Re: [bitcoindev] Against Allowing Quantum Recovery of BitcoinHEADmaster

1 files changed, 2168 insertions, 0 deletions

diff --git a/1e/a31f3f7d8b96f9eae1403ba36dd79fb9479d8d b/1e/a31f3f7d8b96f9eae1403ba36dd79fb9479d8d
new file mode 100644
index 000000000..52ac464de
--- /dev/null
+++ b/1e/a31f3f7d8b96f9eae1403ba36dd79fb9479d8d
@@ -0,0 +1,2168 @@
+Delivery-date: Sat, 07 Jun 2025 06:55:16 -0700
+Received: from mail-yb1-f187.google.com ([209.85.219.187])
+	by mail.fairlystable.org with esmtps  (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
+	(Exim 4.94.2)
+	(envelope-from <bitcoindev+bncBDI23FE35EIBBNEJSHBAMGQEAHDSGAQ@googlegroups.com>)
+	id 1uNu0t-0001jm-UW
+	for bitcoindev@gnusha.org; Sat, 07 Jun 2025 06:55:16 -0700
+Received: by mail-yb1-f187.google.com with SMTP id 3f1490d57ef6-e812e1573ecsf3222588276.2
+        for <bitcoindev@gnusha.org>; Sat, 07 Jun 2025 06:55:11 -0700 (PDT)
+DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
+        d=googlegroups.com; s=20230601; t=1749304506; x=1749909306; darn=gnusha.org;
+        h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post
+         :list-id:mailing-list:precedence:x-original-sender:mime-version
+         :subject:references:in-reply-to:message-id:to:from:date:sender:from
+         :to:cc:subject:date:message-id:reply-to;
+        bh=9up5hq4lJvtrJoktHUw8WLn/9puCsIJYdju6zi1b7nA=;
+        b=RkUlEpHFre0+3f82GTZxk6/rFrd9RLtd3Y/hH07LsiL+RHBUVzjCkDOacnKUyUak9U
+         /1Mfm68izCtNN3Hd+j6rwsMVLWRr6f+HmBvCjTag6NE5TvF+K7h4v7ln8069pAPkLV5I
+         3OUBUirsoMNApI4C0HWNvy/Yw8Fn3rdTZPcgadvvHArvcVDeD9aeDnkigFPiHAqO3sks
+         3Wa5u2ob0sXtRQmWPQ6A96Hi/vX2a5Xlo7h+hj8PvLcK/AEmMRKGLdqhg8SaBQdX98de
+         EJaqKOqg9ZwWoc47z4P6xhiuuH/CNE5ze8Wnj1GwGRI+CgsePe3Pg3fYe08EW1+pNAy1
+         8FaQ==
+DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
+        d=gmail.com; s=20230601; t=1749304506; x=1749909306; darn=gnusha.org;
+        h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post
+         :list-id:mailing-list:precedence:x-original-sender:mime-version
+         :subject:references:in-reply-to:message-id:to:from:date:from:to:cc
+         :subject:date:message-id:reply-to;
+        bh=9up5hq4lJvtrJoktHUw8WLn/9puCsIJYdju6zi1b7nA=;
+        b=aeVjJaJ65W0ngv2oiSM35+bPvzZXKfLmVCCY+5st+PRhm74xvfpG1slgse9E2luQjP
+         KfR9MllX92bbd9sGqfL2ZrmotRegSrXNp2xNBGcHB8o5NwusTw2VJ5hwmmhKDWDG4Qxp
+         xtVaADjsDu71tploQB9cMQEMGIUGoITvGcRlW0CIOsaGcL7h9V/G9Ns3viX+BISDwrkQ
+         7D6Azg4wrfwBKOCBwqaGt7QZPtr9HRjckfccQ+ePRatoHZaMvYAHjsGCPJflBQLy5QCl
+         a/3QwZhm7WNYXgPDXX6dSkSuGYj75nf9xu8X307kKes9CL9aJU52iAchNvH4zLBFwEXh
+         3g3w==
+X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
+        d=1e100.net; s=20230601; t=1749304506; x=1749909306;
+        h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post
+         :list-id:mailing-list:precedence:x-original-sender:mime-version
+         :subject:references:in-reply-to:message-id:to:from:date:x-beenthere
+         :x-gm-message-state:sender:from:to:cc:subject:date:message-id
+         :reply-to;
+        bh=9up5hq4lJvtrJoktHUw8WLn/9puCsIJYdju6zi1b7nA=;
+        b=gvUm7rz99Lo/Y53SAfLQuPdjcHaH2ys7OjygBnD6F37/tfihbvi9Q/nI4e5OjkzVl2
+         W1JNmxGH2idLB5/wTNsp7WpLdeoHtCefQyDEib4Lzz5SSRl8EJ/V58sDPkUgQtcD7d4p
+         HX/u0bzNZd+g4LFm+4t9jGrMus2/UdR9SVOcplKB70RfPOHEI42T6/UAUVwRHuhJb0Ss
+         E/H8U1bm0n5i9CLM8GQuh13tZPq14pP+IsZtmpMeRFKE58kMutGjCnAToJgnuS8lq5/n
+         esC/rXuXq56j46hf7IbpV3C0qMNXSmwizRkzF+2H+xuyneHXfEfpcX14+2xZnSDW5I7e
+         3DCg==
+Sender: bitcoindev@googlegroups.com
+X-Forwarded-Encrypted: i=1; AJvYcCVgU7ids4L4BTmyqm2Tb66yAjT+pgUM3kZfwL+rBu2vuDWE04d3dfgoXJ/V5ljk2xtbENbF1fxsEB5M@gnusha.org
+X-Gm-Message-State: AOJu0YzeM25xCRvRB9DoqJy4NEUgQJljPbIBJARZ7pGh7+kkweQsDnOx
+	4P8UYLvCmE1e+94hcmyTknJKJzjMartI2+UsvsQ0Rpz2KOwHyIgRrOGW
+X-Google-Smtp-Source: AGHT+IG2Br0Dp1pOKLfFwUWMTeKH6+g6IvzE/4mD7rSui0geEfrJmG0vbjo4qwNjbdBSmdRy62UWkg==
+X-Received: by 2002:a05:6902:c06:b0:e7d:c9f4:ed7b with SMTP id 3f1490d57ef6-e81a227c993mr9757571276.1.1749304505627;
+        Sat, 07 Jun 2025 06:55:05 -0700 (PDT)
+X-BeenThere: bitcoindev@googlegroups.com; h=AZMbMZfYGfIeHbTj2cq69vkQxDWQrC35RJGZY1av3o+1sp07bg==
+Received: by 2002:a25:6953:0:b0:e81:7cf7:5008 with SMTP id 3f1490d57ef6-e8188826eb1ls2611055276.0.-pod-prod-03-us;
+ Sat, 07 Jun 2025 06:55:00 -0700 (PDT)
+X-Received: by 2002:a05:690c:6c83:b0:6fb:b1dd:a00d with SMTP id 00721157ae682-710f771c5dfmr109416417b3.30.1749304500560;
+        Sat, 07 Jun 2025 06:55:00 -0700 (PDT)
+Received: by 2002:a05:690c:ed6:b0:70d:e0e5:164f with SMTP id 00721157ae682-710f8f40b91ms7b3;
+        Sat, 7 Jun 2025 06:28:35 -0700 (PDT)
+X-Received: by 2002:a05:690c:6f0b:b0:6fb:a696:b23b with SMTP id 00721157ae682-710f7739ae2mr99557867b3.33.1749302914045;
+        Sat, 07 Jun 2025 06:28:34 -0700 (PDT)
+Date: Sat, 7 Jun 2025 06:28:33 -0700 (PDT)
+From: waxwing/ AdamISZ <ekaggata@gmail.com>
+To: Bitcoin Development Mailing List <bitcoindev@googlegroups.com>
+Message-Id: <893891ea-34ec-4d60-9941-9f636be0d747n@googlegroups.com>
+In-Reply-To: <ZVSyhRF6sP5xZxzih0EUn-_35mQxiVXYzrvxZ_Dz7tTygUqTmxxyVhFfXswTUmIquzCR6XNGbgLlNUCkHucTAliQf7aesPZBLRFoceu_9BY=@protonmail.com>
+References: <E8269A1A-1899-46D2-A7CD-4D9D2B732364@astrotown.de>
+ <CAJDmzYxw+mXQKjS+h+r6mCoe1rwWUpa_yZDwmwx6U_eO5JhZLg@mail.gmail.com>
+ <zyx7G6H1TyB2sWVEKAfIYmCCvfXniazvrhGlaZuGLeFtjL3Ky7B-9nBptC0GCxuHMjjw8RasO7c3ZX46_6Nerv0SgCP0vOi5_nAXLmiCJOY=@proton.me>
+ <CAC3UE4+DR=DQqtT+X0SYvH1XCVnmatD7frcHC5dtdVAef39UnQ@mail.gmail.com>
+ <CAJDmzYycnXODG_e9ATqTkooUu3C-RS703P1-RQLW5CdcCehsqg@mail.gmail.com>
+ <ZVSyhRF6sP5xZxzih0EUn-_35mQxiVXYzrvxZ_Dz7tTygUqTmxxyVhFfXswTUmIquzCR6XNGbgLlNUCkHucTAliQf7aesPZBLRFoceu_9BY=@protonmail.com>
+Subject: Re: [bitcoindev] Against Allowing Quantum Recovery of Bitcoin
+MIME-Version: 1.0
+Content-Type: multipart/mixed; 
+	boundary="----=_Part_18010_831844196.1749302913697"
+X-Original-Sender: ekaggata@gmail.com
+Precedence: list
+Mailing-list: list bitcoindev@googlegroups.com; contact bitcoindev+owners@googlegroups.com
+List-ID: <bitcoindev.googlegroups.com>
+X-Google-Group-Id: 786775582512
+List-Post: <https://groups.google.com/group/bitcoindev/post>, <mailto:bitcoindev@googlegroups.com>
+List-Help: <https://groups.google.com/support/>, <mailto:bitcoindev+help@googlegroups.com>
+List-Archive: <https://groups.google.com/group/bitcoindev
