Midnight Booth Day 2: LIVE from Consensus Miami

Added: 2026-05-09

[00:02:54]All right. So, we are live from Consensus Miami, day two, and my name is Ron. I'm here with uh Ben and Bob to discuss quantum computing and the risk that it will present to um blockchains in general and the crypto industry. Uh we have quite a few hot topics to discuss and how in in a way of how we prepared for it and how we understand the threat and what we are going to do to protect midnight from this type of of threats. So just framing the conversation, the crypto cryptographic protection is at risk when considering the the quantum computing and the ability to break any type of cryptography that exists today. And it doesn't matter in what way we use the cryptography. It is a risk because anybody with enough power will be able to break some cryptography that was built to protect the network from any type of reading information. So what we want to maybe do now is um take a minute just to explain the level of the threat in general not specifically to midnight and why we this this is so important that we will address it now and not wait for it to be happen because this is something that did not exist yet. So Ben if you can just explain a little bit why this is so important.

[00:04:13]>> Uh sure. Um so hi everybody that's listening. I'm Ben Beckman the chief technology adviser at the Midnight Foundation. I work with Ron and uh Bob uh extensively. Uh so the the threat of quantum uh quantum computing na basically makes some of the cryptography that we use today ineffective. It has the ability to crack things like elliptical curves which are very very commonly used in day-to-day life in your just banking or even over the internet.

[00:04:42]So these things are used heavily. Um, if that is enabled where it can actually be broken, then people that have these types of tools are able to take advantage of gaining access to that information stream, whether it be at rest or or in in moving. Um, over uh gez, I don't even know how many years, over many years, there have been lots of players that have come up and are starting to develop quantum computers.

[00:05:07]It used to be the case that kind of monthly or quarterly you get updates on how many cubits they have and as they kind of you know ramp up towards what the infamous number might be that would allow them to you know actually go do particular work. Um that type of news has actually kind of gone away. they've stopped advertising that because I think that they've actually started to achieve high levels of cubits and they're starting to move towards more advanced algorithms because now with these machines they know how to manipulate them in such a way that they can get even more improvements out and so the the let's say scary part of that is you have large organizations that are very knowledgeable in this space pulling up the deadline by which you need to be secure in this sense and even to the in the us to the point of procurement processes are having issues because there's requirements that new hardware that you purchase has to be able to stand up to this type of defense. Um, and so what needs to happen is you need to start preparing. You need to start understanding that this is a risk that can arrive, but with proper preparation, you're able to uh mitigate that particular risk and and keep moving on.

[00:06:18]>> How close are we actually to this mattering at all? Well, that's a great that's the couple trillion dollar question likely. Um, so recently a company such as Google has projected that they need to do this by 2029. Uh, DARPA has an ongoing program where they're looking to see uh when will we be able to have industrial scale quantum computing and they're supposed to release that information. I think it's next year. So these are ongoing and there are a lot of different players with different architectures on how to do it like trapped ions and electrical fields and other things like that. I don't know which one of those is going to win but I have a feeling that they are going to solve this particular problem and these things are going to come in the hands of those that can afford them.

[00:07:07]>> Yeah. So it's a problem with no expiration date. So that's a huge risk for all of us. What does postquantum readiness means or look like?

[00:07:17]>> Well, I I think it means a lot of things and and fortunately for for us, there's been a great deal of research in the space to date. I mean, I I I was at IBM 11 12 years ago when when the first quantum computer from IBM made his appearance with I think it was 60 cubits or something like that. Um and uh at the same time IBM was working on standardization of things like okay how do we manage a digital signature in a postquantum way how do we encrypt something in a postquantum way um so uh you have those considerations competing against each other but also it's an interesting to see how the protection side people have come together and really need to to prepare for for this eventuality. Um so you know you have a number of really solid standards in the space already um that for our industry are going to be uh interesting challenges to to address. Um one of the unfortunate side effects of of all the postquantum stuff to date is that it's significantly larger in size >> and on a blockchain you keep everything >> forever. So, you know, we've got to think about how we how we manage storage, how we manage networking stacks and all that kind of stuff to to adapt to this.

