before quantum computers starts stealing coins.

834
01:12:55.824 --> 01:12:56.864
If it doesn't,

835
01:12:57.585 --> 01:12:59.425
I think it'll just be too, like Bitcoin,

836
01:13:00.720 --> 01:13:10.000
you know, oh, government, you know, private lab gets quantum computer. They've been secretly stealing Bitcoin for several years. They've managed to dump a 100,000 Bitcoin

837
01:13:10.080 --> 01:13:20.874
on the market. Oh, this is why Bitcoin's down 50% year on year. But the cool part about Now everyone's just like, what the hell is the point of Bitcoin? You know, so many people lost all of their money on this garbage.

838
01:13:21.275 --> 01:13:21.675
Like,

839
01:13:22.155 --> 01:13:23.755
fuck this The cool part about the cool

840
01:13:25.755 --> 01:13:29.429
mean, I'm serious. I think that's what the market's response will be. The

841
01:13:30.070 --> 01:13:31.989
cool part about the opt in path,

842
01:13:32.630 --> 01:13:46.594
right? Is so you opt in to Taproot, you're not, you're just Taproot v three or whatever. You're not paying more money. It's relatively low friction. We have a lot of time to do it. The cool part about that is if you are proactively

843
01:13:47.074 --> 01:13:49.715
then freezing the insecure paths of

844
01:13:50.275 --> 01:13:51.715
those coins specifically,

845
01:13:52.195 --> 01:13:55.395
it's actually way easier to have consensus on that proactively.

846
01:13:56.520 --> 01:14:02.360
All you're doing is flipping a switch on people who have already opted in to have their switch flipped when there's a concern.

847
01:14:03.000 --> 01:14:06.040
A completely different argument to be making to the market,

848
01:14:06.520 --> 01:14:09.960
then we are gonna freeze a bunch of people that didn't give consent.

849
01:14:10.520 --> 01:14:11.720
You could actually

850
01:14:11.885 --> 01:14:16.365
it's actually a lot more realistic that we could actually do that proactively

851
01:14:16.525 --> 01:14:18.845
versus trying to, you know Potentially,

852
01:14:19.085 --> 01:14:20.365
I think this

853
01:14:20.365 --> 01:14:22.045
assumes that the

854
01:14:22.205 --> 01:14:25.210
likely scenario is very,

855
01:14:25.210 --> 01:14:27.929
very unclear whether a quantum computer exists.

856
01:14:28.090 --> 01:14:31.130
And I think, think I would rate the scenarios likelihood is,

857
01:14:31.530 --> 01:14:41.105
you know, 90% chance it's going to be clear two years away that it's somewhere between one and three years away. I, that's, that's my 90% scenario.

858
01:14:41.745 --> 01:15:03.080
Nine percent scenario is it's sitting in a government lab. No one knows about it. It's operating for a while. Maybe it's not gonna steal any Bitcoin, but maybe not, you know, a year before they announce it, they just start stealing Bitcoin cause why not? Or or maybe it's in a Russian government lab or a Chinese government lab or a North Korean government lab and they they start stealing Bitcoin as a way to make money. Probably not the most My 1% scenario

859
01:15:03.800 --> 01:15:04.440
is

860
01:15:05.240 --> 01:15:06.120
it's

861
01:15:06.200 --> 01:15:07.640
very ambiguous.

862
01:15:07.720 --> 01:15:28.140
Not like, you know, not like, okay, well, the lab kind of hasn't announced any new papers, but three people from the lab are leaking to the press that they're getting close and they were showing good trajectory for the last ten years. And then they went dark a year ago as they started to get to the point where it's close. Like, I think that's still very clear. I think the community would

863
01:15:28.700 --> 01:15:36.700
pretty universally agree that it's gonna happen in somewhere between three and five years in that scenario. I think the like 1% scenario is the like,

864
01:15:37.515 --> 01:15:39.595
well, some coins started moving.

