量子計算季對比特幣跟Cardano的潛在風險! #BTC #ADA #愛達幣

Bitcoin quantum risk also uh Cardano quantum risk.

>> You, know,, this, is, one, of, those Schroinger's cat things where it's both a threat and not a threat. Yes, it's a threat. You Grovers and Shores algorithm

threat. You Grovers and Shores algorithm exist and uh yes, you can use a quantum computer if it existed to create all kinds of shenanigans and chaos. Why am I

not worried about it? Well, because it's a ubiquitous problem. Everybody has this problem. US government with classified

problem. US government with classified information has this problem, right?

Banking everybody. So what does that mean? It means there's billions of

mean? It means there's billions of dollars that have been spent to resolve the problem. And it's not a problem of

the problem. And it's not a problem of technology. It's problem standards.

technology. It's problem standards.

>> We, have, the, technology., We, have hashbased crypto and lattisbased crypto and all these things. What I was waiting for was for the US government through NIST to standardize crypto. So how it works is that NIST will get together and

they'll say this is the official block cipher of the US government. this is the official signature scheme of the US government. Then every US government

government. Then every US government contract will mandate the use of those things if they need it and they're called FIPS. Um and so FIPS 203, 204

called FIPS. Um and so FIPS 203, 204 205, and 206 are the postquantum FIPS.

Now, what happens if you don't follow the FIPS? Well, here's what happens. All

the FIPS? Well, here's what happens. All

the hardware manufacturers, Apple and ARM and, you know, Nvidia and AMD and Intel, they build specialized circuits inside their chips to accelerate the FIP standards. So if you don't follow them

standards. So if you don't follow them you don't get to use those specialized circuits and you're 100 times slower than your competition. You see? So we

knew the math. We knew the math as of like 2017. You know, we knew how to

like 2017. You know, we knew how to defend against quantum computers. It was

more of a question of will the federal government finally give us some standards because once they have the standards, then everybody's going to start building hardware against it and then you can adopt it.

>> Then, there's, a, question, of, when, do, you adopt it? Well, here's the problem with

adopt it? Well, here's the problem with lattice and hashbased crypto. It is

slower and more space inefficient than elliptic curve crypto. Okay. So what

does that mean? It means that if you adopt lattises or hash, you are 10 to 100 times less throughput in your system.

>> So, if, you're, a, thousand, transactions, per second, uh you know, maybe you're at 10 to 100 transactions per second now inside your system for the same amount of space and network utilization.

>> So, who, wants, to, go, and, pay, that, tax first? M

first? M >> who's, going, to, be, the, network, to, go, and be like, you know, we're trying to compete against Salana and Sui and all these other guys and our strategy to compete against them is to be 10 times slower, 100 times slower than those guys.

>> That, probably, won't, work.

>> Exactly., [laughter], Right., To, defend against this hypothetical quantum computer that will one day exist, right?

It'd be one thing if it existed today.

You know, you may, you may not, right?

>> But,, you, know,, it's, it, doesn't., So, then the other thing is, is anybody actually going to give you an honest answer about when and how a quantum computer is going to come in existence? DARPA got so angry they just threw in the towel and they created something called QBI, the

quantum benchmark initiative at DARPA.

It's a three-stage program and so far 11 companies have survived phase A and now they're entering phase B and C. But the

question they're asking is will any of these companies have a working useful quantum computer by the year 2033. So if

you want to follow that, you can look at the DARPA quantum benchmarking initiative and you can see all the different companies like IBM and Quantinium and others that are competing and you can look at the rigorous uh stuff they're setting and by 2027

they're going to issue a report.

>> So, we'll, have, you, know, data, from, DARPA of whether they're actually going to be real or not and if they are real they'll be real by 2033. So, I'm waiting for a little bit more data next year and the year after to decide how aggressive we

want to be with quantum, but Midnight is already going down the postquantum train. Um, you know, Lattis Fold and Neo

train. Um, you know, Lattis Fold and Neo or Latisbased crypto systems and the long-term privacy engine of Midnight is going to be a lattice based folding system and Latis cryptos immune to

quantum computers for the most part. Um

I'm, not, happy, with, some, of the theoretical security. There's no

theoretical security. There's no universal quantum adversary modeling that uh exists in the system yet and there's a lot of theoretical issues. uh

and I just have to convince myself things look good and I've spent enormous amounts of time recently dealing with like cycllotoic polomials and you know all these weird finite fields and goldilocks fields and other things

because I've been studying lattice fold extensively and doing knowledge soundness proofs and other things. Um

and the theoretical foundations are are rich but dangerous in that space.

