量子计算会摧毁比特币吗？与Hunter Beast一起探讨

一方面，私营企业投入了数十亿美元。另一方面，政府似乎有所顾虑并采取了行动。所以我在想，比特币会如何应对？

On one side, there's, like, billions of dollars being spent in private industry. On the other side, the government is appears to have some concerns, and they're doing stuff. And so, like, I'm just like, well, what is Bitcoin gonna do?

比特币的成就要感谢我们的主要赞助商——传奇巨头Iron，这家纳斯达克上市的最大比特币矿企采用100%可再生能源。Iron不仅为比特币网络提供动力，还以可再生能源为支撑，为人工智能提供尖端计算资源。无论您关注比特币挖矿还是AI算力，Iron都在树立行业标杆。访问iron.com（即iren.com）了解更多。好的。

What Bitcoin did is brought to you by our lead sponsor, a massive legend, Iron, the largest Nasdaq listed Bitcoin miner using 100% renewable energy. Iron are not just powering the Bitcoin network, they also provide cutting edge computing resources for AI all backed by renewable energy. So whether you're interested in mining Bitcoin or harnessing AI compute power, Iron is setting the standard. Visit iron.com to learn more, which is iren.com. Okay.

嘿，Hunter Beast，很高兴认识你伙计。我期待这次对话很久了。

Well, Hunter Beast, great to meet you, mate. I've I'm looking forward to this one.

我也一直很期待这次交流。

Looking I've been looking forward to this as well.

量子计算这个话题我长期忽视，因为我从不认为它对比特币构成迫在眉睫的威胁。但最近量子领域有些进展可能加速了这个进程。我想全面探讨，但需要先说明——我对量子几乎一无所知，所以要从最基础的概念开始。

The quantum thing is something I've kind of ignored for a long time because I've never seen it as sort of truly an imminent threat to Bitcoin. But there's been some updates recently on the sort of quantum side that might be might be speeding that process up. So I wanna get into everything, but I do wanna frame this. Like, I know almost nothing about quantum. So I wanna go right back to the start and get into it from sort of the very basics.

不过在开始前，你要不要先自我介绍下？为什么这个话题要找你聊？

But before we do that, do you wanna introduce yourself and why you're the person I'm talking to about this?

好的。我是Hunter Beast，过去四年全职从事比特币领域工作，主要参与RTB项目（目前仍在开发中）。但从去年年中开始，我转向了一个我认为更重要的项目——这个问题我一直觉得是比特币面临的一个非常现实的隐患。

Yeah. So I'm Hunter Beast. I have been working in the Bitcoin space for about the past four years full time, mostly on the RTB project, but which is still in the works. But I I I've been in in the middle of last year, I sort of switched gears working to work on a project that I found to be a bit more. How'd you say, like, just it was something that that I I I always felt that was a a concern, like a very legitimate concern in Bitcoin.

比如，当人们提起所谓的量子FUD（恐惧、不确定性和怀疑）时，我就觉得，每一条FUD背后通常都藏着一点真相，除非是那种非常平庸的FUD。但这次不同，这次的FUD相当有力，它确实有些令人不安的粘性。所以我认为，每个比特币持有者或许都应该对量子计算可能带来的威胁保持一定警惕。

Like, when when people bring up the what what people call quantum FUD, you know, I'm like, oh, like, behind every every piece of FUD is usually a kernel of truth or, you know, and unless it's, like, very, like, pedestrian FUD. Right? But, no, this is pretty potent FUD. This is like, this has some some some stick stickiness to it. And so, I mean, I I I think that every Bitcoiner should probably be just a little concerned about the quantum through the threat that quantum computing could pose.

于是我创办了一家名为Surmat Systems的公司，后来我们发现难以找到合适的盈利模式，就把它转型成了非营利组织。现在我们有Surmont Systems基金会，它逐渐成为我协调BIP（比特币改进提案）和开展相关研究的中心，也负责一些监控潜在威胁的项目。就这么说吧。

And so I started a company called Surmat Systems, and we later realized it there was no way to we didn't really have a good way to monetize it. So instead we turned it into a nonprofit. And so now we have the Surmont Systems Foundation and they've been this is that's been kind of like the center I've been using for organizing like a a bip and some work towards some research we've been doing and some projects that kinda help with keeping an eye on the potential threat. Let's just put it that that way. Yeah.

好的，明白了。那你最初是什么时候开始深入探索量子计算这个领域的？

Okay. Cool. And so and when did you first, like, go down the quantum rabbit hole?

其实也就一年前，但当我真正投入研究时，我读了很多书。《人人能懂的量子计算》是我最早接触的书籍之一，还有几本关于量子计算机编程之类的书。我就是想从根本上理解它们的工作原理和功能，揭开它们的神秘面纱。可以说量子计算确实非常不同。

Well, that that was, like it's it's only been a year, but I did when I when I went down that rabbit hole, I read a lot of books. Quantum Computing for Everyone was one of the first books I picked up. And there was a there are couple other books like on, like, programming quantum computers and things like that. And I just wanted to get a, like, a good understanding of kind of the fundamentals and the like like, what could what what how they work, what they do, you know, like, demystified them. And what I can say is that it is very different.

它相似却又不同。理论上，经典计算机能做的任何事量子计算机都能做，只是目前阶段的量子计算机限制更多。不过这种情况正在逐步改善。

Like, it's similar, but different. Technically, everything you could do on a classical computer, can do on a quantum computer. They're just much more limited. And at least in in in our current iteration of them. But that's starting to improve as well.

所以我的核心认知是：量子计算机的能力更像是经典计算的超集。就像显卡为计算机增添额外功能那样，它们本质上是一种加速特定类型计算的方式。

So, yeah, it's that's basically the the takeaway I have from there is that they are they their their their their capabilities are more of like a superset of classical computing. And so it's almost like like how graphics accelerators kind of are like they add an additional capability to a computer. So they're very much like a a way to to accelerate certain kinds of computation.

好的，那你能帮我揭开一些谜团吗？正如我所说，我对量子计算了解有限。究竟什么是量子计算机？它和普通计算机有什么区别？

Okay. So can you demystify some of this for me? Because like I say, quantum computing is something that I don't have a good understanding of. So what is a quantum computer and how is it different to a normal computer?

是的。量子计算机通常能够以概率或叠加态的形式存储状态。因此它们可以存储介于0和1之间的中间态。正因如此，它们实际上能存储0到1之间的无限种状态。

Yeah. So a quantum computer will generally have the capability to store states as a as a form of of probability or superposition. So they they can, like, stores kind of like intermediary states between ones and zeros. And because of that, they can they can store practically infinite states between one and zero. And

这是因为量子比特可以同时处于0和1的状态吗？

And is this because the qubits can be both one and zero simultaneously?

正确。

Correct.

明白了。那这具体能让它们实现什么功能呢？

Okay. So what does that actually allow them to do?

其实...它们并不能真正同时是0和1。准确说是处于某个概率的叠加态，在量子电路中通过量子门来调控这个概率——根据其他输入条件来决定最终坍缩为0或1的概率。

Well, it's it's it's it's actually, they they they they can't be exactly one and zero at the same time. Right? It's either one or zero, but it's a certain probability of becoming a one or zero that that that you're kind of using in the in the in the circuits. Like like, you're using, like, certain quantum gates that will adjust the probability of something becoming a one or a zero depending on other inputs.

好的。那这种特性有什么优势？即使在有限场景下，相比传统二进制计算机的优势是什么？

Okay. And and so what's the benefit of that? And even if it's in like a limited subset, what's the benefit of that over like a normal binary computer?

你可以运行一些杀手级算法，比如肖尔算法。输入比特币地址的公钥后，它会通过特定步骤并借助辅助存储空间，将这个数字分解成可能的质因数——椭圆曲线加密的安全性所依赖的离散对数问题正是基于此。

Well, you can run some real bangers on there, some real banger algorithms. One of them is called chores algorithm. And you can program in the public key for a a Bitcoin address, and it'll go through some steps and use it needs like another piece of memory for for almost like working memory. And then it'll turn that number into potential factors factor numbers. And so the the thing that secures elliptic curve photography is is what's called the discrete log problem.

本质上这是个花哨术语，指的是对大数进行因数分解非常困难。这其实是椭圆曲线密码学和量子计算的混合领域，需要对两者都有深入理解。我承认自己对两者可能只有中等程度的理解，但大致明白其运作原理。当我对其中的问题有了足够认识后，就能制定出相应的缓解方案。

And it's the it's essentially a fancy name for the fact that it's difficult to factor very large numbers to find the factors to them. And so there's there's it's like kind of like this like mix of of of elliptic curve cryptography and quantum computing that, like, it it requires a good understanding of both. And I will admit I have maybe a intermediary understanding of both, but I have a sense for what how it works a little bit, you know, and then I'll, I, I, developed, some specifications as to like, you know, once I have a decent understanding of once I had a decent understanding of, of the, of the of the problem, what we can do to mitigate against it.

好的。据我所知，量子计算最大的问题在于它们会频繁出错。为什么量子计算机会出现普通计算机不会发生的错误呢？

Okay. And so the the big sort of problem with quantum computing as as far as I know it is that they'll throw errors very regularly. So why is it that a quantum computer will throw errors where a normal computer doesn't in the same way?

没错。这是因为存在噪声会干扰电路运作，毕竟量子比特需要在接近绝对零度的环境下实现纠缠。为了保持这种纠缠状态不受干扰，量子计算机程序员会采用纠错编码。微软最新公告显示，他们正在使用一种准粒子来模拟名为马约拉纳费米子的新物质态，这种粒子能在保持量子纠缠态的同时更有效地隔离噪声。

Right. So there is something there's noise that will interfere with the circuits, and it's because they're they're cool to near absolute zero in order to entangle qubits with each other. And for that entanglement to remain undisturbed through what what what what quantum computer programmers will do is that they'll implement error correction codes. Or in the latest Microsoft announcement, they actually are using sort of like a quasi particle to simulate a new state of matter called a Majorana fermion. And Majorana fermions are much more isolated against noise while still being able to maintain quantum states, entangled states.