+List-Subscribe: <https://groups.google.com/group/bitcoindev/subscribe>, <mailto:bitcoindev+subscribe@googlegroups.com>
+List-Unsubscribe: <mailto:googlegroups-manage+786775582512+unsubscribe@googlegroups.com>,
+ <https://groups.google.com/group/bitcoindev/subscribe>
+X-Spam-Score: 0.0 (/)
+
+------=_Part_18010_831844196.1749302913697
+Content-Type: multipart/alternative; 
+	boundary="----=_Part_18011_501201720.1749302913697"
+
+------=_Part_18011_501201720.1749302913697
+Content-Type: text/plain; charset="UTF-8"
+Content-Transfer-Encoding: quoted-printable
+
+> I'm not a lawyer, but if developers make a conscious decision to make a=
+=20
+code change that confiscates funds, even with a reasonable heads-up, I feel=
+=20
+like some lawyers might be tempted to make an argument that those=20
+developers should be held responsible for any losses. As everyone knows,=20
+Bitcoin has been under legal attacks before, and I'm not sure that anyone=
+=20
+would (or should) be willing to sign off on a change that might potentially=
+=20
+open them up to several billion dollars worth of personal responsibility -=
+=20
+especially if the "bonded courier" actually shows up and reveals a private=
+=20
+key that would have unlocked funds under the pre-QC scheme.
+
+Coincidentally, Peter Todd has just made the same point in another=20
+(apparently unrelated) thread, here:=20
+https://groups.google.com/g/bitcoindev/c/bmV1QwYEN4k/m/kkHQZd_BAwAJ
+
+For me it's very clear, that it's not an accident that such "unexpected"=20
+side effects exist. It's a feature that I'd whimsically call "ethical=20
+impedance-mismatch" (the term impedance mismatch has been used in=20
+computing/programming, which itself borrowed it from the real meaning, in=
+=20
+physics). People have a moral/ethical desire to make bitcoin function as=20
+well as possible, and see a failure mode in those using it for other=20
+purposes, but that line of thought clashes with the essential, basic=20
+principle of censorship-resistance.
+
+So we see technical borked-ness like failure to get accurate fee rates and=
+=20
+the like, from doing something (attempting to filter at p2p level) that it=
+=20
+is intrinsically counter to the foundational ethical, functional purpose of=
+=20
+the system: censorship-resistance. And then we see "cascading failures" of=
+=20
+the type discussed here: if the devs are working to break bitcoin's ethical=
+=20
+promise of censorship-resistance, then thugs^H^H politicians and lawyers,=
+=20
+will seek to take control of that "break" for their own purposes.
+
+That's why I'm not against "quantum recovery" as per the title of this=20
+thread. Recovery, independent of outside control, *is* bitcoin's function.=
+=20
+If half a million btc get spent by someone who has "recovered" in an=20
+unexpected way, tough titties. If the entire system collapses because we=20
+can't get our act together before 2085 (OK I know some think it's 2035, I=
+=20
+don't, but whatever), then it is what it is. That is a huge unknown. But=20
+Bitcoin will 100% fail if confiscation of *any* type becomes a thing.
+
+Cheers,
+AdamISZ/waxwing
+On Wednesday, June 4, 2025 at 4:56:53=E2=80=AFAM UTC-3 ArmchairCryptologist=
+ wrote:
+
+> Hi,
+>
+> With the longer grace period and selective deactivation, this seems more=
+=20
+> sensible, but there is one elephant in the room that I haven't seen=20
+> mentioned here - namely, the legal aspect. (If it was, sorry I missed it.=
+)
+>
+> I'm not a lawyer, but if developers make a conscious decision to make a=
+=20
+> code change that confiscates funds, even with a reasonable heads-up, I fe=
+el=20
+> like some lawyers might be tempted to make an argument that those=20
+> developers should be held responsible for any losses. As everyone knows,=
+=20
+> Bitcoin has been under legal attacks before, and I'm not sure that anyone=
+=20
+> would (or should) be willing to sign off on a change that might potential=
+ly=20
+> open them up to several billion dollars worth of personal responsibility =
+-=20
+> especially if the "bonded courier" actually shows up and reveals a privat=
+e=20
+> key that would have unlocked funds under the pre-QC scheme.
+>
+> The only safe-ish way I can see to do this is to have it only affect fund=
+s=20
+> that are very likely to be lost in the first place. So at the very least,=
+=20
+> it could not affect UTXOs that could potentially be encumbered with a=20
+> timelock (i.e. P2SH/P2WSH), and it could only affect UTXOs that have not=
+=20
+> moved for a very long time (say 15-20 years).=20
+>
+> If quantum computers capable of practical attacks against Bitcoin are eve=
+r=20
+> known to actually exist, *sending*=E2=80=8B to non-PQC addresses should o=
+f course=20
+> be disabled immediately. But I feel that the nature of a permissionless=
+=20
+> system implies a large degree of self-responsibility, so if someone choos=
+es=20
+> to keep using non-PQC addresses even after PQC addresses have become=20
+> available and practical quantum attacks are suspected to be an imminent=
+=20
+> danger, it's not necessarily up to the developers to tell them they can't=
+,=20
+> only that they really shouldn't.
+>
+> --
+> Regards,
+> ArmchairCryptologist
+>
+> Sent with Proton Mail <https://proton.me/mail/home> secure email.=20
+>
+> On Monday, May 26th, 2025 at 2:48 AM, Agustin Cruz <agusti...@gmail.com>=
+=20
+> wrote:
+>
+> Hi everyone,
+>
+> QRAMP proposal aims to manage the quantum transition responsibly without=
+=20
+> disrupting Bitcoin=E2=80=99s core principles.
+>
+> QRAMP has three phases:
+>
+> 1. Allow wallets to optionally include PQC keys in Taproot outputs. This=
+=20
+> enables early adoption without forcing anyone.
+>
+> 2. Announce a soft fork to disable vulnerable scripts, with a long=20
+> (~4-year) grace period. This gives ample time to migrate and avoids sudde=
+n=20
+> shocks.
+>
+> 3. Gradually deactivate vulnerable outputs based on age or inactivity.=20
+> This avoids a harsh cutoff and gives time for adaptation.
+>
+> We can also allow exceptions via proof-of-possession, and delay=20
+> restrictions on timelocked outputs to avoid harming future spenders.
+>
+> QRAMP is not about confiscation or control. It=E2=80=99s about aligning=
+=20
+> incentives, maintaining security, and offering a clear, non-coercive=20
+> upgrade path.
