Hunter Beast 🕯️

Okay, so here's the deal with quantum. @Snowden leaked in 2013 the existence of a program called Penetrating Hard Targets. The NSA was working with defense contractors and the University of Maryland to build a quantum computer for the purposes of breaking public key cryptography. They've likely spent billions on this program in all its years of existence, though we can't know if that's true unless we have more patriots like Snowden step forward to call out the deep state on their evil shenanigans. NIST has also been working on post-quantum cryptography. The shield against the sword. No cryptography gets published by NIST that doesn't also get approval from the NSA. They're joined at the hip. It's possible that the NSA spent billions breaking cryptography just to give us cryptography to replace it. They want to create the disease and sell the cure. This is your deep state tax dollars at work. The spooks are at it again fellas. And quantum computing is not sovereign computing, they cost billions to make and millions to run, so good luck with that "don't trust, verify" principle. What does this mean? Well, for one, Bitcoin will be under threat someday. Could be that one day PsiQuantum or someone like them will be approached to fill the SBR with Satoshi's coins. Or maybe China wants to get in on the action after being late to the party. The NSA is infamous in Bitcoin circles because Satoshi famously used the lesser-known and less popular secp256k1 curve despite the existence of the more widespread secp256r1, aka P256. P256 turns out to use hardcoded "random" constants that may have been suspiciously chosen. We can't prove they were randomly chosen. secp256k1 used the Koblitz curve as its starting constant, which is just simple multiplication and doesn't look suspiciously chosen. This is part of a larger concern around kleptography, where cryptography is introduced that deliberately compromises secrets. They have in the past supported the distribution of a deliberately flawed RNG (Dual_EC_DRBG) and as far as I'm concerned, as a result, NIST has zero trustworthiness. So what do we do? Well, we can't cargo cult NIST cryptography, for one. I think SLH-DSA is better because we can base it on SHA-256, which is not what the NSA recommends but Bitcoiners know it works perfectly fine and isn't anywhere near being broken, either cryptanalytically or via Grover's algorithm (@dallairedemers says we would need a quantum computer bigger than the Moon to run Grover's over a 256 bit hash). So, it makes sense to base signatures on them using hash-based cryptography approaches like SLH-DSA. Fortunately we've had people like @n1ckler, @roasbeef, and @conduition_io have done deep dives into SLH-DSA and have found it to be solid. Also, it's worth noting that it was partly designed by the goat, DJB, @hashbreaker, who also built the curve used to secure Monero and Signal, and lots of other good and useful stuff. Anyway, that's why I think the good "gold standard" case for cryptography we understand well and can use to our advantage is for SLH-DSA (also known as SPHINCS) to be used with BIP 360 in a tapleaf, along with a hybrid approach where we do not stop using secp256k1. We would base it on SHA-2 because we know that works well. We would probably not modify other security parameters in order to maintain hardware compatibility and acceleration. For NIST I level security, which is the same level of security that secp256k1 offers (@_weidai says it offers only 128 bits of security, despite its name), if used with BIP 360 and accounting for the witness discount, pk+sig size in the witness will be about 2,000 vB. For comparison, pk+sig for Schnorr is about 25 vB. Yes, this will reduce the throughput of Bitcoin. We are actively planning how to handle the problem of scaling post-quantum cryptography on Bitcoin, but that's a separate problem, and judging by the mempool these days, I'm certain Bitcoin can handle that for some time. Besides, there's no reason to select a PQC option before Q-day is confirmed. Long exposure attacks will occur before short exposure attacks, and PQC is only necessary to protect against short exposure attacks. (For more on these definitions, please see the glossary for BIP 360 on bip360.org) I think we have a solid strategy around this and we will be working hard to execute and communicate it next year. Basically we want to get BIP 360 finalized, then come up with an SLH-DSA BIP, and deploy that to secure real money on the Anduro sidechain that leverages a specially designed quantum resistant bridge. We will also work on what to do about coins held in exposed public keys, fleshing out the Hourglass BIP more, also linked on bip360.org. There's a ton of work left to do, but we have a solid and talented team and have received a lot of support from the community and among Core devs. If you want to help now, please read the recently rewritten version of BIP 360 that now has a third co-author, @isabelfoxenduke. You can find it on bip360.org. More updates and info coming soon! Thanks to everyone involved for their help and support and please enjoy the holidays! Merry Christmas, everyone! Also, I realize there are lots of conspiratorial claims in this post that don't always have a lot of evidence. Consider it part of a threat model with plausible incentive structures and reasoned speculation. Also remember, the spooks probably know a lot more than we know. That's just how spooks are. Additionally, it's also fair to disclose that I now earn a living working on solving this problem that the NSA had a part in creating. I work for @andurobtc, which is incubated by @MARA. They have 5% of the hashrate and run Slipstream, which is essential for the design of a quantum resistant sidechain bridge, which is why I joined them a year ago. They've been incredibly supportive of my work so far, I even lead a small team of devs to help build all these solutions. I remain a contractor and not an employee so that I can speak up if I see something I disagree with and I do not have a stake in the company itself so that I can maintain neutrality. Stocks are a boomer meme anyway (although I do appreciate the enthusiasm of the "MARA pigs" who sometimes pop up in my mentions). I'm a Bitcoin only guy and if I ever want to retire, then Bitcoin must surmount this threat, and the next. Bitcoin is antifragile and a civilizational imperative. Stay prepared, not scared, my friends.