因此他们需要的量子比特数量大幅减少。比如谷歌的Willow处理器虽然也取得重大突破，但需要7x7的物理量子比特阵列才能形成1个逻辑量子比特——105个物理量子比特只能组成2个逻辑量子比特。而微软的马约拉纳方案则用8个拓扑量子比特就实现了，这种量子比特本质上利用了马约拉纳费米子的特性。

And so that's they they need, like, far fewer of them to perform computation. Whereas, like, at the Google Willow processor, they they they found they they made a big major breakthrough as well, but it took them about seven times seven, like like, array of of cubits of physical cubits to become one logical cubit. So with, like, a 105 cubits, they're only able to come up with, two logical cubits. And then with the Microsoft, Majorana one, announcement, they have, eight topological qubits, which are, essentially, the kind that makes use of Majorana fermions.

本节目由AnchorWatch赞助播出。最让我夜不能寐的就是比特币冷存储可能出现致命错误，而AnchorWatch正是解决方案。通过他们的时间锁定多重签名金库和劳合社A级认证的保险政策，您既能掌控私钥，又能转移风险。

This episode is brought to you by AnchorWatch. The thing that keeps me up at night is the idea of a critical error with my Bitcoin cold storage. This is where AnchorWatch comes in. With AnchorWatch, you're protected by their time locked multisig vault and with your own a plus rated Lloyd's of London backed insurance policy. You get to hold your keys, Anchor Watch holds the risk.

无论您担心遗产规划、租赁攻击、自然灾害还是自身操作失误，AnchorWatch都能提供保障。全额投保的托管服务费率低至0.55%，面向美国个人及企业客户。立即联系AnchorWatch获取报价，了解安全方案与承保范围详情。访问anchorwatch.com——拼写为a-n-c-h-o-r-w-a-t-c-h点com。本节目由比特币购买平台River赞助播出。

Whether you're worried about inheritance planning, rent attacks, natural disasters, or your own mistakes, you're protected by Anchor Watch. Rates for fully insured custody start as low as point 55% and are available for individual and commercial customers located in The US. Speak to Anchor Watch for a quote and for more details about your security options and coverage. Visit anchorwatch.com today, which is anchorwatch.com. This episode is brought to you by River, the best place for Bitcoiners and businesses to buy Bitcoin.

通过River可设置零手续费定期购买，轻松积累比特币。在等待最佳买入时机时，还能用现金余额赚取以比特币支付的日息，收益远超多数高收益储蓄账户。River的独特优势在于无与伦比的安全承诺：每月提供储备证明，所有比特币均以多重签名冷存储保管。更有美国本土电话支持随时待命。

With River, you can set up zero fee recurring buys, making stacking stats effortless. And while you're waiting for the perfect buying opportunity, River lets you earn daily interest on your cash balance paid in Bitcoin, which outperforms most high yield savings accounts. What really sets River apart is their unmatched dedication to security. You have peace of mind knowing that River has monthly proof of reserves and holds all Bitcoin in multisig cold storage. And with US based phone support, you'll always have someone ready to help.

要开户，请访问river.com/wbd，购买时可获得高达100美元的比特币奖励。网址是river.com/wbd。好的。那么我想请你解释一下物理量子比特和逻辑量子比特有什么区别？

To open an account, go to river.com/wbd and earn up to $100 in Bitcoin when you buy. That's river.com/wbd. Okay. So I think you'll need to explain to me the what's the difference between a physical qubit and a logical qubit?

是的。逻辑量子比特本质上是一组物理量子比特，它们以某种方式排列以实现量子纠错功能。

Yeah. So a logical qubit essentially is a collection of physical qubits that are arranged in such a way that they they implement quantum error correction.

所以这只是在减少量子比特产生的噪声？

So so that's just reducing the noise that you get from from the qubits?

没错。这样能让量子电路更稳定，从而提供更准确的结果。

Correct. And so it allows the the circuit to be more stable and and provide, like, a better answer.

明白了。那么量子计算机目前实际发展到什么阶段了？据我所知，它们现在还非常初级，远未达到实用状态。微软和谷歌的那些突破真的具有实质性意义吗？

Okay. And so, like, where are we actually at with quantum computers? Because, like, as far as I understand it, they're they're pretty tiny at the moment. They're not actually in the state that they're kind of usable. And are these breakthroughs from like Microsoft and Google, are they really substantial?

这些突破是基础性的。有趣的是他们二十多年来一直在认真研究这个问题。当然最初并没有投入数十亿美元，但现在确实这么做了。能明显感觉到这个领域的研究势头正在加速——虽然我一时想不起合适的比喻，但确实看起来他们正在取得实质性进展。

Well, they're fundamental. And what's interesting is that they've been working on this problem for over twenty years, like in a real way. Like, of course, you know, they didn't start out pouring billions into quantum computing, but they are now. And so it definitely feels like there's like like the effort's building. It's like I'm forgetting the analogy, but basically it's it's it's starting to really look like they're making real progress in that field.

说到比特币和加密破解——显然这是我们讨论的重点——这是个五年内能解决的问题，还是需要十年、五十年？我们现在处于这个发展轨迹的什么位置？

When it comes to Bitcoin and breaking encryption, which is obviously what this conversation's about, is this like a five year problem, a ten year problem, a fifty year problem? Like, where are we on that kind of trajectory?

是的。我是说，我希望我们至少有五年时间。五年会非常好。就像邮件列表里的马修·卡罗罗说的，他觉得不行。如果我们能有十年或二十年来开发比特币的后量子加密技术，那将非常棒。

Yeah. I mean, I I hope we have at least five years. Five years would would be really good. And, like, Matthew Carollo on the mailing list, he was like, no. It it would be really great if we even had, like, ten or twenty years to develop like the very best post quantum cryptography for Bitcoin.

那会是一个能实现我们开发者所有需求的单一算法，就像我们能用椭圆曲线加密和Schnorr签名做到的那样，比如签名聚合不增加签名大小。还有椭圆曲线迪菲-赫尔曼这类技术——如果我们能为后量子加密找到类似方案就太酷了。如果我们能证明格密码学是抵御量子计算机的有效方法，那也很重要。还有开发更强大的哈希算法，确保它们能抵抗量子计算机运行的算法，比如Grover算法。Grover算法是用来... 而Shor算法用于大数分解，Grover算法更像是通过输出反推黑箱函数的输入。

And that would be like one single algorithm that does all the things we want from it as developers that, you know, like we we've been able to do with elliptic curve photography and Schnorr signatures and having, you know, signature aggregation that doesn't increase the size of the signature. And, like, elliptic curve Diffie Hellman, things like that was like that like, if we could have, you know, something like that for post quantum cryptography, that would be really cool. If we could prove that lattice cryptography is, like, a valid way to secure against quantum computers, that's also that would also be important. And like coming up with like, just like harder hash algorithms, making sure that that hash algorithms are are are more resistant against other algorithms that quantum computers can run, like Grover's algorithm. And so which is is Grover's algorithm is for so so, like, Shor's algorithm is for factoring large numbers, whereas Grover's algorithm is more like reversing like, getting the inputs to a black box function based on its output.

所以本质上可以用这种方式逆向哈希。而用Shor算法可以逆向椭圆曲线签名... 其实是公钥... 用

And so you can essentially reverse a hash that way. Whereas with Shor's algorithm, you can reverse elliptic curve signature. Well, public key. Well, with

以现今的量子计算机，实际运行中有多少逻辑量子比特？

the quantum computers we have today, how many logical qubits do they have, like, operationally running?

IBM有台约150量子比特的量子计算机，已经运行一段时间了。他们每周发放免费额度，你可以在上面运行有限的量子计算程序。如果想运行更复杂的量子电路，每秒收费1.6美元，相当于每小时5000美元使用费。

They well, so like IBM has a quantum computer that has about a 150 qubits. They've had that for a little while. You can just like if you you like, they they actually give out free credits every week and you can run, like, limited quantum computing programs on there. Or if you want to run more involved quantum quantum circuits, you can pay them a dollar 60 a second. And works out to be like $5,000 an hour for running on one of their machines.

而且我怀疑他们是否收支平衡。他们的机器太昂贵了，可能连这个价格都... 不确定。所以目前我们最多也就几百个物理未纠错量子比特。虽然可以用这些量子比特实现纠错码，但效果有限。

And also, I'm not even sure they're even breaking even on that. Like, their machines are so expensive that, like, even that is is might might be I don't know. So and so, like, really, we're we're in, like, maybe the, like, low hundreds at at best. And that that's for physical uncorrected air qubits. But so you like you could implement quantum error correction codes with those qubits, but you wouldn't get much with them.

大概只能实现两三个逻辑量子比特。所以我们说的是两三个...

You get maybe like two or three, basically. And and that was So we're two or

三个逻辑量子比特？

three logical qubits?

是的，没错。

Yeah. Exactly.

好的。那么如果发展到足以破解加密的程度，需要达到多少个逻辑量子比特？

Okay. And and if we get to the point where these are powerful enough to break encryption, how many logical qubits do they need to get to?

大约1500个。

About 1,500.

明白了。这显然看起来还很遥远。但根据他们目前取得的进展，你认为这个目标可能比我们想象的更近吗？

Okay. So that obviously seems a long way off. But do you think with these advancements that they've had, that's closer than we think?

他们在采用的方法上确实取得了一些根本性改进。微软表现得相当自信，希望这种自信是有依据的。我可不想看到他们对股东撒谎，对吧？所以这是个问题。

They have made some very fundamental improvements in the the approach that they're taking. Microsoft sounds pretty confident, but and and hopefully, you know, the confidence is warranted. I I would hate for them to be lying to their shareholders. Right? Like, so there's that.

话虽如此，许多物理学家持怀疑态度。至少我听说有物理学家对他们整合的技术表示质疑。所以目前存在很多质疑声音，同时也有许多大胆的声明。要知道，即使身处其中，通过阅读每份公告、深入研究并听取各方意见，要准确判断现状也非常困难。

And that said, many physicists are very skeptical. At least it's something I've heard is that there are physicists who are skeptical of what they've they've put together. And so there there's there's a lot of skepticism going around, you know, and there's also a lot of bold claims. Right? So, like, it's it's it can be very difficult to figure out exactly where we're at, like, even you're in the thick of it, like, just reading every announcement and looking into them and and listening to what other people are saying.

这这这感觉我们已经处于量子叠加态了，你懂吗？

It it it's it's kind of I feel like we're in a quantum superposition already. You know?

所以我不确定的一点是，如果他们真能破解加密技术，比特币会在名单上排第几？最先被攻破的会是哪些东西？

And and so one of the things that I'm unsure of is if they do manage to get to the point where they can break encryption, where does, like, Bitcoin fall on the list? Like, what are the first things that are gonna break?