865
01:15:40.075 --> 01:15:58.290
We're not really sure. We don't really, you know, there's like one guy, but he's kind of a quack, but he's claiming that he has, you know, his cousin works for this lab that has a quantum computer. And then there's this other guy who's also kind of a quack, but he's claiming his friend's brother works for this lab that has a quantum computer.

866
01:15:58.450 --> 01:16:11.385
We're all just really not clear. I don't think that's gonna happen. I just, I think that's a 1% chance. I think in that world, yeah, okay, maybe this like option three is better

867
01:16:11.385 --> 01:16:18.505
because the community would just freeze those coins at that point, and then those the people who opted into that would would become QuantumSafe,

868
01:16:18.505 --> 01:16:23.370
and and that would be great. But I just, I think that's a really long tail scenario.

869
01:16:25.370 --> 01:16:26.570
And so I don't

870
01:16:27.530 --> 01:16:34.330
think that like, yeah, okay. It's nice to be ready there, but I don't think it's likely. I think in practice, either

871
01:16:35.055 --> 01:16:41.215
we're gonna have some notice. And I think that's very, very likely. We're gonna have notice. We're gonna be very confident or

872
01:16:41.535 --> 01:16:46.015
we're not gonna have any notice, in which case Bitcoin's just fucked. There's no hope at that point.

873
01:16:48.030 --> 01:16:56.030
We disagree with that premise, okay. I mean, I think if we have no notice, if we have very little notice to no notice, and we go the opt in path,

874
01:16:56.270 --> 01:17:05.845
we can just we can be aggressively proactive in terms of disabling the insecure spend paths. And then yes, some Bitcoin will be dumped on the market. But I think logically speaking,

875
01:17:06.405 --> 01:17:16.820
if someone does a big break and takes a bunch of Bitcoin, they have an incentive not to dump it on the market. Their government they throw it in a strategic Bitcoin reserve, You don't have that much downward And pressure after a

876
01:17:17.780 --> 01:17:20.100
then if They know that it's gonna be frozen.

877
01:17:20.340 --> 01:17:22.340
Like, their quantum computer has value

878
01:17:23.060 --> 01:17:26.659
stealing Bitcoin from today No. But not until next Tuesday.

879
01:17:27.380 --> 01:17:29.380
But then after they after they steal it

880
01:17:30.565 --> 01:17:34.085
they have incentive not to dump all of it on the market because

881
01:17:34.085 --> 01:17:36.244
as soon as the market starts pricing that in,

882
01:17:36.885 --> 01:17:47.330
it would not be the most monetizable path for them. And if they're a private company, which I once again do not expect them to be a private company, I think at that point they'll be rolled into something dark in a government lab somewhere.

883
01:17:48.530 --> 01:17:54.610
If they're a private company, the most monetizable path for them would be announcing to the world, We stole this Bitcoin.

884
01:17:55.235 --> 01:17:58.915
And now we've created a treasury company that's competing with micro strategy,

885
01:17:59.235 --> 01:18:03.395
and we're not gonna spend it. We're not gonna spend it anytime soon.

886
01:18:03.955 --> 01:18:12.599
And that's, you know, that then they lock it up and have a shit ton of fucking coin, and they borrowed against it or whatever they want to do. I don't know, financial engineering.

887
01:18:13.640 --> 01:18:15.960
I think we agreed earlier that if

888
01:18:16.040 --> 01:18:17.079
you

889
01:18:17.480 --> 01:18:19.079
know, the market's value

890
01:18:19.320 --> 01:18:21.079
for Bitcoin comes from

891
01:18:21.719 --> 01:18:23.320
these properties of being

892
01:18:23.985 --> 01:18:29.185
trustless money that I don't have to trust anyone else to have this money. And

893
01:18:30.145 --> 01:18:30.705
if

894
01:18:31.265 --> 01:18:34.305
a material number of Bitcoin was stolen

895
01:18:34.545 --> 01:18:43.860
because of a quantum computer, maybe with the one exception of your scenario of the US government stealing North Korea's money. Everyone's just gonna be like, oh, okay. Well They're the only ones allowed to steal Bitcoin.

