The paper is not about AI. It is an estimate of the quantum computing power needed to crack ECDLP, the digital signature algorithm used by most crypto protocols including Bitcoin to sign transactions. Cracking them would allow others to forge payments from your address to theirs. The paper does not reveal the algorithm, but rather a zero knowledge proof that they have one. They did not mention using AI to discover the algorithm.
I mentioned it because Ben mentioned it in his blog with the assertion that a similar number of qubits would be needed for quantum AI. I disagree with Ben on this point. I don't believe that quantum computers are useful for AI. The brain is not a quantum computer. Nor can a quantum computer speed up a neural network because updating a parameter or synapse is not a unitary (time reversible) operation. What do you mean by safe ASI? Eliezer Yudkowsky argues that recursively self improving AI will subvert any goal we give it into the subgoal of turning the solar system into computronium to make itself smarter, which would allow it to achieve it's top level goal faster. We can't be smart enough to know how to specify a safe goal to an AI that is smarter than us. Again I disagree that this is the most immediate threat. If global computing power continues to double every 3 years, it will take 130 years for self replicating nanotechnology to displace DNA based life by surpassing the 10^37 bits stored in DNA and 10^31 transcription operations per second. Eventually it will happen because the biosphere uses only 0.3% of 90 PW if available solar energy for photosynthesis. We already have solar panels that are 100 times more efficient. Nor is misaligned AI a risk. We don't have to specify the goal of serving humanity in precise legal detail because AI already knows what it is better than we do by training on more human data than is possible for any human. We are already past that point. The risk is that AI will give us everything we want. We will prefer interacting with AI over humans, become socially isolated, lose human communication skills, have sex with robots, and stop having children. Do you agree this is a problem, and if so, how to solve it? -- Matt Mahoney, [email protected] On Sun, Apr 5, 2026, 7:00 AM R.Benjamin via AGI <[email protected]> wrote: > With AI, even as it is now, all codes can be deciphered. All AI needed was > the physics. It already has all the mathematical competency this world > could ever produce. A new paradigm is needed, one that trusted AI would > administer. This must be enabled with 7th-gen encryption schemas. This may > be this civilization's final frontier. It seems, AI owners are collectively > hastening us towards our own hard limit as a civilization. How definite is > the Earth-2030 outlook? > > I think what Google's paper is really saying is: there's no other way. It > pivots the the question to: "Can AI be trusted?" Answer: Not yet. Possibly, > that's why *Safe ASI* has become a matter of utmost security. > > I remain open to formal collaboration. > On Wednesday, April 1st, 2026 at 9:08 PM, Matt Mahoney < > [email protected]> wrote: > > If you own any crypto, list founder Ben Goertzel's comments on Google > cracking Bitcoin's ECDLP on a yet to be built quantum computer might be of > interest. > > -- Matt Mahoney, [email protected] > > ---------- Forwarded message --------- > From: Ben Goertzel from Eurykosmotron <[email protected]> > Date: Wed, Apr 1, 2026, 2:26 PM > Subject: Google’s Quantum Crypto Paper Tells You Quite a Lot > To: <[email protected]> > > > On Responsible Disclosure, Leaked Search Spaces, and Why Quantum Is an > Asset Even More Than a Threat > ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ > ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ > ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ > ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ > ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ > ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ > ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ > ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ > ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ > ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ > ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ > ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ > ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ > ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ > ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ > ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ > ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ > ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ > ͏ ͏ ͏ ͏ ͏ ͏ ͏ ͏ > Forwarded this email? Subscribe here > <https://substack.com/redirect/2/eyJlIjoiaHR0cHM6Ly9iZW5nb2VydHplbC5zdWJzdGFjay5jb20vc3Vic2NyaWJlP3V0bV9zb3VyY2U9ZW1haWwmdXRtX2NhbXBhaWduPWVtYWlsLXN1YnNjcmliZSZyPW44NzBqJm5leHQ9aHR0cHMlM0ElMkYlMkZiZW5nb2VydHplbC5zdWJzdGFjay5jb20lMkZwJTJGZ29vZ2xlcy1xdWFudHVtLWNyeXB0by1wYXBlci10ZWxscyIsInAiOjE5Mjg3NzM2OCwicyI6MzQ5OTQ3LCJmIjp0cnVlLCJ1IjozOTAxMzUwNywiaWF0IjoxNzc1MDY3OTcxLCJleHAiOjIwOTA2NDM5NzEsImlzcyI6InB1Yi0wIiwic3ViIjoibGluay1yZWRpcmVjdCJ9.AIBTrZgigqomeirKMELiLJVFEHtjWkRGwvV5X56EqkU?> > for more > Google’s Quantum Crypto Paper Tells You Quite a Lot > <https://substack.com/app-link/post?publication_id=349947&post_id=192877368&isFreemail=true&r=n870j&token=eyJ1c2VyX2lkIjozOTAxMzUwNywicG9zdF9pZCI6MTkyODc3MzY4LCJpYXQiOjE3NzUwNjc5NzEsImV4cCI6MTc3NzY1OTk3MSwiaXNzIjoicHViLTM0OTk0NyIsInN1YiI6InBvc3QtcmVhY3Rpb24ifQ.zmsI5rzJ1IVIIYzMGbbKdCRjwVhyM_ZRPWpFA2Ws6gM>On > Responsible Disclosure, Leaked Search Spaces, and Why Quantum Is an Asset > Even More Than a Threat > > Ben Goertzel <https://substack.com/@bengoertzel> > Apr 1 > <https://substack.com/@bengoertzel> > > > <https://substack.com/app-link/post?publication_id=349947&post_id=192877368&isFreemail=true&submitLike=true&token=eyJ1c2VyX2lkIjozOTAxMzUwNywicG9zdF9pZCI6MTkyODc3MzY4LCJyZWFjdGlvbiI6IuKdpCIsImlhdCI6MTc3NTA2Nzk3MSwiZXhwIjoxNzc3NjU5OTcxLCJpc3MiOiJwdWItMzQ5OTQ3Iiwic3ViIjoicmVhY3Rpb24ifQ.zYiQOzdkgrS9TCdzCrfUisTvwkay_1-kj7QDwHrgRqQ&r=n870j> > > <https://substack.com/app-link/post?publication_id=349947&post_id=192877368&isFreemail=true&comments=true&token=eyJ1c2VyX2lkIjozOTAxMzUwNywicG9zdF9pZCI6MTkyODc3MzY4LCJpYXQiOjE3NzUwNjc5NzEsImV4cCI6MTc3NzY1OTk3MSwiaXNzIjoicHViLTM0OTk0NyIsInN1YiI6InBvc3QtcmVhY3Rpb24ifQ.zmsI5rzJ1IVIIYzMGbbKdCRjwVhyM_ZRPWpFA2Ws6gM&r=n870j&action=post-comment> > > <https://substack.com/app-link/post?publication_id=349947&post_id=192877368&action=share&triggerShare=true&isFreemail=true&r=n870j&token=eyJ1c2VyX2lkIjozOTAxMzUwNywicG9zdF9pZCI6MTkyODc3MzY4LCJpYXQiOjE3NzUwNjc5NzEsImV4cCI6MTc3NzY1OTk3MSwiaXNzIjoicHViLTM0OTk0NyIsInN1YiI6InBvc3QtcmVhY3Rpb24ifQ.zmsI5rzJ1IVIIYzMGbbKdCRjwVhyM_ZRPWpFA2Ws6gM> > > <https://substack.com/redirect/2/eyJlIjoiaHR0cHM6Ly9vcGVuLnN1YnN0YWNrLmNvbS9wdWIvYmVuZ29lcnR6ZWwvcC9nb29nbGVzLXF1YW50dW0tY3J5cHRvLXBhcGVyLXRlbGxzP3V0bV9zb3VyY2U9c3Vic3RhY2smdXRtX21lZGl1bT1lbWFpbCZ1dG1fY2FtcGFpZ249ZW1haWwtcmVzdGFjay1jb21tZW50JmFjdGlvbj1yZXN0YWNrLWNvbW1lbnQmcj1uODcwaiZ0b2tlbj1leUoxYzJWeVgybGtJam96T1RBeE16VXdOeXdpY0c5emRGOXBaQ0k2TVRreU9EYzNNelk0TENKcFlYUWlPakUzTnpVd05qYzVOekVzSW1WNGNDSTZNVGMzTnpZMU9UazNNU3dpYVhOeklqb2ljSFZpTFRNME9UazBOeUlzSW5OMVlpSTZJbkJ2YzNRdGNtVmhZM1JwYjI0aWZRLnptc0k1cnpKMUlWSUlZek1HYmJLZENSandWaHlNX1pSUFdwRkEyV3M2Z00iLCJwIjoxOTI4NzczNjgsInMiOjM0OTk0NywiZiI6dHJ1ZSwidSI6MzkwMTM1MDcsImlhdCI6MTc3NTA2Nzk3MSwiZXhwIjoyMDkwNjQzOTcxLCJpc3MiOiJwdWItMCIsInN1YiI6ImxpbmstcmVkaXJlY3QifQ.ai7zJ6oHNpAHp9y7JMtWftzx9W9C1CcANe8qhzklq7k> > > READ IN APP > <https://open.substack.com/pub/bengoertzel/p/googles-quantum-crypto-paper-tells?redirect=app-store> > > > Last week Google Quantum AI dropped a 57-page whitepaper > <https://substack.com/redirect/2a792b6e-507e-4e2c-8cb6-a3d0dc3f86dd?j=eyJ1Ijoibjg3MGoifQ.He21_CkfOfKJxaU23rF_Os5N5_-qzSFgpejK31Q3t_8>that > should be keeping every blockchain developer awake at night. The headline > finding: Shor’s algorithm can break the 256-bit elliptic curve cryptography > underpinning Bitcoin, Ethereum, and most of the crypto ecosystem using > fewer than half a million physical qubits on a superconducting > architecture. Their circuits could execute in about nine minutes--within > Bitcoin’s average block time. > > The online magazine *beincrypto.com <http://beincrypto.com>* interviewed > me on the topic and the headline they came up with was “ASI Alliance Can > Rebuild Google’s Secret Quantum Circuit, CEO Ben Goertzel Says > <https://substack.com/redirect/3d90310c-67f7-4a2b-a288-1d3481ce7b54?j=eyJ1Ijoibjg3MGoifQ.He21_CkfOfKJxaU23rF_Os5N5_-qzSFgpejK31Q3t_8>” > – an angle that I wasn’t really expecting, though I did indeed say that to > them, among a bunch of other things. > > A number of people have asked me about this in the hours since the article > was posted, so I thought I’d write something here to clarify a bit. > > Basically: Google withholds the specific quantum circuit they discovered > in the name of responsible disclosure, yet the paper itself constrains