[00:08:38]>> It sounds like it's been a problem for a while. So, people are working to solve it. How close are we to bring something that will work or will solve the problem? Well, on on the general layer, there is a great deal of research that shows that the algorithms we have today um and there are a couple of NIST there's dithium for example um and uh Falcon is in the approval process as well that are based on math that is quantum resistant >> um you know specifically there are two algorithms Grover's al algorithm and Shor's algorithm which have been around for almost 50 years that um are what will be used to crack public key encryption um based on current technology.

[00:09:22]>> But um you know they're live they're in in production today. They are things that you know we at Shielded are are working with the Midnight team and the community to ensure that we are selecting the right algorithms for uh going forward. Um also making sure that we're setting the foundation uh from day one of our launch so that we can protect from some of the major threats. I mean a lot of people don't quite understand the the the basis of the threats to to our industry. One in a public blockchain um the major threat is um called harvest now decrypt later which is okay I've got this data and it's encrypted somehow with with standard cryptography non-postquantum cryptography. I'm going to store it. I'm going to be able to decrypt all of this and and have at it.

[00:10:06]Well, yeah, there are ways around that.

[00:10:08]And one of the things that that we've done uh for the midnight blockchain is uh we've we use a plunk circuit which is a the zero knowledge circuit that we use but we also use a technique called statistical blinding which allows us to actually make it quantum resistant for the harvest now decrypt later. So from day one of of of of our launch the data stored on chain is >> quantum resistant even without using a quantum resistant encryption algorithm.

[00:10:35]>> Yeah. So, so that that's an important protection. We also designed Midnight to be pluggable in terms of uh the signature schemes that are used. So, that um that's actually the second biggest risk and in some ways the largest risk to all of us here is is the risk of impersonation. Um and um so that signature scheme that is non-postquantum, somebody can figure out your private key and then transfer all your bitcoin to somewhere else, you know, >> and it doesn't burn it or themselves.

[00:11:11]Yeah. And it doesn't take a lot of time to do it.

[00:11:13]>> Yeah.

[00:11:13]>> So, uh having that pluggability is allowing us to to adapt rapidly to adding in uh state-of-the-art schemes as they come. So what these threats knowing that threat means for builders that build on midnight today?

[00:11:28]>> Well um >> they prepare for the future.

[00:11:31]>> The the good news is I think uh I'll let you talk a little bit more about the builders but from from a plumbing perspective from an infrastructure perspective that's really where the the rubber hits the road and and so those preparations that I was talking to you about those are the key things that need to be in place because ideally you as a builder don't have to worry about it.

[00:11:49]You know ideally you as a builder say I am running on midnight they have put in the controls uh you know they are standardized um well well well adopted and addressed um algorithms I can be confident that I don't have to to do anything special unless you're doing some interesting use cases. I don't know Ben if you've come across anything that's using novel encryption within the DAP itself beyond what's what's on the chain.

[00:12:14]>> Yeah. So so Mid Midnight is meant to be crosschain. It's meant to be a service layer that enables the addition of privacy to existing properties or new properties if you want to build them on midnight. Uh so there are uh with that setup you have the adoption of other cryptography that comes from other places such as Ethereum Salana Bitcoin and those and some of those have susceptibility to these types of attacks that you know we midnight doesn't um but if you're a builder and you use those in your smart contracts well then you know kind of by the nature of that there is an attack vector that could show up. Um but as Bob said if underneath the covers below that is taken care of by the system right the system itself is designed such that it can evolve and as these new techniques arrive and become standardized we'll introduce them there's probably an exercise of an upgrade that the developer would have to do to kind of redeploy a new proof or new verification such that it it's not susceptible to this >> uh and the nice part is other than that that one use case where I'm mentioning you could have cryptography some somewhere else that arrives you don't have to worry about it you as the builder you focus on the application that you're building the customer what their needs are you build for them and then you rely on midnight to advance the state-of-the-art of the system such that it's not even a concern for you >> so it sounds like we have a good understanding or good level of understanding of the problem but what does it what what is the worst case if we don't do something about it Well, the the worst. So, there in the not tooistant future, I think there's going to be a larger extinction event in web 3, right? There's all of these tokens that like FT is still trading.

