What will Quantum Computing Change?

All of our systems, every single one of them, is at risk when we're in a post quantum world. Most of the classical cryptography community that deals with certification and key exchange protocols knows this very well, has been working on this for years. They already have protocols that they could use if quantum happen tomorrow.

Unlike the foundations and communities that govern most of the crypto infrastructure, the Bitcoin community is fairly fragmented and a lot of the big voices are very opinionated. And so they're the cultural elements is the more I think important factor in the theorem. It's a technical element that really makes a big difference. There's so much stack to change. So you put it all together in these Rd.

Maps seem to be converging somewhere around 2030, where we're going to have enough logical qubits in play to threaten our elliptic curve. Welcome to Epicenter, the show which talks about the technologies, projects and people driving decentralization and the blockchain revolution. I'm Sebastien Quito and I'm joined by my Co host Brian Crane. So today we're speaking with John Lulick. He's an OG in Ethereum space,

been around for over 10 years. He's previously a consensus, was part of Polygon and has been talking to Brian and I about about quantum cryptography and crypto for a little while now. And so we wanted to get him on on the show to discuss, you know, his thesis for for quantum and how it it could impact the crypto industry. And then we'll also have Stefano Gogiozo, who's a researcher in quantum cryptography. He's a department lecturer at Oxford and he's the Co founder

of Neville local. They're a company that are accelerating real world applications in quantum computing. Hey guys, Thanks for joining us. Hello, hello, hello. Great to see you. Guys, yes, pleasure to be here so. Before we get into the nitty gritty about quantum computing and how to fix crypto, because I mean, it is a really super complex topic. And I think like we all have a little bit of a grasp about like what it is and how it works.

But it's, I think, you know, for myself and a lot of people, like super hard to kind of comprehend what quantum computing is and how different it is from your regular computing and what kind of applications do you have. But before that, this episode is brought to you by Gnosis Building the Open Internet one block at a time. Gnosis was founded in 2015 and it's grown from 1 of Ethereum's earliest projects into a powerful ecosystem for open user owned finance.

Nosys is also the team behind products that had become core to my business and that are so many others like Safe and Cow Swap. At the center is Nosys Chain. It's a low fee layer one with 0 downtime in seven years and secured by over 300,000 validators. It's the foundation for real world financial applications like Nosys Pay and Circles.

All of this is governed by Nosys Dow, a community run organization where anyone with a GNO token can vote on updates, fund new projects, and even run a validator from home. So if you're building a Web 3 or you're just curious about what financial freedom can look like, start exploring at nosis dot IO.

You know, I want to ask you, John, what got you interested in quantum computing and what convinced you that this idea of quantum native finance is something that's interesting that we should be looking at, that's possibly investable today and that it's something that will last into the future?

Yeah, no, no, great question. So, you know, it's kind of like, I mean, we've known each other a very long time and going back to, you know, the beginning of all this stuff, Ethereum and so on. And I remember many years ago, Brian and I were hanging out, I think we're in Germany with Carson Shtooker and a few other people. And we were talking about how amazing smart contracts are and like how everything's going to change, etcetera. And it was like very exciting and new.

And we were just, I mean, just so happy to die to all this stuff, right? Fast forward to today, to some extent, I feel a little bit saturated, almost like, well, at least in a theory. And what we're trying to do is just figure out how to re hypothecate things. And it's not nearly as cutting edge as it felt maybe, you know, 7-8 years ago. And so last summer or last year, I guess it was late summer, early fall, I met Stefano and his Co founder Fabrizio and I met a few others.

I call it the special Venn diagram, these folks who are quantum physicists, computer engineers and crypto natives. And that's when I had like a mini panic attack, almost like a existential breakdown moment, when in reality, you know, I learned that the quantum ecosystem is much more dynamic than I had realized up to that point. And I say this all the time. It used to be in the back of my mind that it's, you know, 40 years away.

It's going to be this gigantic machine that looks like an alien spaceship that Google builds with the NSA. And I don't need to worry about things. But in reality, again, if you look at the ecosystem, there's of course the big tech companies and Google and IBM and Microsoft, etcetera. But then you've got this tremendously dynamic mixed startup ecosystem. You've got, you know, Sai Quantum, you've got Ion Q, you've got so many of these innovative companies, Oxford

Ionics, etcetera. And so you sort of then look at, let's say, the capital markets or the, you know, venture fund ecosystem and you've got the biggest sovereign wealth funds, the smartest capital who have for a very long time been investing in the space. You know, the UAE, for example, with their sovereign wealth fund has been investing in global

foundries for a long time. And then you look at the policy side of it and it's kind of like you got top, let's say, policy makers, politicians, etcetera, in in top leadership positions, you know, like Governor Pritzer of Illinois shilling side quantum all the time. They're building this massive facility in Illinois and so on, you know, elected officials, government leaders all over the world and all the major

companies. You look at what's going on in China, etcetera, and you start to realize that actually this is super dynamic. There's a ton of capital coming in. The regulatory and let's say government will is there. The private sector, both with big tech companies and with startups is extremely dynamic and moving very, very quickly. And the researchers are just tremendous. You meet some of these people and they're incredible people, very focused on this stuff.

OK, So what does that mean for us? Well, like in my case and probably many others, you know, watching this, I mean, to some extent or a large extent, our life kind of depends on ECDSA, you know, whether it's our asset base, our career, I mean, even just crypto being a part of your daily life that you enjoy, you know, participating in this ecosystem. And that, as it turns out, is a byproduct of it's a, it's a, it's a target of this like incredible ecosystem that's advancing.

And I understand there's maybe contentious views on the actual utility of quantum computing, whether it's in material science or pharmacy or just making logistics better, etcetera. I don't think it's so contentious. But in any case, it doesn't matter because our elliptic curve that secures everything. And what I mean by that is, you know, if you know my public key, well you, you're never going to guess my private key so long as I secure it properly.

But with this technology emerging, then that becomes a very different, you know, reality, right? Which is to say, if you do know my public key, you can potentially crack my private key. And so putting it all together. And what I like to say also is you got to look at all the road maps. Because it is indeed true that the startups have a great incentive to say things that sound exciting 'cause they're

constantly raising money. But I don't think DARPA has that incentive or TII, which is kind of like the NSA of the UAE. The SEC just put out a, a, a pretty significant bulletin. You look at, you know, BlackRock increasing or you know, substantially enhancing their quantum risk disclosure. I don't think Google or Microsoft has a has a reason to pump things unnecessarily, NVIDIA etcetera.

So you put it all together and these Rd. maps seem to be converging somewhere around 2030 where we're going to have enough logical qubits in play to threaten our elliptic curve. So that's kind of, yeah, the realization I had last last

summer, last fall and Stefano and Fabrizio and every local really helped me understand a lot of things and and for that I'm very grateful. Yeah. I mean, I'm, I'm a bit like you I guess. But I guess earlier in the in the exploration of this, I mean, I remember like just having some high level thing of like, oh, quantum computing could break cryptography.

And I remember actually, I think I bought some coin ones that was called quantum resistant Ledger. That was like, you know, probably like 6 or seven years ago because I was like, oh, that's and then never heard from it again until I think I really spoke with you. Maybe it's worth just explaining to people that risk very briefly, right? So the risk of, you know, today, right, people are familiar, they have a seed phrase, right in many cases.

And then the seed phrase, you can derive a private key from that. And then with the private key, right, you can sign a transaction and then the transaction basically is or the private key is associated with a public key. And then you can, you can let's say half sort of, you know, one big point associated with Republic key move to private key. You can sign that transaction, say, hey, I want to transfer

that Bitcoin somewhere else. And then someone else can go and take that transaction and they can cryptographically verify that, OK, this is really that private key that's associated with that public key. And you know, that's, that's what the whole thing relies on, right? The whole crypto space. So can can you just explain how? How could quantum computing break this?