那会是签名问题。基本上，当你为发送到某个地址的币签署交易时，必须创建加密签名并公开公钥进行验证，这样其他网络节点才能验证这笔支出。所以最容易下手的肯定是签名。

Well, that would be the signatures. So, like, the the basically, the addresses when you go to sign a transaction for an like, for coin sent to an address, you have to create a cryptographic signature and reveal your public key for that to be validated. And so for that that spend to be validated and so by other nodes and on the network. And so, yeah, the the the the low hanging fruit is definitely signatures.

我们会看到国家安全加密被攻破、飞机从天上掉下来、银行加密被破解吗？还是说比特币会因为潜在的巨大利益而排在首位？

Are we gonna see, like, national security encryption get broken and planes falling out the sky and bank encryption get broken? Or or is like, where does or is Bitcoin gonna be kind of top of the list because there's potentially such a big honeypot there?

其他系统的问题在于，即使被攻破也只是暂时的。它们可以修复，可以升级，甚至能根据需要回滚账本。

Well, like, the the problem with the other systems is that if you break them, it's only gonna be temporary. Like, they can repair them. Right? They can upgrade them. They can reverse the ledger if they wanted to.

现有金融系统能追踪盗取资金的人。所以从攻击者收益角度看，针对现有系统实施攻击的性价比实在太低了——如果你是受经济利益驱动的攻击者的话。

They can track down people who steal funds through the existing financial system. Right? Like so, like, it's it really is like, how would you say, like, just prohibitive, I would say, in terms of your rewards from if you were to target the existing system with if you're, like, an you're a financially motivated attacker.

明白了。这么说来，如果公私钥对是最容易攻破的环节，那中本聪的密钥就会像煤矿里的金丝雀那样成为预警信号。

I see. Okay. So that that makes sense. So in in if it's the public private key care pair that's like the the the kind of low hanging fruit, I guess, Satoshi's keys are gonna be like the canary in the coal mine for this.

它们可能是这样，但关于中本聪的币有个特点，它们分散在数万个公钥中。每个公钥大约有50个币，所以不像是一个大地址的蜜罐。对吧？而50比特币是因为那是创世区块的奖励。

They they could be, but, like, the thing about Satoshi's coins is that they are spread out amongst tens of thousands of public keys. And so they're they're about 50 each. So it's not like one big address honeypot. Right? And the 50 Bitcoin is because that was the epoch one block reward.

对吧？是的。更大的蜜罐可能实际上是币安或Kraken的冷钱包，因为那些钱包有过支出记录。我们在链上有它们的公钥。另一个问题是，通常存在三种易受攻击的地址类型。

Right? Yeah. The the the bigger honeypot is probably actually maybe the Binance or Kraken cold wallets because those have been spent from. We have the public key for that on chain. And that's the other problem is is like, there there are three generally, are three vulnerable address types.

一种是支付到公钥（Pay-to-Public-Key），中本聪的币就属于这种。还有重复使用的地址，基本上就是任何接收过资金后又支出的地址类型。最后一种是Taproot地址。所以

There are paid to public key, which is what Satoshi's coins were in. There there's reused addresses. So basically, an address that you've any address type that you've received funds and then spent from, and then, finally, taproot addresses. So

好的。那我们能逐一讨论吗？因为据我理解，中本聪的币属于支付到公钥类型，那是当时唯一的地址类型，意味着当他签署交易时，公钥实际上会上链。那为什么这种最容易被攻击？

Okay. So can we go through them? Because so Satoshi's coins are paid public key, which was, like, the only address type then as far as I understand it, which means when he was, signing a transaction, the public key actually goes on chain. So why is that the easiest one to attack?

因为，我是说，它们的攻击难度其实差不多。关键在于它们都能提供一个65字节或64字节的公钥，从数学角度来说。但如果你...嗯...

Because well, I mean, the they're all kind of the same amount of difficulty. It's just, like like, because I like, like, of them can give you a 65 byte public key. Right? Or 64 byte public key in terms of the math math of things. But if if you yeah.

所以这其实完全取决于金额大小，以及你认为能逃脱多少责任。可能还存在某种博弈论策略，比如先尝试攻击不那么受关注的小额目标，比如避开币安和Kraken的大冷钱包，先从小额入手最大化收益。当然之后你会换成法币，这样即使量子计算机攻击系统，也能依赖当局保护这类活动。另外还有些方法可以让比特币表现得具有量子意识——如果你意识到量子威胁，可以设计特定协议来处理地址和支出，通过避免某些操作来增加量子攻击者盗取资金的难度。

So, like, it's really all about, like, the amount and also how much you think you can get away with. And, like, you know, maybe there's some, like, imitation game type theory where you you'll try to take something, maybe not the big the big Kraken and Binance cold wallets. You'll take something, like, smaller, like, that people aren't necessarily watching so so closely and maybe try to take that first and maximize your earnings. And then of course you'll like dump into something like Fiat, which, you know, you can then depend on even if there is like our quantum computers attacking the system, could depend on the authorities to, you know, protect that kind of activity. And so it and there's also certain ways you can use Bitcoin to, like, for it to behave in sort of like a quantum aware way and that, like, you, you can, if you're aware of the quantum threat, can design certain protocols for working with addresses and spends and just like trying to avoid, spend time avoiding certain doing certain things to make it more difficult for a quantum attacker to take those funds.

这也是我一直在研究的方向。不过无论如何，这并不需要软分叉。但话说回来，我认为最佳解决方案还是通过软分叉引入抗量子计算的新型加密算法。

And that's something I've also been researching, but regardless, and and and that that does not require a soft fork. But that said, the best solution, in my opinion, would be a soft fork that introduces a new kind of cryptography that's resistant for quantum computers.

好的。那我们具体说说量子计算机如何从公钥推导出私钥。是不是因为它更强大所以能暴力破解？还是说...具体原理是什么？

Okay. So let's get into how a quantum computer would actually derive a private key from a public key. Is it just a case of it's more powerful so it can brute force it? Or, like, how does that work?

根据谷歌Willow白皮书的描述，他们观测到如此高的效率，以至于从热力学角度来说，除非在平行宇宙中进行并行计算，否则不可能完成如此庞大的运算量。这意味着当物质发生纠缠时——比如两个粒子相互纠缠——那确实像是打开了通往另一个宇宙的窗口。懂了吗？

Well, the way the the Google Willow white white paper described it was they observed some like a such a high degree of efficiency that it's not really thermodynamically possible to perform that much computation unless it has doing work in parallel universes. And so that means well, when it's like, when matter becomes entangled, like, when you have, like, a particle that's entangled with another particle, it it really does seem like that's that's your window into another universe. Okay.

我还是没听明白。你得给我详细解释下这个。

I don't understand that, though. You need to you're gonna have to explain that to me more.

确实，量子纠缠这个概念又复杂又诡异。老实说我也不是完全理解，只是知道现象看起来就是这样。而且人类对平行宇宙的理解也很有限。或许通过这项技术，我们能更深入地理解其真正含义。

Yeah. So, like, quantum entanglement is is tricky and weird. And I'll admit, I I don't fully understand it other than just that, like, that's what what what it's looking like. And also, humanity doesn't really quite understand parallel universes that well either. So it's possible that through this technology, we will discover more about like what that actually means.

这样吧，我可以发给你Willow白皮书的节选，内容相当劲爆。就像...等等你说什么？懂我意思吧？我完全能理解你的困惑。

But that's, I mean, I can send you a snippet of the Willow White white paper that it's really kind of juicy. It's like, I'm sorry, the what? You know? Like, I I I feel you. I, like, I feel you.

我也特别想深入研究这点。其实大家都一样——我们就是不知道。在某些方面我们只有理论，来解释为什么量子计算机比经典计算机强大这么多。

I I wanna double click on that too. I think just about everybody does. Like, we just don't know. Like, in some ways, we don't know. We only have theories as to why these computers are so much more powerful than classical computers.

但说真的，这太震撼了。我必须了解更多。不过我们确切知道的是，它能破解ECDSA椭圆曲线加密算法。

But, I mean, I yeah. That that blows my mind. I need to know more about that. But but we know for a fact that it will break e c d ECDSA.

如果你有足够多经过纠错的量子比特，我们就能精确构建一个电路来获取公钥、加载它，然后将其转化为私钥。当然细节决定成败，但这本质上就是...

If you have enough qubits that are error corrected, we know exactly the circuit that you would build to take a public key, load it in, and then turn that into a private key. Now the devil's always in the details, but that's essentially, like, you know, the

威胁模型。好吧，那么我们明白在这种情境下所有私钥都可能被破解。

the threat model. So okay. So we know that all private keys are potentially compromised in this scenario then.

我...我不会这么说。实际上，我们别急着下结论。这个...这个说法有点...应该说每当公钥被暴露时，才是你处于风险的时候。

I I wouldn't no. Actually, let let let's not jump to that conclusion. That that's this taking this taking this a little so anytime a public key is revealed, that would be when you're vulnerable.

不过...好吧。

But Yeah. Okay.

对。但就像所有私钥——当私钥转换成公钥时，公钥是可以被哈希处理的，对吧？所以本质上，如果你哈希一个公钥并把哈希值上链，那就是安全的。所以任何以bc1q开头的地址，比如原生隔离见证地址...

Right. But like all private keys, like private keys, when they're turned into public keys, the public key can be hashed. Right? And so essentially, like if you hash a public key and you put the hash of that public key on chain, that's safe. And so any address that starts with b c one q, that's like a native SegWit address.

这类地址就没问题。任何以数字1开头的地址也没问题——只要你不重复使用那个地址。你往这个地址收款是可以的，但如果你再次从这个地址支出，就等于重复使用了。这时候...你已经暴露了该地址的公钥，所以就不安全了。

That's gonna be fine. Any address that starts with the number one, that's gonna be fine. So long as you don't reuse that address. You you you receive funds to it, but then you spent like, spent from that again, then you've reused it. And and and, like, you know, it's it's it's you've already revealed the public key for that, so it's not safe.

但如果你使用的是HD钱包，一个规范的层级确定性钱包，比如符合BIP32标准的——像BIP32钱包。它每次使用或甚至每次请求时都为你生成新地址，那你就是安全的。问题只出在地址复用或使用Taproot的情况下。

But if you're you're perform if you're using a HD wallet, a proper HD wallet, like a hierarchical deterministic wallet, and you are like, that's bit 32 compatible. Right? Like a bit 32 wallet. And it generates a new address for you each time you use one, then or even each time you request one, then you're going to be okay. It's just it's it's when you reuse addresses or if you're using Taproot.