896
01:18:44.740 --> 01:18:46.180
But only from North Korea.

897
01:18:47.380 --> 01:18:54.675
You know, I think in any other, nearly any other scenario, the market perception of Bitcoin is just gonna crater.

898
01:18:54.675 --> 01:18:59.394
Because this core value problem, the thing that gave Bitcoin value is suddenly gone.

899
01:18:59.635 --> 01:18:59.795
Because

900
01:19:00.550 --> 01:19:04.070
somebody stole a million Bitcoin or a 100,000 or whatever the We'd have a

901
01:19:05.670 --> 01:19:08.790
way for people to spend Bitcoin going forward at that point. That'd be fine.

902
01:19:09.510 --> 01:19:24.015
Because they'd be in the optimal path, and they'd be fine. They could spend They stole a million they stole all of Satoshi's coins. They stole, you know, Joe Bob will come out of the woodwork and say, like, ah, you know, I had a mill you know, I had 10,000

903
01:19:24.015 --> 01:19:24.815
Bitcoin.

904
01:19:25.455 --> 01:19:36.570
I was an OG. I got involved in 2010. I bought all this Bitcoin. It might even, like, be legit. Like, he has proof. Like, look, here's my empty box receipts. I I actually bought 10,000 Bitcoin.

905
01:19:37.929 --> 01:19:39.929
And it was stolen from me by,

906
01:19:40.170 --> 01:19:53.385
you know, quantum computer. I think the stories around stuff like that will be so noisy that Bitcoin just won't have nearly the same value. Maybe it'll recover. I mean, think it wouldn't be ideal scenario.

907
01:19:53.465 --> 01:19:53.945
It

908
01:19:54.505 --> 01:19:56.105
be an ideal scenario.

909
01:19:56.105 --> 01:19:56.825
But I mean, also,

910
01:19:58.220 --> 01:20:06.620
I think the quote unquote cure of like proactively stealing it would also kill the fucking price. So you're you're out you're you are where you are, you like you gotta

911
01:20:07.500 --> 01:20:09.580
work with the hands we were dealt.

912
01:20:11.434 --> 01:20:18.314
Yeah. I I it depends a lot on the scenario, but So I mean, think look. At the end of the day, I think we we

913
01:20:19.275 --> 01:20:25.960
agree. And I think this is really the most important point because we can't predict exactly how a quantum computer's

914
01:20:26.440 --> 01:20:37.640
how we're gonna learn about a quantum computer, how we're gonna discover it, whatever. We can't predict what the future community is gonna do in response to that. But we do agree, and I think, again, this is by far the most important point is that,

915
01:20:37.880 --> 01:20:40.625
look, you know, we need something that

916
01:20:41.025 --> 01:20:41.985
we can do

917
01:20:43.505 --> 01:20:44.304
that

918
01:20:44.625 --> 01:20:46.945
gives wallets the opportunity

919
01:20:47.585 --> 01:20:48.304
to

920
01:20:48.465 --> 01:20:49.264
have

921
01:20:49.505 --> 01:20:50.704
quantum safety

922
01:20:51.105 --> 01:20:51.905
in

923
01:20:52.320 --> 01:21:04.719
some of these scenarios, or at least hopefully the most likely scenarios. And I think certainly would be the most likely scenarios. That doesn't cost them money that they would actually adopt, that wallets would start using today. And then, because, know, if,

924
01:21:05.315 --> 01:21:06.755
if we're at the point

925
01:21:07.235 --> 01:21:12.994
in ten years where quantum computers on the horizon and we see it coming and we know it's gonna happen, and

926
01:21:13.235 --> 01:21:14.114
there's

927
01:21:14.594 --> 01:21:16.034
10,000,000 Bitcoin

928
01:21:16.114 --> 01:21:29.400
that is not opted in to quantum security or hasn't moved, isn't in an output type where we think they might have a quantum secure spend path. Of course we can't freeze the coins. It's 10,000,000 coins. You can't freeze that many coins. That

929
01:21:29.880 --> 01:21:31.640
would wreck the price too, to your point.

