量子计算距离实现近了20倍，它威胁到三分之一的比特币

长远来看，我们还不清楚量子计算机将用于什么用途。

It's unclear what we're going to use quantum computers for in the long future.

它肯定不是像厨房电器那样的日常用品，这很有趣。

It's definitely not utilities like kitchen appliances or anything like that, which is funny.

它它

It it

当我们说实用规模的量子计算机时，意思是一旦达到纠错阈值和一定的系统规模，就会开启一个全新的可能性世界。

it's really when we say utility scale quantum computers, we mean that once you hit this error correction threshold and a certain threshold of system size, there's a whole world of possibilities that open.

密码学只是其中之一。

Cryptography is just one.

在材料科学、化学、人工智能等领域，科学上有着巨大的潜力，而且广义上，它是一种全新的计算范式，一旦实现纠错，它就真正成为一种新型计算机，因为其根本特性是模拟型计算结合数字型纠错。

There's a lot of promise scientifically for material science, for chemistry, for artificial intelligence, and also broadly, it's just a new type of computational paradigm that once you hit error correction, that's really the thing that makes it a new type of computer because of this very fundamental thing that it's an analog type computer with digital type correction.

我们说实用规模，意思是非常有用。

We say utility scale, we mean very useful.

好的。

Okay.

明白了。

Got it.

好的。

Alright.

好了，多列夫，和你聊天真的非常愉快。

Well, Dolev, it has been such a pleasure chatting with you.

非常感谢你参与节目，祝贺你的好消息。

Thank you so much for joining and congrats on your news.

在节目的剩余部分，我们将与亚历克斯聊天，进一步探讨这些量子突破如何影响区块链。

So for the rest of the show, we will be chatting with Alex to dive a little bit more into the details around how these quantum breakthroughs impact blockchains.

但首先，让我们先听一段赞助商的广告，感谢他们让这个节目成为可能。

But first, we're gonna take a quick word from the sponsors to make this show possible.

步入财富的新时代。

Step into a new era of wealth.

探索Nexo，领先的数字财富平台。

Discover Nexo, the premier digital wealth platform.

自信地管理您的加密货币投资组合。

Manage your crypto portfolio with confidence and control.

为您的数字资产获取利息。

Receive interest on your digital assets.

在不卖出的情况下进行借贷。

Borrow against them without selling.

在一个平台上交易多种加密货币。

Trade a wide range of cryptocurrencies all in one platform.

现已在美国上线，新客户可享受三十天专属权益。

Now available in The US with thirty days of exclusive privileges for new clients.

体验 Wealth Club 高级会员服务。

Experience Wealth Club Premier.

享受更高的利率、更低的借贷成本以及交易返现。

Access enhanced interest rates, reduced borrowing costs, and crypto cashback on swaps.

立即前往 nexo.com/unchained 开始使用。

Get started today at nexo.com/unchained.

回到我和亚历克斯的对话。

Back to my conversation with Alex.

所以，你知道，我们刚刚深入探讨了这些刚刚公布的新量子突破。

So, you know, we just, you know, dove into these new quantum breakthroughs that were just announced.

但很明显，这是一档加密货币播客，我们想知道这到底对加密货币意味着什么。

But, obviously, this is a crypto podcast, and we wanna know exactly what this means for crypto.

所以，你请说吧。

So go ahead.

你来主导吧。

Take it away.

好的。

Okay.

酷。

Cool.

这意味着它把量子计算时代的到来时间提前了。

So what it means is it pulls the tie the timeline for q day forward.

Q日指的是加密货币领域出现具有实用规模、密码学相关量子计算机的那一天。

Q day being the day that a cryptic utility scale, cryptographically relevant quantum computer emerges.

你听到多列夫说，到本十年末是有可能的。

You heard Dolev say plausible by the end of the decade.

所以那可能就是Q日到来的时间。

So that could be when q day is.

这意味着，在那一天，当某人拥有了如此规模的量子计算机——可能就是多列夫本人——

So that means on that date, when someone has and it could be Dolev, like, has a a quantum computer of that scale.

他们就能从比特币、以太坊或其他网络的公钥中恢复出私钥。

They could recover a private key from a public key on Bitcoin, Ethereum, or other networks.

这在某种意义上意味着，他们可以拥有所有的比特币，或者至少能这么做。

That would imply, in some sense that they own all of the Bitcoin or could.

实际上，这可能意味着——我先谈比特币，再谈其他网络——

Practically speaking, what it probably implies is that the and I'll talk about Bitcoin first before going to other networks.

从短期来看，这实际上意味着中本聪的币或其他丢失的币可能会重新被激活。

It practically implies in the short term that Satoshi's coins or other lost coins are potentially going to become bound again.

而且，你知道，可能存在一种情况，这或许是一件好事。

And and there's not you know, there's a world in which maybe that's a good thing.

对吧？

Right?

你知道，有个人在英国，到处在垃圾堆里翻找他的密钥之类的。

You know, there's the guy who's, like, in The UK digging around the dump looking for his keys or whatever.

也许像Dolev这样的人能帮他最终解决这个问题。

Maybe someone like Dolev could help him finally solve his problem or their problem.

但现实是，这种令人不安的现实是：密码学给予我们的基本保障——正是这种保障让区块链能够实现去信任化——正在被打破。

But the, you know, the the the reality is it's this uncomfortable it's this uncomfortable reality, which is that this this basic guarantee that cryptography gives us that enables blockchains and enables them to be trustless kinda breaks.

因此，我们必须应对那些不会自行重返流通的丢失或被盗代币所带来的影响。

And so we have to we have to deal with the implications of what to do with the lost or stolen coins that aren't going to go back into circulation on their own.

我们是否应该让拥有量子计算机的人将它们视为数字打捞物而恢复？

Do we let an owner of a quantum computer recover them as, like, digital salvage?

你知道，有些人喜欢把这种情况比作海底宝藏，无人认领。

You know, this, kinda like, some people kinda like to think of this as, like, ocean treasure that's under the you know, no one owns.

你把它们销毁吗？

Do you burn them?

你把这些币销毁吗？

Do you burn these coins?

你把它们处理掉吗？

Do you get rid of them?

把它们移出流通。

Take them out of circulation.

也许从经济上看，供应减少会让资产价格上涨。

Maybe that's good economically with less supply, so price of asset go up.

或者你如何重新分配它们？

Or do you somehow redistribute them?

基本上没有其他办法了。

There's kind of no other ways.

对吧？

Right?

而且因为这不是你的密钥，你的加密货币，没有中心化的协议、发行方、提供方或开发者能为你做这件事或更改它。

And because this is, you know, not your keys, your crypto, again, no centralized protocol, you know, issuer or provider or developer can do that for you or change that.

比如，我们以比特币烧毁与中本聪钱包相关的例子来说。

Like, if if someone for an example, let's just take the example burning Bitcoin associated with the Satoshi walls.

这需要什么？

What would that take?

这需要比特币协议达成共识，也就是说，51%的矿工都同意：我们决定进入一个新世界，总供应量变为2100万减去中本聪的币。

It would take consensus at the Bitcoin in in the Bitcoin protocol, it'd be like, you know, 51% of miners are like, that we're we're just we decide we're moving into a new world where there's 21,000,000 minus Toshis coins of a total supply.

我们只是从我们维护的账本上删除所有这些钱包。

We're just deleting off of the ledger that we were maintaining all of those wallets.

或者我们冻结它们，或者添加某些东西。

Or we're freezing them or, you know, we're adding something.

关键是，要从根本上解决这个问题，必须获得比特币社区的共识。

The bottom line is it requires Bitcoin consensus to fundamentally change to address that.

所以是的。

So yeah.

再说一遍，也许我最后简单提一下，想听听你对这个问题的看法，劳拉。

And again, I maybe I'll just end by quickly just again saying to see where you wanna go with this, Laura.

