Translator: Baihua Blockchain

Will quantum computing truly kill Bitcoin?

Don't jump to conclusions. When Google's quantum chip paper sparked panic, when Michael Saylor casually said "a hard fork can solve it," when "Q-Day" became the nightmare that the entire cryptocurrency circle is most reluctant to face yet cannot avoid — this debate about the life and death of digital assets has just begun.

In this in-depth dialogue, Alex, the CEO of Project 11, confronts a question most people hide under the carpet: quantum breaking is not about "whether it will come," but "when it will come." He will tell you why proof of work is safer than proof of stake, why Satoshi's wallet might be attacked first, and why "waiting until problems arise to hard fork" could be the most dangerous idea.

This is not an apocalyptic prophecy, but a roadmap for action. Keep reading, and you will see the only way a blockchain can traverse the quantum storm.

The Real Threat of Quantum Computing: What Are We Really Worried About?

Host: Alright, everyone, welcome to the Tokenized Tower. Alex, welcome to New York. Are you a resident of New York?

Alex: I’m just visiting. I live in a small town called Bozeman in Montana, just outside Yellowstone Park.

Host: Nice. Clearly, quantum computing has been very hot recently. Project 11, which you lead as CEO, is directly addressing this issue. For a long time, the blockchain and digital assets space has been fearful of it. Now some big figures have stepped up, like Brian Armstrong and CZ. Perhaps we should start from the basics: what is the current state of quantum computing? What is Project 11 doing?

Alex: First, it's important to clarify: currently, there is no quantum computer capable of breaking Bitcoin or other digital assets. This is a concern about potential future scenarios. Project 11 was established to enable digital assets to defend against future quantum threats. Over the past few years, this threat has become increasingly real. Scientists from institutions like Google have demonstrated that the resources required to break Bitcoin's underlying cryptography are decreasing. The blockchain relies heavily on public-key cryptography, and because it is a decentralized system, the repair process will be more complex. This is the core motivation for founding Project 11.

Host: There are differing opinions on the severity and urgency of this issue. What’s your personal view?

Alex: I think it’s both critical and urgent, without needing to set a specific timeline. We don’t know how quickly scientists will realize this technology. Look at AI; there was little progress for many years, then suddenly it exploded. Quantum computing might follow the same path. Its impact on blockchain is potentially fatal. Blockchain primarily implements identity and authentication using public-key cryptography. If a quantum computer can deduce a private key from a public key, it gains everything. This undermines the entire philosophical foundation of "ownership" in cryptocurrency. Because the threat is critical, we need to prioritize addressing it urgently.

Can Bitcoin Save Itself Through Hard Forks? The Debate Between Proof of Work and Proof of Stake

Host: A few days ago on the Bankless podcast, Saylor said he was not concerned about this issue, suggesting that the Bitcoin community could simply hard fork the solution without needing your company. He acts like the central commander of Bitcoin.

Alex: Saylor is a great salesman in many ways. If simply saying it could make it true, we would have been on Mars long ago. I don't deny that it can be solved; I'm not a doomsayer. I believe we can overcome this issue. Yesterday at the MIT Bitcoin Conference, someone asked me to rate the probability of Bitcoin’s future survival, and my score was 10 out of 10. The question is how much chaos we want to endure. Everyone hopes for a smooth transition, but even if Saylor is right, it doesn’t mean we don’t have a lot of work to do.

Host: There is a common belief that proof of work is more sensitive to quantum computing than proof of stake. Is this statement accurate?

Alex: It’s inaccurate. In fact, proof of work is safer than proof of stake. Proof of work uses hash functions, which are currently not feasible to attack with quantum methods in the short term. Proof of stake involves a bunch of validators signing each other, and those signatures can be forged, which is exactly how assets can be stolen. All chains face fundamentally existential challenges; I wouldn’t say one chain is better or worse than another.

Host: So that’s a misconception.

Alex: In my view, yes.

The Difficulty of Migration: No Chain Is Truly Prepared

Host: What is the logical process of building a quantum-resistant blockchain? For example, Starkware recently published an article discussing how they would go about fixing Bitcoin. Is it just a one-click hard fork?

Alex: Some people think that no one is working on post-quantum cryptography for Bitcoin, which is false. Starkware's article is one example. But at the same time, I want to say that it is far from enough. That paper describes a method using very complex techniques that require spending a lot of money to run GPU hours to prevent your coins from being stolen all at once. If you make one transaction, you can ensure safety, but the next transaction would expose you again. And this is completely useless for coins where the public key has already been exposed, like Satoshi's coins or exchange wallets. What makes cryptocurrencies unique compared to other systems is that there are many layers to consider. All protocols need to be changed, all smart contracts need to be redeployed, and all users' balances need to be moved from one place to another. Even the migration from Ethereum 1 to 2 and Bitcoin's Taproot has never reached this scale. There is still an enormous gap between what we are currently doing and the real goals we need to achieve.