我认为这可能是观众们真正在思考的另一个陷阱。

I think that that would be another pitfall that that viewers might actually be thinking about.

好的。既然我们知道隔离见证地址是安全的，为什么还需要转向抗量子算法呢？

Okay. So if if we know that the SegWa addresses are safe, then why do we need to move to a quantum resistant algorithm?

因为当你从中花费时，拥有足够强大量子计算机的攻击者可以在交易进入内存池时截获。

Well, because when you spend from them, a an attacker with a sufficiently powerful quantum computer could take your transaction in mempool.

实际上

Actually the

是的。比如每次你花费你的币时，都必须在那时公开你的公钥。当交易进入内存池后，所有人都能看到它，由于它在所有节点上，攻击者就能在交易被打包前采取行动。即使交易已被打包，有时还会出现重组和孤块的情况，那些公钥仍然可能暴露，交易在技术上可能并未真正被打包。所以在考虑量子威胁模型时，确实有很多需要考量的因素。

yeah. So like, anytime you you spend your from your from your co spend your coins, you have to reveal your public key at that point. And when you put it in the mempool and like everybody can see it, then because it's on all the notes, then that's when the attacker could go ahead and do their thing before the transaction is mined. And if if if it even if it is mined, sometimes there are, like, reorgs and orphaned blocks, and and those public keys are then available and and and the transaction might not technically have been mined. So there's definitely, like, a lot of considerations when you're thinking about a potential quantum threat model.

明白了。所以这只是临时解决方案，并非长期通用方案。但理论上，在拥有这种量子计算机的世界里，如果使用隔离见证地址并直接向矿工发送链下交易，是否能规避这个问题？

Okay. And so this is this is just in the cropped up then. And this isn't as, like, a long term solution for everyone. But theoretically, in in a world where we have quantum computers that can do this, if you were using Segway addresses and sending transactions out, like, out of band directly to miners, would that get around this issue?

嗯，是的。不过这解决不了孤块问题。但确实，这种方式能大幅提升安全性。唯一的问题是这样操作体验很糟糕。

Well, yeah. Except it doesn't solve for the problem of of orphan blocks. But yeah. Like, that's that's one one that's that definitely increases your security substantially. The only problem is, like, that kind of sucks.

对吧？因为你不再拥有空闲的内存池了。而且，这并非理想的解决方案。这更像是，市面上确实存在类似Slipstream这样的服务可供使用。比如，你可以先生成交易十六进制数据，在BlueWallet中复制后，转而提交到Slipstream，并确保设置足够高的手续费率以便被下一个区块选中——这种做法比直接将交易广播到网络要更安全可靠得多。

Right? Because you you don't have, a free free mempool anymore. And, like like, it's it's it's not the ideal solution. It's it's it's one of the like, it's like there's definitely, like, services out there like Slipstream, for example, that you could use. Like, if you were to just create the transaction hex and say BlueWallet and then copy that and then put it in a slipstream instead, that and and and make sure you have a high enough fee rate for it to be selected for in the next block, then then you that's that's a much better, much safer thing to do than just publishing the transaction to the network.

但是

But then

但这终究是个不太光彩的解决方案。

But it's a shady solution.

这真的...这不公平。这不像一个公平的市场。对吧？因此为了维护Vampoole的自由市场，我们本质上需要提出一个更好的方案。

It it it really it it's it's not fair. It's not like a fair market. Right? And so in order for us to preserve the free market of the Vampoole, we need to essentially come up with a better one.

是的，有道理。好的。在我们讨论你提出的解决方案之前，这对挖矿意味着什么？

Yeah. That makes sense. Okay. Before we get into, like, the solutions that you've kinda put forward for this, what would it mean for mining?

挖矿情况稍有不同。这取决于...说实话，我还没看到多少学术文献探讨SHA-256算法——特别是基于难度调整的比特币挖矿——如何可能被量子计算机攻破。我们相信这是可能的，只是不清楚具体会采用什么算法，除了很可能是基于Grover算法的、专门为比特币挖矿定制的实现方案。

So mining is a little different. So it it depends on like, to ask, I haven't seen a lot of academic literature on how, like, SHA two fifty six, and in particular, how the how actual, like like, Bitcoin mining based on the difficulty, right, is could potentially be compromised by a quantum computer. We we believe it can be. I just I'm not aware of the exact algorithm that you would use other than just that it would probably be based on Grover's algorithm. It would be it would be using Grover's algorithm, but it would be an implementation of it that was specific for the purpose of Bitcoin mining.

你所说的'攻破'，是指量子计算机将能胜过我们现有的ASIC矿机，还是另有所指？

And when you say compromise, do you is does that mean that the quantum computers will be able to outcompete the ASICs that we have right now, or is it something different?

我听过有人说他们可能会。我听过有人说，他们可能会大幅改变。他们可能只是有竞争力。很难说。就像，可能存在某种中间地带，他们非常优秀，但就像，你知道的，一台价值百万美元的量子计算机可以替代，你知道的，一万个ASIC矿机。

I've heard some people say they might. I've heard some people say, like, they might substantially. They might just be competitive. It's hard to say. Like, if it there might be like kind of a middle ground where they're very good, but like the, you know, like one quantum computer that costs a million dollars could replace, you know, 10,000 ASICs.

对吧？就像，然后，你知道的，我们我们我们仍然处于良好状态，因为到时候每个人都会升级到量子矿机。

Right? Like, then, you know, like, we're we're we're still in good shape because then the everybody will just update to quantum miners.

好的。所以你提出了BIP 360。嗯。你能解释一下那是什么吗？

Okay. So you've proposed BIP three sixty. Mhmm. Do you wanna explain what that is?

是的。所以BIP BIP 360，一个比特币改进提案。它实际上是它们之间存在间隔。顺便说，我不能说这是第360个。它就是BIP 360。

Yeah. So BIP BIP three sixty, a Bitcoin improvement proposal. It's the it's they they they actually they there are gaps in between them. By way, I can't say it's the 300 Sixtieth 1. It's it's just BIP 360.

这就是它的名字。它指定了一种新的地址格式，或者他们实际上称之为输出类型，技术上来说是以b c1r开头的，本质上它将是一个公钥的哈希的哈希，这个公钥来自后量子密码学签名算法。所以后量子密码学或PQC让你基本上，它的工作原理是，整个后量子密码学的理念就是让签名或公钥对量子计算机来说变得实质上更难利用。就像，还有一点要明确的是，哈希算法对量子计算机来说比签名算法更难处理。所以正如我之前提到的，格罗弗算法适用于哈希。

That's what it's called. And it is specifying a new address format call or out what they call output type, actually, is the tech the technical term for it is that that starts with b c one r, and it will essentially be a hash of a hash of a of a public key that comes from a post quantum cryptography signature algorithm. And so post quantum cryptography or PQC allows you to basically, the way it works is it is this it it present it's just the the the whole idea behind post quantum photography is just to make it substantially harder for a signature or public key to for for a quantum computer to to do anything useful over it essentially. Like and also to be clear, hash algorithms are much harder for quantum computers to work over than signature algorithms. And so Grover's algorithm, as I said mentioned earlier, works over hashes.

它的扩展方式不如椭圆曲线公钥密码学高效。

It scales in a way that is not as efficient than public key elliptic curve cryptography.

好的。所以，就像，椭圆曲线密码学和Schnorr签名的一大优势是它们是非常古老的算法，我们已经经过了很长时间的测试。这些后量子算法是新出现的吗？

Okay. So, like, the one of the big benefits with elliptic curve cryptography and Schnorr signatures is that they're very old algorithms that we we have seen, like, tested for a very long time. Are these post quantum algorithms new?

是的。首先关于是与否的问题。比如，PSYCH P256K1算法于2000年制定，至今已沿用25年，目前运行良好。还有几种后量子算法使用哈希函数，它们都是基于哈希的后量子密码学签名算法。

Yeah. So one thing is well, for the yes and no. So for example, the psych p two fifty six k one was specified in 2000 and we've had it for twenty five years now and it works it's worked pretty well so far. There are a couple, like, post quantum algorithms that use hashes. They're hash based post quantum cryptography signature algorithms.

不过还有更古老的算法。比如1977年Leslie Lampert提出的Lampert签名就使用了哈希函数。虽然签名尺寸和公钥尺寸非常大（总计约80KB），但这些算法已被证实是安全的，且存在时间非常久。

There are a couple that are even older than that, though. One is from 1977. Leslie Lampert came up with Lampert signature that uses hashes. It's very large signature size and public key size. Total would be like 80 kilobytes, but they are known to be secure, those have been around for a very long time.

类似地，八十年代还出现了另一种称为Winternets OTS的一次性签名方案。它的体积稍小，但也有自身限制——如果重复使用，攻击者就能推导出私钥，因此得名'一次性签名'。诸如此类的方案还有很多。

Similarly, there's also another there's also another one called Widternet's OTS, one time signature, that came out a few years after that in the eighties. And that also is slightly smaller, but has its own limitations. In fact, one of the limitations is that if you were to ever reuse it, people could come up with a private key for it. So that's why it's called a one time signature. So anyway, things like that.

这可能是个愚蠢的问题——但我们如何真正确定它们具有量子安全性？

And this might be a stupid question, but how do we actually know they're quantum secure?

目前学界认为它们具有量子安全性。这些算法对量子计算机而言属于困难问题。比如使用哈希函数的算法，我们知道量子计算机难以破解哈希。相比椭圆曲线加密或RSA大数分解等算法，哈希算法对量子计算机的抵抗性更强——虽然并非完全不可破解。

So it's they're believed to be quantum secure. They're believed to be hard problems for quantum computers to solve. And like, for example, if it uses a hash algorithm, we know that hash algorithms are difficult for quantum computers to solve. And in that they're they're more difficult than elliptic curve cryptography or factoring large numbers like RSA or or or an or an ECC. And so, like, the the, like, the hash algorithms are kind of hashes are are kind of like a a level above, like quite a bit harder for quantum computers to solve, but they're not impossible.

因此学界也在研究格密码学。这种技术本质上是进行高维空间的签名运算。我们相信通过增加问题维度，可以加大量子计算机并行计算的难度。

And so there's also been work put towards what's called lattice cryptography. And that is essentially doing like, signatures in higher dimensions. And so we we believe that by, like, increasing the dimensionality of the problem, can make it more difficult for quantum computers to, like, parallelize.

