,
29 tweets,
8 min read
Read on Twitter
1/ A reasonable investor might look at the uniquely quantum-resistant coin, QRL, and think it’s pointless to bet on it being successful because
1⃣Quantum Computing won’t be a problem for >10yrs if ever
2⃣BTC & others will adopt QR anyways
ITT: we critically evaluate that thesis
1⃣Quantum Computing won’t be a problem for >10yrs if ever
2⃣BTC & others will adopt QR anyways
ITT: we critically evaluate that thesis
2/ [QC won’t be a problem for >10yrs if ever]- The first part is likely true (see ). Don’t believe the hype. It could take as long as 20-30yrs. Almost NO chance it's <5. But here we run into two KEY misconceptions. First: 'QC may never come to fruition'
3/ This view was notably expressed by @peterktodd & @jimmysong at the recent #Unconfiscatable conference. It's usually based on arguments by 2 physicists, G. Kalai & M. Dyakonov, that QC is literally impossible due to the intractability of error-correction spectrum.ieee.org/computing/hard…
4/ That argument is fundamentally (mathematically) flawed, as laid out in this extremely generous & prudent refutation: hpcwire.com/2019/01/09/the… - while the QC hype is overblown, we have NO reason to believe QC is a priori impossible. QCs *already exist* & will continue to grow.
5/ Economic arguments against the scalability of QCs are even less convincing. Deloitte expects them to reach size of supercomputer market in a decade or so, but IMO their ultimate market is MUCH bigger precisely b/c they can solve so many problems classical supercomputers can’t
6/ Second misconception: this isn't a problem until we actually have QCs that can crack Bitcoin. Like any monetary system, Bitcoin relies on trust. But before said computers are first built, there will be a several-year ‘gray area’ where we're no longer 100% SURE they don't exist
7/ At that point, you can no longer have complete confidence that you can send transactions safely, that your/others’ stored coins aren’t going anywhere (if their pubkey is known), or that a vulnerability won’t come to light suddenly and send Bitcoin straight to 0.
8/ If Bitcoin & others are not already fully transitioned to quantum-resistance by then, it may be too late. Hard to say exactly how it will play out, but the only coins that will have NO vulnerabilities to QCs will be those that were quantum-resistant from genesis, like QRL.
9/ So as we’ve seen, the “QC is decades away, and may not even be a real thing, so whatever” line of thinking is not well-founded.
But if Bitcoin & others can easily adopt quantum-resistance anyways, then QRL is still arguably a pointless shitcoin. Let’s examine that idea next.
But if Bitcoin & others can easily adopt quantum-resistance anyways, then QRL is still arguably a pointless shitcoin. Let’s examine that idea next.
10/ [BTC & others will adopt QR anyways]. They will do their best, but that may not be good enough. Adopting quantum-resistance (by changing the signature scheme to something like QRL’s #XMSS) presents a unique set of challenges compared to adopting other features.
11/ There are THREE key misconceptions here. Before I outline those, I just want to say that I understand the desire to avoid uncertainty & unpleasant ideas. We all want crypto to succeed. But ignoring problems doesn’t make them go away. Important to address them now, as QRL does
12/ Misconception #1: Bitcoin’s modern ‘p2pkh’ addresses are already safe. While early addresses *were* the pubkey, newer ones hide it until you send a transaction. However, not only do many people still reuse addresses for convenience, but there’s an even more obvious issue:
13/ …When you send a transaction to the mempool, a quantum-capable attacker can simply hijack it because the pubkey is part of the output! They could then appropriate those funds for themselves by resending and increasing the fee to be higher than your original transaction's
14/ A spend condition can be soft-forked in to try to solve this, as explained in royalsocietypublishing.org/doi/full/10.10…, but any such ‘delay-commit-reveal’ solution would render BTC unusable for >6mths, and as discussed above, if BTC is faced with a sudden QC attack, it's already prob too late
15/ Misconception #2: A soft-fork to quantum-resistance will be easy to pull off when the time comes. This is Bitcoin’s current best plan of action, as espoused often by @Adam3us:
16/ A look at previous soft-forks belies this idea. Even now, only about half of all BTC nodes have adopted the major bug fix from late last year. Any quantum-resistant signature scheme will be larger & slower than existing ones. Humans procrastinate. Misinformation may abound…
17/ Users would have to actively consent & update their nodes. Point is, it’s easy to envision a significant % of active users failing to proactively migrate their funds to quantum-safe addresses by the time we reach that critical ‘gray area’ of QC development mentioned above
18/ Misconception #3: ‘If we upgrade to quantum-resistance soon enough, it’s all good.’ Around 2-3mil BTC are sitting in addresses w/ known public keys that are actually ‘out of circulation’ (including Satoshi’s original coins). These cannot be moved, & will eventually be stolen
19/ The best case scenario is to hope a QC ‘white knight’ gets them first and burns them. The only other option is to fork those coins out. The first is an insane gamble, and the second would be extremely contentious at best
20/ As @peterktodd acknowledged at #Unconfiscatable, this could actually be the death knell for Bitcoin. If enough coins are stolen, the thief could short BTC to 0 while dumping them on the market. Realistically, panic would ensue upon those coins even starting to move.
21/ Can they be forked out? Sure, you can remove Satoshi’s coins (if somehow the entire community agrees to this!) but what about all the other dormant vulnerable wallets? How do you decide whose funds to remove? And when do you do it? Who makes the decision?
22/ This COULD I suppose end up working out, but in my opinion it’s FAR from clear that it definitely will. And the same problem, by the way, applies to every single blockchain cryptocurrency today except QRL. They will all have some % of coins vulnerable to theft.
23/ As @AriDavidPaul said on @PeterMcCormack's podcast, SECURITY is the #1 thing for a store of value. As I have shown in this thread, Bitcoin & every other cryptocurrency have a quantum security problem. QRL solves that problem uniquely. Its minimum use case is thus as a hedge.
24/ QRL is more than a doomsday hedge or last-resort for cryptocurrency, though. It promises to become a future-proof, ultra-secure platform for smart contracts and quantum-resistant tokens, and will also support a quantum-safe decentralized messaging layer.
25/ So, is there a chance that the cryptocurrency ecosystem transitions away from ECDSA with ease? Of course. But the common viewpoint that ‘the devs will take care it’ with an underlying attitude of ‘nobody else is worried so I’m sure it’ll be fine’ seems reckless.
26/ We have seen in this tweetstorm that the transition to quantum resistance remains up in the air, & QRL is the only cryptocurrency in the world that has fully tackled that challenge. The grounds for dismissing it articulated in this thread’s initial tweet are not well-founded.
[END].
Disclaimers: Do your own research. Not financial advice. Disagreements (especially those backed by reason) welcome.
Disclaimers: Do your own research. Not financial advice. Disagreements (especially those backed by reason) welcome.
cc @SerendipityXBT your frank but open-minded skepticism about QRL inspired me to write this 🤓
Additional Disclaimer: I own some QRL.