Yeah, I mean, the the way I like to say it is OK, by the grace of God, if I'm lucky enough tomorrow morning to wake up, still be alive, two things will be true, right? The sun will be shining and my Bitcoin or my ETH or whatever will be secure, provided that I manage the private key in like a

safe fashion. And so for example, you get crypto steel, you put your seat phrase on something like that and you put that in an underground vault somewhere in Switzerland that you know is very hard to access. And you take safeguards to ensure that your private key or C phrase is never in any sort of digital form that can easily be stolen from you. Like, you know, people who have been the past put, I don't know these files in their e-mail, for

example. So as long as you take those safeguards, then basically tomorrow morning when you wake up, your Bitcoin will still be there. However, and, and it'll be very, very, very hard for anyone to like determine your private key based on your public key, OK? Even if you take all the classical computing in the world today, you put it all together, it'll still take billions of

years. And that is the thing that we rely on. OK, Now what we're talking about here is basically a massive threat to that security

assumption. That gives us all comfort in the event that this ecosystem continues to develop to a point where we have sufficiently powerful enough quantum computers that can run certain types of algorithms wherein just with your public key in a very short period of time, maybe on the order of hours or, you know, minutes or, you know, even less in the future, again, contingent upon this technology maturing.

And this is like a hard problem. I'm not saying it's a piece of cake, but but if that state materializes, then you don't have that comfort anymore. Even if you take very strong precautions to protect your private key, it can still be basically calculated by these computers and somebody or some malicious actor could then get your private key and move your Bitcoin or ETH or USDT or whatever. That's as usual, basically just brute force, right?

You'd say like, hey, I'm gonna like get a transaction and then I'm gonna make up a random private key and I'm gonna create the sign, the transaction of it. I'm going to check. Does it verify? And then, well, it probably doesn't. So I'll try another one. I'll try another one. Now, normally with a normal computer this will take like forever, but with a quantum computer, you could do that fast. That's kind of the. Idea.

Now that's the issue, correct? We are relying currently on primitives, cryptographic primitives that are susceptible to this type of computation, provided that you have a sufficiently powerful quantum computer. And that assumption is the thing that makes us all sleep at night and gives us the confidence to build a multi trillion dollar

ecosystem. And if that confidence is shaken or threatened without, you know, us taking the kinds of measures that we need to take, then exactly what you described is the problem. So now I'd like to hand it over to Stefano and maybe let's get some clarity on quantum computing. What is quantum computing and how does it enable, you know, basically what John is is talking about, which is the ability to brute force a private key in a way that you can't do that with a regular computer.

Yeah. So the the question about the nature of quantum computing itself is, is quite interesting. There is a sense in which physicists, fundamental physicists, would say quantum is the real way the universe computes. And it's just that our classical computing has been built upon an abstraction that is very stable. So we can have trillions, quadrillions of bits very cheaply. We can do trillions of computations per second in our large machines. And we do this with very little fault.

There's few errors. Errors are very rare unless you're in hostile environment such as space or under certain sort of ruggedized conditions. But ordinarily our current civilization relies on the realization that if you engineer

matter and electricity, so matter and energy to interact in a certain way, that it's very stable and it can be used to do a lot of things. That's great. Underneath it, though, the world, the rules of the universe are quantum. So quantum is the most successful physical theory we have, by far the most successful physical theory. It explains almost everything

that we want to derive. It might be hard to write down exactly the explanation, but in principle people believe that up to some details it could be used to do so. So really, quantum computing is mostly an engineering effort.

It's pushing our ability to make matter and energy, typically photons, but there is various ways to do this, do things for us. It's the original view by the early fathers of quantum mechanics was that really what quantum computing does is give us control over reality at its

most fundamental level. So in that sense it's the most general description of quantum computing is you have very fine grain control over the way that nature works in some really small setting, some really low energy settings, superconducting circuit school, near absolute 0 individual atoms, individual photons, which enough precision that the noise doesn't run out the entire computation and makes it useless.

Now what people did over the years, that was the original view of what quantum computing should do. And for many years, I think sixties, 70s, people just thought, OK, one day we might have control over nature and we will. Do you know what physicists want to do? We will predict the outcomes of very complicated physical experiments without having to do them. In particular, we can understand chemistry and advanced materials, things that we can't

simulate. And that some people came from maths and computer science and started realizing that really some of those fundamental ways that matter evolves can be used to do some interesting computational tricks. One of the most famous ones is Shor's algorithm. Shor's algorithm does not really factor numbers in its entirety. There is a very specific sub problem of number factory. Number factoring is considered hard.

It's the basis of RSA, and one of its generalization is the basis of elliptic curve cryptography. Which ultimately brings us to crypto. But really the observation by some very clever people is that there is a little core inside the problem. There's one sub routine which relies on a specific property of numbers, of national numbers, the way they multiply. And if you could do a certain kind of Fourier transforms, the same that we use to change and clean up signals.

It's what this podcast will use to clear up our voice track. In the end, a very basic piece of technology, but if we can do some of it fast, exponentially faster, then we could factor numbers real easily. And it turns out that quantum computers are very good at doing that. It's part of the natural evolution of quantum systems.

To be able to perform some of these transformations, you put them in the right configuration, and by themselves they would do it. As long as you can control the revolution without too much choice, then that's what the machine does. And this observation was then turned into a larger algorithm that can factor numbers, very large numbers with thousands of digits.

That's Shor's algorithm, and then derived algorithms that actually factor points on elliptic curves, which are the algorithms that give us quantum risk today. So ultimately, like quantum computing is just about controlling physics, which is a fantastic endeavour in itself. One of the byproducts, and I think by far the least commercially interesting to these companies, they really don't. I mean they say they use it as a benchmark quantum computing manufacturers, but that's not

really a product they will sell. They're not going to go and say here I'm going to factor some large numbers for you. They want to sell chemistry applications, materials applications, pharmaceuticals applications, optimization in some cases. But one of the byproducts that was discovered in the 90s is that indeed you can use it to break the primitives that we use for all of our cryptography today. And maybe we can go into the specifics of why this is relevant to crypto in in a

follow up question. Yeah, yeah, we definitely want to go into that in in a bit. But I would love if you could expand a bit more on, you know, you mentioned like material chemical. I am like lots of different, like, let's say this quantum computing, you know, it comes about, what do you think the impact is going to be on the world? And you know, maybe in five years, 10 years, 20 years and, and on different, different

areas of society, like how, how will normal people feel about the world so different now all of a sudden because like quantum has like just changed things. There are many fields. I think it's worth making a distinction between quantum computing, which today really means universal quantum computing, which is a huge multi like multi $100 billion field that has been developed for the past 10-15 years.

And quantum cryptography, which is a younger field that is currently in its early phases, even though some of the companies have recently exited for a few 100 million valuation. So that's, that is already quite a lot of investment. But I would say in terms of what we could do there, it's we're still quite early on. So going to quantum computing, which is what most people talk about these days, there are maybe 3 or 4 major areas if applicability that would bring a

direct impact on people's lives. It's not going to be in 20-30, it may be in 20352040. It really depends on how quickly they can reach the correct scale. They are applications. It used to be that they some of these companies sold applications in terms of enhancing AI and enhancing optimization. That was the big hype in like the early twenty 20s.

That is no longer believed to be the primary revenue stream for many of these companies because optimization problems, to be competitive with current classical optimization techniques, require hundreds of thousands of cubits, logical 10s of thousands of logical cubits. The number of variables that you'd have in one of these problem solution techniques that we use today would have to map essentially to qubits. And that is that's a scaling that would take a while.