+>
+> Best,
+> Agustin Cruz
+>
+>
+>
+> El dom, 25 de may de 2025, 7:03=E2=80=AFp.m., Dustin Ray <dustinvo...@gma=
+il.com>=20
+> escribi=C3=B3:
+>
+>> The difference between the ETH/ETC split though was that no one had=20
+>> anything confiscated except the DAO hacker, everyone retained an identic=
+al=20
+>> number of tokens on each chain. The proposal for BTC is very different i=
+n=20
+>> that some holders will lose access to their coins during the PQ migratio=
+n=20
+>> under the confiscation approach. Just wanted to point that out.
+>>
+>> On Sun, May 25, 2025 at 3:06=E2=80=AFPM 'conduition' via Bitcoin Develop=
+ment=20
+>> Mailing List <bitco...@googlegroups.com> wrote:
+>>
+>>> Hey Saulo,
+>>>
+>>> You're right about the possibility of an ugly split. Laggards who don't=
+=20
+>>> move coins to PQ address schemes will be incentivized to follow any cha=
+in=20
+>>> where they keep their coins. But those who do migrate will be incentivi=
+zed=20
+>>> to follow the chain where unmigrated pre-quantum coins are frozen.=20
+>>>
+>>> While you're comparing this event to the ETH/ETC split, we should=20
+>>> remember that ETH remained the dominant chain despite their heavy-hande=
+d=20
+>>> rollback. Just goes to show, confusion and face-loss is a lesser evil t=
+han=20
+>>> allowing an adversary to pwn the network.=20
+>>>
+>>> This is the free-market way to solve problems without imposing rules on=
+=20
+>>> everyone.
+>>>
+>>>
+>>> It'd still be a free market even if quantum-vulnerable coins are frozen=
+.=20
+>>> The only way to test the relative value of quantum-safe vs=20
+>>> quantum-vulnerable coins is to split the chain and see how the market=
+=20
+>>> reacts.=20
+>>>
+>>> IMO, the "free market way" is to give people options and let their mone=
+y=20
+>>> flow to where it works best. That means people should be able to choose=
+=20
+>>> whether they want their money to be part of a system that allows quantu=
+m=20
+>>> attack, or part of one which does not. I know which I would choose, but=
+=20
+>>> neither you nor I can make that choice for everyone.
+>>>
+>>> regards,
+>>> conduition
+>>> On Monday, March 24th, 2025 at 7:19 AM, Agustin Cruz <
+>>> agusti...@gmail.com> wrote:
+>>>
+>>> I=E2=80=99m against letting quantum computers scoop up funds from addre=
+sses that=20
+>>> don=E2=80=99t upgrade to quantum-resistant.=20
+>>> Saulo=E2=80=99s idea of a free-market approach, leaving old coins up fo=
+r grabs=20
+>>> if people don=E2=80=99t move them, sounds fair at first. Let luck decid=
+e, right?=20
+>>> But I worry it=E2=80=99d turn into a mess. If quantum machines start cr=
+acking keys=20
+>>> and snagging coins, it=E2=80=99s not just lost Satoshi-era stuff at ris=
+k. Plenty of=20
+>>> active wallets, like those on the rich list Jameson mentioned, could ge=
+t=20
+>>> hit too. Imagine millions of BTC flooding the market. Prices tank, trus=
+t in=20
+>>> Bitcoin takes a dive, and we all feel the pain. Freezing those vulnerab=
+le=20
+>>> funds keeps that chaos in check.
+>>> Plus, =E2=80=9Cyour keys, your coins=E2=80=9D is Bitcoin=E2=80=99s hear=
+t. If quantum tech can=20
+>>> steal from you just because you didn=E2=80=99t upgrade fast enough, tha=
+t promise=20
+>>> feels shaky. Freezing funds after a heads-up period (say, four years)=
+=20
+>>> protects that idea better than letting tech giants or rogue states play=
+=20
+>>> vampire with our network. It also nudges people to get their act togeth=
+er=20
+>>> and move to safer addresses, which strengthens Bitcoin long-term.
+>>> Saulo=E2=80=99s right that freezing coins could confuse folks or spark =
+a split=20
+>>> like Ethereum Classic. But I=E2=80=99d argue quantum theft would look w=
+orse.=20
+>>> Bitcoin would seem broken, not just strict. A clear plan and enough tim=
+e to=20
+>>> migrate could smooth things over. History=E2=80=99s on our side too. Bi=
+tcoin=E2=80=99s=20
+>>> fixed bugs before, like SegWit. This feels like that, not a bailout.
+>>> So yeah, I=E2=80=99d rather see vulnerable coins locked than handed to =
+whoever=20
+>>> builds the first quantum rig. It=E2=80=99s less about coddling people a=
+nd more=20
+>>> about keeping Bitcoin solid for everyone. What do you all think?
+>>> Cheers,
+>>> Agust=C3=ADn
+>>>
+>>>
+>>> On Sun, Mar 23, 2025 at 10:29=E2=80=AFPM AstroTown <sa...@astrotown.de>=
+ wrote:
+>>>
+>>>> I believe that having some entity announce the decision to freeze old=
+=20
+>>>> UTXOs would be more damaging to Bitcoin=E2=80=99s image (and its value=
+) than having=20
+>>>> them gathered by QC. This would create another version of Bitcoin, sim=
+ilar=20
+>>>> to Ethereum Classic, causing confusion in the market.
+>>>>
+>>>> It would be better to simply implement the possibility of moving funds=
+=20
+>>>> to a PQC address without a deadline, allowing those who fail to do so =
+to=20
+>>>> rely on luck to avoid having their coins stolen. Most coins would be=
+=20
+>>>> migrated to PQC anyway, and in most cases, only the lost ones would re=
+main=20
+>>>> vulnerable. This is the free-market way to solve problems without impo=
+sing=20
+>>>> rules on everyone.
+>>>>
+>>>> Saulo Fonseca
+>>>>
+>>>>
+>>>> On 16. Mar 2025, at 15:15, Jameson Lopp <jameso...@gmail.com> wrote:
+>>>>
+>>>> The quantum computing debate is heating up. There are many=20
+>>>> controversial aspects to this debate, including whether or not quantum=
+=20
+>>>> computers will ever actually become a practical threat.
+>>>>
+>>>> I won't tread into the unanswerable question of how worried we should=
+=20
+>>>> be about quantum computers. I think it's far from a crisis, but given =
+the=20
+>>>> difficulty in changing Bitcoin it's worth starting to seriously discus=
+s.=20
+>>>> Today I wish to focus on a philosophical quandary related to one of th=
+e=20
+>>>> decisions that would need to be made if and when we implement a quantu=
+m=20
+>>>> safe signature scheme.
+>>>>
+>>>> Several Scenarios
+>>>> Because this essay will reference game theory a fair amount, and there=
+=20
+>>>> are many variables at play that could change the nature of the game, I=
+=20
+>>>> think it's important to clarify the possible scenarios up front.
+>>>>
+>>>> 1. Quantum computing never materializes, never becomes a threat, and=
+=20
+>>>> thus everything discussed in this essay is moot.
+>>>> 2. A quantum computing threat materializes suddenly and Bitcoin does=
+=20
+>>>> not have quantum safe signatures as part of the protocol. In this scen=
+ario=20
+>>>> it would likely make the points below moot because Bitcoin would be=20
+>>>> fundamentally broken and it would take far too long to upgrade the=20
+>>>> protocol, wallet software, and migrate user funds in order to restore=
+=20
+>>>> confidence in the network.
+>>>> 3. Quantum computing advances slowly enough that we come to consensus=
+=20
+>>>> about how to upgrade Bitcoin and post quantum security has been minima=
+lly=20
+>>>> adopted by the time an attacker appears.
+>>>> 4. Quantum computing advances slowly enough that we come to consensus=
+=20
+>>>> about how to upgrade Bitcoin and post quantum security has been highly=
+=20
+>>>> adopted by the time an attacker appears.
+>>>>
+>>>> For the purposes of this post, I'm envisioning being in situation 3 or=
+=20
+>>>> 4.
+>>>>
+>>>> To Freeze or not to Freeze?
+>>>> I've started seeing more people weighing in on what is likely the most=
+=20
+>>>> contentious aspect of how a quantum resistance upgrade should be handl=
+ed in=20
+>>>> terms of migrating user funds. Should quantum vulnerable funds be left=
+ open=20
+>>>> to be swept by anyone with a sufficiently powerful quantum computer OR=
+=20
+>>>> should they be permanently locked?