Host: Now there are two forces negating the Lindy effect of blockchain: one is AI white hats, who can very quickly find any bugs in smart contracts; the other is quantum computing. Is there a relationship between AI and quantum?

Alex: People will use AI to accelerate various tasks in quantum computing. On a higher level, they are two manifestations of the same thing: the cryptography we currently use does not have mathematical proof of eternal security. With the emergence of quantum computing and advanced AI, attackers will continue to evolve. This doesn’t mean blockchain will die, but it means that "sanctification" will become extremely dangerous. One of Project 11's core philosophies is "crypto agility": you must have the ability to rapidly and seamlessly replace different cryptographic assumptions.

Host: As a user who has completed thousands of transactions, how will my experience change in a post-quantum world?

Alex: First, taking Bitcoin as an example, most addresses are hashes of public keys, and hash functions are relatively safe against quantum computers. But in cases where those public keys are exposed, such as an address that has sent funds twice or Satoshi's coins, there is a risk of attack. In contrast, for smart contract chains like Ethereum, the situation is different. Because we use an account model, there are more public keys exposed. After migration, post-quantum cryptography will have higher costs, signature sizes will be larger, and Gas fees will go up. The excellent features of threshold signatures and multi-signatures brought by elliptic curve cryptography may not be directly transferable to a post-quantum world. If we deploy all post-quantum solutions today, the user experience will deteriorate compared to now.

Zcash, Algorand, and Ethereum: Who Has the Advantage?

Host: Zcash is quite interesting from a post-quantum perspective. Can we say that Zcash is much more resistant to quantum attacks than Bitcoin?

Alex: In my view, no. First, currently, a lot of ZEC is not in shielded pools, but is public, which makes it similar to Bitcoin. Second, after multiple upgrades, Zcash has several old shielded pools that heavily rely on elliptic curve assumptions. Exploiting those assumptions not only potentially leads to theft but also to the creation of money out of thin air, and this is not detectable. No chain is truly better or worse; everyone faces the same types of issues.

Host: Google mentioned that Algorand is a leader in quantum resistance among blockchains. Do you agree?

Alex: Every chain has its vulnerabilities. Algorand has implemented post-quantum transaction types based on the Falcon algorithm, perhaps leading a bit in terms of “having something for users to migrate to.” But how many people are using it today? Very few. Falcon, like all other post-quantum signature schemes, is larger and slower. We are far from having it sorted.

Host: Google also mentioned another three or four small companies, which caused a surge in their value that same day. What are your thoughts on these companies?

Alex: Their idea is to directly create a brand new quantum-resistant Layer 1. But the challenge lies in the cold start problem. If you’re a new chain, you must convince everyone to sell off the assets they have already decided to hold. I want to particularly emphasize Ethereum; I believe they are doing a relatively good job of formulating solutions. That Google paper was co-authored by Justin Drake from the Ethereum Foundation. They see this not only as a threat but also as an opportunity. Ethereum has already prioritized this matter well internally. Of course, just talking about it without action is mere posturing; we need to look at actual results.

Host: Do you really think Q-Day will happen? In your mind, is it certain that it will come?

Alex: There is no guarantee that quantum computers will definitely exist. Personally, I think the probability of them emerging in the next decade is greater than 50%. There are several reasons: quantum computing has made significant progress in the past two years; expert estimates for Q-Day are continually decreasing; roadmaps from quantum companies show that they expect to reach the required number of qubits by 2030. Of course, it's also possible that fundamental physical principles will prevent it. But betting against it not happening is a bad idea because if you’re wrong, trillions of dollars in value will vanish.

Host: Many people view Q-Day as the worst-case scenario for cryptocurrency. And you have strong reasons to believe it will come.

Alex: I like to say I’m the most bullish person in cryptocurrency. I acknowledge that quantum computing is an existential risk, but I fundamentally believe that blockchain will play an increasingly important role. Project 11 was built for this purpose. When I’m asked at conferences, “What should people do?” I say: first and foremost, protect your assets. We cannot fall into the bystander effect; we must work to ensure the system survives Q-Day.

Host: But if Q-Day really comes, wouldn't there be far greater problems than the trillions of dollars worth of assets on the blockchain? What about banks, governments, telecoms?

