 So hi, thanks a lot Daniel for introduction and thanks a lot for having me here, I'm really excited because it is actually the first chance for me to talk about everything that I love and it includes both the Bitcoin and cryptography and security and quantum physics. So I normally don't have a chance to mix this all together so yeah, we will have some fun here. First about myself, I am a quantum physicist by education so it looks like many physicists are out there and I used to work in quantum physics for more than 10 years basically like my whole life starting at university then PhD then one postdoc another postdoc here at Max Planck Institute of quantum objects and I was normally doing the research in the experimental quantum simulators and quantum computers and I kind of got into Bitcoin in 2013 and it took me a few years before I understood that okay I am I really want to drop my quantum career, academic career and actually switch to Bitcoin and I was very lucky to find a few guys that we founded a company and now we are doing this secure Bitcoin hardware platform such that developers would have a tool to build awesome stuff on top of the hardware. So yeah I have kind of expertise a little bit on both fields and the main thing I want to talk about is first what are the problems with our private keys how can we store them and what are the risks there and the second one is are there any threats from quantum computers to the Bitcoin as a whole because I think that the main value that Bitcoin brings to us and the main problems that it solves is that we now have a mathematically controlled emission of the money so this means that if we want to keep our value on the one run we can't really rely on central banks and on the fiat money because they are constantly diluted by printing the new money so the main issue here is that we have enforced by the consensus protocol limits of the bitcoins and so if we own 10 bitcoins now then probably in 20 years it will be worth the same or hopefully more so this is the main thing unfortunately as the whole ecosystem is currently still evolving and we don't have all the infrastructure around it we also have to deal with a few problems so to keep our value to keep our money we have basically we need to be sure of two things first that we really keep them that we don't lose them and this is about the security of our private keys and what can go around there and the second that as a Bitcoin as a whole is secure and this is why people get a little bit paranoid about quantum computing and that they will break the classical cryptography and so on so I will talk about both of these things and the first one about the private keys so you probably recognize this kind of thing this is the recovery phrase from normal Bitcoin wallets and basically it is just it is everything that you need to control your bitcoins so if you lose this or if you share it with someone then well basically your bitcoins can be stolen and this words are actually just a human readable representation of a number so just a big number well not that big number so like 32 or 64 bytes is enough to control your bitcoins so we really really really need to keep this number very safe and secure and not share it with anyone and here we have a problem and here I think that it is a great opportunity for the banks because well people normally used to have some guarantees either enforced by the walls or by the institutions such that even if we are completely hacked we don't lose much we can recover and in case of Bitcoin at the moment we can't really recover and so what's as soon as you start caring about your private key you fall fell into this rabbit hole where you become more and more and more paranoid and I'm extremely paranoid and I want to share this paranoia with you so first let's talk a bit if we store our bitcoins on our normal computer like in the software wallet what can go wrong well the problem here is that computers are made to be convenient fast and multi-tasking so this means that together with our Bitcoin wallet that stores our secret we have a bunch of other applications and other crap that is running all the time and that may be designed not with security in mind so it can have bugs and it also even applies to the cryptographic library so we had the hard bleeds an attack on open SSL we had meltdown and spectrum that can allows you to exit the virtual machines and monitor the other processor that you shouldn't really have access to then after the release of this NSA tools hackers start building awesome new research tools to do penetration testing and other things like that so but it becomes very cheap it becomes very easy to get into the normal computer and so as we want to protect our private keys we need to invent something to do that and then there are people started using this paranoid setups where you use either completely air get single board computer that you never connected the internet or security oriented operation system where you have a trade-off between the convenience and the security that tries to kind of keep your applications isolated or safe or stateless so different approaches then we started caring about open source so we definitely want to know what exactly we are running what this whole software is doing so we do need to at least trust the community to verify the code if we can't read the code ourselves then we want open hardware that we know on top of what hardware actually our software is running and then we started using the deterministic builds unfortunately I wasn't able to find a nice picture for deterministic builds so I used this one so we need to be sure that the binary that we download is the same is compiled from the same code that we audited and also we started creating the hardware wallets that are dedicated