+>>>>
+>>>> "I don't see why old coins should be confiscated. The better option is=
+=20
+>>>>> to let those with quantum computers free up old coins. While this mig=
+ht=20
+>>>>> have an inflationary impact on bitcoin's price, to use a turn of phra=
+se,=20
+>>>>> the inflation is transitory. Those with low time preference should su=
+pport=20
+>>>>> returning lost coins to circulation."=20
+>>>>
+>>>> - Hunter Beast
+>>>>
+>>>>
+>>>> On the other hand:
+>>>>
+>>>> "Of course they have to be confiscated. If and when (and that's a big=
+=20
+>>>>> if) the existence of a cryptography-breaking QC becomes a credible th=
+reat,=20
+>>>>> the Bitcoin ecosystem has no other option than softforking out the ab=
+ility=20
+>>>>> to spend from signature schemes (including ECDSA and BIP340) that are=
+=20
+>>>>> vulnerable to QCs. The alternative is that millions of BTC become=20
+>>>>> vulnerable to theft; I cannot see how the currency can maintain any v=
+alue=20
+>>>>> at all in such a setting. And this affects everyone; even those which=
+=20
+>>>>> diligently moved their coins to PQC-protected schemes."
+>>>>> - Pieter Wuille
+>>>>
+>>>>
+>>>> I don't think "confiscation" is the most precise term to use, as the=
+=20
+>>>> funds are not being seized and reassigned. Rather, what we're really=
+=20
+>>>> discussing would be better described as "burning" - placing the funds =
+*out=20
+>>>> of reach of everyone*.
+>>>>
+>>>> Not freezing user funds is one of Bitcoin's inviolable properties.=20
+>>>> However, if quantum computing becomes a threat to Bitcoin's elliptic c=
+urve=20
+>>>> cryptography, *an inviolable property of Bitcoin will be violated one=
+=20
+>>>> way or another*.
+>>>>
+>>>> Fundamental Properties at Risk
+>>>> 5 years ago I attempted to comprehensively categorize all of Bitcoin's=
+=20
+>>>> fundamental properties that give it value.=20
+>>>> https://nakamoto.com/what-are-the-key-properties-of-bitcoin/
+>>>>
+>>>> The particular properties in play with regard to this issue seem to be=
+:
+>>>>
+>>>> *Censorship Resistance* - No one should have the power to prevent=20
+>>>> others from using their bitcoin or interacting with the network.
+>>>>
+>>>> *Forward Compatibility* - changing the rules such that certain valid=
+=20
+>>>> transactions become invalid could undermine confidence in the protocol=
+.
+>>>>
+>>>> *Conservatism* - Users should not be expected to be highly responsive=
+=20
+>>>> to system issues.
+>>>>
+>>>> As a result of the above principles, we have developed a strong meme=
+=20
+>>>> (kudos to Andreas Antonopoulos) that goes as follows:
+>>>>
+>>>> Not your keys, not your coins.
+>>>>
+>>>>
+>>>> I posit that the corollary to this principle is:
+>>>>
+>>>> Your keys, only your coins.
+>>>>
+>>>>
+>>>> A quantum capable entity breaks the corollary of this foundational=20
+>>>> principle. We secure our bitcoin with the mathematical probabilities=
+=20
+>>>> related to extremely large random numbers. Your funds are only secure=
+=20
+>>>> because truly random large numbers should not be guessable or discover=
+able=20
+>>>> by anyone else in the world.
+>>>>
+>>>> This is the principle behind the motto *vires in numeris* - strength=
+=20
+>>>> in numbers. In a world with quantum enabled adversaries, this principl=
+e is=20
+>>>> null and void for many types of cryptography, including the elliptic c=
+urve=20
+>>>> digital signatures used in Bitcoin.
+>>>>
+>>>> Who is at Risk?
+>>>> There has long been a narrative that Satoshi's coins and others from=
+=20
+>>>> the Satoshi era of P2PK locking scripts that exposed the public key=20
+>>>> directly on the blockchain will be those that get scooped up by a quan=
+tum=20
+>>>> "miner." But unfortunately it's not that simple. If I had a powerful=
+=20
+>>>> quantum computer, which coins would I target? I'd go to the Bitcoin ri=
+ch=20
+>>>> list and find the wallets that have exposed their public keys due to=
+=20
+>>>> re-using addresses that have previously been spent from. You can easil=
+y=20
+>>>> find them at=20
+>>>> https://bitinfocharts.com/top-100-richest-bitcoin-addresses.html
+>>>>
+>>>> Note that a few of these wallets, like Bitfinex / Kraken / Tether,=20
+>>>> would be slightly harder to crack because they are multisig wallets. S=
+o a=20
+>>>> quantum attacker would need to reverse engineer 2 keys for Kraken or 3=
+ for=20
+>>>> Bitfinex / Tether in order to spend funds. But many are single signatu=
+re.
+>>>>
+>>>> Point being, it's not only the really old lost BTC that are at risk to=
+=20
+>>>> a quantum enabled adversary, at least at time of writing. If we add a=
+=20
+>>>> quantum safe signature scheme, we should expect those wallets to be so=
+me of=20
+>>>> the first to upgrade given their incentives.
+>>>>
+>>>> The Ethical Dilemma: Quantifying Harm
+>>>> Which decision results in the most harm?
+>>>>
+>>>> By making quantum vulnerable funds unspendable we potentially harm som=
+e=20
+>>>> Bitcoin users who were not paying attention and neglected to migrate t=
+heir=20
+>>>> funds to a quantum safe locking script. This violates the "conservativ=
+ism"=20
+>>>> principle stated earlier. On the flip side, we prevent those funds plu=
+s far=20
+>>>> more lost funds from falling into the hands of the few privileged folk=
+s who=20
+>>>> gain early access to quantum computers.
+>>>>
+>>>> By leaving quantum vulnerable funds available to spend, the same set o=
+f=20
+>>>> users who would otherwise have funds frozen are likely to see them sto=
+len.=20
+>>>> And many early adopters who lost their keys will eventually see their=
+=20
+>>>> unreachable funds scooped up by a quantum enabled adversary.
+>>>>
+>>>> Imagine, for example, being James Howells, who accidentally threw away=
+=20
+>>>> a hard drive with 8,000 BTC on it, currently worth over $600M USD. He =
+has=20
+>>>> spent a decade trying to retrieve it from the landfill where he knows =
+it's=20
+>>>> buried, but can't get permission to excavate. I suspect that, given th=
+e=20
+>>>> choice, he'd prefer those funds be permanently frozen rather than fall=
+ into=20
+>>>> someone else's possession - I know I would.
+>>>>
+>>>> Allowing a quantum computer to access lost funds doesn't make those=20
+>>>> users any worse off than they were before, however it *would*have a=20
+>>>> negative impact upon everyone who is currently holding bitcoin.
+>>>>
+>>>> It's prudent to expect significant economic disruption if large amount=
+s=20
+>>>> of coins fall into new hands. Since a quantum computer is going to hav=
+e a=20
+>>>> massive up front cost, expect those behind it to desire to recoup thei=
+r=20
+>>>> investment. We also know from experience that when someone suddenly fi=
+nds=20
+>>>> themselves in possession of 9+ figures worth of highly liquid assets, =
+they=20
+>>>> tend to diversify into other things by selling.
+>>>>
+>>>> Allowing quantum recovery of bitcoin is *tantamount to wealth=20
+>>>> redistribution*. What we'd be allowing is for bitcoin to be=20
+>>>> redistributed from those who are ignorant of quantum computers to thos=
+e who=20
+>>>> have won the technological race to acquire quantum computers. It's har=
+d to=20
+>>>> see a bright side to that scenario.
+>>>>
+>>>> Is Quantum Recovery Good for Anyone?
+>>>>
+>>>> Does quantum recovery HELP anyone? I've yet to come across an argument=
+=20
+>>>> that it's a net positive in any way. It certainly doesn't add any secu=
+rity=20
+>>>> to the network. If anything, it greatly decreases the security of the=
+=20
+>>>> network by allowing funds to be claimed by those who did not earn them=
+.
+>>>>
+>>>> But wait, you may be thinking, wouldn't quantum "miners" have earned=
+=20
+>>>> their coins by all the work and resources invested in building a quant=
+um=20
+>>>> computer? I suppose, in the same sense that a burglar earns their spoi=
+ls by=20
+>>>> the resources they invest into surveilling targets and learning the sk=
+ills=20
+>>>> needed to break into buildings. What I say "earned" I mean through=20
+>>>> productive mutual trade.
+>>>>
+>>>> For example:
+>>>>
+>>>> * Investors earn BTC by trading for other currencies.
+>>>> * Merchants earn BTC by trading for goods and services.