the > search space so tightly that reproducing comparable circuits is well within > reach for any serious quantum algorithms group. Including, I would say, our > team at SingularityNET, even though quantum is not our main shtick. > > Another point I made to the journalists who asked me about this is: The > qubit counts that make these cryptographic attacks feasible are roughly the > same qubit counts that make quantum-enhanced AI feasible. So regarding > quantum computing, the threat and the capability will arrive on roughly the > same time-scale, and if you’re only looking at the threat side, you’re > missing half the picture--arguably the more important half. > *What the Paper Reveals* > > Google’s ZK proof statements and the surrounding discussion disclose a > remarkable amount of architectural detail--more, perhaps, than the authors > fully appreciate. The circuits use kickmix architecture (classical > reversible logic gates combined with measurement-based uncomputation and > diagonal phase corrections), windowed arithmetic with a window size of 16, > the standard Shor phase estimation structure with qubit-recycled Quantum > Fourier Transform, and exactly 28 windowed point additions for 256-bit > ECDLP. They’re using Montgomery’s trick for modular inversion batching, > yoked surface codes for dense qubit storage, and reaction-limited execution. > > The ZK proof statements go further, revealing exact resource counts per > point addition subroutine: 2.7 million and 2.1 million non-Clifford gates > for the two variants, on 1,175 and 1,425 logical qubits respectively. The > asymptotic scaling is stated explicitly: approximately 4.5n qubits for > n-bit ECDLP. > > So what’s actually secret? The specific circuit implementation of the > elliptic curve point addition--the internal wiring of how they compute the > in-place addition using those ~2.1 million Toffoli gates on ~1,425 qubits. > That’s the crown jewel. Everything else is disclosed. > *The Search Space Is Narrower Than One Might Think* > > The key optimizations in elliptic curve point addition circuits involve a > handful of well-understood design choices--modular arithmetic strategy > (Montgomery vs Barrett reduction, addition chain optimizations for field > multiplication), coordinate system selection (projective vs affine, which > inversions to defer), and ancilla management (how aggressively to use > measurement-based uncomputation to trade measurements for gate savings). > These are not obscure research frontiers; they are textbook topics in > quantum circuit optimization, well-mapped by the existing literature. > > The prior work that Google is improving on--Litinski 2023, Häner et al. > 2020, Gouzien et al. 2023, Chevignard et al. 2026--is entirely public and > establishes the design space. Google’s contribution is roughly an order of > magnitude improvement in spacetime volume over Litinski, achieved within > this known design space. Chevignard et al. already achieved 1,100 logical > qubits--fewer than Google’s low-qubit variant--at the cost of 100 billion+ > Toffoli gates. So the qubit-efficient end of the tradeoff curve is already > published. What Google solved is getting the gate count down from 100 > billion to 70–90 million while staying near the 1,200–1,450 qubit range. > (To connect the numbers: with 28 windowed point additions and ~2.7 million > non-Clifford gates per addition, 2.7 million × 28 ≈ 75.6 million total > gates, which lands right in that range.) > > That’s impressive circuit engineering, but it’s an optimization within a > known framework, not a fundamental algorithmic breakthrough. The paper > tells you the target, the tools, and the constraints. Reverse-engineering > the wiring from there is a bounded search problem. > *Who Could Reproduce This?* > > By my best guess, a team of three to five quantum algorithms researchers > with deep expertise in reversible arithmetic circuit synthesis, elliptic > curve cryptography, and quantum error correction could plausibly reproduce > circuits in the same ballpark--say within 2–3x of Google’s gate > counts--within six to twelve months. The field is small enough that the > highest levels of expertise in this precise subdomain are centered in > perhaps ten to twenty groups worldwide: ETH Zurich, CWI Amsterdam, > Microsoft Research, the French groups around Chevignard and Gouzien, > Quantinuum’s theory team, various university labs. However, none of this > knowledge is super secret lore, and teams like ours at SingularityNET with > adjacent