device that don't run random junk but only work as a Bitcoin wallet and only the only purpose of these devices is to keep our private keys safe so these are pretty nice approaches that allow you to make the private key a little bit safer but it's kind of not enough and as soon as the Bitcoin value rises and you have more and more funds into in your wallet there is intensive for the attacker to go to grab your hardware and to put their dirty hands into the hardware so and then we have a bunch of other nice and cheap sometimes tools how to actually already hack the hardware and the problem with the hardware is that if it is a normal one then it is probably built on there on top of legacy architectures that we invented like starting from 80s and earlier when we didn't really think about security and we had to maintain all this legacy between the generations of controllers and we are racing into performance not into the security so the hardware in principle is unless the it is a special specialized hardware is pretty vulnerable so there are different attacks on the hardware for example a glitching where you even if you have a perfectly fine software that is nicely designed and doesn't have any bugs if you put the device that it is running in some abnormal conditions for example you drop the supply voltage for a short period or you mess up with the clock or you do some electromagnetic wave in injection into the chip then cheap you misbehave do some weird things so you have some weird bugs and then the attacker can exploit this weird bugs to extract your private keys also as we have this private keys we need to store them and they are just like pretty small numbers so if we would be able to get to the semiconductor level to read the transistors and to see where exactly the secret is stored it is also a problem and then another one is the side channels when we use well it's physically underneath right so transistors are switching and power is consumed there is a power consumption so all this if you start to monitor everything around the chip you will find some way to get some hints about the private keys and often it is enough to extract the full private key so here we can go one level deeper in our paranoia and we can start using things like for example anti-temper mesh is unfortunately these are normal for banks but not normal for normal people so like we have all this hardware in the industrial status but it is not available for normal users so again there is an opportunity you have all this infrastructure you are caring about your secrets in your data centers and you can just provide this service to the Bitcoiners to can they securely store the private keys for them maybe in some kind of not very trusted setup where you use a multi-signature but still there are ways then we started using multi-signature setups when we don't trust a single device we start splitting the keys around multiple of them and so the attack surface reduces because you need to hack many of them and it also helps also secure elements unfortunately none of them supports Bitcoin curve out of the box but there are ways and finally like volts so if you guys think that you are not dealing with bitcoins at all you're wrong because probably if you're providing the deposit box service then in some of these deposit boxes there are hardware wallets or maybe sheets of paper with these mnemonics that are used as a backup for the Bitcoin wallets of Bitcoiners okay then there are other problems if even if the hardware is stable and secure there are different things like backdoors or let's say instruction says that are not very well documented I mean not documented at all and documented only for trusted parties or there are hardware implants so basically there are ways also to mess with hardware so here people started using like off-the-shelf devices that are like more general purpose and convert them into the hardware wallets they started using faraday cages to make sure that no information is leaking from the device and also people started using like this transparent casing for the devices that you can actually see that there are there is nothing else included so this is how it would look like from the marketing perspective this is how it looks like in reality but still yeah it helps so basically we have a bunch of problems how to secure our private keys and there is a well not every not everyone wants to be their own bank not everyone wants to put their put the faraday cage in the apartment or I don't know build a vault or do all this hardware stuff so yeah there is an opportunity and it is a real problem so right now the main problem is when private keys are lost or stolen or leaked so then let's say we can the can secure our private keys then the next problem is are we sure that all this our bitcoins will be at the same value in the future maybe something will go wrong and the Bitcoin network as a whole will be broken and one of the threats that people think will damage the Bitcoin is quantum attacks in particular because there are a few quantum algorithms that can break classical crypto cryptography that Bitcoin is relying on so yeah not really so this is like to one didn't read and now it a little bit in more details so how quantum computers really work we have normal bits in our classical computers that can be either 0 or 1 and these qubits are more like bits on steroids so they are like anything between 0 and 1 on this 3d sphere so basically there are somewhere there in an undetermined state and we define the state only when we measure it and then we can put them together and then go them together and do all the crazy stuff and in principle if we think about how quantum computer operates I have this imagine a more well version so imagine that we have bunch of bars and we want