In terms of AI, there used to be a speculative belief that there could be an advantage in using quantum systems for quantum AI, and that's been scaled back a couple of years ago. There's results that say that, yes, but mostly for physics problems, not for general purpose problems. And also we are literally in the AI boom. We have like trillion dollars in data centers being built on a weekly basis and it's very hard for quantum computing to compete

with that in the short term. Maybe in the long term it will, but in the short term that's that's difficult. Where it really seems that quantum computing will have a direct immediate impact is applications where you are trying to simulate some complicated physical system that doesn't quite simplify well with existing techniques. So if you want to do material science today or advanced chemistry today on fairly large atoms or fairly large molecules,

think nuclear chemistry. Nuclear chemistry involves really complicated atoms. They are very heavy. They have lots of electrons. They get to the point where the electrons behave relativistically. You need to take into account the fact that there's so much energy concentrated in the atom and they're so fast. The quantum computing revolution in that sector will be having machines that are are able to just reproduce a physical

system. You make like a digital twin of a quantum system, and then you configure the machine to evolve the system like it would in real life under real conditions, more slowly, typically because you want to observe it or you want to ask certain questions about the evolution, like it's energy, like the strength of certain bonds, but you can reproduce.

It's like a lab simulation, but it's a simulation that doesn't incur an exponential slowdown because it's made of the same matter The slowdown is there's a factor, of course it's slower because it's the machine you need to control it. It has fewer degrees of freedom, but it's not exponentially

slower. And this is what it will really make a difference when you have large molecules and you want to study interesting quantum effects that make them activate in an unexpected way, say metal organic frameworks in carbo capture. That was one of the early

examples people wanted to study. That's something that quantum computers with sufficient degrees of freedom could do with it. And so that's where I think most of the money will go in the early days because they don't require 10s of thousands of logical qubits. Even if you have a few thousand good logical degrees of freedom, that is so much more than we can simulate with our classical techniques that it will already enable us to do more chemistry, more materials, more, more medicine.

So that's, I think that's what it will have the earliest impact, but it's not going to be something you're going to have on your desk anytime soon. Can you explain what is a qubit and a logical qubit? Think that distinction needs some clarity? Yeah, I think that's one of the big controversial points in in corporate announcements these days is the how many logical qubits do we have?

There are obstructions maybe that it's worth starting with that there's no such thing as a qubit, but in there's no such thing as is a qubit in the same way as there is no such thing as a bit, right? There's not one bit. There are many technologies that when obstructed a certain way, give you something that behaves as a bit.

Typically you need some some physical system that has two well defined States and you have to have some way of moving it between the states, putting many of the systems together and change them together. That's how bits work. Like you have many technologies that implement them and all you

need are some basic requirements. Similarly a qubit is an abstraction. Quantum systems have a lot more degrees of freedom, but what you do is you take a system which has 2° of freedom, like 2 sufficiently separated energy levels or a photon that has like polarization in two orthogonal directions, something like that. And as long as you can modify those degrees of freedom in a practical way, and that's where all these technologies come into play, not everything is easy to change.

Then you have a cubit, like a cubit is a physical system with two sufficiently well defined states which you can modify at a quantum level. So without making it collapse into one of the two states, but maintaining the all the various other states that are physically possible. They're called superpositions typically. So that's really the physical side of things. And I think most people in quantum computing or quantum information are happy to leave that to the hardware people.

Like somebody comes up with a new idea for quantum hardware, the first thing they do is tell you how to build qubits and how to perform certain basic operations on qubits. And then everybody else uses that as the basic of structure layer and builds on top of it. So there is really like the hardware people deal with making the like secret sauce, the basic building blocks. And then people build algorithms

on top of that. But then there's the question of are these qubits sufficiently stable? Can you modify them without introducing too much noise, without losing too many of them? If their photos, photos are hard. I mean, photos are great because they travel for really long distances without interacting with anything else, right? We have photos from 13 billion years ago. We have photos from the time of

loss scattering in the universe. And we, we still see them as they were, but they're very hard to catch and they're very hard to do operations on because they travel very fast. And so every, there's always a challenge. All of these architectures are a compromise between how many operations you can do, what kind of error rate you get and, and so on. If you want to get from, you have your, let's say you have your Google chip, right?

It has a bunch of qubits on it. The hardware people made them and there's maybe 100 or 200 of them, and they're very noisy, like the operations very quickly disturb them After a few dozen operations, you lose pretty much every information. After a few 100 operations or even a few thousand, that's not enough to do anything useful. And So what you do is you say, OK, can I take all of these like 100 qubits and take a slice across their space that's robust to noise.

Like I create an error correction code, but a quantum 1. So I don't just check for the errors. I really try to look at the whole space of these 100 qubits that has two to the 100 dimensions. It's humongous. And I try to find a 2 dimensional slice, so a tiny, tiny slice which is really robust to noise, where I can easily correct errors. I can bring the states back to this lies very effectively. And this is the foundation of

quantum error correction. And one of the key results in quantum error correction is that the moment that you hit a minimum threshold of accuracy, so you your operations go below a certain error rate, then error correction starts improving itself. So there is a point at which if your error is higher than this threshold, then the error correction procedure introduces more errors than it can correct,

and so it will ultimately fail. And there's, if you're below this threshold, then the error correction will remove more errors than it itself introduces. And so you can just make your computation longer and correct errors forever. It's called the threshold theorem. And this is the basis really of quantum error correction. Now this is what Google trusted when they say that they almost got 1 logical qubit.

What they mean is that they are close enough to the threshold with their hardware that soon, I mean a year, 2 years, but soon enough they will be able to perform correction faster than errors accumulate. But there are other ways of making these error correction codes, and some of them don't really correct all the errors. But maybe you have 30 physical qubits and you have a code that corrects 5 errors out of 30. That makes it look like you have 30 logical qubits or 25 logical

qubits. But really you don't. Not in the same sense as the Google qubits too. And so there's a lot of subtleties in how people count this. The real question is ultimately, can you make these logical qubits, these sort of error corrected abstractions in such a way that they individually behave as single qubits would with no error or exponentially

small errors. When the answer to that becomes yes, that's when you get the logical qubits that are considered in these Shor's algorithm estimates. So people say, how many logical qubits do I need to run Shor's algorithm? The answer is typically a few thousand. And then you have to think, OK, a few 1000 logical qubits really mean a few hundreds of thousands if it's one to 100, a few million if it's one to 1000, really depends on the architecture.

But you have to multiply by some large factor to estimate how many physical qubits these companies have to manufacture before they can run this kind of schemes. And then there are some additional improvements that

people have made over time. You can connect smaller modules and the way that these qubits are put together can be made more performing than just building a large chip. All in all, the the strategy is always trying to figure out, can I build enough physical qubits such that they have a sufficiently low noise and I take enough of them together and I can collapse them into fewer logical qubits. But they're really, really good, yeah.

This is one of the things I say for, you know, us regular kind of crypto ugents who are, you know, thinking about this stuff. There's certain checkpoints, things you look for, OK, error correction is one of them. The Google Willow news was really big. I don't know that everybody really understood it. Stefano explains her very elegantly. But when we get to that point, that is one of the key requirements.

And I think it's going to be one of the massive accelerators of our ecosystem really waking up. I mean, it's a critical component and everybody's working on it, so. John, earlier, you know, we were talking about the, the state of quantum readiness in the crypto space. Like by your estimation, what does that look like? How many projects are taking quantum seriously in order to prevent some of these, these attack services that we, that

we, that you described earlier? And yeah, what's your, what's your sense of, you know, how this, how this space is treating or addressing this issue? Well, let me preface by saying I have a tremendous amount of respect for all the researchers, Ethereum Foundation, Solana, everywhere near, etcetera. I think those are wonderful people.