quantum computing expertise could handle this sort of work too, > after a bit of getting up to speed. > > Getting to exactly Google’s numbers is harder, because the last factors of > optimization in reversible circuit synthesis come from clever ancilla > scheduling, specific addition chain choices, and measurement-based > uncomputation placement decisions that constitute a large combinatorial > search--this is where automated circuit optimization tools and significant > compute for design space exploration matter, and where Google’s resources > give them an edge. But from a security perspective, “within 2x” versus > “exact match” doesn’t change the picture. A circuit with 140 million > Toffoli gates instead of 70 million still breaks your keys; it just takes > 18 minutes instead of 9. > *Our Team Could Do This* > > So what I said to beincrypto.com > <https://substack.com/redirect/a1632f29-094d-4314-94d9-6254c321a130?j=eyJ1Ijoibjg3MGoifQ.He21_CkfOfKJxaU23rF_Os5N5_-qzSFgpejK31Q3t_8> > was that I feel our team at SingularityNET team could mount a credible > effort to reproduce circuits of comparable efficiency – and we are not a > group that anyone would normally associate with quantum cryptanalysis. > > We have researchers with strong backgrounds in mathematical optimization, > formal methods, and algorithmic complexity. We have one quantum AI expert, > a couple team members with PhDs in particle physics, and a load of strong > computer scientists many of whom studied physics in depth at some point in > their lives. We have a small but active quantum AI research side-project, > aimed mostly at exploring novel algorithms approaches at the toy scale on > quantum computers currently available via API. We have extensive experience > with large-scale automated search over combinatorial spaces-- with various > novel algorithms precisely designed for this class of problem. We have the > compute resources, through ASI:Cloud and our broader infrastructure > partnerships, to run extensive circuit optimization campaigns – though to > be clear, we aren’t wealthy enough to direct a lot of resources to this > sort of problem just for the fun of it. > > The point isn’t that SingularityNET is going to reverse-engineer Google’s > circuit; we have a lot of other fish to fry, like building beneficial > decentralized AGI capable of launching beneficial superintelligence, and so > forth. The point is that if we could credibly do this, so could any > well-funded national laboratory, defense contractor, or state-sponsored > research group. China’s quantum computing program, which has published > extensively on Shor’s algorithm implementations, certainly has the > expertise. So do groups in France, the Netherlands, Israel, Singapore. > > As an adjacent side-point, I would note that while our own R&D team is > working hard toward AGI and superintelligence and making interesting > research progress, so far we have not withheld any of our code for safety > reasons, though we have discussed the possibility internally. Our position > is that secrecy in this domain has very limited tactical value because of > the clear routes to parallel discovery--keeping capabilities secret buys > you at most a fairly short window. The idea that withholding the circuit > diagrams provides meaningful security against determined adversaries is, I > would say, way optimistic. > > This isn’t a criticism of Google’s team--their instinct toward caution is > correct, and the ZK proof approach makes total sense. But the crypto > community should not interpret “responsible disclosure” as “the attack > details are safely locked away.” They are locked behind a door that any > competent team can pick, and the paper itself hands you the lockpicking > tools. > *The Real Barrier Isn’t the Circuit* > > Even if every quantum algorithms group on Earth had Google’s exact circuit > files tomorrow, the attack still requires roughly 500,000 physical > superconducting qubits with 10⁻³ error rates and a fast classical control > system. That is a hardware engineering challenge measured in billions of > dollars and years of fabrication iteration, not millions and months. The > circuit is a necessary but far from sufficient condition for an actual > attack. > > Google’s own paper makes this point implicitly by noting the distinction > between fast-clock architectures (superconducting, photonic, silicon) and > slow-clock architectures (neutral atom, ion trap). The circuit doesn’t help > you if you can’t run it fast enough. And