to find out which one is the highest one so what classical computer does it's basically kind of measures every bar individually then compares these numbers and then calculates which one is the highest one so during this computation it does a lot of unnecessary useless stuff it calculates the height of every of them but what we really need we just we don't need this information we only need the one that is saying okay the third one is the highest one so that is roughly what the quantum computer does you can encode all this problem into the qubits then you can apply certain gates in a certain way such that when you measure it you have an answer that is 3 and then you learn nothing else but it also saves some computational time so basically it is much more efficient in some cases basically there are two major algorithms that are mentioned when we talk about classical cryptography the first one is the Grover's algorithm that is you don't need to watch it this at the right side it's just for illustrative purposes so it allows you to solve any problem pretty efficiently in particular it is more for the hashing so like when we are mining or when we are hashing and we get what we need to recover from the hash to the original thing that we were hashing we basically need to brute force in the classical computer we need to try all possible options to get the answer that hashes to the right value so with the quantum algorithm you can do it a little bit better so you can put all possible options and then go them together put them together and then again do all these gates things to get at the ends the results the result that will be an answer to your question so it is not well it is efficient more efficient than the classical one but it is not super efficient so it's like not going from tera hashes per seconds to like in a few milliseconds I will get the answer so it's more like from tera hashes to giga hashes so it helps but it is like not a silver bullet then there is a second one that is a short algorithm that allows you to break the RSA and as well as discrete walk and elliptic curves problem so basically it can help to factorize the the product of two prime numbers pretty quickly so it will break the elliptic curve cryptography that we are using but we are working on the quantum safe algorithms even though they're very in the very very beginning so they don't work right now and they can be broken by the classical computers at the moment so that's pretty weird but in principle I would say that if we have enough time then we can change our signature scheme to something new and nice and prove now well provably secure against the quantum computers so where it looks a little bit scary like you can break elliptic curves you can kind of break the hashing so where are we now the thing is that to do this algorithms we need like of the order of tens of thousands qubits and millions of gates and at the moment in the industry we have like hundred qubits like two orders of magnitude and 100 times less and around 1000 gates and the problem is that all these qubits are super fragile so all this entanglement to make it work you need to really nicely isolate the whole system from the environment you need to build a complicated lab and basically there are breakthrough breakthroughs like that adds order of magnitude every let's say 10 years so in the worst case scenario we will get something reasonably efficient maybe in 20 30 years but I would say more like about 40 50 so we have some time and come on Bitcoin is just 10 years old so imagine what will happen to Bitcoin in another 10 years so the technological development is really amazing and a few pictures just to get you the understanding of how exactly the quantum computing lab looks like this is one of the tables in our lab every optical element here is used so this whole setup is used only to put the lasers into the right spots at right frequencies to stabilize them and think like that so there are no qubits here it's just optics just a preparation for the main experiment and there are like plenty students running around and tuning everything every day to just keep it working somehow so it is extremely complicated system and then you also need a pretty complicated to either vacuum setup or in my field or more except for conducting circuits and other ones but the whole thing is extremely complicated and yeah I I built the lab like that and it took like five years and only after five years you start actually measuring something so like basically if you have a nice idea from the beginning to where you can actually measure something like verify your idea you need to take five years so that is why we have this huge steps between the breakthroughs in quantum computing and basically what I want to say we do have some time before quantum computers will be able to compute something reasonable because right now saying about RSA let's say we have huge 2048 numbers that bit numbers and we need to factorize them what quantum computer can do right now you can take the quantum computer the number 15 and it will tell you that it is three times five it will have certain problems as soon as you go even to something like 100 one or something so we have time but we need to be very very careful because if you don't design cryptography nicely then it can have bugs and as I said it can be broken by even classical computers and I think that there were recently the kind of suggestion to propose quantum safe algorithms and like 99% of them were broken with classical computers and who knows what happens with the quantum computer so we really need to take our time and to design it well but if we do that then we are safe so I ran out of time almost perfectly in time yep I don't know I didn't I think that there are no questions so no questions