Y2 = X3 + 7; Designing the Formula for the Future of Quantum-Resistant Computing, with Ian Smith @ Quantum EVM (Video)

[00:00:03] Hello everybody and welcome to the Crypto Hipster Podcast. This is your host, Jamil Hasan, the Crypto Hipster, where I interview founders, entrepreneurs, executives, thought leaders, amazing people all around the world, crypto and blockchain. And today I have another amazing guest. I have the founder and CEO of Quantum EVM. His name is Ian Smith. Ian, welcome to the show. Ian Smith Thank you very much. It's great to be here.

[00:00:29] Ian Smith Thank you for joining me. So let's kick things off. I ask everybody the same question and kick things off. And that's, what is your background and is it a logical background for what you're doing now? Ian Smith So I have been in tech since 95. And I've worked for Microsoft doing tech support. I worked on networking engineering. In Silicon Valley, I was like doing clouding.

[00:00:58] Ian Smith Clustering and firewalls and security. But a lot of what I was doing was high availability when it was hard. We had to do VPNs by editing config files, not pressing buttons. Ian Smith And that was a very strong preparation for blockchain. A lot of the innovation that I see in blockchain today is a lot of those old designs for the old clustering technologies like clustered file systems and cluster files.

[00:01:28] Ian Smith Clustering And there's some old techniques that are applicable today. I think that Web3 has a significant advantage in making it so that we can access data very redundantly. And it's a very large shared database that allows us to have basically like stored procedures on that database. So I think it's a natural segue.

[00:01:57] Ian Smith Clustering And I think it's a natural segue. However, quantum, post quantum cryptography is a much different ball of wax. And I first ran into quantum computing when I was trying to attack my own RSA based distributed ledger design in 2002. 23 years ago. Ian Smith Clustering And that design wasn't good enough to publish in my mind. And I probably should have published it just so that there was don't do this recorded somewhere.

[00:02:26] Ian Smith Clustering Because I couldn't solve double spend to my satisfaction. Ian Smith Clustering But that quantum attack and the post quantum cryptography, it was something that we were aware of back then. And that was the first time I'd seen it, even though it'd been around for seven years prior to that.

[00:02:44] Ian Smith Clustering That post quantum cryptography is so different and bizarre and strange that it's not a natural segue for me. I'm not a mathematician by trade. I'm a programmer and CTO by trade. And in this case, I'm kind of leading the charge to make sure that we can save Web3.

[00:03:07] Ian Smith Clustering So I want to find out first, you know, what quantum EVM is all about, including how you manage risks brought forth by quantum computing. Ian Smith Clustering But now I'm going to save Web3 next after that. Ian Smith Clustering So what we're doing is we're taking and replacing all of the cryptography in an EVM.

[00:03:34] Ian Smith Clustering And we're using EVM1, so the instructions are solid. We're changing the address size to 256 bits instead of 160. Ian Smith Clustering You know, SUI and Solana both use 256-bit addresses. Ian Smith Clustering Just Ethereum chose something that was too small. Ian Smith Clustering And we're fixing that so that it will last a little bit longer.

[00:04:03] Ian Smith Clustering Than Ethereum will for, I should rephrase that. Ian Smith Clustering Quantum attacks against the hash systems will be able to target 160-bit hashes probably in 2030 or 2032. Ian Smith Clustering But 256-bit hashes won't be targeted probably until 2040 or 2060. It's unlikely that they will be easy to break ever. Ian Smith Clustering Got it. Ian Smith Clustering Got it.

[00:04:33] Ian Smith Clustering So we're fixing all the cryptography. That's what we're doing. Ian Smith Clustering Yeah, that makes sense. I understand that. What I don't understand, I will get into this later, I guess, with code, but after we talk about saving Web3, Bitcoin is going through trials right now. Some other things are going through trials right now. How do we deal with the Bitcoin trials? How do we save Web3? Ian Smith Clustering So saving Web3 is basically switching to post-colonial cryptography.

[00:05:03] And we have to start from scratch. We can't modify an existing ledger because every smart contract would have to change its administrators and its users. And if you have even 10% of the systems available with public keys that are known, then those public keys can be used to break a substantially larger amount of the network than just that 10%.

[00:05:30] For example, if there's an admin key that has a known public key because it did a transaction to become an administrator, they can just update the smart contract or mint new tokens or something like that. Like if the USDT contract had an admin that wasn't updated, then they could just mint new USDT.