However, in my opinion, just my opinion, but I think we're in a woeful state and I'll give you some concrete examples on the Ethereum side, you know, the whole vertical program just got cancelled not too long ago. And actually Stefano and Fabrizio, Stefano's partner for many years was, you know, telling these guys, hey, you're going to have to redo the plumbing eventually. They figured it out.

But you know, after however many years, however much money and more importantly, precious research, you know, researcher time. So even just getting blockchain networks and ecosystems to understand this risk, take it seriously and invest accordingly U to this point, I don't think that's happened to to sufficient scale, not even close. We are starting to see some early indications. Let me give you another sort of simple example, and this is just my, you know, dummy D Gen. math here.

But let's say we have a $3 trillion ecosystem. Let's say you ascribe a 1% chance to, I don't know, the ion Q road map being accurate, which calls for 2500 logical qubits in 2028. And let's assume that results in 100% loss or close to it, OK, in terms of crypto market cap, because I think that if confidence is shaken in our elliptic curve, you know, capital is going to flee very quickly, OK? Rationally, you sort of take 3 trillion * 1% * 100% loss. We should be spending 30 billion

a year right now on this, OK? We're not spending anything. You look at, for example, Bitcoin and there's a guy named Hunter Beast, great guy of lot of respect for him and he's leading the BIP 360 initiative. And you know, a few other people as well in the mix, you look at a guy like Jameson Lopp. Jameson Lopp, I like to say is the most constructively correct Bitcoiner I know. I mean, he's technical, he's

rigid, he focuses on security. I mean, he's a great Bitcoin ambassador and he's come out over the last few months, you know, at conferences and so on, surfacing the risk and I think talking about it in a very articulate and truthful manner. And you know, it's no his, it's no secret, right? I've had lots of fights with pixel Bitcoin maximalist over the years, but a lot of Bitcoin maximalists have turned into like fundamentalists where everything is a scam and they

just reject everything. And I understand there's utility in that. I mean, it's it can be an important thing because, you know, you just sort of hold your Bitcoin and you don't get duped into like rug poles with all these other meme coins and so on.

So I get that. But when you just outright reject everything, including like these technological like innovations where basically you call physicists and serious people grifters, what happens is it lowers the rating is potential for Bitcoin itself as a community to accept what's

going on and take it seriously. And so, you know, there is a political or let's say, community based component to this because it's not like banks, Oregon financial institutions where I mean, they can upgrade in a much, let's say, more simplified path because they don't have decentralization, they don't have coordination problems like we do or coordination costs. So even getting communities to

wake up to this is, is hard and has been hard. There is some, let's say, progress recently. And then when you get even deeper into it and you sort of dig through all of their Rd. maps and implementations and current, you know, working groups and so on, there's very little, I have to give credit to the Ethereum Foundation that just had an event in Cambridge. I, I tweeted about it and stuff and it was really excellent. Vitalik, you know, is signalling their intention to be quantum ready.

Justin Drake and some others, Antonio who leads the Ethereum Foundation as as their lead quantum researcher. Wonderful guy by the way. So there there's things happening there on the Solana side, as far as I understand. I talked to Matt Zorg, great guy, VP of technology. They're they're prioritizing BLS. My understanding the current state is very hard or not really knowing how to aggravate post quantum signatures, certainly not at the scale that they would need and BLS in any case would

need to be redone. I can understand and why they're going in that direction now in terms of performance and obviously that's Solana's edge. But if you have to then redo the plumbing a couple few years from now and at the same time the point Stefano just made about error correction, we start to see these headlines coming in of like these, you know, tremendous innovations. You then have to pivot very quickly. And the problem there is you

would have lost precious time. And you go down the line. And, you know, I mean, not to denigrate Justin Sun in any way or anything like that. I mean, I think he's a great businessman. But like, Tron isn't exactly a bastion of technological innovation. Exactly. And yet it hosts, what, $100 billion worth of stable coins and so on, right. So the problem is quite complex. You look at Etherium and this is the analog I like to use as far as our L2 ecosystem, you know,

path. I mean, when when we launched Etherium, it was 1024 shards of the L1, we're going to have this world computer and so on. But the reality is that proved to be very hard. And then a couple few years later we get, you know, maybe 1 Shard and now this kind of like L2 ecosystem and so on. And even that's taken 7 or 8 years. And there's a lot of controversy around how efficient, you know, that technological kind of delivery challenge has been executed against. OK. So this is hard.

It's complex. It requires users to take action. It requires a lot of social coordination across multiple networks. And I say this, that we're all in it together. You look at Bitcoin, most Bitcoin price discovery is against stablecoin pairs. Like, not a lot of USD is actually traded against Bitcoin. Where do all those stablecoins live? They live on other networks.

So it's all intertwined. And I think when you look at it in aggregate, you know, our ecosystem is just that the genesis of taking this seriously, woefully under invested in this space. And you know, half of the people in our communities think this is all a grift and a scam. So I'm not super optimistic at the moment to be perfectly honest with respect to our quantum readiness. So. Let's just, I mean this scenario we talked about beforehand, right?

Where basically someone can calculate, you know, someone who doesn't have your private keys can create a transaction to basically move your bitcoins to somewhere else, right, to their own address. And now I mean that of course, I mean seems to I, I guess there would really be a kind of a flip right where like from one day to the next, basically the entire network becomes like untrustworthy, right?

Because like someone could move all of like Satoshi's coins and your coins and my coin and why is anyone going to buy any Bitcoin then if they can just be taking in a way again, right? Like, of course, that also brings up the question, oh, like, how can you benefit from that as an attacker? Well, probably the best way would be just a short Bitcoin,

right? If you could go like very short Bitcoin on some like traditional financial system options, short the ETF or something, I guess I don't know because like stealing the Bitcoin is kind of pointless now. Depends if you're caught. Right. It depends if you're caught. Right, If you of course, if you're early, right, like let's say you, you, you have the keys beforehand and you can steal some and you can sell it and you can do it before people realize what's going on.

Then then maybe there's a high Yeah. And you could, you could probably do some sort of data analysis, right? That you're going to go try to steal some that people hopefully will not realize that there's because they're not paying attention. I mean, of course you get asked to Toshi's coin, although people will watch that. Yeah, I think that's that's what you say when. OK, I think John is is also sold on this scenario. You wouldn't move them immediately. You you do this in a secret way.

You do it on coins that have not been moved for a while. Probably nobody would notice and it would be one of those news a whale finally decided to move their Bitcoin. Is it quantum? Is it not quantum? Do we know? I'm not sure people would immediately suspect it. And you could go on for quite a while and you could make quite a lot of money outside of the ecosystem in the meantime and then? You could really go with this, right?

Because I mean, maybe you think no one is noticing, but then like, you don't really know, right? And then it's pretty quick. I mean it. Well, let me, let me, let me paint you another picture in terms of a state actor. And I wrote this article. It's an open letter to JD Bands. I'm sure he'll never see it. He was at the Bitcoin Vegas conference.