本节目由Ledger赞助。如果您需要专业比特币保护方案，Ledger硬件钱包能让您完全掌控私钥，有效防御黑客攻击、钓鱼和恶意软件。通过Ledger易用设备和Ledger Live应用，比特币管理从未如此便捷。无论您是长期持有者还是比特币新手，Ledger都能为您的资产提供简单可靠的安全保障。

This episode is also brought to you by Ledger. If you're serious about protecting your Bitcoin, Ledger has the solution you need. Their hardware wallets give you complete control over your private keys, ensuring that your Bitcoin stays safe from hacks, phishing, and malware. With Ledger's easy to use devices and the Ledger Live app, managing your Bitcoin has never been more convenient. Whether you're a long time holder or new to the world of Bitcoin, Ledger makes it simple to keep your assets protected.

如果你想了解更多，请访问ledger.com，立即保护你的比特币。网址是ledger.com。本集节目由比特币自托管解决方案领导者Casa赞助。我从2019年开始使用Casa，强烈推荐他们。Casa为所有比特币用户提供多种选择，从2/3多重签名到3/5多重签名，还有为顶级安全需求设计的私人客户方案。

If you wanna find out more, visit ledger.com and secure your Bitcoin today. That's ledger.com. This episode is brought to you by Casa, the leading Bitcoin self custody solution. I've been using Casa since 2019, and I can't recommend them enough. Casa have options for all Bitcoiners from a two of three multisig to a three of five and a private client option for absolute best in class security.

Casa还提供继承服务，我最近刚设置好，操作真的非常简单。我的遗产计划从给妻子留的模糊藏宝图变成了我现在完全放心的坚固安全方案。了解更多请访问casa.io，网址是casa.io。好的。我们将深入探讨这对比特币意味着什么。

Casa also do inheritance, which I very recently set up, and it really couldn't be easier. My inheritance plan has gone from a vague treasure map for my wife to a rock solid security plan that I have total confidence in. To find out more about Casa, go to casa.io, which is casa.io. Okay. And and we'll get into exactly what this means for Bitcoin.

但如果我们实施类似方案，这是一次性永久修复的方案，还是需要持续维护的方案？

But if we were to implement something like this, is it a, like, one time thing that fixes it forever, or is this gonna be, like, an ongoing thing?

如果我们有完美算法，比如比特币开发者邮件列表上讨论的Macarello算法，那我们直接升级就行。但遗憾的是我们没有，离那还差得远。我们需要再花十年二十年的后量子密码学研究才能得到完美方案。

Well, if we had the perfect algorithm, like, Macarello on it on the on the Bitcoin dev smelling list, then, of course, we'd just upgrade to that, and that would be fine. But unfortunately, we don't have that. We're not anywhere near that. We need, like, a good ten or twenty more years of post quantum cryptography research to to get us like the perfect thing.

嗯。

Mhmm.

所以在BIP360中，我们实际上指定了三种不同算法，因为我们不知道哪个会被证明不可靠。这样即使一个或两个算法被攻破，至少还有第三个备用。这就是我们目前能提供的最佳方案。就像BIP360那样，虽不完美但已是现有最优解。

And so that's why in bit three sixty, we actually specify three different algorithms because we don't know which of them will ever prove to be unreliable. And so, so like if one breaks or two breaks, at least have a third. Right. And so it it's it really is just like the best of what we have now. And it's essentially like like fifth through 60, it's not perfect, but it's the best of what we have.

这就是我们目前的最佳解决方案。我只想把这个方案公之于众并开发相应软件，我们确实准备构建它。我们希望在年底前完成可运行的实现。最终目的是避免手忙脚乱——如果量子计算日真的到来时，我们不至于措手不及。

And it's it's the best solution we have now. And so I just want this out there and us to have the software for it, and we're actually gonna build it. And we're hope we're hoping actually to have a working implementation by the end of the year. The the the intention ultimately is that we're not scrambling. We're not like we have like, you know, look like if if if there is a every Q day, right?

比如说，我们逐渐意识到比特币可能已被量子计算机攻破。如果我们真的看到这种情况发生，那么我们至少要有应对之策。这对‘量子日’来说是件好事。同样，如果我们能普遍认识到量子计算机的发展趋势，并且越来越多的人认同量子计算机可能带来的真实威胁——而不仅仅是某种八位实验性准粒子装置——那就更好了，对吧？

Like there's a, like, we come to realize that Bitcoin is, we come to realize that Bitcoin has been compromised by quantum computers. Then if we ever see that, if that ever occurs, then we have a way to potentially mitigate against that. And so this is this is good for Q Day. This is also good for also if we just get a general sense that, you know, like this is where quantum computers are going and there's a growing consensus that quantum computers could be a a very real concern more than just like an eight bit experimental quasi particle, you know, setup. Right?

比如，如果微软突然拥有了一两千个费米子量子比特，拓扑量子比特之类的，那大家就得认真对待这个问题了。没错，正是这样。

Like if, if, if Microsoft suddenly has, you know, a thousand or 2,000 mire on a fermion cubits, right, topological cubits, then, like, that would be like, okay, guys. Like, we might need to we might need to think a little more seriously about this. Yeah. Exactly.

那么从你的目标来看，理想情况下，我们是否应该等待十年、二十年，直到找到完美的抗量子算法？还是说你觉得需要更快推进？我想问的是，你提出这个方案更多是为了开启讨论、推动进展，而非认为这就是最佳解决方案？

So in terms of, like, your goal for this, in in the ideal scenario, is it that we wait ten, twenty years, however long it needs to find, the perfect quantum resistant algorithm? Or, like or do you think we need to move forward with March sooner than that? Like, what I guess the question is, is this, like, you trying to open the conversation and start something happening rather than you thinking this is the right solution?

嗯，我觉得就目前而言这确实是个可行的方案。说实话，没人能预测未来十年二十年会怎样，也许这完全是白费功夫，谁知道呢？

Well, I mean, I think this is the right solution for right now if we ever need it. It's just Okay. Like, it really is like anyone's guess whether we have 10 or 20 or as maybe it's a complete boondoggle. Right? Maybe it's a complete, like, who who knows what?

我们真的无从知晓。这种不确定性本身就是恐惧的根源。我认为消除恐惧的最佳方式之一，就是提前备好解决方案——要有实际可运行的代码、明确的规范、可落地的实现，让我们能观察其运行机制，比如对区块验证时间的影响。

Like, it's, you know, it's we really just don't know. And the fact that we don't know is essentially a source of fear. And I think one of the best ways to like address that fear is to have a solution waiting in the wings and like, you know, basically ready to go if we ever need it. And like is is is has actual real code and a real spec and real implement, you know, just like and and and is able to see how it works. We're able to see, you know, like, and if there's any impact on block verification time.

对吧？或者说节点在常规使用中的扩展性如何？这类细节都需要验证。我想在测试网上跑一跑，看看真实资金环境下这套系统究竟如何运作。

Right? Like, or or how how a node scales through regular usage. If there's like, like, things like that. I wanna see that scaled on test like see I I wanna run this on the test net and see See what happens. You know, how this actually works with real with real money.

没错。

Yeah.

那么这次升级对比特币有什么影响？是不是密钥变得更大，区块验证时间更长？

And so what are the effects on Bitcoin from this upgrade? Is it that keys are way bigger and blocks take longer to validate?

是的。区块验证会变大，而且在某些签名算法配置下，验证时间可能会显著增加。也许不会。实际上，我不该说'显著'——大致上是等价的，但速度可能会慢2到4倍。相比我们评估过的某个签名算法让速度慢了15000倍，这还不算太糟。

Yeah. So blocks are bigger to validate, and they are also can potentially in certain configurations of the signature algorithms take a a good amount of time longer to verify. Maybe not. Actually, it's I wouldn't say good amount. It's actually like roughly equivalent, but like like it's it's it would be something like two to four times slower, which is not terrible compared to like, you know, one signature algorithm we we evaluated actually made things 15,000 times slower.

哇。我们评估它的原因是因为它能大幅缩短公钥和签名尺寸，甚至可能让我们不需要专门处理诸如提高折扣率或增加区块大小的问题。但问题是，原本1秒能验证的区块，如果装满那种签名算法，需要4小时才能验证。所以这类问题一开始并不完全明显，深入分析后才会发现'糟糕'。

Wow. And the reason why we evaluated it was because it produced substantially shorter, like smaller public keys and and signature sizes to the point where, like, we might not even need to, like, do anything special about say, increasing a discount or or increasing a block size. Right? Like but the problem is it makes the the block like, a block took a second to verify normally, it would take four hours to verify if it was full of that kind of signature algorithm. So, like, things like that, like, aren't completely obvious at first, and and then you just sort of, like, dig into it a little bit more and you're like, oh, no.

这实际上行不通。所以我希望确保没有明显的陷阱，这就是为什么我想直接编写代码并发布，看看实际效果。这样我们才能更好地判断这个设计是否合理。如果可行，我们就可能有个解决方案。对于那些担心量子计算会导致比特币消亡的人，我们可以直接指向vid360说：'不，我们有对策'。

This actually won't work. And so things like that I want to kinda like, I wanna make sure there there aren't any obvious pitfalls, and that's why I want to actually just write the code and then get it out there and see how it works. And then we'll have a better idea of like if this is, you know, a good design or not. And if it is, then we'll have potentially like a solution. And for those who are, you know, concerned or fear mongering or saying Bitcoin's gonna die due to quantum computers, well, we can just point that to vid three sixty and say, well, no.

我们有个计划。嗯。

We have a plan. Mhmm.

你刚才提到区块大小，你认为这会对区块大小产生什么影响？

You mentioned block size there. What do do you have an idea of what this will do to block sizes?

好吧，首先要明确的是，Bit $3.60是软分叉。这不是全面增加区块大小，本质上是给交易添加一个新字段，类似于见证数据。我们称之为'attestation'（证明），它和见证是近义词，但具有不同的规则。

Well, so that's and just to be clear, Bit $3.60 is a soft fork. So it's not like a wholesale increase in block size. It is, essentially adding a new field to the transaction similar to the witness. We call it an attestation. It's just a synonym for a witness, but it's a different it's a different, it has different rules.

所以我们只需要给它换个名字。对，就是那个认证机制。如果你把它塞满各种东西，这要看情况。首先，认证机制是一套严格得多的规则集。

And so we just need a different name for it. And so, yeah, the the attestation yeah. If if you stuff it full of like, so it depends. It depends. Like, so first of all, the attestation is a much stricter rule set.