[00:05:56] And so what needs to happen is that everybody has to disconnect the quantum safe world from the quantum unsafe world. You have to burn the bridges between the two networks when the threat becomes larger. You can't have a mixed network. You can't have a mixed network be safe. And that's true in every environment.

[00:06:22] You can never have like a secure and mixed network. So Bitcoin is trying to figure out what to do with the old addresses that they can't update. There's a bunch of public keys that are known and that includes Satoshi's coins. The reasons that these public keys are known has a lot of backstory.

[00:06:48] So the old way that they did the addresses is that you would actually publish your public key and then people would send funds directly to your public key. This is known as pay to public key. And this was canceled in, say, 2013. It was deprecated. And they said that everybody now has to use this pay to public key hash, which is the 160-bit hash of your public key.

[00:07:17] It starts off with a SHA-256. Then they do a ripe MD-160. And the resulting 160-bit hash is your Bitcoin address. You can't turn that Bitcoin address back into the public key. Someone has to publish that public key for it to be known. But those public keys are published when you submit a transaction.

[00:07:43] So when the transaction is validated, they're checking the public key against the signature and the hash. And if it all checks out, then they know the transaction is valid. Well, when Bitcoin cash did a fork, they didn't change the public private key system. They only changed the hash part.

[00:08:03] And so anybody who signed transactions on the Bitcoin cash network exposed the public key of their Bitcoin core wallet. So if you believed in Bitcoin and you said, I'm going to hold Bitcoin core and I'm going to sell my Bitcoin cash,

[00:08:26] that you exposed your public key on the Bitcoin core network without even knowing that it's the same public key. The hashes are different, but the keys are the same. So that's a problem that none of the proposals can solve. It's going to be a lot of user education to fix that. And that's not the only way in which public keys become known.

[00:08:55] And there's also Bitcoin diamond, Bitcoin gold, Bitcoin platinum, a couple of these other things. And all of those exposed a small number of public keys. There is a paid public key output script where when the script executes, the funds go into a public key that is declared in the script.

[00:09:24] The address is not known, but the script is. And so that public key becomes exposed as part of the script language. And then there's also a much more mundane method of exposing public keys. And that's where exchanges use the same address over and over. And they just keep sending out. And the UTXO goes to the same wallet. And this is easier for them because they don't have to wonder where the funds are located.

[00:09:53] They know exactly what the address is because it doesn't change. And that's a dangerous way of doing things because it exposes their public key. So there are proposals to actually burn Satoshi's coins that were sitting under the pay-to-public-key system. But that doesn't handle any of the insecurity and risk that comes with the script, the address reuse, which is only like 2% of Bitcoin,

[00:10:22] and also the forks that exposed public keys. So none of those are proposed to even be fixed. And the problem is that the risk is very significant. Peter Weill did an analysis of the Bitcoin network using a modified client just to look for public keys.

[00:10:52] And he had to do extensive work to make this happen. But he uncovered what he says is between 1 to 5 million Bitcoins public keys are in the public knowledge. And it was partially vague because the addresses are changing in the case of the reuse.

[00:11:18] And there's a lot of – he did a survey on Twitter, and everyone estimated far too low. Now, if Bitcoin is $100,000 and there's 1 to 5 million Bitcoins available to steal with a quantum computer, then that's a $100 billion to $500 billion potential sale.

[00:11:47] And that's partly why they're talking about burning Satoshi's coins. But burning Satoshi's coins isn't enough. You still have all of the other public keys exposed. And it turns out that the other methods of exposing the public keys actually outweigh the pay-to-public-key system that was deprecated in 2013.

[00:12:08] There's more addresses that are vulnerable to the other causes, one of them being layer twos, because layer twos also expose sometimes. Not all the time, but often. So there's a saying. It's an old saying now because you could buy Bitcoin through PayPal. But not your keys, not your cryptos, right?

[00:12:35] It sounds to me that even if you have your keys, someone else can have them too. So the public key is exposed in lots of different ways, as stated. You could take and do, you know, let's say you sold Bitcoin cash.

[00:12:57] And you have your keys buried in your backyard on a piece of titanium under a coffee cup, in a coffee mug under your tree, right? And they can still take it. You can burn every copy of that public key and they can still take it as long as the public key has ever been exposed anywhere.

[00:13:26] The quantum computers can turn the public key into the private key using a discrete log. The equation that Bitcoin uses to protect all the assets is an elliptic curve called secP26K1. The equation is pretty simple. It's y squared equals x cubed plus 7. If you can solve for x, you've got the money.