[00:14:01]Like, come on. Like, it's a defunct and the guy's in jail. Like, this this is I don't know why people are holding on to this thing. But the chains themselves that don't adapt are going to be susceptible. And so, you're going to see organizations that are able to make this change. You're going to see organizations that are not. Those that are not are going to have a attack vector which probably will make the news in ways that you know they don't want to make the news >> and that'll be something that we have to you know fight through and represent a technology that doesn't have this particular problem. But those that are able to make make the change will be able to advance into the next iteration of what these tools allow.

[00:14:38]>> Well, yeah. And those that don't is it's existential. I mean it's not a oh this this will be bad. it will be they will be gone. Um, which is I think an interesting use case for for midnight that's that's worth exploring. Uh, is is if you have assets on chains that are not postquantum ready, can can we create a solution that that makes midnight a safe harbor for for those assets? um >> while while that ecosystem either comes up to speed or a means of of providing secondary transfer and things like that something I've been uh having weird dreams about on airplanes and stuff like that but uh you know how can how can those of us who are are trying to be uh proactive and responsible um help protect the broader ecosystem >> are the solutions that we are working today are still theoretical or it's something that we know what we have to do it's just going to take a little bit of time Well, as as Bob was mentioning, he mentioned a few signature mechanisms.

[00:15:39]Those are available today in commercial products generally kind of behind an experimental flag and maybe in the enterprise edition, but they're starting to show up. They're getting out. They're getting fielded. They're putting being put in products that are in the vendor list of of corporations today because they have the need. As as I mentioned, there's this procurement problem where organizations are not procuring new technology if that new technology can't demonstrate it's a it has a pathway to be quantum secure. And so things like key volts, for example, have a a you know, a very dire need to be able to support this type of capability. And they are. They're rolling it out.

[00:16:18]They're rolling it out in such a way where people can get their hands on it.

[00:16:21]And then it'll just become more and more mainstream over time. We got to kind of wait and let it percolate a little bit.

[00:16:27]But if you're interested, you can go and use these tools now.

[00:16:30]>> Yeah. I mean, if you've upgraded your iPhone to 26.3, for example, they have postquantum algorithms in in their in their in their crypto kit now.

[00:16:38]>> That's good. So, so your your iOS keychain with all your pass keys can be protected with postquantum algorithms.

[00:16:45]Uh, but do we know everything?

[00:16:47]Absolutely not. I mean there there there's a lot of uh work and research going on around particularly in in the blockchain space because of the great extent to which we use cryptography. I mean we we use cryptography more than most other industries. Um and so um and as I mentioned earlier we have the issues of you know size. We don't want huge transactions. All the postquantum stuff is several orders of magnitude larger. So um you know we're very actively um researching how we can reduce the size of those transactions or bundle transactions together so that we don't end up having massive bloat um >> so we want to solve it without impact on performance or other factors that >> exactly >> today. Yeah. And and >> making it worse, >> not m not making it worse is is is is the first goal. And then there are some interesting uh papers out there on how uh we can make it better and faster as well. Um and um some of that was talked about yesterday. Uh I think you were you were in that with Sebastian around the nightstream at the at the Linux Foundations decentralized trust, you know, uh postquantum folding schemes and things like that. So there there's a lot of uh cutting edge stuff happening out there uh with with a lot of uh really smart people from academic institutions and and basically everyone's focused on how do we solve this and I I I think the way we solve this is uh coming together >> u and and divi because it's an existential threat to our economic systems >> at the national level >> at at the na nation state level you know this is something we should come together and figure how how we collectively protect ourselves and and and I'm seeing that happen which is really great.