@AMoneroHodler Aren't we at like a billion now? Been a bit since I peeked at node logs

200 million transactions and 0 value to the world.

@lopp Lopp gooner status confirmed: Not A Gooner

Switching my VPN egress to Utah for the lulz x.com/tomshardware/s…

Democrats don’t care that YOUR insurance premiums will increase hundreds of dollars a year as long as illegal immigrants have access to FREE healthcare because the Democrats say that is their right…..

You know how stupid the general population is? They just went through draconian Covid lock down measures and are about to allow the government to mandate remote kill switches in all new vehicles.

@coinjoined @skdh @LePlebRoyale We will switch to bitcoin not because it is the best option but because it is the only thing that works!

I literally had the same experience attempting to pay for concert tickets. "Please confirm the 2FA for this $2000 purchase" "i see you have confirmed in a timely fashion, but just to make sure we flag this as a suspicious purchase and your card is now frozen" "you called us and we have unfrozen your card, what's that? The tickets are gone?" Just give me a Bitcoin QR code and i'll give you my money. No need for this song and dance.

Trying to pay an invoice from Germany in 2026: Oh no, they sent it by Stripe! Don't have any of these payment providers, so pay by credit card. Your payment provider declined the transaction. Try the other two credit cards. Your payment provider declined the transaction. Why do I have 3 of these in any case? Ok, so use the virtual Revolut card then. Not enough money on the card. Recharge from bank account. Payment provider declined the transaction. Recharge by Google Pay? Google Pay not working. Why not? Ah, the credit card is expired. Replace the credit card? Your payment provider declined the transaction. (Tried to charge virtual card via Google Pay and Google Pay via the virtual card. Didn't work, unfortunately...) Ok, some other way to recharge the virtual card? Wires money from bank account to PayPal and then from PayPal to Revolut and then to Stripe from Revolut. Payment declined😭 Add to trusted merchants. Try again. It goes through 🥳 Would be easier to send cash with a pigeon at this point.

We need to fight this tooth and nail.

@Loic_Pandul @benthecarman So, your argument is that old nodes will last two additional hours 80 years from now and that magically makes it a fork? 😹 What a fucking clown

> "Old nodes will reject all blocks" Apparently you didn't read it all. Or maybe you didn't understand how the old chain could theoretically continue producing blocks. I don't care what Benthecarman says and I don't care about the quantum threat here. Thats off topic. Even though I tend to agree with you on that point. I simply corrected your comment on BitBlend and on the nature of this change. > "there is no fork" Once again, reread the end of my comment. I can clarify my points or justify them if you disagree or if you didnot understand. What do you call it when we have 2 different blocks of the same height, with one group of nodes accepting one block, and the other group accepting another, because of a change in consensus rules? Thats a fork, right? It's not "tortured logic" it's just a fact. And once again im not the only one calling it a "hard fork"

2106 timestamp overflow is unironically a bigger threat to bitcoin than quantum. It will actually halt the chain and requires a hard fork to fix.

Why socialism can never work: Econ 101: if you penalize something, you get less off it; if you reward something, you get more of it. Socialism penalizes success and rewards freeloading. Quod erat demonstrandum

@BitcoinHopium @infosec I'm not sure that's a safe assumption There's no credible evidence either for or against The concern is serious enough we should do the work to address it I don't think complacency is a good strategy here

@infosec Sounds like a wild claim. Bitcoin and time? That's a deep rabbit hole. Quantum computing is a serious threat, but we still have a way to go before worrying.

I don't usually engage with the never-ending arguments on Bitcoin X. Too much drama, too many personalities, too little signal. But I watched the Bitcoin 2026 panels and read a 222-page paper claiming Bitcoin proves time is discrete, therefore quantum computers can't work. I want those brain cells back. So I wrote about it. Not as Bitcoin drama, but as the anatomy of a pattern every CISO will recognize: how denial and grift form a symbiosis that squeezes out the engineers actually doing the work. postquantum.com/post-quantum/a…

I have a real question. If Marxism is so great, why do Marxists need to use manipulative tactics? What’s with the word games and double speak?