[00:13:52] And the numbers involved are, you know, 256 bits long. So it's hard to solve for x. But quantum computers are really good at this because they find the resonant frequency of the correct answer. Okay. I know there's a couple of methods, right? There's methods. There's grovers. There's shores, right?

[00:14:21] So what are the current quantum computing risks to Bitcoin, to the Bitcoin blockchain, including any other advancements other than two that I've already mentioned and any other attack vectors from a quantum perspective on Bitcoin? So if you use a multi-sig system, there's different classifications of that multi-sig.

[00:14:46] And they fall into one of two math problems, the abelian hidden subgroup problem or the abelian group problem. And both of those can be broken by quantum computers. So every multi-sig. The abelian hidden subgroup problem is usually related to privacy on Bitcoin mixers.

[00:15:08] And so you can reduce the complexity of the problem to solve to the point where it's generally solvable. It's theoretical because we don't have a large enough quantum computer to do that yet. The companies that are making the quantum computers are predicting 2027 as the time that they'll be up and running with a million qubits in the case of PsiQuantum.

[00:15:40] Around the same for Riverlane. Alice and Bob is predicting that they only need 80,000 cat qubits, which are a different kind of qubit. They use a different kind of – they use a different physics phenomenon, different particle. They don't have any of the standard errors. They only have to check for one kind of error. And it's much easier and they're much more efficient. Amazon recently announced that they're using cat qubits also.

[00:16:10] But Alice and Bob has much better algorithms and much better implementation. So they're predicting that they need like 60,000 to 80,000 cat qubits. And they're saying that's probably going to be 2028 or 2029. But, you know, it's easy to compete aggressively and have breakthroughs. China's quantum computer, they actually have several of them of different kinds using different particles and different styles.

[00:16:38] And the superconductor system is, I think, five times larger than Google's and three times faster. So there's a lot of competition out there. The leader is PsiQuantum with these horizontally scalable systems where it's photons. So they don't care about heat or cell phones or a lot of the interference that other people have.

[00:17:05] They only have to cool to 2 to 4 Kelvin because they're using fiber optics, which gives them standard networking. The network switches have to be these giant optical disks. And they're making their own. They engineered their own optical switches. And they're producing their own.

[00:17:29] The company that's making the actual photon emitters and measurements and the standard array that goes into their photonic quantum computer is a company out of New York that makes 5G cell phones. So they're just using their existing facility to manufacture the quantum computers in mass.

[00:17:55] And then PsiQuantum is making their own network switches, which are very precise, more flat than Texas if it was scaled down. So those are all potential attack vectors from a quantum perspective on blockchains. Well, that's the hardware and some of the algorithms, yeah. So what are some ways that we can make blockchain safer with, you know, quantum solutions?

[00:18:25] What solutions do that? There's only a few proposals to make blockchain safe. I'll go over the Bitcoin ones because they're the most mature. The first one is to burn Satoshi's coins and anybody who's using pay-to-public-key. All pay-to-public-key addresses were, you know, possibly going to be removed at some point.

[00:18:50] Another less aggressive method would be to say that you have to have a passport and an affidavit and a notary. And then you're paid a public key, you know, funds could be released. And basically they'd be stuck in escrow. And then a miner would have to approve them. And saying, this isn't a quantum attacker. He's been in Bitcoin for a long time. And that's just a legal recourse as opposed to a technical one.

[00:19:21] There are BIP 360, the Bitcoin Improvement Proposal 360 is by CryptoQuick. And that's to change the cryptography of the public-private key system. That doesn't protect the old addresses, but you would be able to have a new address. And when the quantum computers get fast, meaning that they can break Bitcoin in 10 minutes or break a sec P2X K1 in, you know, under an hour,

[00:19:50] then you'd be able to suspend your Bitcoin safely from those new addresses. But the current addresses would be broken. So even with a fast enough quantum computer, the protocol becomes vulnerable. And what they're talking about with BIP 360 is making it so that the addresses that are safe continue to be safe. And you don't have to worry about, like, having to bribe a miner to not tell anyone, you know, don't expose my public key.

[00:20:22] There's several layer 2 proposals for Bitcoin specifically. And these are different address types or different cryptography. Excuse me. For Web3, it's a bit harder because the admins, it's an account model. It's not UTXO. UTXO protects Bitcoin for an extra maybe one year, maybe three years, depending on who the attacker is.

