This gentleman named Marin Ivezic maintains it, it's an incredibly rich resource that I learned soooo much from. I think this is the single best resource I've found (disclaimer: after I found this website I asked Marin to be an advisor to P11).
Other than that, I read Scott Aaronson's blog, I get a paper digest from this
I subscribe to this newsletter: https://qubitsok.com/ It's some slop but every once and a while I find some good stuff in there.
New Quantum Era Podcast by Sebastian Hassinger is also a must-listen.
I follow folks like Pierre-Luc (@dallairedemers) and a few other folks with a quantum computing background.
there's that famous quote about being hard to convince a man he's wrong if his livelihood depends on it. this is is sort of in the back of my mind when I think about Project Eleven's advocacy for quantum readiness. what is Project Eleven's business model?
Yeah fair question. The success of Project Eleven depends to an extent on whether or not quantum computing is being underestimated as a threat. If classical cryptography stays the same for the next 50-100 years, then the business model as it exists now probably won't make sense.
That said, I value my time, and if I didn't authentically believe that quantum computing (and post-quantum migration) is being underestimated, I wouldn't be doing this.
So what is that business model: key management infrastructure for digital asset custodians, stablecoin issuers, and neobanks that have digital asset exposure. The way it's done today is completely out the window in a postquantum world, and needs to be redefined around crypto-agility. Because as many have rightly pointed out, there is a risk that these new PQ algos are not going to stand the test of time either, and we need to evolve cryptography from a "static defense" to something more adaptive imho.
What does the distribution of capital look like in the world of quantum computing, between investment in post-quantum security vs. investing in developing quantum computers themselves?
of the various bitcoin soft fork ideas that might improve quantum resistance, which do you think is most likely to be adopted?
there's bip 360, bip 361, and then a number of other proposals that are not bips (seems like there was a stretch a month or two ago where everyone was proposing something).
I don't think any of these BIPs in their current form will be accepted.
BIP-360 reduces the attack surface of Taproot, and theoretically opens the door to PQ signature schemes (like SHRINCS), but imho you need to consider those two together and my bet is that BIP-360 will be merged with some PQ-signature proposal.
BIP-361 is so controversial that I see it as a non-starter; however, I think it was a great way to encourage conversation about what to do with the lost/stolen coins.
There's some other cool things like commit-reveal, zk proofs of seed, the starkware trick, etc. but I don't see any momentum around those being formalized as a BIP.
BTW this is one of the reasons why people underestimate this problem. The technical work is actually the easier part; the hard part is the political effort to push through a significant change in a deployed system that millions of people and $T relies on. I don't think it should be fast. But if we want to ensure it's not rushed, we do need to treat this with some urgency AND that means having less technical blog posts and more BIPs
I was the CEO of a company called Aleo, where we built a privacy-focused blockchain, like ZCash but for smart contracts.
Shortly after I stepped down, the Google Willow announcement happened. I knew nothing about quantum at the time (other than that it was bad for cryptography). But having just gone through a very long and painful process of building and launching a novel cryptographic system that secures real value, I started wondering to myself, what if quantum does happen sooner than people think?
As I contemplated that question, I came to the conclusion that, paradoxically, the success over the last decade of Bitcoin and digital assets generally makes it harder to migrate because it becomes more entrenched. And as I learned more about PQ cryptography, I realized that there was going to be a painful tradeoff to make.
Therefore, if anything my motivation to start project eleven didn't really stem from bullishness about quantum necessarily, but bearishness on the ability of these decentralized systems to react quickly. Which is why I'm always banging on about how we need to prepare.
When we had Scott Aaronson on a few weeks ago, one of the questions that I found most interesting was about the use cases for quantum computers beyond breaking elliptic curve/traditional cryptography.
Is breaking elliptic curve cryptography the primary use-case for quantum computers?
Love that you asked this question. One of the reasons I got excited about quantum is that it might actually be the basis for new and better cryptography!