只有有效的公钥和签名才能进入认证机制。这些必须为交易进行签名。而且它们还必须预先提交。虽然你可以使用阈值签名，或者用哈希值替代，但你始终需要提供有效的公钥和签名。

Only valid public and public keys and signatures. Only valid public key and signatures can go into the attestation. This they have to the sign for them for for the transaction. And then also they have to be committed to in advance. And although you can do like a threshold signature and you can like kind of like put a hash there instead and and you you will always still need to provide a valid public key and signature.

这实际上大大减少了认证机制可能引发的各种花招，与见证机制相比。如果我们提供16倍折扣，而隔离见证只提供4倍折扣——在软分叉中我们称之为量子位（Qubit），16倍的量子位折扣在最坏情况下会导致16MB的区块序列化到磁盘上。

And so that's that that really just dramatically reduces the amount of shenanigans that can be had with a attestation versus like a witness. And so there's that. And the if if we were to provide a, say, a 16 x discount versus the four x discount that the that SegWit provided. If we were to in the SoftFork, we call it qubit, q with a capital b. A qubit discount of 16 x would result in worst case scenario, 16 megabyte blocks when they're serialized on disk.

这不是说要提高100万v字节的上限，明白吗？只是调整了区块大小和权重的计算方式——这些术语源自隔离见证时期，我们至今仍在与之周旋。但如果我们把这个折扣翻四倍，应该就足够维持大致相同的吞吐量了。

They're not, you know, like, it's not raising the 1,000,000 the 1,000,000 v byte. Right? Like like a cap. It's it's just it's just fudging the math on how we account for the the size of the block, the weight of the block, what they call what the these terminology that they came up with in in in the SegWit days that we've been wrestling with ever since. But, yeah, if if we if we just, like, quadruple that discount, then that should be relatively sufficient for us to maintain roughly the same amount of throughput.

如果每笔交易都是后量子恢复交易，吞吐量可能会略有下降。另外要注意的是，由于我们提供三种签名算法，用户可以选择在交易或地址上绑定多少种——这有点像多重签名，但是量子层面的。理论上你可以为普通交易配备三倍签名（如果使用全部三种算法），比如你是Kraken、币安、Bitfinex、Coinbase或MicroStrategy这类机构。

It might be a little reduced if every transaction is a post quantum recovery transaction. It'll be somewhere between so like, also one thing to understand is that because we're providing three different signature algorithms, we can also like, users will choose how many they want to put on their transaction or or the address really to encumber their address with. It's almost like it's almost like a multisig, but for in in a quantum perspective. And so, like, you're having, like, you're you're basically tripling, you could potentially triple the number of signatures you put on an ordinary transaction if you were like using all three different algorithms, if you were particularly paranoid about, you know, when you wanna go spend these these coins. So, like, if you are Kraken or Binance or Bitfinex or Coinbase or MicroStrategy.

对吧？如果你是持有大量币需要保护的大型机构玩家，可能会想增加交易包含的签名数量。这个数字大概在2到20之间——取决于你对资产安全的重视程度。某种程度上这也会导致类似MEV的行为，高价值交易不仅会支付更高费率，还会为这些签名付出更多成本。

Right? Like, if you're one of these big institutional players with a large amount of coins that you wanna secure, then you'd probably want to increase the number of signatures you include in your transaction. And so that would be something like no more than 20 x, large refuse all three. So it's somewhere between two and twenty depending on, like, how badly you wanna secure your coins, like how how how much value you want to secure. And in a way that also leads to kind of like an MEV kind of behavior and that, like, some some of the really high value transactions will pay more, not only in fee rate, but also in for these signatures.

从这个角度看，它其实也解决了安全预算问题。有人提议缩减区块大小，但为什么不直接让交易变得更大呢？

And also it is so in that way, it kind of also addresses the security budget concern because, you know, like some people have proposed reducing the block size, and I'm like, well, why not just make transactions bigger?

简单来说，是不是意味着我们现在一个区块里有4000笔交易，但以后可能会减少到只有1000笔交易？

So just to, like, try and put that into layman terms so I understand, does that mean that instead of having, like, whatever we have now, 4,000 transactions in a block, it might be a thousand transaction in a block?

对，更可能是3000左右。大概在1000到3000之间。对，还是以千为单位。

Yeah. Like, maybe more like 3,000 Okay. One or one to 3,000. Yeah. Like, still in the thousands.

好吧，所以这算不上是世界级的缩减。那开发圈对这事普遍反应如何？

Okay. So it's not like the biggest reduction in the world. So what have the, like, general reception of this been like in dev circles?

开发者们...基本上每个核心开发者，或者说任何长期参与比特币贡献的人，都完全持怀疑态度，觉得我们根本不需要担心这事。对了Peter Woolley，就是那个人...你能帮我确认下他名字的发音吗？你应该知道的。

Well, the developers so there's definitely, like, like, pretty much every core dev I've talked to or anybody who's, like, a long standing, like, contributor to Bitcoin is just entirely skeptical that, like, you know, we're we're gonna see any we're we have any concern. And, like, Peter Woolley, right, he was the one who actually, can can you help me with the pronunciation of his name? You know it. You would know

呃，我以为读作Peter Willa。对，我觉得你读对了。

Well, I I thought it was Peter Willa. Yeah. I think you got it.

好吧，太好了。真棒。既然连欧洲人都这么说...啊不对，你不是欧洲人，你是澳大利亚人。

Well, okay. Great. So awesome. Well, if I'm getting that from a European then actually, not European. You're you're you're Australian.

那还是不一样的。

That's that's different.

嗯，我是英国人，但住在澳大利亚。

Well, I'm English, but I live in Australia.

所以我我好吧。酷。

So I I Okay. Cool.

是啊。不过确实，我以为是彼得·维拉。

Yeah. But yeah, I thought it was Peter Willa.

好的。维拉。明白了。彼得·维拉，他——对于那些不了解的人来说——他实际上是Taproot的主要推动者之一，与杰里米·鲁宾一起促成了这件事。他还是secp256k1（比特币使用的椭圆曲线加密标准）实现的核心维护者之一。

Okay. Willa. Okay. So Peter Willa, he's he's the guy who who basically, for those who don't know, he implemented Taproot or really just kinda like pushed it through along with Jeremy Rubin, but and his his contributions to that. But he and he was also one of the contributors or, like, kinda like the he's the lead maintainer of the sec p two fifty six k one implementation used by Bitcoin.

而且是元老级传奇开发者。

And OG legendary dev.

哦对，超厉害的人。真正的传奇开发者，元老级人物。

Oh, yeah. Amazing guy. Like legendary dev. Exactly. OG.

他非常有才华，在Bitcoin Stack Exchange上回答了我提出的许多问题，他和Merge都是传奇人物。彼得·维拉虽然承认这种威胁模型可能存在，但他仍然怀疑这种情况是否真的会发生。

A very talented and he's answered so many questions I've I've asked on, Bitcoin, Static Exchange, him and merge. Right? Legends. Right? So Peter Willa, he's he's he he acknowledges, like, this is a potential threat model, but he also is still skeptical that it will ever happen.

他还建议我们可能应该没收那些易受攻击的代币，因为按照他的说法，这确实...我们当然必须这么做。但我当时就想，等等，当然不，我不这么认为。我当然不认为我们需要没收所有易受攻击的代币。不过你知道，这完全是另一条讨论思路了。

And there he also has recommended that we potentially confiscate vulnerable coins because it could definitely like like he said according to him, he says that it would like, we of course, we have to do this, you know. And I'm like, wait. Of course, not I don't think so. I don't think, of course, we need to confiscate all the vulnerable coins. But, you know, it's it's it's that's a different line of discussion altogether.

但我觉得这是个非常有趣的讨论方向。我之前在节目里和Alex Leishman简单聊过量子计算的话题。他提出的一个观点是，在后量子时代，所有那些易受攻击的旧代币——比如中本聪的币就是完美例子——它们从未移动过。我们假设它们永远不会移动。但在后量子世界，必须对这些币采取些措施。

But I think that's a really interesting line of discussion. So I very briefly spoke about the quantum stuff with Alex Leishman when he was on the show. And one of the things he brought up was this idea that in, like, a post quantum world, all those old coins that are vulnerable, like, so to Satoshi's coins being a perfect example, like, they've never moved. We assume they're never gonna move. And in a post quantum world, something has to happen with them.

要么中本聪移动它们（我觉得不太可能），要么像你说的被没收，要么被盗。这让我联想到以太坊DAO黑客事件，那也是个关键节点，我们必须非常谨慎。我认为没收根本不是可行的解决方案。

Either Satoshi moves them, which I don't think is likely, they get confiscated, like you say, or they get stolen. And I feel like there's a kind of an analogy to the Ethereum DAO hack, where it's like, it's a very kind of critical moment where we have to be really careful about what we do. And I don't think confiscation is is a is a viable solution at all.

是啊，在我看来这是个糟糕的主意，这违背了自由货币最初的承诺之一，对吧？就是抗审查性。这是其一。

Yeah. I think it's a terrible idea, in my opinion, that's like kind of breaking one of the original promises of freedom money. Right? Like, censorship resistance. And so there's that.

另外我听过一个可能的折中方案，或许能在没收派和清算派之间找到中间立场。就是把支付到公钥地址的交易限制为每个区块只能处理一笔。这样即使量子计算机在Q日之前发动攻击，反正我们平时也很少见到这类交易，所以应该能顺利通过。

There's also like, you know, the there is one potential compromise I've heard that, you know, might, like, be a good, like, you know, middle ground between the confiscators and the liquidators. Right? And that is to restrict the spending of pay to public key addresses to one per block. And so even if quantum computers are going at it at that point, like before before q day, like one per block, like, we we hardly ever see them anyway. So, like, you'll be able to get it through just fine.

等到Q日之后就会彻底失控。与其让大量交易涌向Coinbase造成流动性突然抽离，我们完全可以按照共识规则限制带宽——矿工每个有效区块只能包含一笔支付到公钥的交易。

After q day, it'll be a free for all. And instead of, like, you know, there being, like, you know, a bunch of like transactions going into a block, going right to straight to Coinbase. And it's like a sudden exit rush of liquidity. Right. Instead of doing that, we could just like kind of throttle that bandwidth down and to like just consent according to consensus rules, miners can only include in a valid block one paid to public key spend transaction.

如果实施这个方案，基本上就能平滑处理那潜在的抛售压力。目前约有34000个支付到公钥的地址，按每年约50000个区块计算，整个过程会被拉长到一年左右时间。

And so if that if they were to do that, then like they they would smooth out basically that that that potential, like, exit. And, there's, like, about 34,000 paid to public key, keys. And so it would take, like, basically, it would, like, it would it would lengthen it over the course of a year or so because there's about 50,000 blocks in a year.