[00:20:48] If it's Intel, you have weeks to go from, like, being able to break one address to being able to break hundreds of addresses a day to be able to break thousands of addresses a day. Because Intel has really good manufacturing. They're not a leader in terms of algorithms or implementation, but they have the best manufacturing. They're making 24,000 qubits a day. You just can't use them for anything right now.

[00:21:20] Or per wafer. And they're making 14 wafers a day from one machine that just spits them out. And it's fully automated production and fully automated testing. And they only have something like 10 rejects per 3,000 produced. So they have very good manufacturing. And they're fast. They're electron spin quantum computers. But they'll be running really cold. So you won't be able to have that at your house.

[00:21:48] Oxford Ionics, those run at room temperature. So that's, they don't have a working system yet, but they run the 256 qubits. The protections are really poor for Web3 because we don't have the ability to switch the account. The Grovers will be able to attack the address space if it's 160 bits.

[00:22:17] Not right away, but within one to four years of the public private key system being attackable. I was thinking Grovers can attack Ethereum more easily than anyone else right now. It's really complicated to come up with a duplicate hash that results in spendable money. It's really easy to come up with a duplicate hash.

[00:22:47] Google actually did that back in, I think it was 2014, might have been 2016. But they came up with a duplicate 160-bit hash. There was two PDF documents they generated that had the exact same hash. And this was SHA-1. And that's what finally got everyone to move, or SHA-2, excuse me. That's what they finally said, okay, SHA-2 is broken at 160 bits. And that's when they started moving to SHA-256.

[00:23:16] And then Kekak was created as a result of that. Ethereum has a slight protection against quantum computers. And that Kekak, which is a sponge and it rotates all these blocks, is actually really hard. So if you're going to break SHA-3, it's a different quantum computer than if you're going to break Ethereum. Ethereum. The last, it's easier to break SHA-256 with Grovers.

[00:23:45] Not at 256 bits, but at the reduced 160-bit length that's used for Bitcoin and I think Cosmos. I don't remember. I know that EOS is 256 bits, but anybody who's running at 160 bits is going to be vulnerable to some kind of collision.

[00:24:06] And it's difficult to go from an elliptic curve to a public key to a hash of the public key and then have a collision from that. It's far easier just to have two hashes that match, right? It's more work to start off with an elliptic curve private key and then go all the way to a hash. There's variations on this.

[00:24:33] There's different methods of finding more efficient attacks, but there's nothing that makes it suddenly easy. And certainly not with just a generic Grovers against Ethereum. So you said that Ethereum has, let me say I understand this correctly, Ethereum has this sponge-like spinner that, what does that do? Okay.

[00:24:56] So when you do a hash with SHA-256 and Bitcoin and stuff, it's a very straightforward, easy-to-optimize process on a quantum computer. They've actually written the circuits already and they run really fast. On Kekak, they did a completely different architecture for the hash technique.

[00:25:16] And it's known as a sponge, which absorbs information from around it and then twists it and then spits it back out and then does that again. Like I think it's 16 times. And this is more complicated to do on a quantum computer. And they don't have tricks that make it run faster than the generic worst-case scenario Grover's algorithm.

[00:25:44] Now, when you have your best attack on hash collisions is the number of bits divided by two on silicon. And that's the exponent two is raised to. So it's two to the 80 for doing a silicon attack against Ethereum. And that's hard. Right. But a quantum attack is two to the 53. And that's still not possible yet.

[00:26:14] Not even in two or three years when quantum computers are able to do real work. But it's still too weak to be safe about, especially considering that when you look at the oldest quantum computer, it's actually a D-wave. And when they finally got it to run, it was, I think, 2004.

[00:26:41] And it wasn't using the full quantum computing. It's not a full quantum computer. It's something called quantum annealing, which is an approximation technique. It's a really good approximation technique. But it's not calculating the answer. It's just guessing near the answer. And the colder the system gets, the closer to the correct answer that it is. And it will never get all the way to absolute zero. So you're never going to get the exact answer.

[00:27:08] You might guess really close, but it's not going to be precise. But their scalability was going up by tenfold per year. And then their gate speed was going up by like six times in some years and four times in other years. And so when you look at the scaling of quantum computers, it's much, much higher than what we've done with

[00:27:35] silicon doubling the number of transistors every 18 months with Moore's Law. And quantum computers also scale very scary in larger networks. When you put PsiQuantum's active volume architecture and you add more qubits, it runs faster than the number of qubits you've added.