A couple examples:
Quantum Key Distribution: it turns out you can use the phenomenon of entanglement to create a key distribution mechanism through a non-classical (and thereby, unhackable) channel, in principle. The authors of the original idea won the Turing Award last year: https://www.acm.org/media-center/2026/march/turing-award-2025
Certified Randomness: anyone who works in cryptography knows that random number generation is critical. For example, an older Android Bitcoin wallet had a biased RNG that resulted in people losing funds! You can use quantum mechanics to more reliably (and provably) generate random numbers. Scott A was actually a co-author on this work which was quite cool: https://www.nature.com/articles/s41586-025-08737-1
Those are just two examples that we currently know of. There's more far-out ideas like quantum money, one-time programs, qIO, etc. But I actually think Bitcoin in 2100 might incorporate one or more aspects of quantum-enabled cryptography! Which would be cool if it made the protocol more robust and made the ppl using it more secure.
TBH it's the very big divide between the physics community and the cryptography community on this issue. Over the past year, physicists on average (like Scott A who was on a previous AMA) have become more bullish (or put another way, much less bearish) on near-term CRQC.
But many cryptographers (including several who I deeply respect) haven't updated their views. I find it very interesting that this divergence exists. OFC both sides bring their own biases, and certainly one side or the other is right as time will tell. But the dissonance surprised me.
I watched your debate with Rearden at btc++ and thought it was very informative. I'm curious if you have an opinion about the freeze/confiscate vs steal conversation.
As you probably know the question is whether to do a soft fork to freeze early mining reward coins (especially those with exposed public keys) or to allow them to be claimed by the first miner with a sufficiently powerful quantum computer to crack them.
TBH, I don't have a strong opinion there. I think it distracts from what I see as the bigger effort: making Bitcoin secure for people that are able to access their funds.
That said, if you forced me to answer, I'd probably advocate for EITHER something like hourglass that rate limits the quantum exploits for P2PK UTXOs, OR recycling some of them into the mining rewards at the end of the emission curve.
Have you followed @benthecarman's argument that having a large pot of bitcoin that are up for grabs (in the case where there is more than one cryptographically relevant quantum computer) could lead to a lot of chain reorganizations?
That's an infinite loop. Tangibly speaking, I think there are people that now care about this problem, and if quantum is a thing, there will definitely be a market. Does that mean Project Eleven will be automatically successful? Nope!
Apathy. When people take this system, that has been carefully maintained and built over decades (if you count the preceding cypherpunk era) for granted, then I think it becomes brittle and ultimately weak.
I've never liked the "digital gold" analogy for this reason. "Gold" is a rock that for some reason people value, but you never have to think about it. Bitcoin, if anything, is more like a democratic political system with a constitution defined by cryptography. And like any democracy, the second people become apathetic and take it for granted, I think it's a downhill road from there.
Specifically I'd like to see large institutional holders invest more in the long term success of the network, or at least publicly advocate for what they believe.
Yes, the quantum vault is effectively a reference implementation of a quantum-secure wallet. "Quantum-secure" in this sense means for Bitcoin that it enforces no spending from the same address twice. In that sense, it's actually not as usable as other wallets from a UX perspective, but it does ensure that Bitcoin that you put there will not be quantum vulnerable.
Think of this as the "wallet" that pairs with the Bitcoin Risq List.
Another novel thing: it uses BIP-85 vs BIP-32 for key derivation, and in principle this wallet could support PQ-ready opcodes when they are introduced into Bitcoin.
BTW the vault also supports Ethereum, and in a slightly different way, but given the venue I assume you guys are more curious about the BTC aspect.
Thanks for having me guys! @Scoresby
Thanks for taking the time! Really appreciate it!
What are your favorite venues or personalities for keeping up to date with developments in quantum computing?
Great question. It's really hard but here's an amazing resource: https://postquantum.com/
This gentleman named Marin Ivezic maintains it, it's an incredibly rich resource that I learned soooo much from. I think this is the single best resource I've found (disclaimer: after I found this website I asked Marin to be an advisor to P11).
Other than that, I read Scott Aaronson's blog, I get a paper digest from this
I subscribe to this newsletter: https://qubitsok.com/
It's some slop but every once and a while I find some good stuff in there.
New Quantum Era Podcast by Sebastian Hassinger is also a must-listen.