930
01:21:32.554 --> 01:21:33.434
If it's

931
01:21:33.994 --> 01:21:35.915
1,000,000, if it's only Satoshi's

932
01:21:35.915 --> 01:21:42.474
coins plus some other things that haven't moved since 2010, and at that point, it will have been twenty five years since those coins moved,

933
01:21:43.594 --> 01:21:46.875
you know, then we have more options than the community But isn't that like a catch 22?

934
01:21:47.450 --> 01:21:51.210
Because like you're saying, okay, if it's a large amount, then we can't

935
01:21:51.530 --> 01:21:52.410
realistically

936
01:21:52.410 --> 01:21:54.330
freeze it without market

937
01:21:54.810 --> 01:21:55.850
crushing us.

938
01:21:56.170 --> 01:21:58.170
And then if, but if it's a lower amount,

939
01:21:58.890 --> 01:22:01.450
what No, does it it's a matter lower amount plus the old coins.

940
01:22:01.895 --> 01:22:03.815
But what does it even matter if it's not a

941
01:22:05.655 --> 01:22:08.614
No. I mean, if it's Satoshi's coins, that's a lot of coin.

942
01:22:09.015 --> 01:22:10.055
Sailor has the coins

943
01:22:10.855 --> 01:22:15.495
Sailor has 600,000 Bitcoin. Are you able to sleep at night that he could just sell them all tomorrow?

944
01:22:16.170 --> 01:22:18.010
Like, what like that

945
01:22:18.010 --> 01:22:19.290
what's the amount?

946
01:22:20.410 --> 01:22:26.330
He could. He he could choose to sell them all tomorrow if he wanted to. It's not just the it's not just that someone

947
01:22:26.810 --> 01:22:28.810
dumps it on the market. It's also

948
01:22:28.890 --> 01:22:29.690
that they're

949
01:22:30.065 --> 01:22:31.905
stolen coins dumped on the market.

950
01:22:32.225 --> 01:22:36.145
Right? That it's like Bitcoin no longer provided this security.

951
01:22:37.665 --> 01:22:46.550
In a scenario where we see a quantum, know, like, oh, quantum computer's been clearly on the horizon for three years. Everyone knew it was coming, and Bitcoin didn't manage to do shit.

952
01:22:46.870 --> 01:22:47.670
And now,

953
01:22:47.910 --> 01:22:51.190
you know, everyone who hadn't moved their coins since 2010

954
01:22:51.430 --> 01:22:52.870
got their coins stolen.

955
01:22:53.830 --> 01:22:56.950
Yeah. I I Look, all I'm saying is

956
01:22:57.595 --> 01:22:59.275
what we should do today

957
01:22:59.835 --> 01:23:05.114
is to give the future Bitcoin community more options. Okay. I agree. To give to put

958
01:23:05.435 --> 01:23:06.475
ourselves

959
01:23:06.635 --> 01:23:18.850
hopefully, we'll all be a part of the Bitcoin community when that time comes, assuming it it happens and it happens within our lifespans. But to give that Bitcoin community the option to do whatever they need to do because

960
01:23:19.170 --> 01:23:24.770
every practical coin where the key has not been lost is in an output type where there is

961
01:23:25.235 --> 01:23:30.434
a recovery path, whether that's because it has a seed phrase or whether it's because it has a

962
01:23:30.835 --> 01:23:33.794
post quantum public key in a tap leaf,

963
01:23:34.195 --> 01:23:36.835
whichever way it has to make sure that they are able

964
01:23:37.410 --> 01:23:43.489
to get their money as long as their key has been lost. Yeah. We agree. And I think that's look. That's the only thing we can do today.