+>>>> * Miners earn BTC by trading thermodynamic security.
+>>>> * Quantum miners don't trade anything, they are vampires feeding upon=
+=20
+>>>> the system.
+>>>>
+>>>> There's no reason to believe that allowing quantum adversaries to=20
+>>>> recover vulnerable bitcoin will be of benefit to anyone other than the=
+=20
+>>>> select few organizations that win the technological arms race to build=
+ the=20
+>>>> first such computers. Probably nation states and/or the top few larges=
+t=20
+>>>> tech companies.
+>>>>
+>>>> One could certainly hope that an organization with quantum supremacy i=
+s=20
+>>>> benevolent and acts in a "white hat" manner to return lost coins to th=
+eir=20
+>>>> owners, but that's incredibly optimistic and foolish to rely upon. Suc=
+h a=20
+>>>> situation creates an insurmountable ethical dilemma of only recovering=
+ lost=20
+>>>> bitcoin rather than currently owned bitcoin. There's no way to precise=
+ly=20
+>>>> differentiate between the two; anyone can claim to have lost their bit=
+coin=20
+>>>> but if they have lost their keys then proving they ever had the keys=
+=20
+>>>> becomes rather difficult. I imagine that any such white hat recovery=
+=20
+>>>> efforts would have to rely upon attestations from trusted third partie=
+s=20
+>>>> like exchanges.
+>>>>
+>>>> Even if the first actor with quantum supremacy is benevolent, we must=
+=20
+>>>> assume the technology could fall into adversarial hands and thus think=
+=20
+>>>> adversarially about the potential worst case outcomes. Imagine, for=20
+>>>> example, that North Korea continues scooping up billions of dollars fr=
+om=20
+>>>> hacking crypto exchanges and decides to invest some of those proceeds =
+into=20
+>>>> building a quantum computer for the biggest payday ever...
+>>>>
+>>>> Downsides to Allowing Quantum Recovery
+>>>> Let's think through an exhaustive list of pros and cons for allowing o=
+r=20
+>>>> preventing the seizure of funds by a quantum adversary.
+>>>>
+>>>> Historical Precedent
+>>>> Previous protocol vulnerabilities weren=E2=80=99t celebrated as "fair =
+game" but=20
+>>>> rather were treated as failures to be remediated. Treating quantum the=
+ft=20
+>>>> differently risks rewriting Bitcoin=E2=80=99s history as a free-for-al=
+l rather than=20
+>>>> a system that seeks to protect its users.
+>>>>
+>>>> Violation of Property Rights
+>>>> Allowing a quantum adversary to take control of funds undermines the=
+=20
+>>>> fundamental principle of cryptocurrency - if you keep your keys in you=
+r=20
+>>>> possession, only you should be able to access your money. Bitcoin is b=
+uilt=20
+>>>> on the idea that private keys secure an individual=E2=80=99s assets, a=
+nd=20
+>>>> unauthorized access (even via advanced tech) is theft, not a legitimat=
+e=20
+>>>> transfer.
+>>>>
+>>>> Erosion of Trust in Bitcoin
+>>>> If quantum attackers can exploit vulnerable addresses, confidence in=
+=20
+>>>> Bitcoin as a secure store of value would collapse. Users and investors=
+ rely=20
+>>>> on cryptographic integrity, and widespread theft could drive adoption =
+away=20
+>>>> from Bitcoin, destabilizing its ecosystem.
+>>>>
+>>>> This is essentially the counterpoint to claiming the burning of=20
+>>>> vulnerable funds is a violation of property rights. While some will=20
+>>>> certainly see it as such, others will find the apathy toward stopping=
+=20
+>>>> quantum theft to be similarly concerning.
+>>>>
+>>>> Unfair Advantage
+>>>> Quantum attackers, likely equipped with rare and expensive technology,=
+=20
+>>>> would have an unjust edge over regular users who lack access to such t=
+ools.=20
+>>>> This creates an inequitable system where only the technologically elit=
+e can=20
+>>>> exploit others, contradicting Bitcoin=E2=80=99s ethos of decentralized=
+ power.
+>>>>
+>>>> Bitcoin is designed to create an asymmetric advantage for DEFENDING=20
+>>>> one's wealth. It's supposed to be impractically expensive for attacker=
+s to=20
+>>>> crack the entropy and cryptography protecting one's coins. But now we =
+find=20
+>>>> ourselves discussing a situation where this asymmetric advantage is=20
+>>>> compromised in favor of a specific class of attackers.
+>>>>
+>>>> Economic Disruption
+>>>> Large-scale theft from vulnerable addresses could crash Bitcoin=E2=80=
+=99s price=20
+>>>> as quantum recovered funds are dumped on exchanges. This would harm al=
+l=20
+>>>> holders, not just those directly targeted, leading to broader financia=
+l=20
+>>>> chaos in the markets.
+>>>>
+>>>> Moral Responsibility
+>>>> Permitting theft via quantum computing sets a precedent that=20
+>>>> technological superiority justifies unethical behavior. This is essent=
+ially=20
+>>>> taking a "code is law" stance in which we refuse to admit that both co=
+de=20
+>>>> and laws can be modified to adapt to previously unforeseen situations.
+>>>>
+>>>> Burning of coins can certainly be considered a form of theft, thus I=
+=20
+>>>> think it's worth differentiating the two different thefts being discus=
+sed:
+>>>>
+>>>> 1. self-enriching & likely malicious
+>>>> 2. harm prevention & not necessarily malicious
+>>>>
+>>>> Both options lack the consent of the party whose coins are being burnt=
+=20
+>>>> or transferred, thus I think the simple argument that theft is immoral=
+=20
+>>>> becomes a wash and it's important to drill down into the details of ea=
+ch.
+>>>>
+>>>> Incentives Drive Security
+>>>> I can tell you from a decade of working in Bitcoin security - the=20
+>>>> average user is lazy and is a procrastinator. If Bitcoiners are given =
+a=20
+>>>> "drop dead date" after which they know vulnerable funds will be burned=
+,=20
+>>>> this pressure accelerates the adoption of post-quantum cryptography an=
+d=20
+>>>> strengthens Bitcoin long-term. Allowing vulnerable users to delay upgr=
+ading=20
+>>>> indefinitely will result in more laggards, leaving the network more ex=
+posed=20
+>>>> when quantum tech becomes available.
+>>>>
+>>>> Steel Manning
+>>>> Clearly this is a complex and controversial topic, thus it's worth=20
+>>>> thinking through the opposing arguments.
+>>>>
+>>>> Protecting Property Rights
+>>>> Allowing quantum computers to take vulnerable bitcoin could potentiall=
+y=20
+>>>> be spun as a hard money narrative - we care so greatly about not viola=
+ting=20
+>>>> someone's access to their coins that we allow them to be stolen!
+>>>>
+>>>> But I think the flip side to the property rights narrative is that=20
+>>>> burning vulnerable coins prevents said property from falling into=20
+>>>> undeserving hands. If the entire Bitcoin ecosystem just stands around =
+and=20
+>>>> allows quantum adversaries to claim funds that rightfully belong to ot=
+her=20
+>>>> users, is that really a "win" in the "protecting property rights" cate=
+gory?=20
+>>>> It feels more like apathy to me.
+>>>>
+>>>> As such, I think the "protecting property rights" argument is a wash.
+>>>>
+>>>> Quantum Computers Won't Attack Bitcoin
+>>>> There is a great deal of skepticism that sufficiently powerful quantum=
+=20
+>>>> computers will ever exist, so we shouldn't bother preparing for a=20
+>>>> non-existent threat. Others have argued that even if such a computer w=
+as=20
+>>>> built, a quantum attacker would not go after bitcoin because they woul=
+dn't=20
+>>>> want to reveal their hand by doing so, and would instead attack other=
+=20
+>>>> infrastructure.
+>>>>
+>>>> It's quite difficult to quantify exactly how valuable attacking other=
+=20
+>>>> infrastructure would be. It also really depends upon when an entity ga=
+ins=20
+>>>> quantum supremacy and thus if by that time most of the world's systems=
+ have=20
+>>>> already been upgraded. While I think you could argue that certain enti=
+ties=20
+>>>> gaining quantum capability might not attack Bitcoin, it would only del=
+ay=20
+>>>> the inevitable - eventually somebody will achieve the capability who=
+=20
+>>>> decides to use it for such an attack.
