Justin Drake

The smallest NIST standardized post-quantum signature is Falcon, which is 666 bytes, more than 10 times larger.

And so if you were to naively swap out ECDSA for something that is post-quantum secure without increasing the block size, your throughput is going to go down roughly 10x.

So your TPS on Bitcoin will go from 3 to 0.3, which in my opinion is a non-starter.

And so...

What we're building for Ethereum is this fancy post-quantum signature aggregation technology so that you don't put the raw signatures, even if they're large on-chain, you only put this aggregation proof.

And my bet is that Bitcoin is going to adopt the solution that Bitcoin will develop because there's just no other technically sound way forward.

Yes.

Now, unfortunately, you know, if your property writes maxi, this is not completely satisfactory.

No.

And the reason is that there are some subsets of the frozen addresses for which there is no known seed phrase.

So, for example, the seed phrase standard only came several years after Genesis.

So all of the earlier, all the Satoshi addresses, for example, won't have a corresponding seed phrase.

And there's some wallets, for example, MPC-based wallets, where there is no corresponding seed phrase.

So it's not a perfect solution, but it gets you 80% of the way there.

Yes.

The other thing I wanted to highlight is that a lot of people think that when you steal Bitcoin, the price of BTC, the asset will crash.

And then, you know, the asset that you've stolen will be worthless.

But there actually is a way to basically hedge the price of Bitcoin, which is very easy.

You just go short BTC.

So let's say you know for sure that you've cracked the private key of a wallet that holds, let's say, 100,000 BTC.