965
01:23:43.810 --> 01:23:47.170
We monitor the situation. You know? Monitor the situation.

966
01:23:47.410 --> 01:23:52.530
There's a lot of situation monitoring happening. There's a lot there's a lot of situations to monitor, and this is one of them.

967
01:23:54.265 --> 01:23:58.824
That's the only thing we can do today. And it sounds like, I think we agree on that. And I think that

968
01:23:59.945 --> 01:24:03.145
we'll see what happens, but I, you know, I'm confident

969
01:24:03.145 --> 01:24:06.360
the future community will have time to respond.

970
01:24:06.360 --> 01:24:14.920
And as long as we give them room to respond, they can. But it only, it only matters if we give them room to respond by letting wallets actually upgrade today

971
01:24:15.160 --> 01:24:16.680
to having quantum security

972
01:24:16.760 --> 01:24:22.804
one way or another. Awesome. Well, I mean, first of all, wanna thank you for being a good sport. I think this was a fun conversation.

973
01:24:22.805 --> 01:24:24.165
But before we wrap,

974
01:24:26.885 --> 01:24:31.925
I'm just kinda curious while I have you. So you are operating under the assumption that

975
01:24:32.440 --> 01:24:36.359
most quantum research is, all the quantum research that matters is public.

976
01:24:36.920 --> 01:24:43.320
There's nothing dark happening right now. There probably won't be anything dark of significance happening in the near future.

977
01:24:44.360 --> 01:24:44.919
In

978
01:24:45.239 --> 01:24:45.719
your mind,

979
01:24:47.025 --> 01:24:55.744
what is the timetable based on current public research of quantumly cryptographically relevant quantum computer that could do this type of attack?

980
01:24:58.545 --> 01:24:59.905
I think that

981
01:25:00.210 --> 01:25:01.409
that is

982
01:25:02.850 --> 01:25:05.970
I I can't speculate on that. Humorous. Humorous.

983
01:25:05.970 --> 01:25:10.210
No. No. No. I I I can't speculate on it be specifically because,

984
01:25:10.690 --> 01:25:17.844
you know, there there's the the people who are experts who I might be able to look to to inform my opinion,

985
01:25:18.485 --> 01:25:25.124
for the most part, are trying to raise money. They're They're all trying to raise money. They're pumping their bags to try to raise money.

986
01:25:25.925 --> 01:25:27.525
On the actual,

987
01:25:27.605 --> 01:25:32.849
like looking just at the technology, like what has been built, How much further is there to go? Whatever.

988
01:25:33.010 --> 01:25:34.369
You know, we we've seen

989
01:25:35.010 --> 01:25:39.809
we we haven't seen them get off zero yet. Or get Do think it's more than five years?

990
01:25:41.010 --> 01:25:43.489
Yeah. It's more than Do you think it's more than ten years?

991
01:25:44.495 --> 01:25:45.375
I don't know.

992
01:25:45.775 --> 01:25:46.735
I don't know. Okay.

993
01:25:47.295 --> 01:25:49.614
We haven't seen counts ago. In more than five.

994
01:25:50.415 --> 01:25:51.295
Yeah.

995
01:25:51.295 --> 01:25:57.630
I mean, I again, it it's really hard to speculate because there's just no great information, but they they haven't look, they've built,

996
01:25:58.110 --> 01:25:59.870
they haven't factored a number yet.

997
01:26:01.070 --> 01:26:04.430
And they actually haven't factored a number yet. Right. And so

998
01:26:04.670 --> 01:26:13.515
they've claimed to factor numbers that have specific structure and they use part of that structure as a part of the algorithm they use. And then they actually don't really factor a number from whole clock.