你是说开发社区的普遍反对意见是认为这不重要。这在比特币圈里经常听到，很多比特币玩家都认为这不是真正的威胁，我们无需担心。

So you're saying that the, like, general pushback from the dev community is that this is just not important. And this is something you hear a lot in Bitcoin. Like, I a lot of Bitcoiners just assume that this isn't a real threat. We don't have to worry about it.

我希望他们是对的。从很多方面来说，我都希望他们是对的。

I hope they're right. In many ways, I hope they're right.

呃，我也希望他们是对的。但你看到了什么让你觉得他们可能不对呢？

Well, I I hope they're right too. But but what is it that you're seeing that that makes you think they're not right?

是这样的...这是个很好的问题。目前有数十亿美元资金正涌入这些量子计算项目，微软、亚马逊、英特尔、谷歌、IBM这些大公司...

Well, just that okay. Yeah. So that's a great question. So there are, you know, multiple billions of dollars being poured into these programs, these quantum computing programs. There are so there are companies like Microsoft, Amazon, Intel, Google, IBM.

它们都有资金雄厚的量子计算项目。还有像SciQuantum、Rigetti、IonQ这样的初创公司也在研究这个。还有霍尼韦尔、雷神等国防承包商，以及美国有家很有趣的公司叫In Q Tel。

They're all they all have big quantum computing programs, very well funded. They also have there's also, like, small startups like SciQuantum, Rigetti, IonQ that are also looking into this. And then there's also defense contractors like Honeywell and Raytheon, and there's also a company The US has. It's a really interesting company. It's called In Q Tel.

它显然是

It's apparently

中情局

a CIA.

是的。所以他们...所以我们其实也不清楚，说白了，是否真有人已经拥有足够强大的量子计算机，因为确实有些令人毛骨悚然的传闻，嗯...有些机构研究这个的时间甚至比私营企业还要长。

Yeah. So they they so we have no idea also, just to be clear, if somebody even has a good enough quantum computer because there have been some real some real spooks, you know, like Mhmm. Going at this for even a longer time than even private industry has been.

有意思。那咱们能暂时戴上'锡箔帽'阴谋论一下吗？我有个疑问：比特币显然只是其中一环，但如果所有加密都被破解，世上就再无秘密可言了，对吧？要是所有政府机密突然曝光，那将是场我们无法想象的彻底摊牌时刻。

Interesting. So can we put our tinfoil hat on for a second? Because one of the questions that I have is that, like Bitcoin's obviously one part of this, but if all encryption breaks, there's no secrets anywhere. Right? And so if we if, like, all government secrets were now out in the open, that's obviously a mask off moment in a way that we can't even imagine.

如果我们用...那个（我不知道'他们'是谁），你觉得'他们'会允许量子计算发展到那种程度吗？

If we use the, like, they I don't know who they are, but do you think they will let let quantum computing get to that point?

噢当然。我是说...某种程度上可以说他们可能已经具备这种能力了，现在可能就在犹他州的基地里翻查各种记录呢，懂我意思吗？不过...我也不确定我百分百理解你的问题。

Oh, yeah. I mean, like, if if if like, it's arguable that they already have that capability and they're just, like, kind of, you know, like, churning through records in their Utah facility already. Right? Like that that could be the case. There's also like like I'm not I'm not sure I a 100% understand your question.

你是想问...当局会不会...

Like, you're saying like like, will the authorities

你是说三字母情报机构会放任这种事发生？毕竟他们的秘密也会全部曝光。

Like, the three letter agencies let this happen? Because then all their secrets are out.

明白。联邦政府对此有指导方针，叫CNSA 2.0，本质上是他们应对量子计算机威胁的路线图。他们要求2030年前新系统必须停止使用椭圆曲线加密——只剩五年时间了。

Okay. So the federal government has a guideline for this. It's called the CNSA two point o, and it it's basically their, like, road map for how we handle the potential threat of quantum computers. And they're basically saying that we need to stop using elliptic curve photography in new systems by the year 2030. That's only five years away.

到2035年，我们必须完全停止在政府系统中使用椭圆曲线摄影技术。

And by by the year 2035, we need to have completely sunset our use of elliptic curve photography in government systems.

所以他们正在为此做准备。

So they're preparing for this.

他们确实在准备。一方面，私营企业投入了数十亿美元。另一方面，政府似乎有些担忧并采取了行动。我在想，比特币会怎么做？因为我们不能简单地回滚账本，虽然技术上可行，但那样做会非常糟糕。

They are preparing for this. So like there's on one side, there's like billions of dollars being spent in private industry. On the other side, the government is appears to have some concerns and they're doing stuff. And so like, I'm just like, well, what is Bitcoin gonna do? Because, like, it's not like we can just roll back the ledger, you know, like like, I mean, I guess we could, but that would fucking suck.

另外需要明确的是，以太坊的治理比比特币集中得多，经常进行硬分叉。他们遭遇了大规模黑客攻击，却无法通过治理结构逆转资金流向。可以说他们当时确实无能为力，毕竟现在还有Tether和...

And also, just to be clear, also, Ethereum, which is a lot more centralized governance than than than Bitcoin has and regularly hard forks, they had this big hack, and they they were not able to get their governance structure in in a way that would reverse that that flow. And it's it's arguable that they they they couldn't have because now there's like Tether and and Are you

你是指Bybit被黑事件吗？

talking about the Bybit hack here?

对，就是Bybit被黑事件。他们把资金全转成了Tether，而Tether桥接机制不会愿意进行资金回滚调整。

Yeah. The Bybit hack. Exactly. And and they they moved all in Tether. And and and so, like, the the Tether bridge isn't gonna wanna, like, re readjust, you know.

因此，随着链上发生重大经济活动后，能够回滚的时间窗口非常有限。等我们意识到黑客攻击可能与量子计算机有关时（尽管这点很难证明），可能为时已晚。

And so, like, the the there there's, like, there's a limited amount of time that you could roll back, roll back a chain as significant economic activity occurs on it. And at which point, like, you know, it might just be too late when we realize that, you know, there has been a, a hack that can be somehow attributed to being a due to a quantum computer even though that's very difficult to prove.

那你现在的目标是什么？是因为如果开发者们不太支持这个方案，现在对你来说就变成需要到处解释你在做什么以及为什么做这件事的教育工作了吗？

So what's your, like, goal with this now? Is it to because if if the devs aren't really on board with this, like, it now just like an education thing for you where you need to get out and explain what you're doing and why you're doing it?

这确实是我正在做的事情之一。是的，我参加各种会议去倡导这个方案，除了实际实施外，还在努力建立支持和共识。所以我希望这个方案能被认真视为潜在解决方案——当然也可能存在更好的方案。

That's essentially one one one of the things I'm doing. Yeah. I'm going out to different conferences and advocating for this bit and trying to establish support and consensus in addition to actually implementing it. And so I I hope that this is, like, taken seriously as a potential solution. And maybe there are better ones.

我希望能看到人们研究更好的方案，毕竟我才全职研究比特币四年，认知还存在局限。即使研究比特币十年，仍会有未知领域。完全理解。就像有个笑话说的，人们最初通过比特币了解加密货币，结果却永远学不完比特币的知识，因为它太深奥了。

I'd like to see people work on better ones because, you know, like, I mean, I've I I I've only been working in Bitcoin full time for four years, so I have, you know, my limitations and my understandings of Bitcoin even still. Like, you could work on Bitcoin for ten years and you could still there's still things you could probably not know about it. So Totally. It's yeah. Like, it's it's there there there's a joke that, like, people will start with Bitcoin before going into other cryptocurrencies to learn about them, and then they just never stop learning about Bitcoin because there's too much to know.

这里有趣的关键在于共识机制对吧？就像CTV方案——虽然我很希望看到它落地——但实施起来会很困难，因为它不紧急。如果这个方案变得紧急时，你觉得达成共识会容易些，还是仍需要大力推动？

The interesting thing here is is down to, like, consensus. Right? Like, we know that with things like CTV, which I would love to see in Bitcoin, that's like, getting that implemented is gonna be hard because it's not urgent. What do you think like, if this gets to a point where it does become urgent, do you think there's gonna be it's gonna be easy to gain consensus, or do you think that's still gonna be a big push?

永远都应该保持谨慎态度。改变比特币始终应该是项艰巨任务。我坚决支持稳健派立场，毕竟这涉及1-2万亿美元的资产类别，绝不能搞砸。我们必须严格论证，确保升级方案完美无缺到让人毫不犹豫地接受。

It should always be a big push. Right? Like, it always should be a monumental undertaking to ever want to change Bitcoin. I am very much in the acid fires camp just because, like, this is a 1 to $2,000,000,000,000 asset class, you know, like, I I would hate to break it. We have to be very rigorous and make a very good case, a very well reasoned obvious case for it to be a no brainer to upgrade to it.

对吧？否则就会违背我们的初衷。虽然我很欣赏Jeremy Rubin在CTV和CSFS上的工作，部分我也希望能实现那些很酷的方案...

Right? Otherwise, it it would it would compromise the very reason why we're here. Right? So no. I I I mean, like, as much as I love Jeremy Ruben's work in CTV and as cool as that is and CSFS, I hope that, you know I mean, a part of me is like, I hope we get that because that looks really cool.

但另一方面，我们守护着2万亿美元资产，必须格外谨慎。

But then the other part of me is like, well, but also there's like $2,000,000,000,000 that we're securing here, and so we also need to be really careful.

听你说自己属于保守派很有意思，因为按你从事的工作来看，我原以为你会强烈支持这些新升级。

That's interesting to hear you say you're in the Ossify camp because I would have assumed with the work that you're doing, you'd be, like, a strong push for these new upgrades.

我的意思是，我非常理解这些新技术。我和许多该领域的人密切合作过，如果能实现那些功能确实很棒。但我不能说自己是100%的保守派——事实上，很多自称保守派的人如果比特币安全受到彻底威胁，可能也会破例支持升级，对吧？

I mean, I understand them very well. I've worked very closely with a lot of people who are, like, in in that field, and it would be very cool if we have that. But, like, and I wouldn't say I'm I'm a complete 100% ossifier. In fact, a lot of people who call themselves ossifiers probably would make an exception if Bitcoin were security were completely compromised. Right?

