In January of 2025, I wrote a NOSTR read exploring the balance between Ossification and Bitcoin Development, attempting to raise a few concerns with approaches and maybe a new way of viewing the process. I wasn’t a “bitcoin is fine exactly how it is” type of keyboard warrior (@callebtc picked me up on this one in 2023), rather a let’s learn about what is ahead of us and be ready. At the time of writing, the idea of quantum computing appeared in a similar way to the Iranian nuclear question, it’s maybe 5-10 years away, and has been for the last 30 years. However, academics who see the opportunity to get their 15 minutes of fame have seen the opportunity to raise concerns related to a theoretical situation that may arise sometime in the future, which may itself be dependent on a number of other theoretical situations occurring. This has then bleed into the institutional theatre with Blackrock raising concerns.

In combination with this, the introduction of large scale, widely available large language models now provide a new avenue of concern; not only could AI break bitcoin’s cryptography, but also, could AI solve issues holding quantum computing back? Unfortunately, this creates some sort of beautiful confluence (also see logjam) of complex topics coming together into the mother of all rats’ nests of potential fear, uncertainty and doubt related to things most normal people know nothing about. I’m attempting to learn more about bitcoin, but my knowledge of cryptography is wafer thin. My knowledge of quantum computing is of a very similar level, but then, due to the very nature of quantum physics (and the Marvel universe), can anyone really know what goes in the Quantum Realm? Then finally, there are the large language models, that are also being hyped by Anthropic that their latest model is so powerful it cannot be released, apart from being shared with their very highest tier or corporate partners, but can also have distinct limitations. While I’m not using the best model and while there are likely many jokes about Chuck Norris’s ‘third leg’, when I was attempting to honour the legend with a trademark “mediocre meme” more often than not, he didn’t have 4 limbs. This was a minor imposition, but gave me a feeling that maybe Skynet is a little further off than those companies selling Skynet protection insurance. Could this be similar to Homer Simpson bestowing the value he received from the $800 a year spent on dragon insurance?

But while such discussions are amusing (or flippant), attention needs to return to my previous piece and in particular the reference that was made to Quantum computing. In recent weeks, although at times it feels like months, there have been multiple announcements and developments in the field, leading to revived interest in HunterBeast’s BIP360 that proposes the introduction of quantum secure, Pay-to-Merkle-Root address format. The solution means that even when the public key is exposed during the time when a transaction remains unconfirmed in the mempool, quantum computers will be unable to derive the private key from this wallet, known as a short-range attack. Then to my knowledge, older or legacy addresses that only have their public key rather than derived addresses for receiving funds may also be vulnerable to quantum attacks. As a result, BIP360 appears to be a logical and sensible upgrade to protect coins (or at least explore in depth), but may also leave legacy coins vulnerable to quantum attacks in the future. 

Given some of these coins have been previously lost, this has become such a concern that meetings have begun to attract the attention of concerned, yet potentially uninformed “investors”. With such concerns potentially leading to capital remaining on the side lines, in a sort of similar vein to the Dragon Insurance, a solution has been proposed that would freeze coins associated with these older addresses. While from some perspectives, this may be viewed as harmless, given they were lost anyway, others my argue those lost coins represent “Treasure to be discovered” by the first capable quantum computer, who would argue that freezing someone else’s assets is very much against the ideas of freedom and liberty. The other, more financialised side would suggest that removing this uncertainty would allow more institutional money to flow into the asset, that would benefit financialise bitcoin to the detriment of the inalienable property rights of bitcoin owners.

But as Thomas Sowell would have us remember on a daily basis, there are no solutions, only trade-offs, with even the less contentious and less fiat (by decree) BIP360, the trade off is that transactions are a lot heavier in terms of data usage. If nothing else, this means that if all bitcoin holders were to migrate their holding to quantum safe P2MR addresses, while it may not actually explode, it would be a considerable amount of time before mempools cleared again (meaning the time for @odell to make that bet again). To then reflect back onto my earlier piece, this both introducing discussions, debates and proposals for the issues at hand, and in the case of BIP360, new opportunities emerge, in terms of whether the data efficiency of BIP360 transactions can be improved. Alternatively, by increasing the size of transactions, Luke Dasjr could inadvertently get his with for effectively smaller blocks, even if the timechain remained bloated with the 2022-2023 spam.

What I don’t know is many times that of what I do know about Quantum Computing

So, at the moment, the bitcoin eco system is at a spot, where the institutional money may be being appeased with a contentious soft forks, and solutions could be viewed a functional if potentially less elegant than they could be. But while quantum computers are a risk, with a risk being an uncertain event, with the size of the risk being the product of the magnitude of the risk multiplied by the scale of its effect. Meaning the scale being that unsafe coins could be stolen during transactions or old coins could be stolen, the scale is large, even if a good solid bear market sees coins sold at a similar scale. Even if quantum computing stole lost coins, the block chain and property rights of those with safe addresses would be maintained, meaning the magnitude of that even is large undoubtably, but not cataclysmic. And then there is the alternate perspective, where someone, government or private actor, good or evil supervillain, gains control of such a functioning quantum computer and decides where they are going to direct their attention. Will this person happen to be a bitcoin looking to increase their stack while also potentially nuking the price in the short term, or will it be a megalomaniac, in which case, my bitcoin will be the least of my concerns. I attended a lecture on Game Theory many years ago, and working back the decision tree in order to decide the best option to take today left me with a mental error message, as a result, there are many things to ponder.