999
01:26:13.915 --> 01:26:21.675
They've made major breakthroughs over the last few years. And that's, that's why it's become such a big topic. You know, forever it was the case that

1000
01:26:22.395 --> 01:26:28.390
as you, as you build more qubits, you need error correction to recover from the fact that your qubits are too noisy.

1001
01:26:30.390 --> 01:26:32.469
Prior to a few years ago,

1002
01:26:33.270 --> 01:26:39.670
the, every additional qubit they added, even if they used error correction, added more noise than the error correction could recover from.

1003
01:26:40.925 --> 01:26:49.245
That's no longer true at very small scale. So that's a major breakthrough, but at the same time, we're still at the point where we're talking about

1004
01:26:49.485 --> 01:26:52.205
one or two logical qubits.

1005
01:26:52.540 --> 01:26:57.980
We're not talking about things where you can actually build, do real computation

1006
01:26:57.980 --> 01:26:59.900
over a long period of time

1007
01:27:00.300 --> 01:27:00.860
with

1008
01:27:01.100 --> 01:27:02.860
lots of inputs,

1009
01:27:03.020 --> 01:27:12.375
with any material inputs, with any input. Like we're not talking about like, oh, well they can, they can do 10 logical qubits and run it through 20 gates. No, no, no. We're talking about

1010
01:27:12.855 --> 01:27:20.375
one or two qubits, not even a gate. And so we're just not at the point where we can start to measure progress once. And I think it's

1011
01:27:20.820 --> 01:27:23.620
very possible that this might start happening soon

1012
01:27:23.940 --> 01:27:25.060
where there's

1013
01:27:26.500 --> 01:27:34.180
there's starting to be progress, where there's like, okay, now we have three qubits and four qubits, we can build real gates that are doing actual computation

1014
01:27:34.755 --> 01:27:36.755
in like a very solid

1015
01:27:37.235 --> 01:27:40.675
in a very traditional quantum computing sense.

1016
01:27:41.554 --> 01:27:45.395
Not like, well, we have seven qubits, but we actually they're

1017
01:27:45.395 --> 01:27:49.635
not fully entangled, that we actually can't do real computation with them, blah blah blah. You know,

1018
01:27:50.920 --> 01:27:53.159
when we start actually really having

1019
01:27:53.639 --> 01:27:59.639
numbers we can measure, then I think we can start to have a much more informed discussion around timelines.

1020
01:27:59.880 --> 01:28:11.485
You know, we'll be like, okay, well now there's seven qubits and eight qubits and nine qubits and, and look, they can go through three gates. And we're doing real genuine quantum computation

1021
01:28:11.645 --> 01:28:14.445
with these nine qubits across three gates.

1022
01:28:15.565 --> 01:28:21.570
That at that point, we'll start to be able to plot a graph and then we can make speculation. But we just can't today.

1023
01:28:22.050 --> 01:28:28.210
Only an expert in quantum could really make some kind of speculation that's well informed at this point.

1024
01:28:28.850 --> 01:28:31.730
And most of them have a very strong financial incentive to

1025
01:28:32.635 --> 01:28:36.394
tell you it's definitely happening and it's definitely happening on a reasonable time horizon.

1026
01:28:37.994 --> 01:28:40.394
Yeah, mean a lot of investor scams out there.

1027
01:28:40.875 --> 01:28:43.354
Okay Matt, Yeah, I am I wouldn't invest in.

1028
01:28:43.835 --> 01:28:44.955
I mean I think,

1029
01:28:45.520 --> 01:28:59.440
whatever. I could be on the record that I think it's, if it's a real case, it's like ten plus years. And I think a lot of what you see out there right now is bullshit FUD. And maybe I'm wrong. Hopefully I'm not wrong. My whole family relies on this system working.