He said, OK, putting Bitcoin into the US economy with all these ETFs and all these financial products is an advantage over China because they're not doing it. And China's never going to embrace Bitcoin and crypto because they're afraid of capital flight and they have these control mechanisms. OK, I accept that is generally true. However, if you accept the potential for let's say, another big pump in our ecosystem, we

get to 10/15/20 trillion. Now there's so much, so many trillions leveraged into the US economy with Bitcoin as the underlying with all these stable coins, etcetera. For a state actor, Bitcoin becomes a military target. Now here's the thing, Bitcoin will not, in my opinion, warrant a military response or any kind of detente. OK, you don't send a nuke into the US 'cause you can be sure they're going to send 1000 back at you. So there's a detente and nuclear attacks don't happen for that

reason. Bitcoin is not like the CIA, it's not the Federal Reserve, nobody owns it. And so it becomes the perfect military target in that scenario. As a state actor, what you're attempting to do is 'cause damage into your rival or adversaries economic system and if we have trillions leverage into our system and now Satoshi's coins.

So this is an example of wanting to do a quantum attack, not necessarily to profit, but to cause maximum, let's say, cascading waves of liquidations and so on. And in order to cause economic damage. I can imagine a certain scenario where, you know, the PLA assigns

their quantum cloud to the Lazarus Group, who obviously, you know, has been very adept at crypto hacks for a long time now for this purpose. Moreover, when you look at other networks, Etherium hosts all the stable coins. Excuse me, Etherium is a nonprofit foundation in Switzerland. OK, Switzerland is not going to go to war with China or North Korea or anybody else over an

attack. To that kind of an entity, same thing with Solana and so many of these other things which are constructed as offshore nonprofit foundations, OK. There is no Detente element to, you know, basically preventing an adversary from causing economic damage as we continue to lever up the stuff into our economy. And no question, I think if the capability becomes available, people will use it, I mean for whatever motivations they have.

But is there, I mean, what is the way to deal with this? Can you can you somehow upgrade let's say Bitcoin or Ethereum to prevent that risk? And how would? Some of it, some of it the the reality is that some of the risk comes from attacking addresses and getting, you know, compromising the part of the stack that's the cryptographic at the station. That's where you sign transactions. That's where you sign operations

on smart contracts. That can be fixed because what's happened until now is recorded on the Ledger and as long as we switch to quantum resistant cryptography, we can prevent it from happening in the future. There are challenges there which we can discuss. It's not a straightforward as changing the public certification stack that we rely on for Internet or or any of our secure transactions. Although that's also non trivial, but people have talked more about it because. Crypto is like.

No, sorry. Yes. Oh yeah, OK. This is not crypto. This is everything like you connect to a website, you use HTTPS. That's how these days you rely on the fact that there's not going to be somebody in the middle altering your transmission. Now once there's the initial phase really of the of the communication, which is where you establish A symmetric key, that is done by using certificates. So things that rely on public key cryptography that are

quantum weak. If you get into that stage, then that's it. You can play like you can play replays, you can put yourself in the middle of a conversation and pretend to be both parts. You can do whatever you want. Our entire technology relies on this. Updates to Windows rely on this. Updates to anything actually rely on this. Signatures are like digital certificates and the chain of certifications that we have created are the basics for the entire world communication

network. And so that's all week. So why are it's easy to think it's crypto? I mean, it's a when, when John and I were talking about this a couple of weeks ago, my argument was that like, you know, crypto in, in comparison to everything else that can be impacted by this is such a minuscule kind of part of the economy that that effects a minuscule portion of the population. When in reality, it's like all of our systems, every single one of them, is at risk. When, when when when A post

quantum world? Yeah. But if you think about it from like let's say wealth perspective first of all, right. And I mean, I guess a lot of people here, probably a lot of people listening, right, they will have a lot, lot of their assets in in crypto. So if that just gets wiped out to zero, well, that's pretty significant event. It is pretty significant, but I mean, I got like chaos in the streets starts happening much earlier when like everyone's bank accounts don't work right

Or like you see what I'm saying? Like, I mean, there's like much more visible kind of risks to the entire global economy with very little functions. For most people, if their coins are gone. Right, I think. But the reality is that there's really three, well, 2 main reasons why this is different. The main one, the really big 1, is a cultural one, or political I, I don't know how we want to

call it, but let's say cultural. Most of the cryptography classical cryptography community that deals with certification and key exchange protocols knows this very well, has been working on this for years. They already have protocols that they could use. If Quantum happened tomorrow, they would be able to deploy the changes to the browsers. They're already experimental features of some of the major

browsers. You can enable it yourself if you want to try it. They wouldn't incur a huge computational cost, blah blah blah blah blah. There's a lot of things that they've already done. Unlike the foundations and communities that govern most of the crypt infrastructure, the older, more traditional Web 2 infrastructure, let's say, is handled by people that already took this very seriously and already like plugged the holes

to some extent. It will be problematic if it happened from one day to the next, but you have centralized authorities, you have banks that would just refuse to transact for a day or something like that. But really, too OK, this is a cultural problem. We could solve it tomorrow. We could all agree that quantum risk is real, and tomorrow we do something. What do we do? How do we switch the cryptographic primitives used by web tree? Because web 3, unlike web 2, made its most of it.

Maybe not its entire fortune, but most of it from very clever new applications of cryptography. Some of these are really really sophisticated, like it's elliptic curve cryptography. Used to do lots of fancy stuff like 0 knowledge proofs. Now not not all of them are ECC

based, but some nice ones are. We built an economy on advanced cryptography and therefore there's a lot of primitives that people from outside web tree don't really care about it, like they've not worked on it because they don't need them. And so it's up to the chase that use them to figure out how they're going to replace them in a quantum resistant way. This is what the Cambridge workshop for the Ethereum Foundation was about. It was figuring out which parts

of the stack need changing. What are the candidates and how we can do it in a way that makes everybody happy? And so even if everybody suddenly believed that quantum risk is real and they understood the potential impact on the economy, even if they all agreed to do something, which is super hard because the entire point of the centralization is that there are so many different voices and so many different opinions that have to sort of coalesce for something to happen.

Even then, it would be challenging to change some of the infrastructure. But for example, for Bitcoin, most of the risk is in one place. It's in the at the station part, it's in the signatures. We could agree to pick one of the new schemes and that might be relatively easy. There are there are various mitigations and there are proposals that have been put forward that are really well studied that would fix this in

one way or another. But the problem there is the Bitcoin community is fairly fragmented and a lot of the big voices are very opinionated. And so they're the cultural elements is the more I think important factor in Ethereum. It's a technical element that really makes a big difference.

There's so much stack to change. So my question here, so let's say if you look at Bitcoin, so it's what will be needed that, you know, the core developer make some changes to the Bitcoin protocol and maybe the wallets and the miners obviously have to like switching new software, something like that.

Or is it something where, you know, you didn't also need to have, you know, the individual Bitcoin holders, you know, kind of take action and, and like, let's say, for example, transfer their coins to, you know, some kind of new accounts that are now quantum proof? Yeah, you'd have to depends on the proposal. There are proposals that are less invasive, but to some extent at least some of the users would have to make active migration. That is the biggest of it. Actively migrate.

And if you can steal the coins of those who don't actively migrate. I mean, that's like almost impossible. How do you like imagine it from from the point of view of how the game would look, you changed. Let's say that everybody agrees we have some new system. However, it is some new system that we put in place at some point. We fork Bitcoin, we patch Bitcoin, everybody migrates. Now we have a new authentication system. There's a new cryptographic at the station that is quantum

secure contour resistant. How do you make sure that you migrate the wallet contents from the old system to the new system? Whatever you do, somehow each wallet owner has to establish that they are the owner of the new system. Now for many of the accounts, this is doable by relying on something which is already

quantum resistant. For example, the derivation of the private key for many modern wallets comes from a seat phrase, and you can build proofs that you know the seat phrase coming up. Like going back to the seat phrase from even the private key is hard. And so in some derivation branches, but they, they exist,

people use them. And so you could in principle say, OK, if you want access to your funds again after the fork, you produce a proof that you knew the, that you knew the seat phrase without revealing the seat phrase because that would break the security of your account. Some proposals exist. I, I think Vitalik backed one some time ago for Etherium that would do something like this. That's fine, except for the earlier accounts that we're not based on this particular mechanism.