[00:18:32]>> I know we had a previous session that's more deep dive into nightstream. Can you mention this for a minute?

[00:18:37]>> Uh yeah sure. So for those of you that are interested you can watch the podcast from yesterday where myself um Sebastian and Taylor talked about uh Nightstream and it's uh an open source project that like Bob said we've contributed to the Linux Foundation and we're very much working in the open. It's a latticebased system. So what it allows us to do is it allows us to maintain the ability to operate on encrypted data like we do today with our elliptical curve based system but move it into a space where we can continue to do those operations but we can do them in a quantum secure way.

[00:19:11]So I'm not going to go too much deeper into how the nuts and bolts work. For those of you that are interested >> feel free to listen to the podcast that we we made yesterday and then you know any questions after that. come join us in our open working groups that we already have or you know send us a note and we'll be happy to follow up.

[00:19:28]>> Yeah, it's an yeah open source work and people are welcome to contribute.

[00:19:33]>> Yeah, we already have community members that have shown up and are are interested. We even uh uh Sebastian who is our our CTO of the Midnight Foundation is on his way to ZK Summit and it turns out there's a paper that was is going to be published at that event where somebody took Nightstream and integrated into their research paper and are showing performance metrics using the tool that we built. And they did this on their own. They forked the repo. They did the work that they needed to do. They're presenting the results.

[00:20:02]So now like the as a whole right all rising tide lifts all boats. We can take advantage of this and we can work whatever their learnings are back into the system and continue to evolve it.

[00:20:12]>> Yeah. So it sounds like we are on the way to solve the security of the assets that we have on chain. Let's talk a little bit about privacy. Midnet use zero knowledge proof and it also has a model of reducing the amount of data that it hold on chain. So even if you crack the system there is no data there.

[00:20:30]So can you explain a little bit about this model and how this has put us in a better position against this threat?

[00:20:37]>> Yeah, I think the easiest way to think about this is you know what's at stake, what what is available to be taken advantage of. And if it doesn't exist in that universe, then you simply can't take advantage of it. And so the way Midnight's designed is what is actually on chain is a verifier and potentially transcript that updates public state.

[00:20:59]Mhm.

[00:20:59]>> The chain itself doesn't even know what the smart contract does and doesn't need to. It doesn't have the private data that you retain. It has the public data and it has these proofs which are cryptographic mumbo jumbo for anybody that's looking at them. It doesn't give you the the surface that you can attack because you need to access the private data. So to compromise it, you got to compromise both sides. you if you're going after Bob, you got to get into Bob's infrastructure, be able to get after that private information there, and then you also have to make the step of of committing the transaction on chain. So, it makes it significantly more difficult, and it makes the chain itself um have somewhat of an antidote to this type of um >> something that builders can do today is understand this model, understand this mental model and and concept and try to build or design their solution. uh that will feed the midnight uh models. I know that our language the compact language supposed to help people to think in this way in this aspects and help them to design the right solution that separate the sensitive data.

[00:22:07]>> Yeah, we have a a witness protection program that that helps you prevent uh inadvertent disclosure of of uh the witness data that you're putting on. um public service announcement also make sure that you realize anytime you use that disclose method it's putting it in public state. So yeah that means everybody can see it. Um so but we we made it so you had to very explicitly disclose things as opposed to uh having to guess what was going to go where. Um you know we tried to make it very easy for you.

[00:22:37]>> Yeah. And that's unique to Midnight today and all of it is available in the documentation and public repos and a lot of examples that exist.

[00:22:46]>> Yeah. And and that's another thing that we we we collectively shielded and and midnight have contributed to the open source community is the compact language under the Minikawa project at the Linux Foundation >> with the goal of it being a way in which you could target multiple runtimes with u easy to use um TypeScript similar uh syntax um for creating zero knowledge circuits. You know, ordinarily they're things that you have to be a a pretty serious mathematician to be able to sit down and and handcraft those circuits.