@Jessethefree Good question... Why was the Berlin wall built?

@coinjoined @IamDaravid_ @_MattHill_ @start9labs Mein steak too juicey Mein lobster too butterey

@IamDaravid_ @_MattHill_ @start9labs Too tall to be honest

Super bullish on what @_MattHill_ and his team @start9labs is building with their sovereign router - just as the regulatory noose tightens around the internet with absurd age-verification and control schemes. Own the stack, or get owned!

@bwesterb @veorq So true, king... How can a Stateless Hash truly be stateless if it's approved by the state? 🤔

@cryptoquick @veorq The one change that keeps me up at night is... the name change. Turns out it's really Disney pulling all the strings.

We must not cargo cult NIST cryptography, but do the work to understand it and build solutions that work for Bitcoin They spent billions over multiple decades making quantum computers a possible concern within our lifetimes but then also gave us 8KB hash based signatures 😹

@Pray4aSerge @intangiblecoins @reardencode @jamesob @apruden08 @TheBitcoinConf I am more than happy to provide an explanation defending my public statements and technical concerns.

@intangiblecoins @cryptoquick @reardencode @jamesob @apruden08 @TheBitcoinConf This was trash, I think Hunter owes Krown, QNC, and Qastle a public apology. This is what the “magic black box” is really about. youtu.be/mSeUjyu1SmU?si…

i had many discussions about quantum & bitcoin in las vegas this week, both on and off stage, with skeptics, advocates, and many overall smart bitcoiners some consensus i feel is emerging: 1) satoshi’s coins (P2PK) should not be touched. violating his property rights could be disastrous for bitcoin’s core value proposition. but the risk is also lower than many realize — satoshi’s coins are in ~22,000 addresses, each of 50 BTC. a long range attack would have to crack them all (i.e., it’s not one giant honeypot). the giant honeypots are mostly exchanges or active entities who can upgrade to a PQ-address if needed, so mostly not realistically at risk. the hourglass proposal could also further mitigate if we thought long-range Qday was imminent meanwhile, neutral atom tech can only do long range attacks, and google quietly opened a neutral atom lab just prior to their recent paper (maybe just hedging, but possibly an admission of superconducting’s limitstions? unclear, but distinguishing between long & short range is essential, and impacts the satoshi-coin issue) data from @_Checkmatey_ and others also shows that bitcoin markets routinely absorb 1m+ BTC, even just from oct25 to pres, let alone during bull markets. suffer a 50% drawdown (even if it were possible to take all of satoshi’s coins) to preserve bitcoin’s core property rights? i think most bitcoiners would accept that trade off, particularly given the mitigations (satoshi’s many addresses, hourglass, and market’s capability to absorb them if needed) 2) it is good to work on new crypto for bitcoin, post-quantum or otherwise. developing it, testing it, compressing its signatures, proposing and debating implementation — all of these are good for bitcoin the risks are a) this work occupies people’s time, potentially diverting from other important work; b) something untested or too novel is added to the protocol; c) calls to implement on the protocol create consensus gridlock, hamper other upgrades but most people i talked with in las vegas agreed that background work, perhaps resulting in a new PQ implementation being “put on the shelf” in case it’s needed, is unequivocally a good thing. this mostly seemed to be a reasonable middle ground on the contentious mainstage panel as well, despite disagreements on urgency. perhaps with the right funding and resources, good work can be accomplished while 2a and 2b are mitigated? i do think quantum is a problem worth working on, even if there is only a 1% chance that it ever affects bitcoin. i also think alarm bells about urgency have ultimately been positive for pushing these discussions forward. but finally, i am also very encouraged that there are a lot of people who are indeed thinking deeply about the implications, mitigations, and solutions, including many bitcoin developers these are just my impressions and are definitely open to discussion and disagreement

@Rob1Ham @TheBitcoinConf @TimotLamarre @realizingerin @jamesob @reardencode @apruden08 @intangiblecoins That was cool! Thanks for posting this

Here’s my second appearance on the live desk at @TheBitcoinConf with Jeff, @TimotLamarre & @realizingerin! This was right after the quantum panel with @jamesob, @cryptoquick, @reardencode, @apruden08 & @intangiblecoins. So much to discuss in just 3.5 minutes!

Never trust NIST blindly

Age verification is the Trojan horse for complete control of the internet. Imagine you'd have to register your identity to read a newspaper. That's what this is about. They say it's for the children, but it really is about taking away your right to use the web anonymously.