Lone Samurai Girl ⛩️

Today a crazy quantum story just got wilder. On March 31, the Google Quantum AI team published a landmark result on Shor's algorithm for elliptic curve cryptography. Technically, the paper was a bombshell: a dramatic 10x improvement over the state-of-the-art. As a stunt and wakeup call to the blockchain space, those optimisations were illustrated on secp256k1, the elliptic curve underlying Bitcoin and Ethereum signatures. But perhaps the most striking part of the paper was sociological, not technical. Instead of following standard academic process, the optimisations were kept secret, hidden behind a zero-knowledge (ZK) proof. Google's accompanying blog post mentions they "engaged with the U.S. government". The ZK proof demonstrates the existence of algorithmic improvements without leaking details. Academic censorship with ZK, a historic first! As a co-author of the Google paper I witnessed some of the context surrounding this censorship. To be honest, multiple aspects of that context don't sit well with me. As much as I believe the general public ought to know more, I am limited in my ability to whistleblow. Though let me be clear about one thing: the Google team's professionalism has been absolutely exemplary, and they deserve nothing but praise. Censorship has a way of backfiring. The Streisand effect, where an attempt to bury something only draws more attention to it, is exactly what's unfolding today. First, Google's key optimisation has been rediscovered by the French. And in a thrilling turn of events, a collaborative Shor-at-home challenge just launched. The initiative, available at ecdsa[.]fail, breached a new Shor world record in a matter of hours. Let's start with the rediscovery. Just two months after Google's paper, French quantum expert André Schrottenloher cracks the main secret optimisation. His paper, titled "Optimized Point Addition Circuits for Elliptic Curve Discrete Logarithms", landed on the arXiv today. Big congrats to André, who beat several other nerdsnipped experts to it. In a blog post also published today, Craig Gidney, the world expert on Shor optimisations, revealed that he'd been sitting on this very optimisation for a whole year under censorship pressure. Interestingly, André missed a handful of minor optimisations, both from Google's original publication and from improvements found since. It's plausible there's still plenty of juice left to squeeze out of Shor, and this is exactly what the ecdsa[.]fail challenge is about. The verifier program developed for the ZK proof does double duty, automatically filtering for valid submissions. Dozens of compounding small and micro improvements are rolling in. As of the time of writing there's an 8.4% improvement to Google's circuit, as measured by the product of logical qubit count and Toffoli gate count. Nice! The nerdsnipping ran deeper than anyone expected. Over the last few weeks it became clear it extended well beyond André and other quantum experts. Behind the scenes, a small army of amateurs quietly got to work. Inspired by Karpathy-style autoresearch, they turned AI on Shor. Ironically, the verifier program for the ZK proof makes an ideal reward function for AIs. The barrier to entry for this modern style of research is refreshingly low, with several non-experts, even a teenager, finding nice optimisations. Get in touch if you'd like to join a Telegram group with fellow autoresearchers :) Part 2: neutral atoms and qday The story doesn't end with Google. On the same day Google went public, a stealthy startup called Oratomic published its own Shor paper in a coordinated release. It made a splash, ultimately becoming the most upvoted paper on scirate[.]com, a website ranking arXiv papers. Oratomic's claim was wild. By building on Google's logical optimisations and applying custom physical optimisations for neutral atoms, they claimed just 10K physical qubits were sufficient to run Shor's algorithm on secp256k1. That number is mind-bogglingly low. Knowing essentially nothing about neutral atoms when Oratomic's paper landed, I was intrigued and decided to learn more about the tech. I fell straight down the rabbit hole and spent a couple hundred hours on the topic. I got a little obsessed and watched every YouTube video I could find and spoke to a bunch of experts. My conclusion? The tech is real, very real. Even Google recently decided to start a neutral atom lab, a notable pivot from their sole focus on superconducting qubits. If you care about qday, i.e. the day a quantum computer will break the first piece of cryptography in production, neutral atoms demand your attention. I shared some of my learnings on Shor and neutral atoms in a 30min talk at the ZKProof cryptography conference. You can find it on YouTube by searching "zkproof neutral atom". Here's an interesting observation about this duo of breakthrough papers: neither Google nor Oratomic say a word about what their results mean for qday. No timelines. Zero. Nada. That is especially baffling given that the whole point of whitehat quantum cryptanalysis is to inform qday estimations and help the general public make good decisions. So let me attempt to partially fill the silence, similarly to what Scott Aaronson did in his April 29 post. Given everything I know, including scary non-public information, I now put the odds of qday by 2032 at 50%. 10% by 2030. Anecdotally, the US government has its own date: 2035. Originating at the NSA and later adopted by NIST, it's when branches of the US government will be disallowed from using quantum-vulnerable cryptography. In plain language: with hindsight, that date is a joke and should be discounted entirely. I don't see how NIST avoids being forced to pull it forward by years. Part 3: post-quantum cryptography There are good reasons to sound the alarm today, but please do not panic. Rushing carelessly towards immature post-quantum cryptography is a recipe for disaster. IMO a good target date for migration is 2029, roughly 3.5 years out. 2029 happens to be the date selected by Google, Cloudflare, and the Ethereum Foundation. These days most of my time goes to safely migrating Ethereum towards post-quantum cryptography as part of the broader lean Ethereum effort. There's a lot to do. We need to rip out and replace BLS signatures at the consensus layer, KZG commitments at the data layer, and ECDSA signatures at the execution layer. The plan to get there is compelling, and is based on hash-based cryptography. Within the Ethereum Foundation we've developed a Swiss army knife called leanVM (github[.]com/leanEthereum/leanVM) powered by the magic of hash-based SNARKs. Thanks to truly exceptional work by Emile, Thomas, and others, its performance is derisked. Regarding security, leanVM is a jewel, a minimal zkVM crafted for end-to-end formal verification and maximum security. Want to help? There are two $1M initiatives. First, the Proximity Prize (proximityprize[.]org). Solve a long-standing mathematical conjecture in coding theory, improve hash-based SNARKs, and go home a millionaire. Second, the Poseidon Initiative (poseidon-initiative[.]info), offers $1M for breaking Poseidon, the SNARK-friendly hash function.