[00:23:17]We try and make it so that uh it's an easy leap for somebody who understands the concepts of zero knowledge to jump into that space and create um these these uh uh ZK applications. So quantum security is a thread but maybe it's also an opportunity how this is going to help us maybe to improve the service or the network performance anything like that that we are doing or thinking that can help us >> one thing I think that uh the quantum threat uh has done for the the community for the world is um people are thinking about privacy and security again it's so easy to get into the mode of uh okay, I'm just going to click and accept. I'm going to not worry about it and it's all good. Um >> this is forcing people the more the more you see about it in the news etc. >> forcing people to think about what what is important for me to keep private. How do I keep it private? Uh so I I I think in that sense it is it is doing us all a service because um yeah >> we we haven't talked about the other major threat to uh it in this podcast probably not in the nightstream one either which is AI. I mean just just the um fact that we have that lurking is forcing us to to think about how we overall secure our our financial systems, our government systems etc. So I think that is a real benefit. Um I think it's also a benefit for us to be looking at new techniques for doing things because innovation sparks new applications sparks uh things that that you couldn't have imagined before. um because you know you you've had a fundamental shift in your thinking and it's an interesting convergence I think of quantum and AI at this point that are are are really making this an exciting time to be in the software development space.

[00:25:15]>> Yeah, that definitely helped out. Any to add to this?

[00:25:19]>> I think just from like the total nerd perspective of if you look at quantum you can search faster. So if you search in a touring machine, it's n login, right? For those of you on on the line that understand what that means. Every item plus times the log of all of those items. It's how long it takes you to find the item you're searching for.

[00:25:39]Quantum does it in the square root of it, which is if you draw out a graph, you'll see that that line is significantly lower. So I think most of the innovation is that there are problems you will now be able to attack with a quantum computer and solve and oh by the way you're going to get 10,000 answers that are better and more timely than what you can do with a traditional computer. I think that's where the advancement's going to be because now you can go after certain drug development or or optimizations that you haven't been able to do before just simply because the machines couldn't do it.

[00:26:11]>> Weather modeling is another area that's >> Yeah. Yep. So just that simple you go from n login to n squared it is significantly better. You do need to figure out what these programming models are. So you know good luck with that and I'm sure that barrier will drop over time. Um but that I think is where the innovation is going to be at.

[00:26:32]>> So we we'll see compact for quantum computers.

[00:26:35]>> Yeah. But the nice part thing about compact is compact could just choose it as a compilation target.

[00:26:40]>> Exactly.

[00:26:41]>> Yeah. It also allow people to maybe fake information faster in a way that they can integrate into existing workflow, maybe >> change information in real time.

[00:26:53]>> Well, uh, maybe, but I also think there's going to be, you know, counter >> counters to that, right? Like there's going to be there's obviously industries that evolve to make this not happen. It will continue to be an arms race, right?

[00:27:05]You have the good guys and the bad guys kind of going at it.

[00:27:08]Uh the I guess the position here with quantum though is it's going to start kind of at the very high dollar side.

[00:27:15]These machines are not cheap. You need refrigerators that go down to basically zero Kelvin. You need experts at the moment to run them and program them. And so you you need a large capital investment to go do this well today. Uh over time, sure, maybe we'll hit Moore's law and it'll come down. But I think Moore stated his law back in the 60s lasted for quite a long time and you still needed that wizardry. You know, way into the 70s, maybe into the 80s things got better.

[00:27:44]>> Languages like C showed up and then it evolved. You start not caring about the cycles in the machine. Right.

[00:27:49]>> Right. Life got better, but it took a while. And this is going to I think have a similar trajectory because you still need to learn the characteristics of how these particular machines work and how you can make them work well. But they unlock an entire new set of application space that we just can't touch today.

[00:28:05]>> Yeah. So there's no expiration date that. So um it's not like the millennium bug everybody knew when would be the time and the second that we should expect some major issues.