1030
01:29:00.395 --> 01:29:06.635
Yeah. I mean, you know, to avoid Lot of skin in the game here. We spent spent the whole time discussing

1031
01:29:07.275 --> 01:29:17.030
what to do when a quantum computer happens and and definitely not enough time discussing if a quantum computer will happen or on what time horizon. Mean, I mean I mean, it's just hard to It is.

1032
01:29:17.670 --> 01:29:24.949
Debate It's hard to speculate, it's impossible to speculate, but also I think that's the selling their Bitcoin because of this risk,

1033
01:29:25.510 --> 01:29:30.965
like, no. I mean Well, I mean, like, what's the Nick Carter tweet? The Nick Carter tweet was

1034
01:29:31.844 --> 01:29:32.885
let

1035
01:29:32.885 --> 01:29:33.684
me see.

1036
01:29:35.525 --> 01:29:43.289
You know what sweet I'm talking about? When he was like, watch out for the next couple of days. Like everyone's gonna dump because Bitcoin's not prepared for quantum.

1037
01:29:44.010 --> 01:29:47.850
Yeah. Well, then he was saying he was going to go talk to watch days

1038
01:29:47.850 --> 01:29:48.890
press

1039
01:29:48.890 --> 01:29:52.969
to get more people to dump Bitcoin, to make his prediction come true.

1040
01:29:56.385 --> 01:29:57.744
Watch what happens.

1041
01:30:00.145 --> 01:30:05.185
I don't know. But anyway, I think it was like the, like, actual Bitcoin price bottom. I think that might've been the bottom.

1042
01:30:06.480 --> 01:30:08.080
The local bottom of

1043
01:30:08.800 --> 01:30:12.800
runaround. The top is always hard, especially when you're trying to manipulate it.

1044
01:30:14.800 --> 01:30:15.600
But calling

1045
01:30:16.000 --> 01:30:20.080
the bottom, you just have to lose your mind and you'll probably call the bottom appropriately

1046
01:30:20.295 --> 01:30:26.054
in the wrong way. Yeah. It doesn't make sense to panic about this. Quantum computers

1047
01:30:26.135 --> 01:30:27.175
don't exist,

1048
01:30:27.495 --> 01:30:31.815
and I don't mean cryptographically relevant quantum computers, I mean quantum computers basically

1049
01:30:31.815 --> 01:30:32.775
don't exist.

1050
01:30:32.935 --> 01:30:40.260
They have quantum supremacy for very narrow niche things that aren't related to actual algorithms.

1051
01:30:40.260 --> 01:30:42.020
You know, when they start making progress,

1052
01:30:42.420 --> 01:30:47.300
great, we'll have a different conversation. It's worth doing things for Bitcoin so that

1053
01:30:47.855 --> 01:30:48.575
if

1054
01:30:48.655 --> 01:30:52.655
and when that happens, we'll be prepared and we'll have optionality

1055
01:30:52.655 --> 01:30:56.895
as to how to protect Bitcoin and make sure people get their coins back. But

1056
01:30:58.095 --> 01:30:59.295
it's

1057
01:30:59.695 --> 01:31:01.215
a long ways away and

1058
01:31:02.460 --> 01:31:11.179
they just haven't started making the kind of progress that it's really gonna let us track kind of when and how and whatever else.

1059
01:31:11.739 --> 01:31:12.539
Love it.

1060
01:31:12.940 --> 01:31:21.415
Okay. Well, Matt, thanks again for joining us and for being good support. I enjoyed the conversation. It was fun. It's a nice, you know, of pace between work freaks.

1061
01:31:21.415 --> 01:31:30.055
I think consensus is you should stay humble and stack sets about it. I hope you found this conversation helpful. All relevant links are still dispatch.com share with your friends and family.

1062
01:31:30.630 --> 01:31:34.230
Give me feedback, comment on the episode on master and

1063
01:31:34.630 --> 01:31:39.590
podcasting two point o apps. Love it all. Thank you. Stay humble stacks ads. Peace.