And for those, what do you do? Do you freeze them? Do you return the coins to the ecosystem? Some of those may legitimately be dead and never used, and so taking them out of circulation might be a way to handle it. The threat that they would have to be burned might be enough to push the original owners to do the migration. But at the same time, for some of these people, revealing that they are the owners of those coins is a problem. And they do have a private voice in the process.

And they might just oppose it. Or there's just the legitimate concern that this might fail in some way, or it might impact some people too heavily that have a stake but not a visible one in how the ecosystem is updated. So it's it's challenging. At some point something needs to be done to link the old, the old proof to the new proof, because the proof has changed. And anybody, otherwise anybody who has a quantum computer could just say, oh, yes, I am, I am Satoshi. Hello.

Now, probably that wouldn't be believed or it would be subject to huge scrutiny. But there are many such cases. Not a huge majority, not even, I don't think it's a large minority even, but enough that we are still discussing how to do this. There is a privacy component to this as well that I think I certainly didn't realize. And it's this idea that you, you can harvest large amounts of encrypted data, doesn't have to be crypto.

It could be anything. It could be your signal chats, could be your, you know, encrypted vaults on cloud storage and that when quantum computing is here that we'll be able to decrypt those. And John, you've, you've talked about allegedly governments and and sort of the nation states acquiring and harvesting tons of encrypted data for potential decryption later. How big is this threat and what do we know about it actually happening right now?

Well, that's a great question. So let me start by saying I'm a big fan of Monero and Z cash and you know Zuko and and so on and all those communities. OK, I had a conversation on Twitter with fluffy Pony recently. I guess he goes by just Ricardo now, but I was thinking of as fluffy Pony great guy. And I asked him point blank and to his credit, he was very upfront. They have a road map OK for post quantum. However, it cannot account for the past.

OK, so if you are using Monero today, it's broken, in other words, and I'm not saying look, privacy is normal. I'm not saying it's not. I'm saying that it's also easy to infer that probably some people are using, you know, something like Monero in an illicit way. And it's no fact, it's no secret.

I mean, this isn't me saying anything controversial, but the Dark Mark is favoring Monero. So anyone who's using it right now for anything illicit, the tax avoidance, selling drugs, whatever, they don't have a way to obfuscate the past, meaning that in the future when they go post quantum, the past can be ultimately revealed. OK, so in a sense, Manero's already broken from that standpoint. And, and this is coming straight from Fluffy Pony.

I mean, he tweeted at me and I could, I could send you guys a link later and I read their stuff and everything and they have a great road map and so on. But this is an issue, right? So basically it's very simple. All of the encrypted communications, transactions, etcetera happening now, which are indeed currently safe and secure that can be harvested. And I'm certain, I mean, I think it's preposterous to think it's not being harvested and then later it can be unlocked and revealed. OK.

So that is a big problem that currently exists. I think specifically as it relates to the scenario I just described for certain kinds of transactions. I'm not sure that people understand this issue yet, but that is another kind of meta that I think will enter into the ecosystem at one point in the not too distant future. I mean, if I can add one more point to that, this is a

problem. Again, it's useful to compare the issues we have in Web three with the issues that exist in the broader economy, in the broader Internet, in in Web 2 technologies in what we use today for everything. It is a fact, an established fact, a certain large government organizations have been harvesting lots of data, but that's mostly data that's in transit.

And so while it is easy to harvest to some extent for somebody who is really tapped into most of the global notes, it is not necessarily easy to harvest it in such a way that you have all of the pieces that are necessary to ultimately decrypted. We've been using sort of forward secrecy for a while in classic Web 2 communications. There's this problem has been known for decades. It wasn't patched immediately, but it was patched a while ago.

There's also a lot of private data though, and that private data is technically somewhere some data center at if you're a bigger government organization, perhaps you can compel the company to give it to you, perhaps you can't. Some of these companies are compliant. Other companies make it business point to not be compliant and so they will try their done. It's best not to make that data available in such a way that it can be easy to decrypt.

There's a challenge. There's a cost associated to doing this at scale. In classical infrastructure, we built an entire ecosystem where we keep all of our data on a large database that's distributed across 10s of thousands of nodes for the very purpose of making it available to everybody at all times. It's literally the way we structured our application C web tree that anybody can get the whole history of Monero from the very start.

In fact, they have to if they want to run a full node from the very start and they can just, you know, keep it. All they have to do is ask someone else who has it and they will get it. So it's very easy. If you have a quantum computer and you're a private company and you're not, let's say a large government organization, it's really easy to at least do this. You can very much take sufficiently powerful computer, 1015 of them. You run a full node for each one of the 15 biggest things and

then you keep it synced. That's all you have to do. You keep them in like a small warehouse for the next 5-10 years. And when you have access to quantum computing capabilities, you start decrypting from the start. And most of that will probably be useless. It's just people who wanted privacy in their transactions or their communications and not all of it. Some of it will be criminal.

John correctly says there. Some of these technologies have been used for illicit transactions to various degrees, like not everything is arranging assassinations. There's also some like, milder cases of tax optimization, let's call it. Let's take this the least problematic 1 is still interesting to governments because they're like, OK, yeah, this person is not going to go to jail, but we're simply going to send them a bill for the money that they haven't paid yet.

And there's a revenue in that they might be like willing to pay a private company to provide this data. But more interestingly, these platforms are used by people who don't trust traditional infrastructure because not because they're doing something illicit per SE, but because they're doing something which is not OK with the current government or with other governments they might be exposed to. So think activists, think resistant groups. We have a few active conflicts

in the world. Some of these people coordinate through encrypted channels that rely on liptic cryptography. Some of the information exchange will be relevant in five years or even in 10 years. And so that information is already broken. If you are a previously focused application today and you settle your services as privacy basal elliptic curve cryptography, I mean, you're putting some people in danger, significant danger if the information has to remain

private for sufficiently long. We don't know how long, right? We don't really know if Psych Quantum has quantum computers today. They don't have public machines, but they did start building fabrication centers. They have their fabs. So exactly how far can they possibly be with the investment they have? Maybe they will not get there. Maybe they've already gotten there. The point is, you might not know

for a really long time. Yeah, when I was, you know, after I spoke with John in in Cannes and afterwards I mentioned it to a few people, right, sort of in the next day, you know, what about quantum? What do you think about the quantum rest? Like talked a little bit about the conversation, you know, kind of, you know, technical L1 founder, so a bunch of people who are like, you know, sort of that very technical key crypto people.

And and I think that the most common response we got about was like basically, and you know, I remember John, you were saying like, well, it could be like 2028, right? Like it like a few year or maybe 20-30, but like it was close, right? So I think the most common response I got was again, yeah, I'm aware of quantum and I know it's a problem and then I know it will come. But like it's way further away, right?

It's more like, you know, 2035 or like it's, it's basically far enough away that like I don't really have to worry about it now. I guess that is like really the crux of the question, right? Because if it is 2028 pretty close right now. I remember actually, you know, I think you John was saying like, well, I don't really want to invest in anything where I'm going to be locked up for four

years, right? Because like that might be, you know, my mean you're going to be locked up when when sort of that happens. So yeah, I would love to get your takes on on this timeline. Like what do you guys personally think is likely? And and how wide is the range here in terms of opinions that the experts have? Well, maybe I'll give market oriented answer and and Stefano can give you a much more detailed answer.