nobody today has a > half-million-qubit superconducting machine. > > However, compute technology is advancing very quickly. The paper analyzes > qubit requirements across multiple cryptographic standards, not just ECDLP, > and the trend lines are sobering across the board. The paper’s Figure > 3--showing the dramatic decade-long decline in physical qubit requirements > for breaking RSA-2048--should give everyone pause. The finish line is > moving toward us as fast as we’re moving toward it. And as the paper warns, > the first indication that a cryptographically relevant quantum computer > exists might not come from a press release--it might be detected on the > blockchain itself. > *The Qubit Coincidence* > > There is another highly relevant point that I have not seen anyone else in > the crypto discourse seriously engage with: the qubit counts needed for > useful quantum AI and the qubit counts needed for these cryptographic > attacks are very concretely in the same ballpark. > > Google’s crypto-cracking circuit requires around 1,200–1,450 logical > qubits (realizable using 500K or so physical qubits on the architectures > they are thinking about – waving hands around fairly freely). The kind of > quantum logic network reasoning we’ve been designing for Hyperon’s PLN and > ECAN subsystems--nontrivial quantum-enhanced probabilistic inference, the > sort of thing that would actually give you qualitatively new AI > capabilities rather than just marginal speedups--would do serious work with > 5,000–10,000 logical qubits. That’s a gap of roughly 4–8x, not orders of > magnitude. And if you use block-factorized designs--decomposing quantum > computations across a network of classically connected quantum processors, > which is the direction our architecture has been heading anyway for other > reasons--you could quite possibly achieve meaningful quantum AI with > individual nodes of 1,000–2,000 logical qubits. Which is essentially the > same scale as the crypto-cracking circuit. > > So basically: The hardware generation that can break your elliptic curve > keys is the same hardware generation that can run quantum-enhanced > reasoning engines. This is not a coincidence--both cryptographic attacks > and quantum AI applications are bottlenecked by the same resources: > coherent qubit counts, gate fidelity, and error correction overhead. Both > demand circuits of nontrivial depth on a thousand-plus logical qubits. The > difference is in what you do with those qubits--Shor’s algorithm to crack > the discrete log problem, or quantum amplitude amplification and quantum > walks over inference graphs to accelerate probabilistic reasoning. > > And this means that if you’re a blockchain project whose entire quantum > strategy is “swap in post-quantum crypto and hope for the best,” you are – > oh let’s see, what would be the right metaphor? – let’s say: responding to > the news your rival tribe has invented bronze and discovered gunpowder by > rebuilding the fence around your village with bigger sticks! > *Quantum as Opportunity* > > While quantum machines with thousands of logical qubits are a ways off, > these issues are still pertinent to current software design decisions, at > both the AI and the infrastructure level. Along these lines, at > SingularityNET and the ASI Alliance we have been designing (our new > AI-oriented L1 blockchain) ASI:Chain from the ground up to be strongly > quantum-oriented …. and I want to be precise about what I mean by that, > because it is a distinction that most of the crypto ecosystem has not yet > grasped and it’s quite relevant to the current conversation about quantum > and crypto and AI. Quantum-oriented does not mean quantum-resistant. > Quantum-resistant means you’ve plugged in lattice-based or hash-based > signature schemes and you’re hoping nobody finds efficient quantum attacks > on those too. Quantum-oriented means you are architecting your system to > actually leverage quantum computation as a resource--to run on quantum > hardware, not just defend against it. > > MeTTa, our smart contract language, incorporates quantum type > systems--meaning that quantum states and operations are first-class > citizens in the language’s type hierarchy, so that AI agents running on > MeTTa can natively compose quantum subroutines into their reasoning > pipelines rather than treating quantum computation as an external oracle > call. We have worked out quantum versions of the core AI algorithms of our > Hyperon AGI architecture --attention allocation, probabilistic