我的意思是，由于低加密技术的根本特性，其后果非常广泛。

I mean, there's the the consequences because of the fundamental nature of low decryptography.

后果相当广泛。

The consequences are quite widespread.

但也许最后再补充一点。

But maybe just one one last note.

抱歉。

Sorry.

我知道我说过要结束了，但还想特别谈谈多列夫的方法。

I know I said I was gonna end, but one on Dolev's approach specifically.

你知道，在谷歌的论文中，他描述了快时钟和慢时钟量子计算机的概念。

You know, he actually in the Google paper, it describes this concept of fast clock and slow clock quantum computers.

这到底意味着什么？

And what does that mean?

这意味着某些量子计算机可以快速或慢速执行操作。

It means that certain quantum computers can do operations fast or slow.

快和慢是相对而言的。

Fast and slow being somewhat relative.

但这在区块链背景下非常相关。

But that is very relevant for blockchain context.

比如，我想知道，如果我在比特币交易中，我的公钥在区块确认前的一小时内暴露了，我是否处于风险之中？

Like, I wanna know if I send a transaction on Bitcoin in the hour window that my public key is exposed as part of the transaction before the block is confirmed, am I vulnerable or not?

谷歌声称，快时钟计算机实际上可以获取你的密钥，把你的比特币转走。

The fast clock computers, Google claims, can actually take your key take your Bitcoin out of the member.

慢时钟计算机则做不到。

The slow clock computers can't.

但慢时钟计算机更容易扩展，也更容易实现错误纠正。

But the slow clock computers are kind of easier to scale and easier to apply error correction to.

因此，我们认为这可能是我们最先跨越的门槛。

So we think potentially there's a chance that that may be the first horizon that we do cross.

因此，中本聪的币或一般丢失资产的问题就变得相关了。

And therefore then the question of Satoshi's coins or lost assets generally becomes relevant.

是的。

Yeah.

他们在论文中做出的这个区分。

That distinction they made in the paper.

所以当你的比特币在内存池中被攻击时，他们称之为‘已花费交易’。

So when your Bitcoin is attacked in the mempool, they call that an on spend transaction.

这令人震惊。

That was alarming.

我以前没听说过这个。

I had not heard that before.

我知道关于公钥的风险，但既然这是人们最常提到的主要风险，我在贾斯汀·德雷克转发这篇论文时注意到了，因为正如你所说，他是合著者之一。

I knew about the public key ones, but since that is the main risk people call out, I saw it when Justin Drake tweeted about this paper, because as you mentioned, he was a coauthor.

他说，他认为到2032年，至少有10%的可能性量子计算机会成功恢复。

He said he felt that there was at least a 10% chance that by 2032, a quantum computer would recover.

但我就只是想说，我不确定这是否正确。

But so I'm just gonna I don't don't know if this is correct.

一个CCP256k1 ECDSA私钥，私钥泄露，公钥暴露。

A CCP two fifty six k one ECDSA private key, private exposed public key.

你认为你同意他的观点吗？

Do you do you think do you agree with him about that?

首先，这件事可能发生；其次，关于那10%的概率，你怎么看？

First of all, that it might happen, and second of all, about, you know, the 10% chance.

我已经公开表明了我的立场。

So I am on I am on the record.

你去翻翻我的推文就能找到。

You you go through my tweets and find.

我跟几个人打过赌，但那是关于2035年的，大约一年前我下的注。

I have I have made bets with, a handful of people, but it's it for 2035 was the day this is about a year ago I made this bet.

赌注是20.35美元，这件事就会发生。

For for $20.35, it would happen.

所以，你刚才读的那句话，我同意。

So I the statement that you just read, I do agree.

我实际上已经把钱押在了2035年上。

The I have money on the table, so to speak, at twenty thirty five.

而且我观察了一下。

And I look.

我的意思是，考虑到这项新工作以及像Dolev这样的人在研究这个问题，说实话，我会很乐意在2032年下注。

I mean, I think after this new work and and people like Dolev working on this problem, I would feel pretty good about making a bet on 2032, quite honestly.

我觉得很多人都会很乐意在2030年下注。

I think a lot a lot of people would make feel good about making a bet on 2030.

实际上没有，这挺有意思的。

I haven't actually, it's funny.

自从这项工作发布以来，我还没去看过预测市场之类的东西，但看看它们现在的情况可能会挺有趣的。

Since this work has come out, haven't looked at the prediction markets or anything, but it might be kind of interesting to see what they are doing.

总之

Anyway

我正想说，你应该把这一点放到我们的预测市场上去。

I was just gonna say you should you should put that on our prediction market.

你知道，我们其实也考虑过这个想法，Project 11。

You know, we thought about doing that actually, Project 11.

这是我们曾经提出的一个想法，我觉得仍然很好，我们或许会做，或者其他人也可以做。

It was an idea that we had that I still think is a good idea that we may do or others should do.

但是，是的，这就像是在问：两天后是什么时候？

But, yeah, it's just it's like when when is two day?

而有趣的是，你或许能借此对冲这种风险。

And then and then and what's cool about that is you'd be able to maybe hedge against this risk.

比如，如果你担心BIP协议无法及时准备，这正是人们常说的预测市场的优势所在。

Like, if you were worried that, like, BIP protocols weren't gonna prepare, this is kinda like what people talk about is the good thing about prediction markets.

你可以对冲某些事件的风险。

You can, like, hedge risk against certain events.

当然，这都只是理论上的，现实中往往因为流动性问题而难以实现。

Obviously, that's all in theory, often not in practice given how liquidity works there.

但我觉得这确实是个好主意。

But, yeah, I think it is a good idea.

好的。

Okay.

所以，我想谈谈你提到的关于中本聪的币以及销毁是否是个好选择的问题。

So, you know, I just wanted to address your comment about, Satoshi's coins and, you know, whether or not burning is a good option.

我在我的节目中采访了比特币开发者、核心开发者马特·科拉洛，聊了这个话题。

I interviewed Bitcoin developer, core developer, Matt Corallo on my show about this.

他说，他认为社区显然会决定销毁所有公钥已暴露的币。

And he said that he thought clearly the community was going to choose to burn all the coins where the public key was exposed.

在我看来，这太疯狂了。

I thought that was crazy in my opinion.

我不是说我不清楚人们是否会选这个，他们也许会，但我觉得这件事会这么轻易解决，这让我觉得不太可能。

Not that I'm saying, I don't know if, whether or not people choose that is, they might, But the notion that like it would be kind of easy to resolve that that struck me as implausible.

即使最终结果真是这样，我认为也会引发一场巨大的争论。

I just even even if that was like the end outcome, I think there would be a huge fight.

这就像一件拖得很长的事情。

It's just like a big drawn out thing.

但不管怎样，让我们再多聊聊之前提到的‘已广播攻击’，就是交易已经被发送到内存池时发生的那种攻击。

But anyway, so let's talk a little bit more about the on spend attack that we mentioned, which is the one that happens when the transaction has been sent to the mempool.

所以，假设我们处在一个后量子世界，而比特币——好吧，是的，我们用比特币举例——还没有实现后量子安全。

So let's say that we're in this post quantum world and you know, Bitcoin or well, yeah, let's when we we'll use Bitcoin, has not, become post quantum.

我发送了一笔交易，或者说我广播了一笔交易。

And I, you know, send send a transaction or I broadcast a transaction.

那么，具体会发生什么呢？

So, like, what exactly happens?

是的。

Yep.

所以今天，如果我广播一笔交易，会发生什么？

So today, if if I, like, broadcast a transaction, what what what happens?

我发送了一笔交易。

So I send a transaction.

交易到底是什么？

What is this what is a transaction even?