[00:28:17]When do you expect or when do you want and when do you expect we actually going to be ready for this threat? Not considering this as a threat anymore. Uh well I think from the midnight perspective we'll be kind I would hope that we're well within like the 2030 boundary >> be able to have this live fielded in the system for sure. As you mentioned we have ongoing program to take lattice based cryptography and enable it to remove our elliptical curves which is a vulnerability >> and just that type of cryptography.

[00:28:50]um you have these large organizations that are kind of pulling in the finish line and saying, "Well, it's not 2030 later. Now it's like 2029."

[00:28:57]>> Yes.

[00:28:58]>> And it's going to show up as a service.

[00:29:01]As long as you're an organization that can gain access to these things, they're going to be available to you and we just need to be ready. I don't think it's a rush. It's not a hair on fire. You know, the tomorrow everything's going to end.

[00:29:13]But it's a preparation. You got to be ready. Your readiness has to be high.

[00:29:18]And you're going to see it staged in as well because you know, you know, we've already got that first thing. What's on chain is secured. That's there from day one. Next thing is identity and and securing the ident the signature schemes and things like that for um proving you own a particular UTXO, you know. So, so having those in place is the next step.

[00:29:39]And you know, we we've built the foundation allowing a pluggable framework there. So it's a matter of you know we're doing assessments of Falcon and Dithium u and a few other things that are novel for you know a a either an overlay or in parallel so that you can start integrating those those uh postquantum signatures into your transactions >> and that's you know in the next year or so we'll have >> and since Midnight is using zero knowledge proof we are also updating the proofing system >> the the proofing system is um yeah that that's part of what the night aspect is about. Um so um and and we made uh the correct adjustments to to the current proving system which is plon the statistical blinding that I mentioned which is you put a salt in that that makes the the uh >> what's onchain irreversible um you know it is uh statistically u z statistical zero knowledge in other words it is postquantum already uh >> so it's definitely an a hot topic for everyone anything you want to add ban that make people relax that we are in a good shape to resolve the problem.

[00:30:49]>> Well, I make people relax. I think you know it's you have you have professionals working on a particular problem. We know let's say kind of when the deadline of being able to solve that problem is >> we've taken time even at the national level to evaluate lots of different algorithms. There was even an algorithm they thought was good for a couple years and then it turned out it wasn't and it got you know got the boot. um they've gone through that exercise, they've standardized various signature algorithms as Bob have mentioned and they're starting to field them in products. And so on the midnight side, we are evolving in very much the same way. We're using these tools that are available. Other people are going to have their eyes on working in the open to enable them to come into Midnight and be used in a in a trustless way. Uh we're not inventing a whole new science to go solve this. There are many organizations that are working on this and as long as you're kind of working on it professionally, you're going to be able to advance the the ball.

[00:31:47]>> Right. Last word to >> Yeah. I mean, I I think it's important to to also uh for us as a broader blockchain crypto community to realize that this is in fact a team sport. uh you know I I think we've finally come to the point where we realize that that uh if your blockchain is an island it's going to be relegated to nowhere. Uh if your zero knowledge proof capability is an island it's going to get relegated to nowhere. Uh this is where I think we as an industry can really come together uh and and build solutions for the the entire community. You know the uh it's an opportunity for collaboration I guess is is what I'm saying. So um that that that excites me too is uh in as much as I see you know the the web of blockchains and and coming together I think they'll have the the web of zero knowledge coming together um because uh there's strength in numbers and and each one has its own benefits and and and uh um it's what's going to going to help us get through this. Same same thing with AI. You know we're going to figure these things out together. So I want to thank you Bob and Ben for so much information that you shared with us. I welcome everybody to keep following Midnight, understand how Midnight is addressing this and how it can help companies to build the right solution that it will be quantum computing ready. Thank you for the audience for listening and there are more sessions coming after so stay tuned.

[00:33:20]>> Thank you very much.

[00:33:21]>> Thank you. Thank you. Pleasure.