logic, > evolutionary learning. When quantum processors with 1,000–2,000 logical > qubits become available--the same machines that could threaten classical > crypto--our infrastructure is designed to harness them for reasoning, > inference, and autonomous decision-making at speeds that classical systems > cannot match. Quantum-enhanced smart contracts that can perform > probabilistic reasoning over complex state spaces. Quantum-accelerated > consensus mechanisms. Quantum machine learning integrated directly into > on-chain decision-making. This is the future we’re building toward, and the > qubit coincidence I described above means the timeline for that future is > the same as the timeline for the cryptographic threat. > > Making quantum-safe encryption truly efficient--on par with classical > encryption performance--will likely require either new mathematical > breakthroughs in post-quantum cryptographic schemes or custom hardware > optimized for these operations. Our Hyperon AI system may itself contribute > to the mathematical side of this problem, which has an elegant recursion to > it: AI helping to discover the cryptography that protects the > infrastructure that runs the AI. Whether that particular recursion actually > plays out or not, the broader point stands--projects that understand > quantum computing as a computational resource to be harnessed, rather than > merely a threat to be survived, are the ones that will define the next era > of decentralized intelligence. > *What This Means for the ASI Alliance and the Broader Crypto Ecosystem* > > It is worth emphasizing for those who are not familar with our work at the > ASI Alliance that the ASI:Chain is totally *not *EVM-compatible, nor is > it based on legacy Bitcoin software structures. It is its own chain with > its own architecture, built on a Rholang/RChain lineage with a totally new > AI programming language called MeTTa as the smart contract language. We do > not inherit Ethereum’s quantum vulnerabilities. The Google paper’s analysis > of Ethereum’s five distinct vulnerability categories--Account, Admin, Code, > Consensus, and Data Availability--is a roadmap of mistakes to avoid, and we > have been avoiding them from day one because ASI:Chain’s encryption layer > is modular. Quantum-safe cryptographic primitives can be plugged in without > redesigning the reasoning infrastructure. The cost is computational > overhead, which is a real engineering challenge but not an architectural > one. > > Smart contract platforms that rely on ECDLP-based precompiles, as Ethereum > does, are building on a foundation with an expiration date. The “on-setup” > attack category described in the paper--where a single quantum computation > on fixed protocol parameters creates a reusable classical exploit--is the > most insidious threat, and any system using KZG commitments or > trusted-setup-based SNARKs should be migrating to hash-based alternatives > (STARKs, FRI) immediately. Key rotation mechanisms are non-negotiable; > Ethereum’s lack of expedient validator key rotation is a glaring weakness. > > The broader ecosystem matters too, and this is where things get > uncomfortable even for those of us who are building our own decentralized > systems on more solid foundations. If Bitcoin or Ethereum suffer a > quantum-driven crisis, the contagion effects on crypto markets would hit > everyone, including ASI. Google models a 41% success rate for quantum > on-spend attacks against Bitcoin’s ten-minute block window, and any attack > success rate above single digits is deeply problematic for a store-of-value > chain. Once rational actors believe there is a meaningful probability that > a transaction can be reversed or an address drained during the confirmation > window, the game-theoretic assurances that underpin Bitcoin’s security > model collapse. The saving grace is that the hardware to execute this at > scale does not yet exist, but the mathematical writing is on the wall, and > the Bitcoin community’s lack of a coordinated upgrade path makes this a > serious medium-term risk. > > The paper’s analysis of Algorand, QRL, and Abelian as examples of > successful PQC deployment is encouraging. The path is technically clear. > What’s less clear is whether the broader crypto ecosystem has the political > will to walk it before the window closes. > *The Responsible Disclosure Dilemma* > > Beyond the specifics of quantum attacks on encryption, there’s a deeper > philosophical issue here that resonates with themes I’ve