它本质上是一条以特定格式组成的网络消息，由我、你或任何发送者数字签名，内容是将1个比特币、0.1个比特币或100个聪转账给劳拉。

It's basically a message to the network that's formed a certain way that's digitally signed by me or you or whoever was the sender that says transfer 1 Bitcoin or 0.1 Bitcoin or 100 sats to Laura.

签名者：亚历克斯。

Signed, Alex.

基本上，这就是一种简单的理解方式，差不多就是这么回事。

Basically, that's I mean, it's like a simple way to think of That's kinda what it is.

对吧？

Right?

为了验证这个签名，关键是要包含公钥。

And in order to verify that signature critically, you need to include the public key.

而且，也许对于一些不太了解的听众来说，比特币地址——也就是你用来转账给收款方的东西。

And and so and that's and maybe just for your listeners that may not be aware, Bitcoin addresses, which is kinda how you send money around.

它就是你指代收款方时所用的那串信息。

It's like the thing you reference when you're sending the recipient.

这个地址是公钥的哈希值。

That address is a hashed public key.

现在是个好时机，来强调一下谷歌论文中的其他几点。

And this is a good good time to kinda highlight some other notes from the Google paper.

哈希，很多人可能知道，被用于挖矿。

Hashes, many people may be aware, are used in mining.

这是一种其他的密码学原语。

It's another cryptographic primitive.

你可以把它想象成，把某些东西从一侧输入，另一侧就会输出一堆随机杂乱的内容。

It's effectively you can kinda think of it as, like, put something in one side and a jumble of randomness comes out the other side.

它被用于挖矿以及许多其他用途。

It's used in mining and a whole bunch of other things.

谷歌论文实际上提到，对哈希存在一种量子攻击。

The Google paper actually said there's there is a quantum attack on hashing.

它被称为格罗弗算法。

It's called Grover's algorithm.

这不是肖尔算法。

It's not Shor's algorithm.

这是所有人都会面临的。

It's everyone.

谷歌论文指出，注意。

And the Google paper said, look.

格罗弗算法在近期不会构成威胁，原因有很多，但最重要的是，格罗弗算法所需的资源远不止一万个量子比特。

Grover's algorithm is not going to be a near term concern for a variety of reasons, but most importantly, just the fact that the resources that Grover's algorithm would require is not 10,000 qubits.

而是天文数字级别的量子比特数量。

It's like astronomical numbers of qubits.

所以，当然，我们不能对任何事情掉以轻心。

So we can probably you know, of course, we can never take anything for granted.

看看过去一年技术进展的速度就知道了。

Just look at how progress happened over last year.

但就目前而言，我认为我们或许可以认为肖尔算法才是更危险的那个。

But for now, I think we can probably view shorts as the most as the as the more dangerous one.

好的。

Okay.

那么回到交易的例子。

So back to the transaction example.

我发送了我的公钥，因为它被哈希在地址中，但我必须公开它。

I sent I exposed my public key because it was hashed in an address, but I have to expose it.

这很重要，因为在数字签名算法中，比如ECDSA（椭圆曲线数字签名算法），验证者要确认签名的真实性，必须将公钥作为输入。

And that's that's important because in digital signature algorithms, ECDSA, the elliptic curve digital signature algorithm, the verifier to to know that the signature is authentic has to take as input the public key.

他们使用公钥和签名，运行一个算法来判断该签名是否有效，是或否。

They take the public key, they take the signature, and then they run an algorithm that says whether or not that signature was valid, yes or no.

好的。

Okay.

那么这和比特币有什么关系？量子计算又如何介入其中？

So what does this have to do with Bitcoin and how does quantum enter in?

这里有一个叫做最终性的概念，而比特币在这方面有点特别。

Well, there's this concept of finality, and Bitcoin is a little funny.

我的意思是，说这很有趣有点奇怪，因为这本来就是最初的做法。

I mean, it's it's kinda funny to say that it's funny because it was the original way to do it.

但你知道，如今大多数其他协议都使用一种叫权益证明的东西，它能提供更稳固的最终性，姑且这么讲吧。

But, you know, most other protocols these days use something called proof of stake, which kind of has a much firmer sense of finality, guess, if you will.

在比特币中，矿工挖出区块时，有可能两个矿工同时找到同一个区块，而整个网络可能需要几个区块的时间才能确认哪一条区块链的末端才是正确的。

In Bitcoin, there's a chance that as miners mine a block, two miners find the same block at the same time, and it may take a couple of blocks for the network as a whole to kinda recognize which tip of the blockchain is the right blockchain.

也就是，哪一条末端对应着正确的区块链。

Like, which which tip corresponds to the right blockchain.

对吧？

Right?

所以这就是为什么当你向Coinbase发送一笔交易时，比如我要向Coinbase存入一些比特币。

And so this is why if you send a transaction to Coinbase, you're like, I'm depositing some Bitcoin in Coinbase.

他们通常要等一个小时才显示，我认为这曾是标准做法。

They typically don't show it until an hour, I think, is standard or used to be standard.

原因是他们想留出几分钟让区块得到确认。

And the reason is they wanna give a few minutes for blocks to confirm.

对吧？

Right?

因此，这篇谷歌论文指出，他们估计的双花攻击理论上可能在九分钟内完成。

And so what this Google paper is saying is their estimate for an on spend attack, they claim, could be run within a nine minute interval, potentially.

他们提出了很多想法，比如你可以进行预计算，如果你已经准备好并等待，最佳情况下只需要九分钟。

And they have a lot of ideas for how it's like you could run a pre pre computation and basically if you were if you were ready and waiting, it would take nine it's kind of nine minutes is best case.

对吧？

Right?

但这里的窗口期实际上是一小时。

But the window here is really an hour.

对吧？

Right?

所以九分钟肯定少于一小时。

So nine minutes is definitely less than an hour.

因此，即使在不太理想的情况下，借助一台快速的量子计算机，我也可能进入内存池，发送一笔不同的交易，使用你广播的公钥来恢复你的私钥，然后用更高的手续费签署另一条消息，说：其实别把我的比特币转给律师了。

So even in less than ideal conditions, it's possible with a fast clock quantum computer that I could go in the mempool, send a different transaction, signing a message that I use your public key to you know, I use your public key that you broadcast to recover your private key, sign a different message with a higher fee, and be like, actually, don't send, you know, my Bitcoin to lawyer.

亚历克斯，把亚历克斯的比特币发送给多列夫。

Alex, send Alex's Bitcoin to Dolev.

很抱歉在故事里把多列夫塑造成反派，但为了举例说明，我们就这么假设吧。

I'm sorry to make Dolev the villain here in the story, but let's just say for a point of example.

对吧？

Right?

这就是在实时量子花费攻击中会发生的情况。

And so that is what would happen in a real time on spin attack.

在我最终总结这个回答之前，还有一件事：你不能只把场景设定为比特币尚未迁移的情况。

Now one more thing before I before I, you know, kinda conclude this answer is, this doesn't only it's like you frame the scenarios like if Bitcoin hasn't migrated yet.

在这种情况下，量子对手可能发动花费攻击，窃取你的比特币，导致你无法动用资金。

And this would be what would happen and you wouldn't be able to spend because potentially quantum adversary could run it on spend attack and take your Bitcoin.

此外，如果你尚未迁移到抗量子地址类型，一旦实时攻击成为可能，你就无法再以无许可的方式完成迁移。

The other thing that this effectively closes off is if you haven't migrated to a post quantum address type, say, then after real time attacks become possible, you can no longer do it in a permissionless way.

因为，想象一下，迁移过程会是什么样子？

Because because what what is like what would this what would a mic let's just imagine what a migration look like.

让我们想象有一种后量子安全的UTXO类型，而我的资金目前存在于一个由P2PKH或P2PKWH保护的现有UTXO中。

Let's imagine there was a UTXO type that was post quantum secure, and I have my funds in an existing UTXO that's secured under p to p k h or p to p k w h.