确实如此。在我看来，必须有非常充分的理由我们才会考虑升级。当然反对观点认为，比特币只有引入契约功能之类的升级，才可能成为十万亿美元级别的资产类别。而我会说，量子抗性可能也是同样的道理——也许正是这个短板在制约我们。

Definitely. So like like for for for like like very like, it has to be a very good reason for us to up up upgrade, in my opinion. You know, like, some the counterargument, of course, is that, like, you know, Bitcoin could be a $10,000,000,000,000 asset class only if we had covenants, you know, something like that. And I'd be like, well, maybe that could also be the case for quantum resistance. Like, maybe that's what's holding us back.

所以真的很难断言。未来难以预测，存在太多未知数。我们正在做的工作就是降低这些风险。我不确定CTV或CSS方案还能比现在更稳妥——毕竟它们已经存在很久了。

So, you know, like, there's it's really hard to say. It's hard to predict the future. There's a lot of unknowns. And, like, the work we're doing is is to derisk that. I don't know if, like, CTV or CSS can be derisked more than they already have been just because they've been around for so long.

而Bit360方案最多才出现一年左右（往宽了算）。它显然需要更多时间打磨，需要更多调整优化，需要更多...怎么说...精心培育。希望我们能见证它的发展。我们正在努力推进，但愿能在需要时提供完善的解决方案。毕竟我首先是比特币主义者。

Whereas bit three sixty has only been around for, like, maybe at most, if I'm being generous, like, most, maybe about a year. And so it definitely needs some more time in the oven, needs some more tweaks, needs some more, like, just love. And hopefully, you know, we'll we'll follow its evolution. But, yeah, that's we're working hard on it, and hopefully, we'll have a a good solution for if there if it ever is needed. Like and and, you know, I mean, I'm a I'm a Bitcoiner first and foremost.

我并没有全身心投入这个量子计算课题。如果量子计算机最终被证明是徒劳的幻想，或者只能用于模拟核聚变、分解永久化学品之类的应用（那也很酷），而不会威胁比特币——我会非常高兴。但这只是个美好的假设。

I'm not like, you know, fully invested in this quantum thing. And so, like, you know, I would be perfectly happy if quantum computers were just like this fool's errand and like or or or maybe they can solve, you know, the things they wanna solve with them, like simulating fusion power or like coming up with enzymes for forever chemicals. Right? Like, that would be pretty cool if they could do that without also breaking Bitcoin. But that's that's a big if.

确实。我很难对Bit360方案表态，因为我不清楚量子计算机的威胁有多紧迫。但如果威胁真实存在，那我很庆幸现在就开始讨论这个问题。我的立场是：乐见讨论展开，但除非威胁迫在眉睫，否则比特币要付出的代价让我难以支持。

Yeah. It's really hard for me to say where I stand on bit $3.60 because, like, I don't understand how imminent the threat of quantum computers are. But if it if it is real and if it does turn into something, then I'm very glad that this conversation's starting. I guess that's where I'd be. I'm like, I'm glad the conversation's happening, but there's obvious trade offs to Bitcoin that unless this is a very real, very imminent threat, I wouldn't be interested in.

这样讲得通吗？

Does that make sense?

哦，当然。毫无疑问。毫无疑问。是的。我的意思是，这就像是那种我希望人们在阅读那些散布恐慌的文章时能记在心里的东西，你知道的，那些说什么'比特币要完蛋了因为现在有了我的费米子'之类的文章。

Oh, yeah. Without a doubt. Without a doubt. Yeah. I mean, like, it's it's just like it really is the kind of thing where, like, I just want people to have in their back of their minds as they're reading these FUD articles, you know, coming out that like, oh, Bitcoin's gonna die because now we have my own fermions.

希望有了BIP 360的存在，能阻止人们逃离比特币。

Like, you know, hopefully that like, with the fact that BIP three sixty exists keeps people from running away from Bitcoin.

是的。是的。这很合理。你说在开发者社区里，大家对这件事的反应有点冷淡。那在开发者社区之外，反响如何？

Yeah. Yeah. That's fair. What's so so you said in the dev community, it's kind of been a bit nonchalant in terms of the response to this. Outside of the dev community, what what has the response been?

你们现在对比特币发起攻击了吗？

Are you are you in attack on Bitcoin yet?

其实，有趣的是，虽然有人称我为'对比特币的攻击'，但每当我参加线下活动——就像我们刚结束的那个——我们会分发很多帽子。特别酷的BIP 360帽子。而且我们将在3月6日举办一个专门讨论BIP 360的比特币开发者活动。至少在北美，我们称之为'三月六日'。

Actually, you know, what's so funny is that although I have I have been called an attack on Bitcoin, whenever I'm doing an in person event like what we just had, we we hand handed out a bunch of hats. It was really cool. A bit three sixty hats. And and we're gonna be doing a bit devs dedicated to a bit three sixty on three six. At least in North America, we call it mark six.

对，06/03。不，是另一个比特。

Yeah. On 06/03. Yeah. Nope. Different bit.

是的。所以不。360天测试版就是那样，是的。我们当时在做一些开发工作，但不管怎样，就连上周的活动里，也有人走过来感谢我所做的工作，因为你知道，这是许多普通人关心的问题，很多非开发者都在努力积累比特币，进行法币挖矿，对吧？

Yeah. So nope. Bit three sixty day is that's that's yeah. That's we're we're doing a bit devs then and then but regardless, even the events that we had last last week where people would come up to me and just thank me for the work that I'm doing because, you know, it is a concern that a lot of plebs have, you know, like, it's just a lot of people who aren't devs, are are, like, just trying to make their way into stacking sats, you know, and and fiat mining. Right?

就像普通的比特币爱好者，如果这个词真的存在的话。或者说比特币爱好者本来就是普通人，但总的来说，他们通常很感激我至少花时间关注这个潜在问题，让我们能真正理解并可能开发出缓解方案。

Like, ordinary Bitcoiners, you know, like, if there's if that's even a real term. Right? Or like, Bitcoiners are ordinary, but but that said, Bitcoiners, right, in general are usually very grateful for the fact that I'm at least giving this potential concern, the, time that it needs to for us to really fully understand and potentially mitigate develop mitigations against it.

是的，这很棒。我真的很高兴这项工作在进行。希望我们永远用不上你的成果，但看起来可能用得上。这些活动是在丹佛的Space举办的吗？

Yeah. It's very cool. I I mean, I'm definitely glad the work is happening. I hope we never have to use your work, but it looks like we maybe we will. But so these events, have these been a Space Denver?

嗯，是的。

Yeah. Mhmm.

进展如何？

How's that going?

哦，太棒了。我们现在有大约78名成员，下个月四月就差不多是我们成立一周年——那时刚开始收会员费。当时还没有固定场地，我们算是先攒了些资金，后来有了场地，偶尔举办比特币活动。我们对活动类型非常挑剔。

Oh, it's so great. We have, like, I think 78 members now, and next month is when in April is when it'd be kind of like our one year mark when we first started collecting dues from members. We didn't have a space back then. And so we just kind of built a bit of a war chest, and then we got a space, and then we we we sometimes hold Bitcoin events. We're very picky about what kind of events we hold.

Heatpunk就是其中办得特别成功的一个。我们请到了Peter Todd和Troy Cross参加，那大概是一周前的事。所有活动都非常棒，进展真的很顺利。

Heatpunk was one of them that was very very well. We had Peter Todd and Troy Cross come to that, and that was that was only about a week ago now. And that was yeah. No. Like, all those events were just so cool, and it's it's just going really well.

有趣的是，当我们最初创建这个空间时，由于还没有实体场所，我们为新会员提供了折扣，这些折扣下个月就会到期。下个月之后，当会费到期时——毕竟空间里的成员都是亲密朋友，我觉得不会有人因为价格小幅上涨就退出。这样我们在财务上就能稳定下来，成为丹佛比特币爱好者可持续的合作社，拥有举办活动、聚会和办公的实际场地。

And so what's interesting is that when we first started the space, we offer offer discounts to new members because we didn't have a space yet, and those discounts will expire next month. And so after next month, when those dues come come due and and all the members, the space members are all real close friends, I don't think I don't I don't think anybody's gonna wash out just because we raised the prices a little bit. Then, you know, I think we will be set financially for, like, being a a sustainable coop of Bitcoiners in Denver with an actual place to hold events and meet and work.

太棒了。这就像是丹佛版的比特币公园或公共空间。我认为这类第三空间对比特币生态至关重要。真高兴看到这样的尝试。今年我一定找机会去丹佛看看。

That's amazing. So this is like Denver's equivalent of Bitcoin Park or the commons or or whatever. I think these third spaces are so important for Bitcoin. I love to see it. I'll I'll definitely try and get out to Denver some point this year.

如果你能来就太好了，到时候我们或许可以线下再聚一次。

It would be really cool if you did, and then maybe we can do another one of these in person.

当然。希望到时候量子威胁不会更严重。不过Hunter Beast（注：此处应为对Speaker 0的昵称），感谢你的时间，这次交流很愉快。

Yeah. For sure. Hopefully, the quantum threat is not any more severe then. But, Hunter Beast, I appreciate the time. It's been good.

我确实学到了不少关于量子的知识，收获很大。结束前你还有什么想补充的吗？

I've definitely learned some stuff about quantum, so it's been great. There anything you wanna do wanna say before we close out?

哦，请访问surmount.systems。那里有BIP的链接，还有基金会（非营利组织）的捐赠链接。我们提供了静默支付和Bolt 12链接，因为不想重复使用地址。另外我们不用Noster。

Oh, just go to surmount.systems. There we have a link for the BIP, and we also have some donation links for for the foundation. It's a nonprofit. And so there's a silent payment link and a Bolt 12 link, and that's because we don't want to reuse addresses. And also, we we don't use Noster.

我们确实有X账号，但不用Noster是因为所有Noster的NPUB都是公钥。等我们在比特币这边的事情理顺后，或许会研究下Noster需要什么改进。

We we do have an x, but we don't use Noster specifically because all Noster NPUBs are public keys. So that'll be maybe another once once we once we have everything figured out on the Bitcoin side, maybe we'll try to go and figure out what Noster needs to.

我们需要抗量子NPUBs。没错。太棒了。好的，非常感谢你抽出时间，亨特。今年我会找时间去丹佛一趟，我们可以再聚。

We need quantum resistant NPUBs. Yes. Love it. Well, thank you very much for the time, Hunter. I will try and get out to Denver at some point this year, we can do it again.

好的。谢谢你，丹尼。

Alright. Thank you, Denny.

非常感谢。

Appreciate it.