Matthew Commons (康明)

“I’m 10/10 confident that Bitcoin will survive Q-day in some form. I’m 3/10 that this will be a smooth process” @apruden08 at the @MITBitcoinClub

“We shouldn’t bet on having a series of public research warnings leading up to Q Day. The incentives seem to encourage keeping cards close to the vest” @Ethan_Heilman at @MITBitcoinClub

Today is a monumentous day for quantum computing and cryptography. Two breakthrough papers just landed (links in next tweet). Both papers improve Shor's algorithm, infamous for cracking RSA and elliptic curve cryptography. The two results compound, optimising separate layers of the quantum stack. The results are shocking. I expect a narrative shift and a further R&D boost toward post-quantum cryptography. The first paper is by Google Quantum AI. They tackle the (logical) Shor algorithm, tailoring it to crack Bitcoin and Ethereum signatures. The algorithm runs on ~1K logical qubits for the 256-bit elliptic curve secp256k1. Due to the low circuit depth, a fast superconducting computer would recover private keys in minutes. I'm grateful to have joined as a late paper co-author, in large part for the chance to interact with experts and the alpha gleaned from internal discussions. The second paper is by a stealthy startup called Oratomic, with ex-Google and prominent Caltech faculty. Their starting point is Google's improvements to the logical quantum circuit. They then apply improvements at the physical layer, with tricks specific to neutral atom quantum computers. The result estimates that 26,000 atomic qubits are sufficient to break 256-bit elliptic curve signatures. This would be roughly a 40x improvement in physical qubit count over previous state-of-the-art. On the flip side, a single Shor run would take ~10 days due to the relatively slow speed of neutral atoms. Below are my key takeaways. As a disclaimer, I am not a quantum expert. Time is needed for the results to be properly vetted. Based on my interactions with the team, I have faith the Google Quantum AI results are conservative. The Oratomic paper is much harder for me to assess, especially because of the use of more exotic qLDPC codes. I will take it with a grain of salt until the dust settles. → q-day: My confidence in q-day by 2032 has shot up significantly. IMO there's at least a 10% chance that by 2032 a quantum computer recovers a secp256k1 ECDSA private key from an exposed public key. While a cryptographically-relevant quantum computer (CRQC) before 2030 still feels unlikely, now is undoubtedly the time to start preparing. → censorship: The Google paper uses a zero-knowledge (ZK) proof to demonstrate the algorithm's existence without leaking actual optimisations. From now on, assume state-of-the-art algorithms will be censored. There may be self-censorship for moral or commercial reasons, or because of government pressure. A blackout in academic publications would be a tell-tale sign. → cracking time: A superconducting quantum computer, the type Google is building, could crack keys in minutes. This is because the optimised quantum circuit is just 100M Toffoli gates, which is surprisingly shallow. (Toffoli gates are hard because they require production of so-called "magic states".) Toffoli gates would consume ~10 microseconds on a superconducting platform, totalling ~1,000 sec of Shor runtime. → latency optimisations: Two latency optimisations bring key cracking time to single-digit minutes. The first parallelises computation across quantum devices. The second involves feeding the pubkey to the quantum computer mid-flight, after a generic setup phase. → fast- and slow-clock: At first approximation there are two families of quantum computers. The fast-clock flavour, which includes superconducting and photonic architectures, runs at roughly 100 kHz. The slow-clock flavour, which includes trapped ion and neutral atom architectures, runs roughly 1,000x slower (~100 Hz, or ~1 week to crack a single key). → qubit count: The size-optimised variant of the algorithm runs on 1,200 logical qubits. On a superconducting computer with surface code error correction that's roughly 500K physical qubits, a 400:1 physical-to-logical ratio. The surface code is conservative, assuming only four-way nearest-neighbour grid connectivity. It was demonstrated last year by Google on a real quantum computer. → future gains: Low-hanging fruit is still being picked, with at least one of the Google optimisations resulting from a surprisingly simple observation. Interestingly, AI was not (yet!) tasked to find optimisations. This was also the first time authors such as Craig Gidney attacked elliptic curves (as opposed to RSA). Shor logical qubit count could plausibly go under 1K soonish. → error correction: The physical-to-logical ratio for superconducting computers could go under 100:1. For superconducting computers that would be mean ~100K physical qubits for a CRQC, two orders of magnitude away from state of the art. Neutral atoms quantum computers are amenable to error correcting codes other than the surface code. While much slower to run, they can bring down the physical to logical qubit ratio closer to 10:1. → Bitcoin PoW: Commercially-viable Bitcoin PoW via Grover's algorithm is not happening any time soon. We're talking decades, possibly centuries away. This observation should help focus the discussion on ECDSA and Schnorr. (Side note: as unofficial Bitcoin security researcher, I still believe Bitcoin PoW is cooked due to the dwindling security budget.) → team quality: The folks at Google Quantum AI are the real deal. Craig Gidney (@CraigGidney) is arguably the world's top quantum circuit optimisooor. Just last year he squeezed 10x out of Shor for RSA, bringing the physical qubit count down from 10M to 1M. Special thanks to the Google team for patiently answering all my newb questions with detailed, fact-based answers. I was expecting some hype, but found none.