迁移的过程就是我把这些资金发送到网络上的这个新类型地址。

The the migration would look like me sending those funds on the network to this new thing.

对吧？

Right?

所以你就被困住了。

And so you're stuck kind of.

因为你可以想象，最坏的情况是，量子攻击者或其他什么人只是在等待有人暴露自己，然后一举得手。

Because if you if it's like, you know, you can imagine, like, worst case scenario, the quantum adversaries or whatever, they're just waiting for someone to come about and just, like, expose themselves, and then they gotcha.

所以这再次说明了，为什么我最初对这个问题产生浓厚兴趣——因为一旦现实中的实时攻击成为可能，情况就变得很严峻。

And so this is, again, this is, like, one of the original reasons why I started really get getting really interested in this problem is because, again, at the point, you have these real time attacks possible.

这基本上就结束了。

It's kind of it's over.

到了那个时候，你的资产就不再属于你了，就像萨托西的币一样，那些币在那时几乎等同于萨托西的币，因为你根本拿不回来了。

Like, you're not the assets at that point, back to Satoshi's coins, like, all of those coins at that point might as well be Satoshi's coins because you're not getting them back, really.

而且，你知道，当然，这有点模糊不清。

And, you know, and, like, of course, that you can that that's a little bit hand wavy.

比如，其实是有办法可以做到的。

Like, there are ways you can do it.

也许你可以设计一个零知识证明系统。

Maybe you can come up with a zero knowledge proof system.

也许你可以使用私有内存池，但这些方法都无法提供与传统比特币网络相同的保障。

Maybe you could use a private mempool, but none of them give you the same it's not the same guarantees that you would get with a typical Bitcoin network.

我希望这有所帮助。

I I hope that was helpful.

哇。

Wow.

好的。

Okay.

这真让人害怕。

That is frightening.

我写问题的时候写的是加密货币，但当我口头问你时，我让你用比特币作为例子。

So the way that I wrote my question is I actually wrote crypto, but when I verbally asked it to you, I asked you to use the example of Bitcoin.

我只是想回忆一下论文里，我觉得他们并没有说‘旋转攻击’只适用于比特币。

I'm just trying to remember in the paper, I think they didn't say this on spin attack was only possible Bitcoin.

他们说的是，这种攻击在公共区块链上普遍可行。

They said it was, like, generally possible on public blockchains.

这样对吗？

Is that correct?

对，也不对。

Yes and no.

我觉得，再次强调，比特币区块时间这么慢，这使得它特别容易受到攻击。

I I think so, again, the the fact that Bitcoin's block times are so slow means that that's kinda, like, makes it especially vulnerable.

还有其他类似比特币的区块链，比如比特币现金，它们的区块时间或参数也差不多。

There are other block like Bitcoin Cash, other variants of Bitcoin, like, it's you know, have similar block times or similar parameters.

狗狗币，我想是莱特币的一个分叉。

Dogecoin, I think, is a fork Litecoin.

这是比特币的一个分叉。

There's a fork of Bitcoin.

所以，从技术上讲，这些其他区块链也可能存在这种可能性，但主要还是取决于区块时间。

So, technically, they would be possible in some of these other context too, but it kinda just depends on the block time.

值得注意的是，如果你看看比特币之后出现的一些区块时间更快的区块链，这实际上意外地构成了对量子实时攻击的一种防御。

Notably, if you look at some of these blockchains that have come out since Bitcoin that have faster block times, It kind of, like, accidentally is a defense against real time attacks on quantum.

对吧？

Right?

因为量子节点……我的意思是，理论上它们还可以进一步优化，而九分钟只是开始，而不是量子计算机能力的终点。

Because you just the quantum peer I mean, it's possible they optimize even more, and nine minutes is only the beginning, not the end where quantum computers get.

目前，以太坊的区块时间大约是十五秒。

For now, like fifteen seconds is what you use the Ethereum block on.

我觉得还是十五秒。

I think it's still fifteen seconds.

十二秒。

Twelve.

是十二秒。

It's twelve.

这就对了。

There you go.

所以十二秒对于量子计算机来说快得太多了，根本来不及发动双花攻击。

So twelve seconds is like much, you know, much too fast for a quantum computer to do an on spend attack.

现在以太坊有其他一些独特的问题，但至少在这一点上，你目前应该是安全的。

Now Ethereum has other problems that are unique to it, but at least that is is you're probably safe for now.

好的。

Okay.

明白了。

Okay.

在我们深入讨论比特币和以太坊的具体细节之前，我其实也很好奇，因为我看到有人发了条推文。

So before we dive into, like, specifics about Bitcoin and Ethereum and all that, I did also just wonder so I I saw somebody actually tweet this.

他们想知道，为什么谷歌选择把论文聚焦在区块链上，毕竟有那么多系统都容易受到量子计算的威胁。

They were wondering why Google chose to focus their paper on blockchains because there are so many systems that would be vulnerable to quantum computing.

我很好奇，你对它们为什么选择这么做有什么看法吗？

And I was curious if you had any thoughts on why they chose to do that.

我很喜欢被问到这个问题。

So we I I I love getting this question.

事实上，在Project 11，我们一直维护着一份清单，记录我们认为常见的误解和谬见。

And in fact, at Project 11, we maintain a running list of what we consider to be myths common myths and myths misconceptions.

我认为这一条我们编号为11。

I believe this one we we've numbered as 11.

你知道的，这不是双关语。

You know, no pun intended.

但确实如此。

But yeah.

好吧。

The okay.

是的。

Yes.

密码学通常会受到能够运行Shor算法的量子计算机的影响。

Cryptography generally is affected by quantum computers that can run Shor's algorithm.

具有密码学相关能力的量子计算机。

Cryptographically relevant quantum computers.

然而，没有任何系统像数字资产这样依赖它。

No system though is as reliant on it as digital assets are.

为什么会这样？

Why is that?

嗯，有两个原因。

Well, for two reasons.

第一，那些在区块链之外使用密码学的机构，比如银行、互联网公司，以及一大堆中心化组织，我们来想象一下，如果出了问题会怎样。

One, the organ like, organizations that use cryptography outside of the blockchain context are like banks, Internet companies, a bunch a bunch of centralized organizations where, like, let's imagine something went bad.

假设某个量子攻击者试图入侵银行账户，或者试图劫持一笔瑞士交易。

Let's imagine somehow, like, a quantum attacker was, like, trying to infiltrate a bank account or do some you know, trying to hijack some Swiss transaction.

毕竟，总会有某种机制，让一群人能够聚在一起，说：嘿。

Like, there's a mechanism for a group of people to get together at some level and just say, hey.

这种事情从未发生过。

That never happened.

我们不把这算在内。

Like, we're not counting that.

我们会回滚它。

That's we're rolling it back.

我们会修正这个问题。

We're amending this.

这是因为，这些由中心化公司维护的账本或数据库都是集中管理的。

And it's because, like, these ledgers that centralized companies maintain or databases are centrally maintained.

有人可以轻易地修改它们。

Someone can just change them.

对吧？

Right?

但区块链的情况并非如此。

That's not the case with it.

换句话说，这恰恰违背了比特币或任何区块链应有的本质。

Like, literally, that's the that's that's the antithesis of Bitcoin or any blockchain or it's supposed to be.

对吧？

Right?

这正是它们被发明的原因。

It's why they were invented.

所以我认为这是其中一点。

So I think that's one thing.

我认为另一点是，我们再举一个常见的例子。

I think the the other thing is let's take another common example.

人们常说，好吧，我来举个极端的例子——核发射密码。

People are like I mean, I'll pick the straw man, the nuclear launch codes.

亚历克斯，我们为什么要关心量子计算机？

Alex, why should we care about a quantum computer?