So now for the other part of the equation, what is the likelihood that a quantum computer of sufficient capability is likely in the next 5-10 years?  The idea of quantum computing was first proposed by Richard Rynmen and Yuri Manin in the early 80’s, and since then, it appears the theoretical applications of the idea have developed rapidly, with technological development appearing to be in the process of catching up. However, while the capabilities of quantum computing to solve hard problems (Barends et al. 2014), such as prime factoring or database searching (both useful in a bitcoin context), as quantum computers scale they also generate errors. The result of this is that while it is possible to produce quantum computers of increasing numbers of physical qubits (the measure of quantum computer size), the actual, useful power of the computer is less, measured in logical qubits. The difference between these two figures is down to the effectiveness of error correction, which appear to increase at an exponential rate with the number of physical qubits of the machine (Helios has 98 physical qubits to provide 50 logical qubits). Google aim to have a 1000 logical qubit computer, but will need 1 million physical qubits to achieve this, all working at close to absolute zero, to promote super conductivity. 

Then, if we take an alternate perspective on the bitcoin issue, rather than quantum computing attacking coins on chain, but are instead directed to the mining process, there are potential advantages here. If someone acquired a quantum computer but did not want to break cryptography, researchers from the UKsuggested one could direct your computer to mining, and potentially perform a 51% attack on the network. While this appears to be less concerning for the asset holders, for those wanting to use the network, this raises considerable issues, as a quantum wielding entity could determine which transactions are added to the blockchain and effectively hold the network hostage. While very concerning, the work suggested that a 512 qubit (based on them assuming no error correction, this is likely logical qubits), which then based on IBM’s 2021 roadmap, such machine would be available in 2023. Given a quantum computer of this type is set to be produced, even if the largest quantum computer is now over 6000 physical qubits, although much less is shared on the performance of this machine.

What is worse, doing nothing or rushing a poorly thought-out fix?

Taking a very pragmatic and potentially Luddite view on this whole situation, one way of mitigating your personal risk might be to diversify from bitcoin into maybe gold. But then if the quantum threat is all it’s cracked up to be, I’d also recommend investing in bullets, canned food and logs for your wood burner, because in these “dark ages”,  peer-to-peer digital cash won’t be sufficient to protect your loved ones. However, once things return to new normal, it is likely important to hold a store of value that you are able to shave small portions off and send them more quickly than the yellow alternative. As a result, I think giving attention to “the quantum threat” is valid, but rushing an improvement proposal, that may be focused on giving clarity to third parties is not the way forward. But in a similar to BIP360 not being the final solution due to unwieldy transactions, BIP361 may provide a useful starting point to begin exploring aspects of the proposal that may make sense. Could addresses be voluntarily frozen until mempools were sufficiently clear for people to migrate legacy addresses if quantum really become an imminent threat?

Now let us return to my piece of Ossification and Bitcoin Development. I can’t quite believe it has been a year already, or even two since the 2024 halving, but something we cannot stop is the passage of time, blocks being added to the proof of work chain, and news items to raise peoples heckles in Twitter. What has remained consistent over this time is the importance of continuing to learn about bitcoin, so that we don’t lose “the power to take in a new idea”.  There is so often a piece of news to be concerned about or some FUD related to bitcoin’s future, so for a moment, we can think of ourselves as single logical qubit, having pursued knowledge accumulate to quiet the concerns of the uninformed. Unfortunately, when the latest news is shared all of the other hot headed qubits begin attempting to communicate with each other, with certain voices raising ever louder concerns, and as the number of physical qubits increase, so does the amount of noise and error. The risk that then arises is that with so much noise and errors in the bitcoin ecosystem, what chance is there when there is an important signal that needs to be actioned?

This whole problem is further complicated by the primary implementation of the software appearing to have been to a degree co-opted for a change that while not changing consensus did increase the amount of data my node needed to store. A further problem may then arise from those who were once seen as the monetary transaction maximalist adults in the room taking what has been presented as quite an extreme approach in BIP110. For me, the real concern is that all this noise, that is at times amplified through many voices in the field, identifying the honest actors from others with unknown motives and equity stakes is difficult, combined with the complexity of many of the issues that are being discussed. I’m not a quantum computing expert, I’m not a cryptography expert, I’m not a bitcoin improvement proposal expert, and I’m fine with that. As a simple logical qubit within a larger quantum computer of bitcoin minds, it feels time to bring the temperature down. Attempt to learn more about quantum, make an effort to be better informed about the latest BIPs, but stay cool, don’t make any rash decisions and carefully select which implementation of bitcoin I’m going to run. 

As Marty Bent suggested, when lots of big companies start talking about what should be done with bitcoin, history rhymes with the New York Agreement (see The Blocksize War), but as independent, sovereign, logical qubits, we can choose our own way forward. They can implement a change to allow the freezing of coins, but if that is still allowed on the version of the software you’re running, for all intents and purposes, Satoshi’s coins will remain a Lost Treasure. I’ll wait until there is an upgrade I see the need to upgrade to and while I may not embrace every change, I’m definitely not prepared to ossify.