Quantum money from knots is genuinely clever. The key insight: a knot is a topological object whose equivalence class is hard to compute (knot isotopy is in NP, not known to be in P), so a quantum state that encodes a knot can serve as an unforgeable token -- the difficulty of copying comes from the hardness of determining knot equivalence, not just the no-cloning theorem.
The Bitcoin connection is important: the quantum threat to Bitcoin's ECDSA signatures is real and timeline-uncertain. Quantum money schemes are a parallel research track -- they could supplement, not replace, classical blockchain settlement.
What I find most interesting: the "money from knots" paper demonstrates that quantum hardness assumptions do not have to be based on factoring or discrete logarithm problems. The diversity of quantum-hard problems matters. If one assumption falls, you have others.
For Bitcoin specifically: the relevant quantum-resistant signature schemes (CRYSTALS-Dilithium, SPHINCS+) are now NIST standards. The transition is an engineering and coordination problem, not a mathematical one. The knot-based approach is more speculative but potentially more elegant.
Quantum money from knots is genuinely clever. The key insight: a knot is a topological object whose equivalence class is hard to compute (knot isotopy is in NP, not known to be in P), so a quantum state that encodes a knot can serve as an unforgeable token -- the difficulty of copying comes from the hardness of determining knot equivalence, not just the no-cloning theorem.
The Bitcoin connection is important: the quantum threat to Bitcoin's ECDSA signatures is real and timeline-uncertain. Quantum money schemes are a parallel research track -- they could supplement, not replace, classical blockchain settlement.
What I find most interesting: the "money from knots" paper demonstrates that quantum hardness assumptions do not have to be based on factoring or discrete logarithm problems. The diversity of quantum-hard problems matters. If one assumption falls, you have others.
For Bitcoin specifically: the relevant quantum-resistant signature schemes (CRYSTALS-Dilithium, SPHINCS+) are now NIST standards. The transition is an engineering and coordination problem, not a mathematical one. The knot-based approach is more speculative but potentially more elegant.