@soggycakes posted about this Nic Carter when it first came out (#1292739) but it's a doozy and I thought it would be interesting to talk about it.
Carter starts off with a strong statement:
I’ll posit in this piece that the expected value of the emergence of a cryptographically relevant quantum computer (CRQC) is sufficiently negative for Bitcoin that it should motivate us to take action today.
Then Carter lists the arguments in support of a shorter timeline for the appearance of a cryptographically relevant quantum computer from what he considers most compelling to least.
- Governments are planning for a post-quantum world
- Qubit counts are scaling rapidly
- Investment in quantum firms is inflecting
- Several major quantum milestones have been achieved this year
- Quantum firms project breaking ECC by 2028-2033
- The number of qubits needed to break crypto systems is dropping
- Bitcoin is itself a bug bounty for quantum supremacy
- Quantum is a race with geopolitical stakes like AGI
- AI could accelerate the pace of quantum development
- Credible people have revised their quantum timelines
It is telling that his first order concern is that governments and standards bodies like NIST are requiring a shift to quantum resistant cryptography on a relatively short timeline (2035).
Carter has clearly spent a lot of time on the subject and no doubt has a well-informed opinion. However, I'm not inclined to agree with him. Most of the arguments he brings come from people who have a strong incentive to overestimate quantum computing advances. Also, Carter himself has been a little alarmist on this subject lately, but when I dig into the sources, it isn't as grim as he makes it sound.
BitMex research had a great exchange with Carter here.
As for why we should listen to Carter on this issue:
I don’t claim in this piece to have any specific insight regarding the nature of quantum computing or its impact on cryptography at all. All I am doing is packaging up publicly available data and presenting it in a way that’s intelligible to the average Bitcoin holder. I am an information retailer, not a wholesaler. I am not claiming to be good at physics or cryptography. My skill, to the extent I have one, is applying an investor’s mindset to the narratives and data swirling around and making risk-based assessments. That’s where I perceive a gap in the discourse and that’s the point of this series.
And also Carter does a good job explaining the extent to which we rely on quantum vulnerable cryptography.
The fallout would be immense. All encrypted communications will be presumed exposed. (Including pre-Q-day communications that adversaries were smart enough to harvest and wait to decrypt.) The entire web – TLS, HTTPS, server certificates – will have to be torn out and rebuilt. Every government, corporate network, bank, and hospital will have to retrofit their VPN and SSH infrastructure. Cloud infrastructure will have to be rebuilt. Firmware signing and HSMs will be borked. All encrypted messaging systems will have to upgrade. Oh, and all blockchains. Bitcoin, Ethereum, Solana, the lot.
Eventually he comes to this:
But as Bitcoiners it’s our duty to be exceptionally paranoid.
Also, I thought this was a pretty nice aside:
In some ways, quantum is the antithesis of AI. Quantum capabilities are already known and indeed provable, we just don’t know if we can scale to actually effectuate them. AI capabilities are unknown and potentially unbounded, and we don’t know where we’re going at all.