+>>>>
+>>>> Quantum Attackers Would Only Steal Small Amounts
+>>>> Some have argued that even if a quantum attacker targeted bitcoin,=20
+>>>> they'd only go after old, likely lost P2PK outputs so as to not arouse=
+=20
+>>>> suspicion and cause a market panic.
+>>>>
+>>>> I'm not so sure about that; why go after 50 BTC at a time when you=20
+>>>> could take 250,000 BTC with the same effort as 50 BTC? This is a class=
+ic=20
+>>>> "zero day exploit" game theory in which an attacker knows they have a=
+=20
+>>>> limited amount of time before someone else discovers the exploit and e=
+ither=20
+>>>> benefits from it or patches it. Take, for example, the recent ByBit at=
+tack=20
+>>>> - the highest value crypto hack of all time. Lazarus Group had comprom=
+ised=20
+>>>> the Safe wallet front end JavaScript app and they could have simply ha=
+d it=20
+>>>> reassign ownership of everyone's Safe wallets as they were interacting=
+ with=20
+>>>> their wallet. But instead they chose to only specifically target ByBit=
+'s=20
+>>>> wallet with $1.5 billion in it because they wanted to maximize their=
+=20
+>>>> extractable value. If Lazarus had started stealing from every wallet, =
+they=20
+>>>> would have been discovered quickly and the Safe web app would likely h=
+ave=20
+>>>> been patched well before any billion dollar wallets executed the malic=
+ious=20
+>>>> code.
+>>>>
+>>>> I think the "only stealing small amounts" argument is strongest for=20
+>>>> Situation #2 described earlier, where a quantum attacker arrives befor=
+e=20
+>>>> quantum safe cryptography has been deployed across the Bitcoin ecosyst=
+em.=20
+>>>> Because if it became clear that Bitcoin's cryptography was broken AND =
+there=20
+>>>> was nowhere safe for vulnerable users to migrate, the only logical opt=
+ion=20
+>>>> would be for everyone to liquidate their bitcoin as quickly as possibl=
+e. As=20
+>>>> such, I don't think it applies as strongly for situations in which we =
+have=20
+>>>> a migration path available.
+>>>>
+>>>> The 21 Million Coin Supply Should be in Circulation
+>>>> Some folks are arguing that it's important for the "circulating /=20
+>>>> spendable" supply to be as close to 21M as possible and that having a=
+=20
+>>>> significant portion of the supply out of circulation is somehow undesi=
+rable.
+>>>>
+>>>> While the "21M BTC" attribute is a strong memetic narrative, I don't=
+=20
+>>>> think anyone has ever expected that it would all be in circulation. It=
+ has=20
+>>>> always been understood that many coins will be lost, and that's actual=
+ly=20
+>>>> part of the game theory of owning bitcoin!
+>>>>
+>>>> And remember, the 21M number in and of itself is not a particularly=20
+>>>> important detail - it's not even mentioned in the whitepaper. What's=
+=20
+>>>> important is that the supply is well known and not subject to change.
+>>>>
+>>>> Self-Sovereignty and Personal Responsibility
+>>>> Bitcoin=E2=80=99s design empowers individuals to control their own wea=
+lth, free=20
+>>>> from centralized intervention. This freedom comes with the burden of=
+=20
+>>>> securing one's private keys. If quantum computing can break obsolete=
+=20
+>>>> cryptography, the fault lies with users who didn't move their funds to=
+=20
+>>>> quantum safe locking scripts. Expecting the network to shield users fr=
+om=20
+>>>> their own negligence undermines the principle that you, and not a thir=
+d=20
+>>>> party, are accountable for your assets.
+>>>>
+>>>> I think this is generally a fair point that "the community" doesn't ow=
+e=20
+>>>> you anything in terms of helping you. I think that we do, however, nee=
+d to=20
+>>>> consider the incentives and game theory in play with regard to quantum=
+ safe=20
+>>>> Bitcoiners vs quantum vulnerable Bitcoiners. More on that later.
+>>>>
+>>>> Code is Law
+>>>> Bitcoin operates on transparent, immutable rules embedded in its=20
+>>>> protocol. If a quantum attacker uses superior technology to derive pri=
+vate=20
+>>>> keys from public keys, they=E2=80=99re not "hacking" the system - they=
+'re simply=20
+>>>> following what's mathematically permissible within the current code.=
+=20
+>>>> Altering the protocol to stop this introduces subjective human=20
+>>>> intervention, which clashes with the objective, deterministic nature o=
+f=20
+>>>> blockchain.
+>>>>
+>>>> While I tend to agree that code is law, one of the entire points of=20
+>>>> laws is that they can be amended to improve their efficacy in reducing=
+=20
+>>>> harm. Leaning on this point seems more like a pro-ossification stance =
+that=20
+>>>> it's better to do nothing and allow harm to occur rather than take act=
+ion=20
+>>>> to stop an attack that was foreseen far in advance.
+>>>>
+>>>> Technological Evolution as a Feature, Not a Bug
+>>>> It's well known that cryptography tends to weaken over time and=20
+>>>> eventually break. Quantum computing is just the next step in this=20
+>>>> progression. Users who fail to adapt (e.g., by adopting quantum-resist=
+ant=20
+>>>> wallets when available) are akin to those who ignored technological=20
+>>>> advancements like multisig or hardware wallets. Allowing quantum theft=
+=20
+>>>> incentivizes innovation and keeps Bitcoin=E2=80=99s ecosystem dynamic,=
+ punishing=20
+>>>> complacency while rewarding vigilance.
+>>>>
+>>>> Market Signals Drive Security
+>>>> If quantum attackers start stealing funds, it sends a clear signal to=
+=20
+>>>> the market: upgrade your security or lose everything. This pressure=20
+>>>> accelerates the adoption of post-quantum cryptography and strengthens=
+=20
+>>>> Bitcoin long-term. Coddling vulnerable users delays this necessary=20
+>>>> evolution, potentially leaving the network more exposed when quantum t=
+ech=20
+>>>> becomes widely accessible. Theft is a brutal but effective teacher.
+>>>>
+>>>> Centralized Blacklisting Power
+>>>> Burning vulnerable funds requires centralized decision-making - a soft=
+=20
+>>>> fork to invalidate certain transactions. This sets a dangerous precede=
+nt=20
+>>>> for future interventions, eroding Bitcoin=E2=80=99s decentralization. =
+If quantum=20
+>>>> theft is blocked, what=E2=80=99s next - reversing exchange hacks? The =
+system must=20
+>>>> remain neutral, even if it means some lose out.
+>>>>
+>>>> I think this could be a potential slippery slope if the proposal was t=
+o=20
+>>>> only burn specific addresses. Rather, I'd expect a neutral proposal to=
+ burn=20
+>>>> all funds in locking script types that are known to be quantum vulnera=
+ble.=20
+>>>> Thus, we could eliminate any subjectivity from the code.
+>>>>
+>>>> Fairness in Competition
+>>>> Quantum attackers aren't cheating; they're using publicly available=20
+>>>> physics and math. Anyone with the resources and foresight can build or=
+=20
+>>>> access quantum tech, just as anyone could mine Bitcoin in 2009 with a =
+CPU.=20
+>>>> Early adopters took risks and reaped rewards; quantum innovators are d=
+oing=20
+>>>> the same. Calling it =E2=80=9Cunfair=E2=80=9D ignores that Bitcoin has=
+ never promised=20
+>>>> equality of outcome - only equality of opportunity within its rules.
+>>>>
+>>>> I find this argument to be a mischaracterization because we're not=20
+>>>> talking about CPUs. This is more akin to talking about ASICs, except e=
+ach=20
+>>>> ASIC costs millions if not billions of dollars. This is out of reach f=
+rom=20
+>>>> all but the wealthiest organizations.
+>>>>
+>>>> Economic Resilience
+>>>> Bitcoin has weathered thefts before (MTGOX, Bitfinex, FTX, etc) and=20
+>>>> emerged stronger. The market can absorb quantum losses, with unaffecte=
+d=20
+>>>> users continuing to hold and new entrants buying in at lower prices. F=
+ear=20
+>>>> of economic collapse overestimates the impact - the network=E2=80=99s =
+antifragility=20
+>>>> thrives on such challenges.
+>>>>
+>>>> This is a big grey area because we don't know when a quantum computer=
+=20
+>>>> will come online and we don't know how quickly said computers would be=
+ able=20
+>>>> to steal bitcoin. If, for example, the first generation of sufficientl=
+y=20
+>>>> powerful quantum computers were stealing less volume than the current =
+block=20
+>>>> reward then of course it will have minimal economic impact. But if the=
+y're=20
+>>>> taking thousands of BTC per day and bringing them back into circulatio=
+n,=20
+>>>> there will likely be a noticeable market impact as it absorbs the new=
+=20
+>>>> supply.