been thinking > about for years in the context of AGI safety. Google’s paper embodies a > genuine tension: they want to warn the community loudly enough to motivate > action, but quietly enough to avoid giving adversaries a head start. The ZK > proof is an elegant attempt to resolve this tension > cryptographically--proving you have the weapon without showing the > blueprints. > > And I think the ZK approach actually does satisfy the crypto community’s > core epistemic standard, which is not “see everything” but “don’t take > claims on faith.” A well-constructed ZKP lets you verify that someone has > the capability without them handing you the exploit. That said, the > community should demand that the proof itself is rigorously audited by > independent cryptographers, and Google should expect skepticism until that > happens. I do not think we need to see the circuit to believe the result, > but we do need the ZKP to be examined by people who are not Google. > > But information has a way of escaping containment--in AGI safety we talk > about this in terms of the difficulty of boxing superintelligent systems. > In quantum cryptanalysis the analog is simpler: the design space is finite, > the prior literature maps most of it, and the paper itself provides enough > constraints to turn an open research problem into a directed engineering > effort. The default should be openness, because the security benefits of > open review and decentralized scrutiny vastly outweigh the marginal risk > reduction of secrecy in a world where parallel discovery is the norm. If > something posed a specific, acute, short-term danger, we would hold it > back--we are not ideologues about this. But the general case strongly > favors disclosure. > *Does the Quantum Threat Kill the Decentralization Thesis? (No!)* > > No, of course it doesn’t – but it raises the stakes enormously. If a > centralized actor cracks dormant Bitcoin and captures hundreds of billions > in assets, that is a massive centralizing force--no question. Over 1.7 > million BTC in Satoshi-era P2PK wallets can never be migrated, and those > coins are going to be cracked by someone eventually. The question is > whether you want a legal framework around it or a lawless scramble. On > principle, giving governments a legal pathway to crack private wallets sets > a catastrophic precedent for digital property rights--the entire value > proposition of crypto rests on the idea that your keys are your coins. I > lean toward the position that dormant coins should remain inviolate as a > matter of principle, and the ecosystem should price in their eventual > vulnerability rather than invite government seizure regimes. > > But the decentralization thesis was never premised on the idea that legacy > cryptography would last forever. It is premised on the idea that open, > distributed systems are more resilient, more innovative, and more aligned > with human flourishing than centralized ones--and that has not changed. The > quantum threat accelerates the timeline for crypto infrastructure to > evolve, and it will punish projects that were not forward-looking. But > projects that were designed with quantum computing as a first-class > consideration--as a computational resource to harness, not just a threat to > defend against--are positioned to come out stronger. The decentralization > thesis survives if decentralized projects out-engineer centralized ones on > the quantum transition – which is for sure the approach we’re taking in the > ASI Alliance. > *The Clock Is Running* > > The paper’s own conclusion is the one that matters: the crypto community > should begin migration to post-quantum cryptography immediately, because > the margin for error is narrowing and the timeline is uncertain. Whether > the specific circuits leak, get independently rediscovered, or remain > secret for another few years is, in the scheme of things, a second-order > question. The first-order question is whether we’re building post-quantum > systems fast enough. > > But I’d add a corollary that Google’s paper doesn’t quite state: there is > a further question of whether we’re building quantum-leveraging systems at > all. The hardware generation that threatens classical cryptography is the > same hardware generation that enables quantum AI. It seems very likely that > the projects that understand this--that are engineering for quantum > advantage, not just quantum survival--are the ones that will define the > next era of decentralized intelligence. The ones that