Alex: I believe this is a myth. Many systems in the world are indeed exposed to quantum attacks, but the difference is that most systems are under some central authority. For example, in the Swift system, if there are unauthorized transactions, they can simply roll back. Central authorities are capable of coordinating responses, and cryptography is just one layer of security. But none of that exists on the blockchain. Furthermore, one reason the blockchain is particularly vulnerable is that it's hard to predict what the gains from an attack would be, but I can tell you now the potential gains from attacking Satoshi’s wallet. So, will the first entity to have a quantum computer attack Bitcoin? From an economic rationality perspective, it’s hard to completely rule out that possibility.

Host: But even if it happens, won't that cause the entire network's value to drop to zero?

Alex: This point is contentious. Within the Bitcoin community, there has been long-standing debate about whether to burn Satoshi’s coins. The reason to keep them is that we, as a community, have no right to take coins from legitimate holders. There’s a profound philosophical conflict. We must start now if we don’t want to respond hastily. Waiting and making the wrong judgment is the worst outcome, but starting early and making a mistake wouldn’t be such a big deal.

Host: But we may never know. It could always be “coming soon.”

Alex: The most important thing everyone should remember from this episode is: we may never know. Precisely because of this, we should proactively protect the networks we all cherish.

MicroStrategy’s Stretch Product and Portfolio Thoughts

Host: Changing the subject, I want to talk to you about the Stretch product. Yesterday it had a transaction volume of one billion dollars. Can this be sustained? Can you start by introducing it to us?

Alex: My understanding of this product is that it is essentially a note you buy to earn about 11% interest. You give Saylor cash, he buys Bitcoin, and theoretically, when Bitcoin appreciates, he uses the increment to pay your interest. It’s a self-fulfilling prophecy. The challenge is that these “unlimited printing machines” only work when everything is rising and not falling. What happens when it starts to decline? We have seen many cryptocurrency cases, like Terra Luna. I don’t think this comparison is fair, but everyone is indeed comparing the same concept. It works until it stops working. Leverage is leverage; it always has the potential to go in the opposite direction.

Host: You previously expressed the view that Ethereum may have more advantages than Bitcoin in the quantum race. Has this changed your portfolio configuration?

Alex: That’s a great question. Personally, I think the Ethereum Foundation has been proactive, acknowledging a risk that I strongly believe in. So this has indeed made me hold a larger position in Ethereum than before. Additionally, Solana deserves recognition; we have collaborated with them to implement parts of post-quantum cryptography on their testnet. I’m bullish on any blockchain that matches market needs with products today and has a credible path to survive Q-Day. If the quantum narrative keeps some institutions on the sidelines, then after we solve this fundamental issue, prices may rise higher than they would have otherwise.

Host: Do you think this is more of a concern at the institutional investor level?

Alex: Yes. Institutions are currently driving the market. Blockchain has already won in many aspects. BlackRock is issuing ETFs, and the scale of stablecoins has reached hundreds of billions. Institutional adoption is proof. But precisely because we have won and the scale is so large now, we need to consider what the next marginal institutions are doing. Quantum is indeed a factor influencing some of those conversations.

What Is Project 11 Doing? From Yellow Pages to Q-Day Prize

Host: Last question. What is the main focus of Project 11? What are you doing weekly and monthly?

Alex: Our top priority is to make digital assets defend against future threats. Specifically, we have released some products for Bitcoin. One of them is called Yellow Pages, which is a quasi-migration tool that helps you prepare for migrating Bitcoin. It is the only post-quantum tool for Bitcoin in production and uses NIST-standardized post-quantum cryptography, having been audited. We're also developing enterprise-grade products because this has a huge impact on digital asset custodians and trading platforms. Additionally, we have a Q-Day Prize challenge that encourages people around the world to use existing quantum computers to try and crack the largest possible key. In future versions, we plan to let everyone use AI to construct new, potentially better post-quantum cryptography systems. Optimistically, quantum computing is not just a tool to break cryptography; it can serve as the foundation for new cryptography. At Project 11, we aim to mitigate future risks while also building for the future.

Host: I still can’t tell if I’m being too naive. I really feel like Q-Day won’t come. I'm an eternal optimist.

Alex: There’s nothing wrong with being optimistic. I like to combine optimism with preparedness. Being overly pessimistic is just too painful.

Host: Someone asked if the submissions for the prize are still under review?

Alex: Yes, the submitted works have just completed the review, and we already have some winners. We will announce them in the coming weeks.

Host: Alex, thank you for being our guest. This has been a fantastic conversation.

Article link: https://www.hellobtc.com/kp/du/04/6289.html

Source: https://www.youtube.com/watch?v=IzNh-YPj8ZI