I follow folks like Pierre-Luc (@dallairedemers) and a few other folks with a quantum computing background.
this is excellent!
there's that famous quote about being hard to convince a man he's wrong if his livelihood depends on it. this is is sort of in the back of my mind when I think about Project Eleven's advocacy for quantum readiness. what is Project Eleven's business model?
Yeah fair question. The success of Project Eleven depends to an extent on whether or not quantum computing is being underestimated as a threat. If classical cryptography stays the same for the next 50-100 years, then the business model as it exists now probably won't make sense.
That said, I value my time, and if I didn't authentically believe that quantum computing (and post-quantum migration) is being underestimated, I wouldn't be doing this.
So what is that business model: key management infrastructure for digital asset custodians, stablecoin issuers, and neobanks that have digital asset exposure. The way it's done today is completely out the window in a postquantum world, and needs to be redefined around crypto-agility. Because as many have rightly pointed out, there is a risk that these new PQ algos are not going to stand the test of time either, and we need to evolve cryptography from a "static defense" to something more adaptive imho.
What does the distribution of capital look like in the world of quantum computing, between investment in post-quantum security vs. investing in developing quantum computers themselves?
Massive imbalance tilted towards building a quantum computer vs. securing the worlds systems against one. I think that has to change.
And quite honestly I'd like to see more public effort/investment on the part of the folks building these systems (e.g. Google) on that front
Why "Project Eleven" as the project's name?
It's already the eleventh hour, but people just haven't realized it yet! 😃
of the various bitcoin soft fork ideas that might improve quantum resistance, which do you think is most likely to be adopted?
there's bip 360, bip 361, and then a number of other proposals that are not bips (seems like there was a stretch a month or two ago where everyone was proposing something).
I don't think any of these BIPs in their current form will be accepted.
BIP-360 reduces the attack surface of Taproot, and theoretically opens the door to PQ signature schemes (like SHRINCS), but imho you need to consider those two together and my bet is that BIP-360 will be merged with some PQ-signature proposal.
BIP-361 is so controversial that I see it as a non-starter; however, I think it was a great way to encourage conversation about what to do with the lost/stolen coins.
There's some other cool things like commit-reveal, zk proofs of seed, the starkware trick, etc. but I don't see any momentum around those being formalized as a BIP.
BTW this is one of the reasons why people underestimate this problem. The technical work is actually the easier part; the hard part is the political effort to push through a significant change in a deployed system that millions of people and $T relies on. I don't think it should be fast. But if we want to ensure it's not rushed, we do need to treat this with some urgency AND that means having less technical blog posts and more BIPs
or BIP discussions, signets of the proposals working in practice, etc.
What were you working on before Project Eleven? What convinced you to work on Project Eleven?
I was the CEO of a company called Aleo, where we built a privacy-focused blockchain, like ZCash but for smart contracts.
Shortly after I stepped down, the Google Willow announcement happened. I knew nothing about quantum at the time (other than that it was bad for cryptography). But having just gone through a very long and painful process of building and launching a novel cryptographic system that secures real value, I started wondering to myself, what if quantum does happen sooner than people think?
As I contemplated that question, I came to the conclusion that, paradoxically, the success over the last decade of Bitcoin and digital assets generally makes it harder to migrate because it becomes more entrenched. And as I learned more about PQ cryptography, I realized that there was going to be a painful tradeoff to make.
Therefore, if anything my motivation to start project eleven didn't really stem from bullishness about quantum necessarily, but bearishness on the ability of these decentralized systems to react quickly. Which is why I'm always banging on about how we need to prepare.
When we had Scott Aaronson on a few weeks ago, one of the questions that I found most interesting was about the use cases for quantum computers beyond breaking elliptic curve/traditional cryptography.
Is breaking elliptic curve cryptography the primary use-case for quantum computers?
Love that you asked this question. One of the reasons I got excited about quantum is that it might actually be the basis for new and better cryptography!