But OK. One of the things I say is in my opinion quantum readiness will be one of the most bullish indicators of price going forward. So if you're an L1 founder or community, there is a tremendous incentive in my opinion to signal quantum readiness and indeed, so here's the scenario. Ethereum is quantum ready, Solana is not. Two years from now, some big news comes out of a breakthrough and smart capital allocators. You know, you look at a guy like Givgani, Gachberg, RE-7, you

look at Gauntlet, etcetera. They're deploying hundreds of 1,000,000 billions of stable coins in the Defy and generating yield and building great businesses. This is smart money. They're going to look at something like that and they already are starting to pay attention to the stuff and they're going to say, OK, all the TVL we have on Solana put that on Ethereum even though we don't have. One that that relies on that two

year. I mean, the the thing of quantum readiness being a real factor only only is the extent that people think it's a massive issue and it's an issue soon, right? If people think it's an issue further down the line. And of course, it also depends on what do you think other people think, right? So correct. That is true. But here's the thing, and I wrote this article called the

institutional force function. Now that public companies and all these big institutions, they have fiduciary responsibilities. And so the quantum risk disclosures, you know, BlackRock significantly updated and others, etcetera. If you're, if you're one of these institutions, you definitely don't want to be sued in the event something happens.

And when you're in a situation where like that event, when that will happen is unknown, but you have pieces of information like Google Willow was a big piece of information. The point Stefano made earlier about error correction, if we get to that threshold and we see that also proliferate, right? It gets public and everyone talks about it, that is another

point of information. So in terms of reducing your liability for these large institutions, you don't want to get sued where somebody says, well, you had all this information and you didn't take action. OK. So there's a lot of motivators that I think will flow funds to networks that are quantum ready, even though we don't exactly know when something might happen as we keep going along and we get more and more information, more and more news and so on. And just one more quick point to

make on that. As far as when and so on, I don't think it's a conspiracy. And I think Stefano agrees that the first run of this kind of capability will go to the military intelligence apparatus, you know, the CIA then and say whatever, etcetera. OK, you look at the example I use is the Sr. 71 Blackbird, that super futuristic spy plane. They started building that in the 50s.

OK, when you look at it today, it looks like an incredible modern aircraft, but you know, it flew at Mach 3IN in in the 60s and 70s and so on, right? So I think advanced states of, you know, basically strategic technology is something that, you know, these governments definitely, you know, focus on.

So what I'm saying is I don't think there's any good reason to suggest that we're going to know, OK, in some very public way when this capability exactly exists, because I think it'll go to this military intelligence apparatus first, and they may have strong incentives to keep things quiet. But here's another scenario, and this is about confidence.

If the confidence, if people start to get nervous, that's enough for cascading waves of liquidations and the prices to trend to 0. Even if your coins are quantum safe, but everybody's scared and you're holding your crypto and it's just losing 50 percent, 60%, etcetera, that's already bad enough. And what I'm saying is when you look at, for example, Ross, OK, and the Silk Road thing, the FBI

agents went to jail too, right? I'm not accusing any government official of doing something nefarious. I'm just saying there's a lot of different ways this stuff can leak. And so even if the military intelligence apparatus gets the capability first and somehow that gets out, that is enough to cause concern and a loss of confidence. Anything along those lines will start to send prices trending down.

And that's when I think smart money allocators and others, they're going to just, you know, not have as much risk on chain in various positions and so on. So that is another element to this too. Even before we have the quantum computers, that perception and that is definitely an unknown and it's something that I think people are going to start factoring into their risk calculations.

Stephanie, I want to give you the opportunity to also talk about Neverlocal and this idea of contextual cryptography. Yeah, what? What is what? What is your vision for Quantum Money and how are you guys building this? Yeah, First, I I'd like to add 1 like the technical point to what John just said just briefly. We don't think that quantum risk will come in the early twenty 30s because we have some opinions with most of us are

scientists. We look at what the progression is, what the timelines projected by the companies are and whether they're on track. And if there's a line that kind of goes straight and it continues to go straight and the points continue to fall on the line month after month, year after year, and there's a spread across some companies, but they're roughly all in the same neighborhood. I mean, then you draw that line to like the twenty 30s and you ask, when will we hit the magic number?

And that's not in the 20 forties, that's not in the 20 fifties, that's in the mid twenty 30s. Very realistic. So I just wanted to say it's there's a lot of perception risk. Like people at some point just switch and say, oh, this is real because of some announcement, because of some demonstration, because of some sudden information. But even if you don't have that, you just have lines going up

pretty much on track. You have the cost of the algorithms going down because people make more and more efforts to make them practical. Now that the end is insight. And I mean, you draw an intercept and try to figure out roughly where they meet. There is the risk is there. It's not it's not really a matter of opinion anymore.

It's a matter of, I mean, people publish timelines, Dots fall on timelines, Timelines say 2035 S In that sense, it's a, it's a simple consideration to make these days. There's so much progress that you can track it. It will happen. Maybe it won't happen. There's going to be some roadblocks, who knows, But there is some numerical evidence. 5 But then who knows, it could be faster. But 35 is where roughly they go.

But they might have an acceleration, they might not be telling you exactly what capabilities they have or they might be lying about it. That's also possible. They might just all be over hyping what they're doing. There's a spread of course, but at the very least we know that in principle that's the that's where the line hits the target.

But yes, sorry, never local. So this is where we switch from quantum computing to what I initially said is, is quantum cryptography, which is slightly different discipline, slightly different investment pool more than anything else. The underlying technology is similar in many ways, but the applications and potential customers and the efforts to bring it into the world are different. They're they're at the different stage in terms of development.

They're different in terms of the applications that people want. So the state of things today is that there's quite quite a few providers of quantum network infrastructure. What people call the quantum Internet doesn't yet exist, but there are small versions of the quantum Internet. There's large companies, Toshiba, Mitsui that go around and put some small geographical fiber optic networks in place for some early customers that buy access to these networks and use it for some prototype

applications. They go to some company that sells them some quantum key distribution equipment of more or less accurate versions. And they, I'm not sure what they do with it, honestly. They they try to integrate it with their infrastructure and they start seeing what the challenges are and whether they could use it to get more secure communications. The state of it is there is one large company that that makes quantum key distribution

hardware. There are many smaller companies that make quantum key distribution hardware. The large one, the most well known one is ID Quantique. ID Quantique was acquired maybe was it 2 1/2 years ago at this point by SK Telecom for around fifty $60 million. That was the valuation at the time. It was recently sold to Ion Q for $250 million. And that's a fairly strong indicator that if the ecosystem is growing, then there is an interest in having applications

running on this ecosystem. Some of it is academic or government LED. China has the largest network for this kind of applications on the coast. It's a mix of fiber optic and satellite based. There's some Europe, there's some in the US, It's growing. It's very early stage. What we realized when we started thinking about what do people do with quantum technology in cryptography with Fabrizio, was that there is really one application that gets sold, which is this quantum key

distribution. It's a quantum version of the key distribution protocols that we use today to secure our communications. It's establishing symmetric keys, but it has in principle a very useful property, which is called the vice independent cryptography. It's device independent security. It's the idea that you can establish these keys without

trusting the hardware. So imagine that you you're a large organization and you want to put a significant amount of money on some private communication between you and some other parties. You're a casino, let's say in the in Switzerland, and you don't want to be exposed to supply chain risks, which today I really very much a possibility. You buy some specialized chips from somebody. If there's enough money, someone will try to put a backdoor on it.

So you don't want that. And you say, is there a way to do so where I can verify that the protocol works, I can test it and I don't need to trust the manufacturer or the people who shipped it to me. And the answer to that is no if you use classical hardware, but yes, if you use quantum hardware, which is really revolutionary. It's a big difference between classical and quantum cryptography. You can reduce the trust to operating the protocol, but not the hardware that implements it.