因为如果真的出现了量子计算机，人们就能获取核发射密码，那就会引发核浩劫。

Because if god, you know, if the quantum computer comes out, people will get the nuclear launch codes, it'll be nuclear holocaust.

我的意思是，这个例子很荒谬，但我用它是因为它具有说明性。

I mean, that's a it's a ridiculous example, but I'm I'm using it because it's illustrative.

就像，核发射密码到底是怎么工作的？

It's like, how do the nuclear launch codes work?

我可以问你。

I could ask you.

我可以问任何人。

I could ask anyone.

答案是，根本没人真正知道。

The answer is, like, no one really knows.

也许有答案，也许用的是公钥加密，但关于公钥加密如何使用的那些信息，并不是公开的。

And there probably maybe is an answer and maybe it uses public key cryptography, but the but that is not a you know, those the information about how public key cryptography used is not public.

所以这并不像我们来比较一下中本聪的比特币地址，或者他使用的那些地址。

So it's not unlike let's compare it unlike Satoshi's Bitcoin address or addresses they use in mind.

这些地址都公开在互联网上，任何人都能找到并看到，因此这可以说是唾手可得的低垂果实。

Those are just public on the Internet for anyone to find and see, and so that is kind of the lowest hanging fruit.

因此，对于加密货币来说，这不仅更具存在性意义，而且获取运行肖尔算法所需的信息也容易得多。

So not only is it more existential for crypto, it's much much easier to get the information you need to run on attack like Short's algorithm.

顺便说一句，这并不是说加密世界之外的人们没有认真对待这个问题。

So while it is and by the way, like, this none of this is to say that the the outside of crypto, the world is not taking it seriously.

事实上，可以说他们更加重视这个问题。

In fact, arguably, they're taking it more seriously.

许多互联网公司，比如Cloudflare，我认为通过Cloudflare的互联网流量中已有50%正在使用后量子密码学。

A lot of Internet companies, Cloudflare, for example, I believe 50% of all Internet traffic through Cloudflare is already using postcone photography.

对吧？

Right?

所以确实有人正在积极推进这件事。

So there are people that are like moving forward on this.

谷歌自己也表示：对于我们的所有内部系统，你们已经参考了这些数据，我们计划在2029年前完成过渡。

Google itself was like, hey, for all of our internal systems, you referenced this data already, like, we're going by 2029.

这比NIST提出的时间表提前了六年。

And that's a six years ahead of what the NIST has said.

而且我确信，他们为此投入了数百万美元，因为他们认为自己的系统存在风险。

And there's, I'm sure, spending millions of dollars to do that because they think there's a risk to their systems.

我的意思是，他所说的这一切都有道理。

Mean, all of that stuff he made sense.

这些都是加密货币爱好者喜欢加密货币的原因，但同时也让加密货币特别容易受到量子计算的攻击，这确实有点讽刺，挺有意思的。

These are all the things that crypto people love about crypto and yet they do make it especially vulnerable to quantum, which is, yeah, it's just interesting, slightly ironic.

现在我们来聚焦比特币，我想我们第一次他上节目时已经讨论过这个话题了。

Let's now focus about Bitcoin, which I think we already talked about the first time he came on the show.

正如我提到的，当我采访马特时，我对他的回答几乎完全不印象深刻。

And as I mentioned, when I interviewed Matt, I really was not impressed with his responses pretty much at all.

所以，社区里有很多人一直在发声，认为比特币社区还没有做好准备。

So, you know, there's been a lot of people in community that have been making noise about how they feel like the Bitcoin community is not prepared.

今天我看到一些推文也谈到了这个问题。

And today I saw, a number of tweets in that realm.

比如，Synchronic Capital的瑞安·沃特金斯发推说：‘根据今天的新闻，后量子技术成为ETH、ZEC甚至Solana而非比特币的合法叙事的可能性要高得多。’

Like for instance, Ryan Watkins of Synchronic Capital tweeted, quote, with today's news, the probability that post quantum becomes a legitimate narrative for ETH, ZEC, and even Sol versus BTC is much higher.

然后他写道，比特币开发者需要尽快把事情理顺。

Then he wrote, Bitcoin devs need to get their shit together as soon as possible.

我只是想强调一下，在谷歌的论文中，他们有一个图表，展示了前10万个易受攻击地址的比特币余额。

I just wanted to highlight, like in the Google paper, they had this little graphic of the Bitcoin balance of the top 100,000 vulnerable addresses.

加起来是670万枚BTC，按今天的市值大约是4500亿美元，虽然还不是一半，但占其1.3万亿美元总市值的相当大一部分。

And that tallies to 6,700,000.0 BTC, which is about four fifty billion dollars today, which that's not quite half, but a sizable chunk of its $1,300,000,000,000 market cap.

所以我就在想，当你看到比特币如此去中心化时，人们普遍觉得它在协调行动方面面临挑战。

So I just wondered, when you look at how Bitcoin is so decentralized, people you know, feel that it faces challenges when it comes to cord coordination.

因此，如果你今天是一名比特币开发者，你会采取什么措施来确保社区能及时应对量子威胁？

So if you were a Bitcoin developer today, what would you do to try to ensure that the community can face this quantum threat in time?

很好。

Great.

而且让我顺便做个毫不掩饰的推广，既然你提到了谷歌的数据，他们使用了我们的数据——Project 11、Riskless，还有用户数据，我们也在论文中引用了这些内容。

And let me just quickly make a shameless plug since you mentioned that Google numbers, they use our data, Project 11, Riskless, and and and user and we're so so we're citing the paper.

如果有人感兴趣，可以访问我们的网站 project11.com，上面有一个量子风险列表和地址栏。

And anyone, if you're interested, you can go to our site, project11.com, and there is a risk with queue list and an address bar.

你可以输入你的地址，这有点像你如果还记得网络安全早期的‘我是否被黑了’（Am I Pwned）那种功能。

And you can put in your address and, like, effectively, it's kinda like the am I pwned thing if you don't remembers that from old days of cybersecurity.

你可以查出你的公钥是否已经泄露。

You can find out if your public key is exposed.

所以我只是想向任何感兴趣的人，或者想知道这些数据来源的人说明这一点。

So I just wanted to make that point to anyone who who may be interested or know where that data came from.

好的。

Okay.

如果我是比特币开发者，首先我会说，比特币的一个优势。

If I was a Bitcoin developer, first off, I would just say, like, a strength of Bitcoin.

我不会反驳Matt或其他人所说的观点，即比特币的高度去中心化确实是一种哲学上的优势，我认为这增强了他们和许多其他比特币持有者所相信的信念——即比特币是数字黄金。

I'm not I'm not I wouldn't argue with Matt or many others that to say that, you know, the fact that Bitcoin is so decentralized is a certainly a philosophical strength that I think lends credence to what, you know, they and many other folks who hold Bitcoin want to believe about it, which is digital gold.

黄金对人类来说意味着什么？

Like, what is what is gold to humans?

它是所有自由人群中，用于对抗任何法定货币的价值储存手段。

It's like the store of value of all free, you know, to beat any fiat currency.

所以人们就是这样看待它的。

So it's kinda like that's how people like to think of it.

对吧？

Right?

没有任何单一实体能左右局势，这本身就是一种优势。

The fact that there's no single actor that can drive things one way or the other is a is a strength.

我不会否认这一点。

I I I won't deny that.

正如你所指出的，这正是比特币当前面临挑战时的意图，我想这也是布莱恩·斯威特精神的体现。

As you pointed out, it's kind of intention with the current challenge that Bitcoin faces, and this is I think kind of the spirit of Brian Sweet.

所以，我要说，即使我是一名比特币开发者，我也会说得更强烈一些。

So look, I will say even something even stronger than if I were a Bitcoin developer.

我会采取一些行动。

I would I would do something.