Protecting Bitcoin miner margins in tough times: Paul Shagawat & I outline practical energy procurement strategies via @TransparentEnrg . After a rough stretch (hashrate -40%), smarter contracts matter. Would love your insights! transparentedge.com/2026/02/03/bit…

Honored to speak at the @MITCFO Summit on the AI Do’s and Don’ts panel. It was an energizing and practical discussion about how CFOs can capture real value from AI while avoiding the most common pitfalls. A few themes that stood out: • Model quality is rapidly improving. Modern foundation models are far better at follow-up and clarification, which means you don’t need to be a “prompt wizard” to extract meaningful insights. • A skilled human-in-the-loop remains essential. CFOs need review frameworks to catch hallucinations, false assumptions, and subtle reasoning errors that can creep into AI agent workflows. • More automation isn’t always better. In many processes, humans hold contextual information that models can’t access — and removing them can reduce accuracy. A recent MIT study illustrates this clearly in clinical settings: 👉 economics.mit.edu/sites/default/… • Structure still matters. Clearly defining the problem and giving the model well-organized inputs continues to be one of the highest-leverage steps. Garbage in, garbage out. • Macro trends are shifting fast. AI’s power needs could meaningfully reshape the energy sector, as highlighted in Leopold Aschenbrenner’s Situational Awareness: 👉 situational-awareness.ai At the same time, concerns about circular financing and a potential shift from GPUs to more efficient TPUs may influence the trajectory of both costs and power usage in the coming years. Great questions and perspectives from finance leaders who are thinking deeply — and pragmatically — about building durable AI capabilities in their organizations. #AI #CFO #MITCFOSummit #FinanceLeadership #ArtificialIntelligence #GenAI #DigitalTransformation #FutureOfWork #CFOCommunity

HLP Vault is a great "antifragile" play - $WHLP from @looping_col generates steady low volatility / low beta profit, with nice asymmetric upside during major liquidation events like this one.

Looking forward to our panel on the AI Enabled CFO at the @MITCFO Summit today!

🎉 Congrats to Prof. @ChrisPeikert and co-authors on receiving the Distinguished Paper Award at CCS 2025 for groundbreaking work in secure threshold decryption for fully homomorphic encryption! 👏 🔗cse.engin.umich.edu/stories/chris-… #UMCSE #UMich #Cryptography #Cybersecurity #CCS2025

@hypurr_co 👍

Any interest in a casual hype and chill voice hangout on our HypurrCo & Frens TG sometime next week? Let us know!

@GaryCardone HOWEVER, I might see much more potential for perpetual futures on real estate indices (perhaps a Hyperliquid HIP-3 on the Case-Shiller real estate indices, for example)

@GaryCardone I agree, @GaryCardone . I've looked at a dozens of tokenized real estate projects over the past 10 years, and none of them effectively deal with the fungibility and liquidity issues.

Robinhood CEO seems way over his skis related to this topic; realestate is NOT fungible, tokening the future will first happen with the most fungible of products; equities, bonds, commodities. We are years away from tokenizing realestate for a host of reasons, fungibility being key, along with how fractured that industry is and the complex incentives structure is hostile to efficiencies.

Wow 😮

Great take from @howdymerry on why “Hyperliquid is one of the few tokens that market participants who consider themselves remotely serious people can legitimately hold.”

Great insight on how Hyperliquid’s HIP3 will unlock new perpetual futures markets. (As a former oil trader, I see a huge market for Brent/WTI perps - DM me for details)

This is easily my favorite clip of Bill Ackman > His fund was down 30%+ > Being sued by Valeant Pharma investors > Going through divorce with his wife > Elliot, an activist firm, trying to take over his fund Here is his advice on how to deal with the tough moments in life

We take security very seriously. Citrea’s codebase recently completed private audits with no critical findings. Now, we invite all security researchers to review our codebase, with a $100,000 reward pool. Show your security, Rust, and Solidity skills!

The 213,500 BTC 🇧🇬 Bulgaria sold in 2018 are now worth 79% of its public debt 👀

😂

@wsford Congrats, @wsford ! I think this qualifies you as a Wyoming native now 🐴🔥

Great night for an 8 second ride. I stayed in the saddle…