+>>>>
+>>>> This is where the circumstances will really matter. If a quantum=20
+>>>> attacker appears AFTER the Bitcoin protocol has been upgraded to suppo=
+rt=20
+>>>> quantum resistant cryptography then we should expect the most valuable=
+=20
+>>>> active wallets will have upgraded and the juiciest target would be the=
+=20
+>>>> 31,000 BTC in the address 12ib7dApVFvg82TXKycWBNpN8kFyiAN1dr which has=
+ been=20
+>>>> dormant since 2010. In general I'd expect that the amount of BTC=20
+>>>> re-entering the circulating supply would look somewhat similar to the=
+=20
+>>>> mining emission curve: volume would start off very high as the most=20
+>>>> valuable addresses are drained and then it would fall off as quantum=
+=20
+>>>> computers went down the list targeting addresses with less and less BT=
+C.
+>>>>
+>>>> Why is economic impact a factor worth considering? Miners and=20
+>>>> businesses in general. More coins being liquidated will push down the=
+=20
+>>>> price, which will negatively impact miner revenue. Similarly, I can at=
+test=20
+>>>> from working in the industry for a decade, that lower prices result in=
+ less=20
+>>>> demand from businesses across the entire industry. As such, burning qu=
+antum=20
+>>>> vulnerable bitcoin is good for the entire industry.
+>>>>
+>>>> Practicality & Neutrality of Non-Intervention
+>>>> There=E2=80=99s no reliable way to distinguish =E2=80=9Ctheft=E2=80=9D=
+ from legitimate "white=20
+>>>> hat" key recovery. If someone loses their private key and a quantum=20
+>>>> computer recovers it, is that stealing or reclaiming? Policing quantum=
+=20
+>>>> actions requires invasive assumptions about intent, which Bitcoin=E2=
+=80=99s=20
+>>>> trustless design can=E2=80=99t accommodate. Letting the chips fall whe=
+re they may=20
+>>>> avoids this mess.
+>>>>
+>>>> Philosophical Purity
+>>>> Bitcoin rejects bailouts. It=E2=80=99s a cold, hard system where outco=
+mes=20
+>>>> reflect preparation and skill, not sentimentality. If quantum computin=
+g=20
+>>>> upends the game, that=E2=80=99s the point - Bitcoin isn=E2=80=99t mean=
+t to be safe or fair=20
+>>>> in a nanny-state sense; it=E2=80=99s meant to be free. Users who lose =
+funds to=20
+>>>> quantum attacks are casualties of liberty and their own ignorance, not=
+=20
+>>>> victims of injustice.
+>>>>
+>>>> Bitcoin's DAO Moment
+>>>> This situation has some similarities to The DAO hack of an Ethereum=20
+>>>> smart contract in 2016, which resulted in a fork to stop the attacker =
+and=20
+>>>> return funds to their original owners. The game theory is similar beca=
+use=20
+>>>> it's a situation where a threat is known but there's some period of ti=
+me=20
+>>>> before the attacker can actually execute the theft. As such, there's t=
+ime=20
+>>>> to mitigate the attack by changing the protocol.
+>>>>
+>>>> It also created a schism in the community around the true meaning of=
+=20
+>>>> "code is law," resulting in Ethereum Classic, which decided to allow t=
+he=20
+>>>> attacker to retain control of the stolen funds.
+>>>>
+>>>> A soft fork to burn vulnerable bitcoin could certainly result in a har=
+d=20
+>>>> fork if there are enough miners who reject the soft fork and continue=
+=20
+>>>> including transactions.
+>>>>
+>>>> Incentives Matter
+>>>> We can wax philosophical until the cows come home, but what are the=20
+>>>> actual incentives for existing Bitcoin holders regarding this decision=
+?
+>>>>
+>>>> "Lost coins only make everyone else's coins worth slightly more. Think=
+=20
+>>>>> of it as a donation to everyone." - Satoshi Nakamoto
+>>>>
+>>>>
+>>>> If true, the corollary is:
+>>>>
+>>>> "Quantum recovered coins only make everyone else's coins worth less.=
+=20
+>>>>> Think of it as a theft from everyone." - Jameson Lopp
+>>>>
+>>>>
+>>>> Thus, assuming we get to a point where quantum resistant signatures ar=
+e=20
+>>>> supported within the Bitcoin protocol, what's the incentive to let=20
+>>>> vulnerable coins remain spendable?
+>>>>
+>>>> * It's not good for the actual owners of those coins. It=20
+>>>> disincentivizes owners from upgrading until perhaps it's too late.
+>>>> * It's not good for the more attentive / responsible owners of coins=
+=20
+>>>> who have quantum secured their stash. Allowing the circulating supply =
+to=20
+>>>> balloon will assuredly reduce the purchasing power of all bitcoin hold=
+ers.
+>>>>
+>>>> Forking Game Theory
+>>>> From a game theory point of view, I see this as incentivizing users to=
+=20
+>>>> upgrade their wallets. If you disagree with the burning of vulnerable=
+=20
+>>>> coins, all you have to do is move your funds to a quantum safe signatu=
+re=20
+>>>> scheme. Point being, I don't see there being an economic majority (or =
+even=20
+>>>> more than a tiny minority) of users who would fight such a soft fork. =
+Why=20
+>>>> expend significant resources fighting a fork when you can just move yo=
+ur=20
+>>>> coins to a new address?
+>>>>
+>>>> Remember that blocking spending of certain classes of locking scripts=
+=20
+>>>> is a tightening of the rules - a soft fork. As such, it can be meaning=
+fully=20
+>>>> enacted and enforced by a mere majority of hashpower. If miners genera=
+lly=20
+>>>> agree that it's in their best interest to burn vulnerable coins, are o=
+ther=20
+>>>> users going to care enough to put in the effort to run new node softwa=
+re=20
+>>>> that resists the soft fork? Seems unlikely to me.
+>>>>
+>>>> How to Execute Burning
+>>>> In order to be as objective as possible, the goal would be to announce=
+=20
+>>>> to the world that after a specific block height / timestamp, Bitcoin n=
+odes=20
+>>>> will no longer accept transactions (or blocks containing such transact=
+ions)=20
+>>>> that spend funds from any scripts other than the newly instituted quan=
+tum=20
+>>>> safe schemes.
+>>>>
+>>>> It could take a staggered approach to first freeze funds that are=20
+>>>> susceptible to long-range attacks such as those in P2PK scripts or tho=
+se=20
+>>>> that exposed their public keys due to previously re-using addresses, b=
+ut I=20
+>>>> expect the additional complexity would drive further controversy.
+>>>>
+>>>> How long should the grace period be in order to give the ecosystem tim=
+e=20
+>>>> to upgrade? I'd say a minimum of 1 year for software wallets to upgrad=
+e. We=20
+>>>> can only hope that hardware wallet manufacturers are able to implement=
+ post=20
+>>>> quantum cryptography on their existing hardware with only a firmware u=
+pdate.
+>>>>
+>>>> Beyond that, it will take at least 6 months worth of block space for=
+=20
+>>>> all users to migrate their funds, even in a best case scenario. Though=
+ if=20
+>>>> you exclude dust UTXOs you could probably get 95% of BTC value migrate=
+d in=20
+>>>> 1 month. Of course this is a highly optimistic situation where everyon=
+e is=20
+>>>> completely focused on migrations - in reality it will take far longer.
+>>>>
+>>>> Regardless, I'd think that in order to reasonably uphold Bitcoin's=20
+>>>> conservatism it would be preferable to allow a 4 year migration window=
+. In=20
+>>>> the meantime, mining pools could coordinate emergency soft forking log=
+ic=20
+>>>> such that if quantum attackers materialized, they could accelerate the=
+=20
+>>>> countdown to the quantum vulnerable funds burn.
+>>>>
+>>>> Random Tangential Benefits
+>>>> On the plus side, burning all quantum vulnerable bitcoin would allow u=
+s=20
+>>>> to prune all of those UTXOs out of the UTXO set, which would also clea=
+n up=20
+>>>> a lot of dust. Dust UTXOs are a bit of an annoyance and there has even=
+ been=20
+>>>> a recent proposal for how to incentivize cleaning them up.