我想我们Project Eleven在这里致力于将数字资产迁移到后量子时代，并加以保护。

Think we at Project Eleven are here building digital you know, we're we're here to migrate and protect digital assets into the post quantum future.

我们想为量子未来构建量子时代的基础设施。

We wanna build the post quantum rails to post quantum future.

我相信比特币或类似比特币的东西应该成为未来的一部分。

I believe Bitcoin or something like Bitcoin should be part of that future.

因此，我们正在钱包层面和基础设施层面为比特币开发产品。

So we are building stuff at the wallet level, infrastructure level for Bitcoin.

因为现在，在缺乏开发者共识的情况下，这正是你能做的。

Because that's kinda right now, like, you know, in absence of developer consensus, that's what you can do.

所以我们正在这么做。

So we are doing that.

我认为应该有更多人这样做。

And I think more people should do that.

我认为太多人过于纠结于。

I think too many people, I think, get hung up on.

我们必须在所有事情上达成一致。

We have to all agree on everything.

你看，我的意思是，确实有些事情你最终需要达成共识，比如币种本身。

Look, I mean, are certainly things that you need to come to consensus about at some points, those are coins for example.

但还有很多工作现在就可以开展，比如探索算法、运行Signets和TestNets、构建钱包基础设施或钱包迁移工具。

But there's a lot of work that can be done now in terms of exploring algorithms, running Signets and TestNets, building wallet infrastructure or wallets migration tools.

我们实际上推出了第一个产品，叫做黄页，它本质上是一种准迁移工具，让你创建一个新的后量子密钥，然后用这个签名来签署你的比特币密钥。

We launched actually our first product with something called Yellow Pages, which is basically kind of a quasi migration tool to let you create a new post quantum key and then sign with that signature your Bitcoin key.

目的是为了避免我之前提到的那种情况——即在某个时间点你无法再进行迁移。

So to prevent that thing I said earlier where it's like you couldn't migrate at a certain point.

所以，你看，还有很多事情可以做，我只想鼓励比特币开发者以及整个生态系统中的开发者认真对待这个问题。

So, look, there's a lot that can be done, I would I would just encourage Bitcoin developers and developers across the entire ecosystem to start taking this seriously.

认真对待这个问题意味着行动，而不是空谈。

And start taking this seriously means action, not talk.

比如，这很棒。

Like, it's great.

确实有一些研究，我们也应该做研究。

There's some research, and we should do research.

但我们还应该将这些研究付诸实践。

But we should also put this research into practice.

例如，我们与Solana合作做了一些事情，我们从Solana基金会获得了资助，他们在这方面也相当积极，以太坊基金会也是如此。

And so something we've done with Solana, for example, we we had a grant from Solana Foundation who who's kinda leaning forward in this as well as the EF.

他们说：嘿。

They're like, hey.

把这些后量子签名放进测试网，让我们做一些性能评估。

Put these post quantum signatures in a test net for us, and let's do some performance evaluations.

如果直接把这些签名加入网络，网络会发生什么变化？

How does the network what happens to the network if we just drop in these signatures?

这些正是我们必须在各处开展的实验，因为我们不能——再次强调——只是空谈这个工程挑战，我们不应该轻视这个工程挑战。

These are the kind of experiments that we're gonna have to run all over place because we can't again, we're not just hand waving this engineering challenge or we shouldn't hand wave this engineering challenge.

所以，我希望刚才说得足够具体了。

So I hope that was specific enough.

我们会继续致力于比特币相关的工作。

We will be working on Bitcoin stuff.

我认为每个比特币开发者都应将此列为最高优先级，因为我认为这如今是比特币面临的最大的技术挑战。

I think every Bitcoin developer should make this the top priority because I don't think there's a bigger technical challenge to Bitcoin today.

我认为这一建议同样适用于所有数字资产。

And I think that advice applies across the board digital assets.

目前有一个比特币改进提案，编号为360，它提出了一种名为支付至默克尔路径（P2MR）的新脚本类型。

So there is a Bitcoin improvement proposal out there, three sixty, and it puts forward a new script type called pay to Merkel route P2MR.

那么，这到底是什么？

What so what is that?

你知道，为什么它是抗量子的？你对这个提案有什么看法？

You know, why is that post quantum, and what do you think of this proposal?

我觉得这很棒。

I think it's great.

我觉得这个团队非常出色。

I think the team is great.

我再次强调，只要是有人在任何方面致力于这一领域的研究，我都会为他们加油鼓劲。

I again, like, I'm I'm I'm cheerleading anyone who's working on any aspect of this in all its forms.

话虽如此，我想具体来说是什么？

That said, I think what what is it specifically?

它实际上禁用了Taproot交易的密钥路径花费。

It's effectively disables the key path spend for taproot transactions.

关于密钥路径花费，我不打算深入Taproot的细节——说实话，我对这些也不太熟悉——总之，当你进行Pay-to-Taproot密钥路径花费时，你的公钥会暴露出来。

The key path spend, without getting into the nitty gritty of taproot, which quite frankly I'm not that familiar with anyway, the upshot is that when you do a pay to taproot key path spend, you expose your like, your public key remains exposed.

而这显然不好，回到慢时钟和快时钟的问题上。

And so that's obviously bad going back to, like, slow clock, fast clock.

如果你的公钥暴露了，无论是慢时钟还是快时钟都可能对你构成威胁。

If it's, you know, if your public keys are exposed, either slow clock or fast clock could get you.

因此，BIP 360在当前形式下实际上堵住了这个漏洞。

And so what BIP three sixty does in its current form is it effectively closes that door.

所以现在如果你使用Taproot，你就不会暴露你的公钥。

So now if you're using taproot, you're not going to expose your public key.

因此，它可能减少易受慢时钟攻击的比特币数量。

So therefore, it could reduce the number of vulnerable Bitcoin in the set of vulnerable to slow clock on computers.

但以当前形式，它并未向比特币添加后量子签名，也没有使比特币具备后量子安全性。

But in its current form, does not add post quam signatures to Bitcoin or make Bitcoin post quam secure.

因此，我会将此视为一个重要但微小的步骤，终究只是众多必要步骤中的一项。

So I would view this as an important step, a small step, but an important one, but ultimately just one of many steps that have to happen.

好的。

Okay.

而以太坊面临的是另一组风险。

And then Ethereum faces a different set of risks.

谷歌的论文引用了多个不同层面的风险，包括智能合约层、L2层和基础层。

The Google paper cited like a number of different risks at different levels, kind of at the smart contract level, L twos, the base layer.

老实说，我很惊讶谷歌能深入到如此详细的程度，了解这么多内容，但有些例子，比如漩涡缓存匿名池在无人察觉的情况下被耗尽，直到余额归零。

Really frankly was impressed that Google went into all this detail and knew this much, but some of the examples were like, or a tornado cache anonymity pool being trained without anybody noticing until the balance went to zero.

它甚至提到了零知识滚动（ZK rollups）以及基础层上的不同攻击类型。

It even talked about like ZK rollups, like different types of attacks there at the base layer.

你能简单描述一下，你认为以太坊面临哪些这类漏洞，以及你认为它在应对量子威胁方面有多大的准备度吗？

Can you just, you know, describe a little bit, like, what you think Ethereum is facing in terms of these vulnerabilities and how well positioned you think it is to face the quantum threat?

当然。

Absolutely.

所以我来谈谈优缺点。

So I'll say pros, cons.

首先，解决一个问题的重要第一步是意识到问题的存在。

First off, big pro, you know, kind of step one to solving a problem is meaning you have a problem.

贾斯汀·德雷克是谷歌论文的合著者之一。

And Justin Drake and Justin Drake's a coauthor on the Google paper.

贾斯汀·德雷克领导着以太坊基金会，我认为他特别致力于将抗量子安全纳入他们的精简路线图中。

Justin Drake leads the EF, and and I think in particular is is really focused on making as part of their lean road map, making post quantum a part of it.