Another reason why postquantum is a little scary is while we have all the algorithms, we're not 100% certain that they're actually immune to quantum computers and we're not 100% certain that they're secure these algorithms.

Typically in cryptography, your shelf life, you have to wait about 20 years to 30 years before you get comfortable with the crypto.

>> So, there's, a, wonderful, paper,, a, friend of mine wrote it. He's the creator of elliptic curve crypto, Neil Kobitz, and it's called the serpentine path of elliptic curve cryptography. So Neil

when he was at Harvard, he came up with elliptic curve crypto in 1985. But it

wasn't until like the the 2000s that people started adopting elliptic curve crypto. So he wrote this paper about the

crypto. So he wrote this paper about the 20-year journey he had to go on to convince people that like elliptic curve crypto is a real thing and it's actually should be the dominant thing.

>> And, it, had, all, these, benefits., It's, 10 to 100 times more efficient than RSA and much smaller proof sizes and you have all these amazing algebraic properties of elliptic curves.

>> It's, like, everybody, acknowledged, this was a good idea. It still took 20 years to convince people it was a good idea.

So we've have these lattice things and these hash things. The hash things are old, but the lattice things are relatively new. Like the module SIS

relatively new. Like the module SIS stuff is very new and it's very cutting edge and most modern cryptographers aren't well trained in this area because it's so mathy. And so they're like "Yeah, that seems like it'll work, but

we're not really sure." You know, I mean >> kind, of, I, don't, know.

The other thing is um most of that math actually doesn't come from trying to be postquantum. It comes from something

postquantum. It comes from something called fully homamorphic encryption.

Craig Gentry created that with Dan Bonet back in '07 and uh basically operating on encrypted data without ever decryting it. And uh they spend enormous amounts

it. And uh they spend enormous amounts of time using lattice based math for all that stuff and it's is some many cases a thousand to 10,000 times slower than running it on silicon. So it's just it's

one of those things like we know how to do it. It's just not optimized. worth it

do it. It's just not optimized. worth it

now.

>> Yeah,, exactly., And, again,, what, are, we protecting against like this future hypothetical thing that will exist? So

what will end up happening if I had to guess is there's going to be continue mega investments into these things.

Harden implementations and schemes in theory will work its way in and it'll be a layered model which uses both hash and lattisbased crypto until a winner is selected. And this is like the Blu-ray

selected. And this is like the Blu-ray versus HD DVD type of thing.

>> Two, completely, legitimate, standards., you

have Toshiba and Sony and all these other guys fighting each other and eventually the market picks one. Blu-ray

was this. So, you know, maybe the market will pick hashbased crypto. Those are

the Starks and this other things and that would be very sad if that happened.

Um, and that's what Vitalic wants because he's usually wrong with these [laughter] things. And then, you know

[laughter] things. And then, you know maybe the market will pick latises and that's happy time. You know

everything's great. We have these beautiful algebraic properties and much more elegant proofs and so forth. But

we'll see. We'll see what happens with that.

>> Okay.

>> Yeah.

Let's talk [music] facts.

Logical emotion.

[music] Yeah. [singing]

Yeah. [singing] [music and singing] >> [music] [singing] [music] >> Fore [music and singing] machine. [music]

machine. [music] [singing and music] [singing] [music] Yeah, [music] look at Trumpam.

[music] [singing] >> [music] >> CEO say no [music] strategy.

[music] [music] >> [music] [music] >> strategy.

[music] Yeah.

[music] the drum.

Yeah. [music]

[music] >> [music] [singing] >> Yeah.

[music] [music] [music] Stay calm. Stay rich.

Stay calm. Stay rich.

Peace.

Yeah. Yeah. Yeah.

>> [music]