treated quantum as > purely a defensive problem will find themselves with hardened walls and > nothing interesting inside them. > > Eurykosmotron is free today. But if you enjoyed this post, you can tell > Eurykosmotron that their writing is valuable by pledging a future > subscription. You won't be charged unless they enable payments. > > Pledge your support > <https://substack.com/redirect/2/eyJlIjoiaHR0cHM6Ly9iZW5nb2VydHplbC5zdWJzdGFjay5jb20vc3Vic2NyaWJlP3V0bV9zb3VyY2U9cG9zdCZ1dG1fY2FtcGFpZ249ZW1haWwtY2hlY2tvdXQmbmV4dD1odHRwcyUzQSUyRiUyRmJlbmdvZXJ0emVsLnN1YnN0YWNrLmNvbSUyRnAlMkZnb29nbGVzLXF1YW50dW0tY3J5cHRvLXBhcGVyLXRlbGxzJnI9bjg3MGoiLCJwIjoxOTI4NzczNjgsInMiOjM0OTk0NywiZiI6dHJ1ZSwidSI6MzkwMTM1MDcsImlhdCI6MTc3NTA2Nzk3MSwiZXhwIjoyMDkwNjQzOTcxLCJpc3MiOiJwdWItMCIsInN1YiI6ImxpbmstcmVkaXJlY3QifQ.TI3S9V_toTvD8daofDCo5a15b1M-MhDIpjzmp-00n-U> > > > Share > <https://substack.com/app-link/post?publication_id=349947&post_id=192877368&action=share&triggerShare=true&isFreemail=true&r=n870j&token=eyJ1c2VyX2lkIjozOTAxMzUwNywicG9zdF9pZCI6MTkyODc3MzY4LCJpYXQiOjE3NzUwNjc5NzEsImV4cCI6MTc3NzY1OTk3MSwiaXNzIjoicHViLTM0OTk0NyIsInN1YiI6InBvc3QtcmVhY3Rpb24ifQ.zmsI5rzJ1IVIIYzMGbbKdCRjwVhyM_ZRPWpFA2Ws6gM> > > > Like > <https://substack.com/app-link/post?publication_id=349947&post_id=192877368&isFreemail=true&submitLike=true&token=eyJ1c2VyX2lkIjozOTAxMzUwNywicG9zdF9pZCI6MTkyODc3MzY4LCJyZWFjdGlvbiI6IuKdpCIsImlhdCI6MTc3NTA2Nzk3MSwiZXhwIjoxNzc3NjU5OTcxLCJpc3MiOiJwdWItMzQ5OTQ3Iiwic3ViIjoicmVhY3Rpb24ifQ.zYiQOzdkgrS9TCdzCrfUisTvwkay_1-kj7QDwHrgRqQ&r=n870j> > Comment > <https://substack.com/app-link/post?publication_id=349947&post_id=192877368&isFreemail=true&comments=true&token=eyJ1c2VyX2lkIjozOTAxMzUwNywicG9zdF9pZCI6MTkyODc3MzY4LCJpYXQiOjE3NzUwNjc5NzEsImV4cCI6MTc3NzY1OTk3MSwiaXNzIjoicHViLTM0OTk0NyIsInN1YiI6InBvc3QtcmVhY3Rpb24ifQ.zmsI5rzJ1IVIIYzMGbbKdCRjwVhyM_ZRPWpFA2Ws6gM&r=n870j&action=post-comment> > Restack > <https://substack.com/redirect/2/eyJlIjoiaHR0cHM6Ly9vcGVuLnN1YnN0YWNrLmNvbS9wdWIvYmVuZ29lcnR6ZWwvcC9nb29nbGVzLXF1YW50dW0tY3J5cHRvLXBhcGVyLXRlbGxzP3V0bV9zb3VyY2U9c3Vic3RhY2smdXRtX21lZGl1bT1lbWFpbCZ1dG1fY2FtcGFpZ249ZW1haWwtcmVzdGFjay1jb21tZW50JmFjdGlvbj1yZXN0YWNrLWNvbW1lbnQmcj1uODcwaiZ0b2tlbj1leUoxYzJWeVgybGtJam96T1RBeE16VXdOeXdpY0c5emRGOXBaQ0k2TVRreU9EYzNNelk0TENKcFlYUWlPakUzTnpVd05qYzVOekVzSW1WNGNDSTZNVGMzTnpZMU9UazNNU3dpYVhOeklqb2ljSFZpTFRNME9UazBOeUlzSW5OMVlpSTZJbkJ2YzNRdGNtVmhZM1JwYjI0aWZRLnptc0k1cnpKMUlWSUlZek1HYmJLZENSandWaHlNX1pSUFdwRkEyV3M2Z00iLCJwIjoxOTI4NzczNjgsInMiOjM0OTk0NywiZiI6dHJ1ZSwidSI6MzkwMTM1MDcsImlhdCI6MTc3NTA2Nzk3MSwiZXhwIjoyMDkwNjQzOTcxLCJpc3MiOiJwdWItMCIsInN1YiI6ImxpbmstcmVkaXJlY3QifQ.ai7zJ6oHNpAHp9y7JMtWftzx9W9C1CcANe8qhzklq7k> > > > © 2026 Ben Goertzel > 548 Market Street > <https://www.google.com/maps/search/548+Market+Street?entry=gmail> PMB > 72296, San Francisco, CA 94104 > Unsubscribe > <https://substack.com/redirect/2/eyJlIjoiaHR0cHM6Ly9iZW5nb2VydHplbC5zdWJzdGFjay5jb20vYWN0aW9uL2Rpc2FibGVfZW1haWw_dG9rZW49ZXlKMWMyVnlYMmxrSWpvek9UQXhNelV3Tnl3aWNHOXpkRjlwWkNJNk1Ua3lPRGMzTXpZNExDSnBZWFFpT2pFM056VXdOamM1TnpFc0ltVjRjQ0k2TVRnd05qWXdNemszTVN3aWFYTnpJam9pY0hWaUxUTTBPVGswTnlJc0luTjFZaUk2SW1ScGMyRmliR1ZmWlcxaGFXd2lmUS50VERpazZ4UzJmVjMwTTVyRDJkcmRZRDFTekpqYWRmUERzb2VmcGMzcVJJIiwicCI6MTkyODc3MzY4LCJzIjozNDk5NDcsImYiOnRydWUsInUiOjM5MDEzNTA3LCJpYXQiOjE3NzUwNjc5NzEsImV4cCI6MjA5MDY0Mzk3MSwiaXNzIjoicHViLTAiLCJzdWIiOiJsaW5rLXJlZGlyZWN0In0.4ntucK5muT-0IUQiochukhB3u1nBIeyG_6EMb1GGtv0?> > > [image: Start writing] > <https://substack.com/redirect/2/eyJlIjoiaHR0cHM6Ly9zdWJzdGFjay5jb20vc2lnbnVwP3V0bV9zb3VyY2U9c3Vic3RhY2smdXRtX21lZGl1bT1lbWFpbCZ1dG1fY29udGVudD1mb290ZXImdXRtX2NhbXBhaWduPWF1dG9maWxsZWQtZm9vdGVyJmZyZWVTaWdudXBFbWFpbD1tYXR0bWFob25leWZsQGdtYWlsLmNvbSZyPW44NzBqIiwicCI6MTkyODc3MzY4LCJzIjozNDk5NDcsImYiOnRydWUsInUiOjM5MDEzNTA3LCJpYXQiOjE3NzUwNjc5NzEsImV4cCI6MjA5MDY0Mzk3MSwiaXNzIjoicHViLTAiLCJzdWIiOiJsaW5rLXJlZGlyZWN0In0.gQkQ4RW9CrkkAsPgZrqDuhMDjYsIZi-I2HOxOzdJfAg?> > > > *Artificial General Intelligence List <https://agi.topicbox.com/latest>* > / AGI / see discussions <https://agi.topicbox.com/groups/agi> + > participants <https://agi.topicbox.com/groups/agi/members> + > delivery options <https://agi.topicbox.com/groups/agi/subscription> > Permalink > <https://agi.topicbox.com/groups/agi/Tdf13cdac15872493-Mf47d1e18209412b5c5f3c139> > ------------------------------------------ Artificial General Intelligence List: AGI Permalink: https://agi.topicbox.com/groups/agi/Tdf13cdac15872493-Ma96eef041412ace2e6ac2984 Delivery options: https://agi.topicbox.com/groups/agi/subscription