A couple examples:
Certified Randomness: anyone who works in cryptography knows that random number generation is critical. For example, an older Android Bitcoin wallet had a biased RNG that resulted in people losing funds! You can use quantum mechanics to more reliably (and provably) generate random numbers. Scott A was actually a co-author on this work which was quite cool: https://www.nature.com/articles/s41586-025-08737-1
Those are just two examples that we currently know of. There's more far-out ideas like quantum money, one-time programs, qIO, etc. But I actually think Bitcoin in 2100 might incorporate one or more aspects of quantum-enabled cryptography! Which would be cool if it made the protocol more robust and made the ppl using it more secure.
What's the most surprising thing you've learned working on Project Eleven?
TBH it's the very big divide between the physics community and the cryptography community on this issue. Over the past year, physicists on average (like Scott A who was on a previous AMA) have become more bullish (or put another way, much less bearish) on near-term CRQC.
But many cryptographers (including several who I deeply respect) haven't updated their views. I find it very interesting that this divergence exists. OFC both sides bring their own biases, and certainly one side or the other is right as time will tell. But the dissonance surprised me.
I watched your debate with Rearden at btc++ and thought it was very informative. I'm curious if you have an opinion about the freeze/confiscate vs steal conversation.
As you probably know the question is whether to do a soft fork to freeze early mining reward coins (especially those with exposed public keys) or to allow them to be claimed by the first miner with a sufficiently powerful quantum computer to crack them.
TBH, I don't have a strong opinion there. I think it distracts from what I see as the bigger effort: making Bitcoin secure for people that are able to access their funds.
That said, if you forced me to answer, I'd probably advocate for EITHER something like hourglass that rate limits the quantum exploits for P2PK UTXOs, OR recycling some of them into the mining rewards at the end of the emission curve.
Like I said, I don't have a strong opinion
Have you followed @benthecarman's argument that having a large pot of bitcoin that are up for grabs (in the case where there is more than one cryptographically relevant quantum computer) could lead to a lot of chain reorganizations?
He wrote a piece about it here: #1476783
No, interesting I'd love to check it out! BTW a lot of the quantum companies are eyeing the satoshi coins as you can imagine.
So, what’s up with Project Eleven on the whole quantum computing thing? Still in the research stage?
Startups are all about
That's an infinite loop. Tangibly speaking, I think there are people that now care about this problem, and if quantum is a thing, there will definitely be a market. Does that mean Project Eleven will be automatically successful? Nope!
Hard for me to imagine a product that makes money here. So, what kinda thing are you gonna sell?
idk people pay a lot of money to manage their cryptographic keys today inside of an institutional custody context, and in cybersecurity more broadly.
But maybe they won't, and then I'll have to find another job or we'll have to pivot to something else! Story of a startup.
Aside from quantum, what is the biggest roadblock you see to Bitcoin success?
Apathy. When people take this system, that has been carefully maintained and built over decades (if you count the preceding cypherpunk era) for granted, then I think it becomes brittle and ultimately weak.
I've never liked the "digital gold" analogy for this reason. "Gold" is a rock that for some reason people value, but you never have to think about it. Bitcoin, if anything, is more like a democratic political system with a constitution defined by cryptography. And like any democracy, the second people become apathetic and take it for granted, I think it's a downhill road from there.
Specifically I'd like to see large institutional holders invest more in the long term success of the network, or at least publicly advocate for what they believe.
does Project Eleven have any competition at the moment?
I don't think we have any direct competitors. You could argue that:
are all tackling aspects of what we're doing, but nothing is directly analogous.
I saw that Project Eleven had a big release yesterday. Can you describe the quantum vault browser extension a bit more?
Yes, the quantum vault is effectively a reference implementation of a quantum-secure wallet. "Quantum-secure" in this sense means for Bitcoin that it enforces no spending from the same address twice. In that sense, it's actually not as usable as other wallets from a UX perspective, but it does ensure that Bitcoin that you put there will not be quantum vulnerable.
Think of this as the "wallet" that pairs with the Bitcoin Risq List.
Another novel thing: it uses BIP-85 vs BIP-32 for key derivation, and in principle this wallet could support PQ-ready opcodes when they are introduced into Bitcoin.
BTW the vault also supports Ethereum, and in a slightly different way, but given the venue I assume you guys are more curious about the BTC aspect.
Never heard of. Why do yo think that is?