[00:28:00] So if you triple the number of qubits, it runs seven times faster. And that continues to happen. So that's a really scary proposal when you're talking about the security of future cryptography. Right? Sounds it. I want to know, I guess, this post-quantum cryptography, right?

[00:28:29] How will it help transform the Web3 industry? And how will it solve some of the existential challenges to blockchain technology? Well, unfortunately, it runs slower. So it doesn't solve the scalability issue. It makes it much worse. So Quantum EVM is handling that by doing sharding. And we're treating the virtual machine as a plug-and-play operation.

[00:28:54] And we're going to make it so that you can have like Solana and Sui VMs running in parallel to the Ethereum VM and then have bridgeless transactions between the different virtual machines. So that's what our company is doing to solve running like 120th the speed and not having the scalability tricks that you get with Solana. There's something called Schnorr signatures, which allows you to combine like 1,000 signatures into one and then just check the one.

[00:29:24] And then you know that all 1,000 have to be valid. Which is great, but we don't have that. We have to check every single signature, every single transaction. So a lot of the scalability that you get in like layer twos or roll-ups, it just goes away completely. So we're dealing with it with sharding.

[00:29:45] In terms of like what happens and what are we solving, what happens is that you can't trust smart contracts that are on a classic network. You can't trust that the libraries aren't corrupt. You can't trust the bridges. You can't trust the network. You can't trust the roll-ups. You can't trust any of it.

[00:30:07] So the problem that we're fixing is that, well, Web3 will continue to exist because if we didn't do this, it would go away probably in 2027, maybe a little earlier. Definitely by 2029, probably by 2027 or 2028. Just no more Web3. So we're trying to save Web3 by switching out the cryptography with these giant lattices.

[00:30:35] Instead of doing an elliptic curve, which is like the same number looped over itself, your private key number of times, what we're doing is like taking a giant grid of numbers and finding pathways through them. And quantum computers will be able to attack that when they are physically the size of the moon by mass.

[00:31:04] And all of those atoms are mutually entangled to each other, according to my quantum physics advisor. Which means never. Probably never. Probably never. Possibly never. The explanation I have for the way that post-quantum lattices work is that imagine that every sun and every planet in the entire universe is covered in grass.

[00:31:33] Now find two matching blades of grass and there's only two. Impossible. Impossible. It's a hard problem. And there's, we have already implemented backup cryptography in case there's a problem with that cryptography. We have different cryptography that's available as well.

[00:31:58] So, we implemented the NIST standard at Crystal State with EM5, which is the highest security level. Bitcoin in BIP 360 is proposing to use Crystal State with EM3 at the lowest security level. And we're biting the bullet and saying, well, the smart contracts take longer to execute anyway. We don't want to, we'll deal with, we'll use sharding and we'll have, you know, more transactions per second by having more shards.

[00:32:29] So, quantum computing, really, really post-quantum computing is the key to creating that multi-chain world. Well, we're doing, that's extra work. The multi-chain world is extra work by us. And we're hoping to have that maybe in June or July, maybe as late as August. But we're hoping to have, you know, our network live in April or May.

[00:32:57] So, April if we get really lucky and May if we don't get so lucky. We're kind of rushing to launch. We call ourselves Noah's Ark of Web 3 because you have to be on the boat to survive. So, you're either on the boat or you've got to swim. And the sooner we can launch that, the more people will begin to adopt. So, we're rushing launch. Awesome. Awesome.

[00:33:26] I think it sounds exciting and interesting. And I probably can't fully comprehend it without doing a lot of studying. But, you know, I love what you're up to. So, thank you for talking to me today. I have one last question. How can people find out more information about you, about quantum EVM? How can they do more research on some of the things you're working to fix? So, quantum EVM.com. And it's, you know, just, hey, it's a quantum safe.

[00:33:55] Ethereum virtual machine dot com. And we have a telegram where you can ask questions. I read about 10 academic papers a week on average on quantum computers and post-quantum cryptography. Trying to just stay current and know when things are going to break. I would, our website actually has a list of papers that I consider very critical.

[00:34:18] I link from our website to my x.com account, my Twitter account. And there's more papers listed on the Twitter account. There's probably 15 papers that I would recommend that everybody who wants to understand, is this a threat, should read.

[00:34:41] It includes things from manufacturing to supply chain to how the algorithm switched from being linear to being multi-threaded and scalable. So, there's a lot to catch up on. But, yeah, quantum EVM.com. We also have a link tree at quantum EVM. And we're on a lot of social media. Awesome. Thank you very much for your time today. Thank you very much.