And quantum key distribution is sold with this promise today. But really the versions that are sold make a certain make compromises to become practical already, and those compromises erode some of these security promises to some extent. But in principle, you could make it so that there is no trust left in the infrastructure. There is no trust left in the

hardware. You as long as you operate it and the counterparty operates it, and you both make sure that the environment in which you operate them is secure, something you can do in your basement, let's say, or in your data center. Then the rest of the network is obstructed away and you don't have to care. You don't have to care about people splashing into your fiber

optics. You don't have to care about people bugging or backdooring the hardware that was sent to you, because the protocols exploit fundamental properties of quantum systems in such a way that you can get security out of fundamental randomness, as it's called. It's it's an interesting technological advancement.

I watched one of your talks and the way you describe Quantum money I think is sort of resembles a little bit the idea of cash where when you accept like a 5 year old bill or a dollar or whatever, you don't need any external verification to verify that these funds are that, that this is a legitimate payment instrument and that you now own this payment instrument, which we we sort of need with with block chains, we need that

the verification of a consensus. Whereas with Quantum money you wouldn't need that the owner, the very ownership of the instrument would be an indicator that it is legitimate and that you own it. Is that a good way to look at it? Yes. A simplified way to put this is to say that you can't clone quantum states. That's the toy version of quantum money. You have a. It's one of the fundamental properties of quantum states that the information encoded within cannot be copied.

You can modify it, you can destroy it, but you can't really copy it in a deterministic way. Now, of course, this is too simple. It's the basis of the original protocol for one to money, but it's too simplistic for practical 1 to money. And so you have to do other things to make it practical. But ultimately it is yes, it's truly peer-to-peer digital cash. That's the that's the way to put it. It's something you want, you

want cash to be digital. You want value to be transferable both locally and across networks, because you don't want to be bound by the fact that we are physical beings carrying a wallet around. Otherwise it's easy that that's cash. You wanted to be unclonable. You wanted a value to be anchored to something which retains like the truth of who owns it. Ownership has to be unequivocal. You cannot manufacture new currency. You cannot copy the currency you have. The cash you have is the cash

you have. Of course, physical cash like let's say paper banknotes are an approximation of that. But over time we have evolved mechanisms to protect the copying of value in lock step with the technological advancements of the various eras that we've gone through. So we had things that were hard to get, then coins which had some manufacturing techniques that made them recognizable, then we made banknotes, then harder banknotes, then more

security features in banknotes. And we are today with our current cash. What we did unfortunately in the move to the digital commerce world, so in the digital commerce era, is to sacrifice quite a lot of these features. The ability to transact without intermediaries, the ability for self custody, all of these were features of cash for ages. You had your own value. You carry it around, you can

give it to anybody you want. There's pretty much an agreement that that is the value and it's for prices to determine the exchange rates. But but the value of the bank note you carry around is almost undisputed. When we move to digital commerce, we decided to sacrifice some of this for transactability across distances. We created intermediaries and those intermediaries got more and more control over it.

And we lost quite a lot of what we had with physical cash to the point that today if you talk to, let's say mainstream finance analysts, the commonly held view is that cash is essentially an obligation by somebody to pay you. That's that's how they see cash. They say, OK, cash is not really cash. The value is the network value and cash is the obligation to somehow be able to redeem it, which it didn't used to be the case. You could carry around cash that the bank didn't play any role.

If once we centralized cash, it was the pound, you didn't, it didn't matter whether you were banking with Barclays or with HSBC london-based. That's why I'm picking like UK banks. It didn't matter you you went to the shop and you paid with the with the bank. Nobody cared where it came from and it wasn't an obligation by a specific bank. Now we turned it into that and that has a number of side effects that we may or may not

like. And what are the things that can be done with quantum technologies? Restore most of those properties is make something which can retain value because it cannot be copied and can be potentially

carried around. If we improve certain parts of the quantum information, quantum cryptography stack, the Harbor stack enough, we could even have it in our pockets in wallets and retains the digital nature that our modern worldwide Internet based commerce demands where you want to be able to exchange value across a distance as well as in person.

And so it's hard to design something like that classically because classic information can always be copied and so you have to rely on something on top of it. Consensus is the solution we came up with in Web Tree. Thanks. That is, that is very, very interesting point. And I feel like at some point it will be, you know, worth going deeper and maybe doing some follow up conversations on that. And I think on sort of the possibilities that get unleashed with Quantum, we've gone for a

long time. We just want to maybe one very brief last question for you, John. You know, we spent like 2-3 minutes on it or something. So you know, you're obviously an investor as well, right? So you've been investing in crypto for for a long time. What is like how does that impact your approach to investing in your portfolio sort of all your your knowledge and your views on the impact of quantum? Yeah. I mean, you know, I think about

it as a paradox. On the one hand, you know, it's kind of like there's this and you could look at it at a governmental level, for example, ADGM, and I've talked to them about this. They're funding investment into quantum computing. And at the same time, they're developing this crypto ecosystem. Everybody's in the UAE, and so they're funding their own demise. And so you need a hedge, OK. The hedge is, first of all, knowledge to the best of your

ability, understand this stuff. You know, this kind of a podcast is 1 great start. Everybody who is in our space and went deep into understanding smart contracts and ZK and all these things. They have to start to understand what, you know, quantum information systems mean one time programs, one time applications, etcetera. OK. And so the knowledge base has to go up. But then aside from that, you need to act. In my opinion, you need to put

together a plan, OK? I believe that we are still safe for quite some time. I think we have another big let's say pump left in our ecosystem, maybe a couple. I think we're going to get to 10 trillion, maybe even 30. And so definitely I want to participate that and I continue to, you know, hold Bitcoin and other assets, Ethereum and so on. I continue to invest in projects, but the time horizon has changed.

Yeah, it's true. Like I don't really do crypto VC deals anymore if like my tokens are four or five years out from now. And as a VC you assume that risk and that's fine, but not if these assumptions around security are in question. And so that's one change, okay. Another change is I've definitely pivoted. I mean, I did the precede round for never local. I was very fortunate to be in that position. I'm actively looking at other areas, you know, in a similar

kind of direction, right? I think it's very hard to get into the big quantum deals, but you can do things like buy shares of side quantum and secondary markets and so on. So I think constructing some part of your portfolio to cover this as well. And then, you know, closely monitoring, I mean, I've, I'd coded this silly little thing, it's called quantumready.info, you know, and I'm trying to kind of like basically show the readiness of all the different

block chains. I monitor that stuff on a daily basis. In the event that I see things that I deemed to be like significant in terms of, yeah, like Stefano said before error correction and so on, then I have this knowledge base to inform what I'm going to do with my crypto assets. I right now in this moment would be lying if I told you that in 2028, for example, I'm going to be comfortable like I am now having my, you know, wealth on

chained. So maybe at that point I kind of step back a bit, go off chain, go into quantum safe bank account and just observe and see what happens, right? I don't know, maybe, maybe not. But I think it's very important for all crypto investors to not have it. Just in the back of their mind is this vague, nebulous idea of like 40 years away and then just be comfortable with that. It's exciting and it's interesting and it's intellectually stimulating to learn and get into this stuff on

a daily basis. And then it helps inform how you construct your portfolio and manage your risk. And I think that's like the appropriate way to think about it, at least for me at this. Time Well, thanks guys. Thanks for this very lengthy conversation. It's been really, really fascinating and I think we will need to touch back touch, touch base again in the future about this topic as as things continue to to evolve.

So John, keep us updated on the latest and and Stefano would be happy to have you back on at some point as well to track progress on Never Local. Thank you very much to you both, it was a pleasure.