pull down to refresh
Thanks for having me guys! @Scoresby
I don't think we have any direct competitors. You could argue that:
- L1s that make PQ a first class primitive (QRL)
- consumer wallets that are integrating PQ (Qastle, Tectonic)
- enterprise key management solutions (Fireblocks)
are all tackling aspects of what we're doing, but nothing is directly analogous.
I don't think any of these BIPs in their current form will be accepted.
BIP-360 reduces the attack surface of Taproot, and theoretically opens the door to PQ signature schemes (like SHRINCS), but imho you need to consider those two together and my bet is that BIP-360 will be merged with some PQ-signature proposal.
BIP-361 is so controversial that I see it as a non-starter; however, I think it was a great way to encourage conversation about what to do with the lost/stolen coins.
There's some other cool things like commit-reveal, zk proofs of seed, the starkware trick, etc. but I don't see any momentum around those being formalized as a BIP.
BTW this is one of the reasons why people underestimate this problem. The technical work is actually the easier part; the hard part is the political effort to push through a significant change in a deployed system that millions of people and $T relies on. I don't think it should be fast. But if we want to ensure it's not rushed, we do need to treat this with some urgency AND that means having less technical blog posts and more BIPs
And quite honestly I'd like to see more public effort/investment on the part of the folks building these systems (e.g. Google) on that front
Massive imbalance tilted towards building a quantum computer vs. securing the worlds systems against one. I think that has to change.
Startups are all about
- having a thesis
- building a product around that thesis
- seeing if anyone will use said product
- and if they do, seeing if they will pay for it
That's an infinite loop. Tangibly speaking, I think there are people that now care about this problem, and if quantum is a thing, there will definitely be a market. Does that mean Project Eleven will be automatically successful? Nope!
Apathy. When people take this system, that has been carefully maintained and built over decades (if you count the preceding cypherpunk era) for granted, then I think it becomes brittle and ultimately weak.
I've never liked the "digital gold" analogy for this reason. "Gold" is a rock that for some reason people value, but you never have to think about it. Bitcoin, if anything, is more like a democratic political system with a constitution defined by cryptography. And like any democracy, the second people become apathetic and take it for granted, I think it's a downhill road from there.
Specifically I'd like to see large institutional holders invest more in the long term success of the network, or at least publicly advocate for what they believe.
Love that you asked this question. One of the reasons I got excited about quantum is that it might actually be the basis for new and better cryptography!
A couple examples:
- Quantum Key Distribution: it turns out you can use the phenomenon of entanglement to create a key distribution mechanism through a non-classical (and thereby, unhackable) channel, in principle. The authors of the original idea won the Turing Award last year: https://www.acm.org/media-center/2026/march/turing-award-2025
Certified Randomness: anyone who works in cryptography knows that random number generation is critical. For example, an older Android Bitcoin wallet had a biased RNG that resulted in people losing funds! You can use quantum mechanics to more reliably (and provably) generate random numbers. Scott A was actually a co-author on this work which was quite cool: https://www.nature.com/articles/s41586-025-08737-1
Those are just two examples that we currently know of. There's more far-out ideas like quantum money, one-time programs, qIO, etc. But I actually think Bitcoin in 2100 might incorporate one or more aspects of quantum-enabled cryptography! Which would be cool if it made the protocol more robust and made the ppl using it more secure.
Great question. It's really hard but here's an amazing resource: https://postquantum.com/
This gentleman named Marin Ivezic maintains it, it's an incredibly rich resource that I learned soooo much from. I think this is the single best resource I've found (disclaimer: after I found this website I asked Marin to be an advisor to P11).
Other than that, I read Scott Aaronson's blog, I get a paper digest from this
I subscribe to this newsletter: https://qubitsok.com/
It's some slop but every once and a while I find some good stuff in there.
New Quantum Era Podcast by Sebastian Hassinger is also a must-listen.
I follow folks like Pierre-Luc (@dallairedemers) and a few other folks with a quantum computing background.
It's already the eleventh hour, but people just haven't realized it yet! 😃
I was the CEO of a company called Aleo, where we built a privacy-focused blockchain, like ZCash but for smart contracts.
Shortly after I stepped down, the Google Willow announcement happened. I knew nothing about quantum at the time (other than that it was bad for cryptography). But having just gone through a very long and painful process of building and launching a novel cryptographic system that secures real value, I started wondering to myself, what if quantum does happen sooner than people think?
As I contemplated that question, I came to the conclusion that, paradoxically, the success over the last decade of Bitcoin and digital assets generally makes it harder to migrate because it becomes more entrenched. And as I learned more about PQ cryptography, I realized that there was going to be a painful tradeoff to make.
Therefore, if anything my motivation to start project eleven didn't really stem from bullishness about quantum necessarily, but bearishness on the ability of these decentralized systems to react quickly. Which is why I'm always banging on about how we need to prepare.
TBH it's the very big divide between the physics community and the cryptography community on this issue. Over the past year, physicists on average (like Scott A who was on a previous AMA) have become more bullish (or put another way, much less bearish) on near-term CRQC.
But many cryptographers (including several who I deeply respect) haven't updated their views. I find it very interesting that this divergence exists. OFC both sides bring their own biases, and certainly one side or the other is right as time will tell. But the dissonance surprised me.
No, interesting I'd love to check it out! BTW a lot of the quantum companies are eyeing the satoshi coins as you can imagine.
Yeah fair question. The success of Project Eleven depends to an extent on whether or not quantum computing is being underestimated as a threat. If classical cryptography stays the same for the next 50-100 years, then the business model as it exists now probably won't make sense.
That said, I value my time, and if I didn't authentically believe that quantum computing (and post-quantum migration) is being underestimated, I wouldn't be doing this.
So what is that business model: key management infrastructure for digital asset custodians, stablecoin issuers, and neobanks that have digital asset exposure. The way it's done today is completely out the window in a postquantum world, and needs to be redefined around crypto-agility. Because as many have rightly pointed out, there is a risk that these new PQ algos are not going to stand the test of time either, and we need to evolve cryptography from a "static defense" to something more adaptive imho.
Yes, the quantum vault is effectively a reference implementation of a quantum-secure wallet. "Quantum-secure" in this sense means for Bitcoin that it enforces no spending from the same address twice. In that sense, it's actually not as usable as other wallets from a UX perspective, but it does ensure that Bitcoin that you put there will not be quantum vulnerable.
Think of this as the "wallet" that pairs with the Bitcoin Risq List.
Another novel thing: it uses BIP-85 vs BIP-32 for key derivation, and in principle this wallet could support PQ-ready opcodes when they are introduced into Bitcoin.
BTW the vault also supports Ethereum, and in a slightly different way, but given the venue I assume you guys are more curious about the BTC aspect.
TBH, I don't have a strong opinion there. I think it distracts from what I see as the bigger effort: making Bitcoin secure for people that are able to access their funds.
That said, if you forced me to answer, I'd probably advocate for EITHER something like hourglass that rate limits the quantum exploits for P2PK UTXOs, OR recycling some of them into the mining rewards at the end of the emission curve.
Like I said, I don't have a strong opinion
idk people pay a lot of money to manage their cryptographic keys today inside of an institutional custody context, and in cybersecurity more broadly.
But maybe they won't, and then I'll have to find another job or we'll have to pivot to something else! Story of a startup.