When ppl claim this I always wonder how they think it happens, or have unrealistic expectations on how much $1bn actually is. I joined crypto with $200. If I held my initial bitcoin since then and never traded, I would have ~$300k. If, instead, from that moment I sold the top and bought the bottom of every crypto cycle on Bitcoin, and never paid any taxes, I would have ~$6m USD. If I put my entire net worth into the Ethereum ICO and never touched it, today I would have ~$150m pre-tax. While it was definitely possible to have made >$1bn with the opportunities in the market, these versions of reality would also require me to make no mistakes, and have no need to spend $ in real life, or take excessive risk via leverage. In reality, I grew up in a working class family. I didn’t have a trust fund and I had to pay off my student loan myself. I had a job at Tescos while at high school. After university, I needed to pay rent and fund cost of living and eventually buy a place to live. I worked at startups for relatively little $ salary, and while a couple have done okay, they still are illiquid and worth nothing until some exit. Perhaps if I erase a couple of dumb mistakes and drawdowns, or if I had a lil more grind, then my answer would be different today. But it is easy to say this with perfect hindsight vision. It’s easy to see where you could have optimised better, and decisions you made look dumb when the past makes things so obvious. The truth is I have always optimised for enjoying my life and not going to 0. I never felt like I had a safety net, so it was never possible for me to do anything in any other way. I would probably have less money if I had tried to add more risk or chased $ harder, because being all-in with your entire livelihood is a mental battle and I feel I only win that battle when the stakes are lower. In writing this, maybe I do understand why CT folks believe this, because modern CT sees crypto as a late-stage lottery ticket farm, where the optimal strategy is to 5x leverage up your portfolio in a hope of catching a good 20% move and then leaving. Or, literally going all-in on the next coin they heard Ansem is buying. So perhaps to them, looking back at the charts, of course that’s what successful folks did. In reality, I use leverage close to never (and typically to reduce risk rather than add risk — have used it to add risk maybe 3 times in the last 5 years, and maybe 15 times ever). I never go all-in on anything, have only ever done that on BTC and ETH before in the last decade. When I buy other things, I limit risk to tiny amounts, because I treat it as a 0 until proven otherwise (so, always <1% liquid portfolio). Liquid portfolio is also a smaller % of overall portfolio to future-proof against my own fuckups. Obviously I made a lot of money, I have been here 12 years! CT doesn’t want to hear about “getting rich in a decade” though. I am happy with where I am and have never really cared or optimised for maximising $ earnings, but instead having a nice life that lets me enjoy the game we play together.

Probably one of the most severe flushes I’ve ever seen on alts, I didn’t even imagine alts had this much leverage in them. It feels like someone got hit very hard and will see a large body float to the surface soon, reminds me a little of summer 2021. Good reminder to myself to own things that I am actually bullish on, and not things I am trying to shift on momentum. Some charts look like they’ll never recover, whereas some things look buyable for the first time in a while. When everyone is making hilarious amounts of money I am always tempted to start using leverage again. It is almost impossible to fight the feeling that you’re not making enough, or everyone else is outpacing you. Good reminder that fighting that feeling and avoid the wipeouts is worth it in the end. Check on your friends, likely a bad day for many. Personally, am concentrating my bags into the things I am happy to own for the next few years, and shedding the fat. Realised I own some assets based on not wanting to miss out, rather than on some actual thesis. Days like today are much easier for me if I think my bags will bounce back, and much worse if I’m losing money owning things I don’t even believe in. Don’t let a leverage blowup dictate your long-term views. The future is bright, good things to come, patience is rewarded. 嵐の後