有很多人在研究这个问题。

And there's a lot of folks working on it.

这很棒。

That's great.

巨大的优势。

Huge pro.

我认为第二个优点是以太坊的区块时间。

I would say pro two is Ethereum block times.

十二秒。

Twelve seconds.

我们已经讨论过这一点了。

We already covered this.

所以你可能不需要担心在不久的将来会出现快速时钟攻击，至少对以太坊来说是这样，希望如此。

Not then you don't probably have to worry about fast clock, you know, on spend attacks at, you know, anytime soon probably for Ethereum, hopefully.

至少比特币会先受到威胁。

At least Bitcoin will be vulnerable first.

对吧？

Right?

所以你至少会有一个预警信号。

So you'll least have it some kind of canary in the coal mine.

所以这是好事。

So that's good.

以太坊比比特币更复杂。

Con, Ethereum is more complex than Bitcoin.

所以需要修复的地方更多。

So there's more to fix.

事实上，我们确实做了一些工作。

In fact, you know, we've we've, you know, done some work.

我们与以太坊基金会就一些事项进行了某种程度的合作，因为基金会已经将工作分成了几部分。

We collaborated somewhat with the EF on on various things because they like, the EF has kind of split the effort on, hey.

我们必须保障共识的安全。

We have to secure consensus.

请记住，以太坊使用的是权益证明共识机制。

Because remember that Ethereum uses proof of stake consensus.

权益证明基本上就是，我存入一些资金，然后声明我支持这个区块，也支持那个区块。

Proof of stake is basically like, you know, I put some money deposits money, and I say, I vouch for this block, and I vouch for this block.

这里的‘支持’可以替换成‘签名’，这意味着存在一个数字签名。

And when vouch here, you can replace with sign, and that means there's a digital signature.

在后量子世界中，这种数字签名显然可以被伪造。

That digital signature can obviously be forged in a post one world.

因此，以太坊链下扩展路线图的很大一部分是关于保障共识安全，因为现在的共识正在被破坏。

So a big part of the Ethereum link PT roadmap is about securing consensus because that that is now breaking.

比特币没有这个问题。

This is a Bitcoin does not have that problem.

但以太坊有，任何真正的权益证明协议都有这个问题。

Ethereum does, though, and any really proof of stake protocol does.

所以他们必须解决这个问题。

So they have to solve that.

他们还必须解决钱包层面的问题。

They also have to solve the wallet level.

我们该如何处理所有的资产呢？

Like, what do we do with all the assets?

对吧？

Right?

与比特币不同，以太坊还存在围绕智能合约的复杂性，这些智能合约发行了资产，而这些资产又部署在与以太坊锚定的二层网络上。

And there's unlike Bitcoin, there's this whole complexity around smart contracts that exist in assets that are issued from smart contracts and assets that are issued on l twos that are anchored to Ethereum.

因此，以太坊的整体攻击面要大得多。

And so the attack surface of Ethereum overall is much, much bigger.

由于存在大量智能合约，你需要协调的利害关系方也多得多。

And because of all the smart contracts, you have, like, a lot more stakeholders that you kinda have to coordinate.

总的来说，我认为这是一个巨大的挑战。

So broadly speaking, I think it's a huge challenge.

而且，我认为以太坊基金会正在积极应对这个问题，但这并不意味着它不是一个极其巨大的挑战。

And again, I think EDF is leaning into solving it, but it doesn't mean that it's not a massive, massive challenge.

是的，没错。

Yeah, yeah.

比特币仅仅依靠社区自身的惯性，再加上社区极其保守，但事实上，真正维护比特币核心代码库的人其实非常少。

So Bitcoin has just sort of the inertia of the community itself, but then also the fact that they are so conservative, but the truth is there's really just a small number of people that actually maintain the Bitcoin core code base.

以太坊则完全不同。

Ethereum is so different.

这就像有多个客户端。

It's like there's multiple clients.

这是一个完整的DeFi生态系统，任何人都可以在上面部署智能合约。

It's this whole DeFi ecosystem that anybody can put a smart contract on there.

用户可能会把钱投入其中，却不知道它不具备抗量子计算能力。

Users might put money into it, not knowing that it's not post quantum.

可能出问题的方面简直多得不可胜数。

There there's just like just the universe of things that could go wrong is so much bigger.

完全正确。

Totally.

是的。

So yeah.

我想快速说一下，想想稳定币。

Think about I was gonna say quickly, think about stablecoins.

想想大家都在试图用稳定币做什么，把所有的加密复杂性都抽象掉，也许这些复杂性只是在后台运行。

Think about what everyone's trying to do with stablecoins, abstract away all the cryptographic complexity, maybe they run under the hood.

你到底能做什么？

What the heck are you gonna do?

对吧？

Right?

因为，理论上，人们拥有发送稳定币的密钥。

Because, like, people are theoretically have keys to send stablecoins.

也许他们以前从未接触过以太坊区块链，但现在却不得不进行迁移。

Maybe they've never even been exposed to the Ethereum blockchain before, and and now they have to migrate somehow.

我的意思是，正如你所说，这非常复杂。

I mean, is, to your point, it's very complex.

是的。

Yeah.

让我们也谈谈其他区块链，因为这篇论文提到了一些从一开始就具备抗量子特性的区块链。

So let's also talk about other blockchains because the the paper cited some blockchains that it said, quote, stand out as post quantum from inception.

我实际上从未听说过这些区块链。

I've actually never heard of any of these.

我甚至都不想说出它们的名字，因为它们太隐蔽了，我也不确定。

I kind of don't even want to name them because they're so obscured that I I don't know.

或者也许你觉得这没什么问题。

Or or maybe you you think it's fine.

我不知道。

I don't know.

但我只是想知道，仅凭这个功能，你认为现在就足以让这些链占据优势吗？

But I just wondered, like, is that feature alone something that you feel at this moment in time gives those chains a leg up?

还是你觉得更成熟的链最终会迎头赶上？

Or do you feel like the more proven chains will eventually get their act together?

你知道吗？你是怎么看待这个问题的？

You know, And how how do you think about that?

我认为关键在于，我认为未来链上价值会存在于哪里。

I think it comes down to I I think I think I think it comes down to where in the future we think value on chain will exist.

那些从一开始就采用量子安全密码学的区块链，实际上是在赌一个世界——在这个世界里，几乎所有现有链都无法成功迁移或来不及迁移。

The quantum first blockchains of which there are several that features some post quantum cryptography are effectively betting on a world, I think, where more or less all existing chains fail to migrate or don't migrate in time.

而如果区块链确实有用，那么根据定义，剩余的价值必然流向它们。

And then to the extent that blockchains are useful, then the residual value will have to therefore by definition flow to them.

这是有可能的。

That's possible.

我认为我们不能忽视这种可能性。

I think it looked like we can't discount that.

我们不能忽视这个世界。

We can't discount that world.

不过我认为，如果你去问今天的比特币持有者，告诉他们可以选择购买新的量子一层区块链，或者保留你的比特币并使其具备抗量子安全性。

I think though, if you ask the average holder of Bitcoin today and you said, hey, you have a choice to either buy some new quantum l one or keep your Bitcoin and make it post quantum secure.

大多数人可能更倾向于前者。

Most people would probably just prefer the former.

对吧？

Right?

不过话说回来，从某种有趣的角度来看，所有这些区块链最终都会变成量子一层、抗量子一层。

Now that said, in kind of a funny way, all of these blockchains are going to become quantum l one, post quantum l ones.

因为说到底，这种后量子密码学其实就是需要取代椭圆曲线密码学的东西，而后者很可能需要由这些量子层一中的某种技术来替代。

Because, like, really, it's like, at the end of the day, this post quantum cryptography is the like, that the or the elliptic curve cryptography's got the what has to be replaced by something that probably one of these quantum l ones is using.

