The year is 2030. NIST (National Institute of Standards and Technology) have deprecated RSA & ECC as viable cryptographic security for critical digital systems. China is 5 years into a ‘Los Alamos’ style effort to build a CRQC (Cryptographically Relevant Quantum Computer). Photonics, Superconducting and Neutral Atom quantum computing architectures have attracted billions of dollars of investment and are reaching the scale required to execute true quantum algorithms consistently. Q-Day is close, but not yet imminent.
This is not the bull case. This is the base case. This is what is going to happen.
So, how far are we from the Quantum era?
Quantum Computing is discussed amongst skeptics as ‘promised to be 10 years away since the time of Feynmann’ - this narrative has led to complacency.
We have entered a technology tree where that promise of 10 years away is no longer being made by quacks. It’s coming from some of the brightest minds in the world. Advances in mathematics, lasers, cryogenics and sensor technologies in the past 2 decades have begun a ‘perfect storm’ of ingredients for a potentially successful quantum recipe.
But the real accelerant has been the shift in capital markets and the mana of internet business models. Quantum has long been, and still is, an R&D project. A type of technology typically funded by the government - but as entitlement spending has crept up, and the voting population ages, core science funding has been more likely to go to disease prevention than it is to esoteric unexplainable quantum shenanigans. And so quantum was stuck.
Enter ZIRP and the cash printers of search, ads & e-commerce. Billions of dollars unlocked to flow into a range of speculative but potential yield producing investments. A flow of funds unimaginable in the early 2000s being poured into foundational science, searching for breakthroughs to enable the next New New Thing. This flow has seen beneficiaries in Artificial Intelligence, Space Exploration, Autonomous Vehicles and of course, Quantum Computing.
You might have missed it, but we’re now at a point where multiple Quantum Computing architectures are capable of true quantum behaviour. Some scaling, some in their infancy. We have moved from a science problem, to an engineering problem.
Engineering problems are a matter of time and capital. So the quantum era becomes a question of if, not when.
How will this era play out? Not like anyone thinks. There are numerous applications of quantum computing in fields like chemistry, simulation, optimisation, and most importantly on near term time horizons, cryptography.
The benefit of quantum computing is that you can take advantage of quantum states to do types of mathematics not possible in the classical world. Its arrival will be analogous to adding additional buttons to the calculator - one of those additional buttons allows for execution of algorithms capable of solving previously extraordinarily complex and time intensive problems in a relatively short amount of time.
This is a big issue for cryptography. Public key cryptography like RSA or ECC relies on the power of one-way functions - easy to run in one direction - effectively impossible in the other. Once we get quantum computers with the right power under the hood - RSA is cooked.
5 years out? Maybe. 10 years out? Almost certainly.
Does that mean your emails will be intercepted? Your credit card information stolen? Is the secrecy of the most sensitive government comms at risk? Not immediately.
The first quantum computers capable of this feat will be highly specialised. They will require incredible skill to operate. They will be extraordinarily expensive. They will also be extremely slow.
But, they will be capable. They will break the permanent trust the digital world has put in the power of one way function powered large keys. Once that box is opened there is no going back. The social risk comes before the breach risk - leaving some systems, particularly those with the hardest migration paths at most risk.
Bitcoin & Quantum - final step to timelessness
The greatest thing Satoshi did for the world was the immaculate conception of Bitcoin. The only truly decentralised blockchain, a gift to the cipherpunk world. The foundational layer for all that came after it.
The greatest dilemma he left the world with was who should steer the ship to guide bitcoin into the future. It has survived many threats; governments, criminals, forks, naysayers from across the world. Just as it is ready to take its place alongside gold as a timeless societal primitive - it faces its final boss battle. A battle talked about since its early days but dismissed as too farfetched.
When Bitcoin faces a threat to the technology that underpins its value, will its community align on the changes that are required to set it up to move beyond teenage years and have the potential to last longer than most countries?
Based on Bitcoin’s history, the answer here would be no. Rightly so, every small change to the protocol has been met with calls of heresy and schisms in the ranks.
To secure Bitcoin for the post quantum era, to lock in security for the next 1000 years, Bitcoin will have to make the largest changes in its lifetime. Entirely new crypto systems that are novel, quantum-resistant, classically secure, and inherently come with significant trade-offs; much larger key and signature sizes, slower signing and verification times, CPU and memory overhead will need to be integrated into the protocol. Bitcoin will likely have to support more than one of these new cryptosystems to hedge against unknown vulnerabilities.
There will be trade offs to be made on what to tackle now and what to kick down the road. There is an impossible question around what to do with dormant UTXOs that cannot opt into whatever upgrade path is chosen - prune them from the network or leave them to be harvested by future Quantum scavengers?
This leaves us uncertain that action will be taken before Q-Day. The moment it is publicly revealed that a Quantum Computer is capable of breaking a 256-bit ECC key.
But what might happen on Q-Day?
Firstly, on Q-Day you ignore the risk to the mempool. The first CRQC will be slow. It will not attack the mempool. It will go after UTXO. There are many to choose from if you have malicious intent.
If you’re a white hat, you want to make the world know what is coming and move them to prepare. You might do something more interesting - you might sign a transaction from Satoshi’s first address to ever transact on-chain. You might even sign with a profound and inexplicable message, something like, “My name is Craig Wright.”
This event will be met with massive fervor in the community, media and government. We believe this is the coming ‘ChatGPT’ moment for Quantum that will unlock the kind of dollars, eyeballs and talent that has so massively accelerated the AI wave we are in right now.
Now lets’ bring all this together. The first CRQC will be slow, like extraordinarily slow. It will be unreliable. It will require enormous resources to bring to bear on a real life problem. And so, dismissing its impact will be common.
‘Who cares? They hacked one address.’ ‘Move your assets to a new address without an exposed key’, ‘$40B stolen? The network has survived a lot worse’. ‘The mempool is safe for at least another 5 years.’ ‘ They didn’t even move any bitcoin - I’m sure it’s some rug.’
There will be those, even in the face of QDay - that will argue that we don’t need to change Bitcoin. And they are right. It will definitely survive that day. Certainly survive that week. Probably survive that year?
But the challenges with risk and human behaviours is that once you smell the smoke you want to be the first one out the door. You don’t wait for the firemen to come later.
This is the challenge of how Quantum Computing threatens Bitcoin. It is both one of the hardest unsolved technical challenges in existence that will unleash one of the biggest rounds of global multiplayer games imaginable, with the future of the most important crypto network hanging in the balance.
The efforts being made
NIST are leading the charge on this and their timelines, while on the surface look to steer people towards 2035 are actually phased from 2030 for migration to an approved post quantum signature scheme. Schemes that are mathematically secure but not information theoretical secure. For that we must go all the way to the Quantum Native era.
Project Eleven aims to bring quantum cryptanalysis research from behind closed doors at the NSA and GCHQ and bring it into the open so that we better understand the coming threats alongside building products to facilitate the coming transition our most important crypto systems will have to make.
Unfortunately, this problem is a lot like building a city atop a fault line before you understand the science of earthquakes. Build the city with the information you have available. If someone pitched you on rebuilding your San Francisco home's foundations in case of an earthquake in 1907 you wouldn’t think the hassle was worth it. Only after the event occurs do humans take action. This is one of those moments and we do not have time to waste.