所以我认为，这些后量子层一面临的挑战在于，它们必须说服所有人，其他所有区块链在迁移过程中都会失败。

So I think I think the challenge that these post quantum l ones frankly will face is they have to convince everybody that all of the other chains will fail in their efforts to migrate.

但我认为人们现在还远未准备好接受这一点。

And I don't think people are ready to accept that yet.

他们也许在某个时候会接受。

They may at some point.

也许量子计算明天就实现了，那样的话，情况就会完全不一样了。

And maybe Quantum happens tomorrow, and then they'll probably have whole different ballgame.

但就连多列夫，正如我们前面所见，也不相信这一点。

But even Dolev is as we saw earlier doesn't believe that.

但我认为关于它们的一点很重要，也是量子层一一个非常棒的方面在于，它们是这些后量子算法的试验场，而我们未来很可能需要使用其中一种或多种。

So but that that but I think one important thing about them, and I think one really cool aspect of the quantum layer ones is it's a test bed for these quantum algorithms, post quantum algorithms that we'll actually have to use potentially, one or more.

这很棒。

And it's great.

这正是加密货币最棒的地方之一。

Like, this is one of the greatest parts about crypto.

这种加密货币就像是世界上最大的密码学漏洞赏金计划。

This crypto is kinda like the world's biggest cryptography bug bounty.

对吧？

Right?

这也是为什么比特币能够如此持久的原因之一，我的意思是，如果有人真的找到了一种经典方法来获取中本聪的比特币，他们早就该这么做了。

It's one the reasons that the CC has been proven so durable because, I mean, god, if someone somehow had a classical way to get Satoshi's Bitcoin, it feels like they would have done it by now.

所以我认为，这些量子层项目最终的作用，哪怕只是这一点，就是作为未来量子网络的测试平台。

And so I think so so I think the purpose ultimately these that these quantum layer ones will serve, if nothing else, is effectively being the test nets for what quantum networks generally look like in the future.

好的。

Okay.

我其实刚想问一个问题，我看到一篇论文把Algorand称为在原本易受量子攻击的区块链上实际部署后量子密码学的例子。

And I did actually just wanna ask one brief question, which is I saw that the paper called Algorand quote, an example of real world deployment of PQC post quantum computing on an otherwise quantum vulnerable blockchain.

所以我不太明白这是什么意思。

So I didn't know what that meant.

我很好。

I and I I I'm good.

我得先说明一下。

I have to caveat here.

我对Algorand的所有方面并不十分熟悉。

I'm not deeply familiar with all of the various aspects of Algorand.

不过，如果我没记错的话，Algorand有一种后量子地址类型，使用了NIST后量子签名方案Falcon。

If I recall, however, Algorand has a post quantum address type that uses a NIST post quantum signature scheme called Falcon.

因此，理论上，你可以将资金发送到Algorand上的这种新地址类型。

And so theoretically, I think you can send your funds on Algorand to this new address type.

但至于它是否与Algorand上的任何DeFi生态系统兼容，或者是否有人实际使用它，我就不得而知了。

Now whether or not it's compatible with any of the DeFi ecosystem on Algorand, whether or not anyone actually uses it, I cannot say.

但我确实知道他们有这项工作，这大概就是论文所指的内容。

But I know I I do know that they that they had this effort, and that's probably what the paper is referring to.

好的。

Okay.

所以最后一个问题是，你刚才简要提到了Project 11在帮助加密行业为后量子时代做准备方面所做的努力。

So last question, briefly alluded to some things that Project 11 is doing in its efforts to help the crypto industry prepare for this post quantum future.

但你还有什么其他想强调的吗？哪怕只是呼吁大家来找你寻求帮助也好。

But is there anything else you wanted to call out or even if it's just a call for people to seek you out for help or yeah.

让我们了解一下你目前在做什么，或者你们的路线图上有什么计划。

Let us what it is that you're up to or or what we can expect on your road map.

是的。

Yeah.

所以我的重点是付诸行动。

So shovels in the ground is my big thing.

对吧？

Right?

我们必须从各个地方开始着手。

Like, we gotta start we gotta start everywhere.

当我们启动Project 11时，我们主要关注的是钱包和迁移层。

When we started Project 11, we really kind of were were focused on looking at the wallet and migration layer.

但你看，考虑到事物发展得如此迅速，我认为我们只能迎难而上，应对任何出现的问题，以解决这个难题。

But, look, I think the the way things have advanced so quickly, I think we we just kinda have to tackle anything anything and everything that comes our way and, you know, with regard to solving this problem.

不过从实际角度来看，人们很快就能看到一个支持后量子加密的钱包版本，适用于以太坊和比特币，可用于今天保护资金。

Practically speaking though, what people can expect is very shortly, we'll have a post quantum version of a wallet, Ethereum on Ethereum and Bitcoin that people can use to secure funds today.

不过，这个钱包的功能会受到限制，因为后量子密码学目前还不存在于比特币和以太坊上。

Now the way to know the the functionality of this wallet will be limited by virtue of the fact that post quantum cryptography doesn't exist on Bitcoin and Ethereum.

所以请调整好预期，但这也是必然的现状。

So set your expectations, but this is also like this is just the way it's going to be.

我认为这恰恰说明了这件事有多难。

I think it's kind of illustrative of, like, the fact that this is hard.

我们今天所习惯的所有钱包功能，都是因为有充足的时间去优化和改进。

Like, all the things that we've gotten used to with the wallets that exist today are because we've had a lot of e time to optimize e c.

所以，这又是一个从零开始的行动。

So, again, this is a shovels in the ground effort.

总得从某个地方开始。

Gotta start somewhere.

我们必须开始保护价值。

We gotta start securing value.

因此，我们将立即开始这样做。

So we're gonna be start doing that immediately.

我想强调的第二件事是，我希望您的听众，也可能包括劳拉，会感兴趣：我们正在发布自己的研究报告。

The second thing that I would call out that I hope your listeners and potentially you Laura might enjoy is we're putting out our own research report.

是的，我们也会推出一部厚重的著作，详细阐述我们对这一威胁的看法，特别是区块链及其脆弱性。

Yes, we too will have a tome, a weighty tome that describes how we think about the threat and also specifically blockchains and how they're vulnerable.

我认为，相较于以往的报告，我们在这方面做了更多尝试。

And I think that might be like, we've attempted more so than other prior reports.

比如银河数字和ARC，它们只是初步提及量子问题，仿佛这是一个黑箱。

So take Galaxy Digital and ARC, You know, they start they sort of leave the issue of quantum as like it's so you know, it's black box.

它们觉得这可能还很遥远。

It's like it's probably far away.

而我们则打开这个黑箱，试图说清楚：看，具体就是这样。

We open up that box and we try and say, hey, exactly.

我们之前和多列夫讨论过埃里克校正的问题。

Like we go we talked we had a discussion about Eric correction earlier with Dolev.

我们会深入一点细节，试图向有知识的普通读者解释：这里到底发生了什么？

We go into a little bit of detail and try and explain to the educated layperson, like, hey, what exactly is going on here?

在指标方面，我们需要关注什么？

What do we need to look for in terms of metrics?

我们怎么知道我们正在接近目标？

How do we know we're getting close?

因此，我们在这上面投入了大量精力。

And so we put a lot of effort into that.

这主要是面向机构的，但一般来说，任何人都可以下载。

That's kinda meant for institutions, but generally it's gonna be available for everyone to download.

我们可能会为此搭建一个精美的网站，配上图表，供人们追踪量子日的进展。

And we'll probably have some fancy website around that with charts and stuff for people to kinda track the progress of Q Day.

所以，这些就是接下来即将推出的两件事。

So those are kinda the two things right up next in the pipe.