+>>>>
+>>>> We should also expect that incentivizing migration of the entire UTXO=
+=20
+>>>> set will create substantial demand for block space that will sustain a=
+ fee=20
+>>>> market for a fairly lengthy amount of time.
+>>>>
+>>>> In Summary
+>>>> While the moral quandary of violating any of Bitcoin's inviolable=20
+>>>> properties can make this a very complex issue to discuss, the game the=
+ory=20
+>>>> and incentives between burning vulnerable coins versus allowing them t=
+o be=20
+>>>> claimed by entities with quantum supremacy appears to be a much simple=
+r=20
+>>>> issue.
+>>>>
+>>>> I, for one, am not interested in rewarding quantum capable entities by=
+=20
+>>>> inflating the circulating money supply just because some people lost t=
+heir=20
+>>>> keys long ago and some laggards are not upgrading their bitcoin wallet=
+'s=20
+>>>> security.
+>>>>
+>>>> We can hope that this scenario never comes to pass, but hope is not a=
+=20
+>>>> strategy.
+>>>>
+>>>> I welcome your feedback upon any of the above points, and contribution=
+=20
+>>>> of any arguments I failed to consider.
+>>>>
+>>>> --=20
+>>>> You received this message because you are subscribed to the Google=20
+>>>> Groups "Bitcoin Development Mailing List" group.
+>>>> To unsubscribe from this group and stop receiving emails from it, send=
+=20
+>>>> an email to bitcoindev+...@googlegroups.com.
+>>>> To view this discussion visit=20
+>>>> https://groups.google.com/d/msgid/bitcoindev/CADL_X_cF%3DUKVa7CitXReMq=
+8nA_4RadCF%3D%3DkU4YG%2B0GYN97P6hQ%40mail.gmail.com
+>>>> .
+>>>>
+>>>> --=20
+>>>> You received this message because you are subscribed to the Google=20
+>>>> Groups "Bitcoin Development Mailing List" group.
+>>>> To unsubscribe from this group and stop receiving emails from it, send=
+=20
+>>>> an email to bitcoindev+...@googlegroups.com.
+>>>> To view this discussion visit=20
+>>>> https://groups.google.com/d/msgid/bitcoindev/E8269A1A-1899-46D2-A7CD-4=
+D9D2B732364%40astrotown.de
+>>>> .
+>>>
+>>>
+>>>> --=20
+>>> You received this message because you are subscribed to the Google=20
+>>> Groups "Bitcoin Development Mailing List" group.
+>>> To unsubscribe from this group and stop receiving emails from it, send=
+=20
+>>> an email to bitcoindev+...@googlegroups.com.
+>>> To view this discussion visit=20
+>>> https://groups.google.com/d/msgid/bitcoindev/CAJDmzYxw%2BmXQKjS%2Bh%2Br=
+6mCoe1rwWUpa_yZDwmwx6U_eO5JhZLg%40mail.gmail.com
+>>> .
+>>>
+>>>
+>>> --=20
+>>> You received this message because you are subscribed to the Google=20
+>>> Groups "Bitcoin Development Mailing List" group.
+>>> To unsubscribe from this group and stop receiving emails from it, send=
+=20
+>>> an email to bitcoindev+...@googlegroups.com.
+>>> To view this discussion visit=20
+>>> https://groups.google.com/d/msgid/bitcoindev/zyx7G6H1TyB2sWVEKAfIYmCCvf=
+XniazvrhGlaZuGLeFtjL3Ky7B-9nBptC0GCxuHMjjw8RasO7c3ZX46_6Nerv0SgCP0vOi5_nAXL=
+miCJOY%3D%40proton.me
+>>> .
+>>>
+>> --=20
+> You received this message because you are subscribed to the Google Groups=
+=20
+> "Bitcoin Development Mailing List" group.
+> To unsubscribe from this group and stop receiving emails from it, send an=
+=20
+> email to bitcoindev+...@googlegroups.com.
+>
+> To view this discussion visit=20
+> https://groups.google.com/d/msgid/bitcoindev/CAJDmzYycnXODG_e9ATqTkooUu3C=
+-RS703P1-RQLW5CdcCehsqg%40mail.gmail.com
+> .
+>
+>
+>
+
+--=20
+You received this message because you are subscribed to the Google Groups "=
+Bitcoin Development Mailing List" group.
+To unsubscribe from this group and stop receiving emails from it, send an e=
+mail to bitcoindev+unsubscribe@googlegroups.com.
+To view this discussion visit https://groups.google.com/d/msgid/bitcoindev/=
+893891ea-34ec-4d60-9941-9f636be0d747n%40googlegroups.com.
+
+------=_Part_18011_501201720.1749302913697
+Content-Type: text/html; charset="UTF-8"
+Content-Transfer-Encoding: quoted-printable
+
+<div>&gt; I'm not a lawyer, but if developers make a conscious decision to =
+make a=20
+code change that confiscates funds, even with a reasonable heads-up, I=20
+feel like some lawyers might be tempted to make an argument that those=20
+developers should be held responsible for any losses. As everyone knows,
+ Bitcoin has been under legal attacks before, and I'm not sure that=20
+anyone would (or should) be willing to sign off on a change that might=20
+potentially open them up to several billion dollars worth of personal=20
+responsibility - especially if the "bonded courier" actually shows up=20
+and reveals a private key that would have unlocked funds under the=20
+pre-QC scheme.</div><div><br /></div><div>Coincidentally, Peter Todd has ju=
+st made the same point in another (apparently unrelated) thread, here: http=
+s://groups.google.com/g/bitcoindev/c/bmV1QwYEN4k/m/kkHQZd_BAwAJ</div><div><=
+br /></div><div>For me it's very clear, that it's not an accident that such=
+ "unexpected" side effects exist. It's a feature that I'd whimsically call =
+"ethical impedance-mismatch" (the term impedance mismatch has been used in =
+computing/programming, which itself borrowed it from the real meaning, in p=
+hysics). People have a moral/ethical desire to make bitcoin function as wel=
+l as possible, and see a failure mode in those using it for other purposes,=
+ but that line of thought clashes with the essential, basic principle of ce=
+nsorship-resistance.</div><div><br /></div><div>So we see technical borked-=
+ness like failure to get accurate fee rates and the like, from doing someth=
+ing (attempting to filter at p2p level) that it is intrinsically counter to=
+ the foundational ethical, functional purpose of the system: censorship-res=
+istance. And then we see "cascading failures" of the type discussed here: i=
+f the devs are working to break bitcoin's ethical promise of censorship-res=
+istance, then thugs^H^H politicians and lawyers, will seek to take control =
+of that "break" for their own purposes.</div><div><br /></div><div>That's w=
+hy I'm not against "quantum recovery" as per the title of this thread. Reco=
+very, independent of outside control, *is* bitcoin's function. If half a mi=
+llion btc get spent by someone who has "recovered" in an unexpected way, to=
+ugh titties. If the entire system collapses because we can't get our act to=
+gether before 2085 (OK I know some think it's 2035, I don't, but whatever),=
+ then it is what it is. That is a huge unknown. But Bitcoin will 100% fail =
+if confiscation of *any* type becomes a thing.</div><br /><div>Cheers,</div=
+>AdamISZ/waxwing<div class=3D"gmail_quote"><div dir=3D"auto" class=3D"gmail=
+_attr">On Wednesday, June 4, 2025 at 4:56:53=E2=80=AFAM UTC-3 ArmchairCrypt=
+ologist wrote:<br/></div><blockquote class=3D"gmail_quote" style=3D"margin:=
+ 0 0 0 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;=
+"><div style=3D"font-family:Arial,sans-serif;font-size:14px">Hi,</div><div =
+style=3D"font-family:Arial,sans-serif;font-size:14px"><br></div><div style=
+=3D"font-family:Arial,sans-serif;font-size:14px">With the longer grace peri=
+od and selective deactivation, this seems more sensible, but there is one e=
+lephant in the room that I haven&#39;t seen mentioned here - namely, the le=
+gal aspect. (If it was, sorry I missed it.)</div><div style=3D"font-family:=
+Arial,sans-serif;font-size:14px"><br></div><div style=3D"font-family:Arial,=
+sans-serif;font-size:14px">I&#39;m not a lawyer, but if developers make a c=
+onscious decision to make a code change that confiscates funds, even with a=
+ reasonable heads-up, I feel like some lawyers might be tempted to make an =
+argument that those developers should be held responsible for any losses. A=
+s everyone knows, Bitcoin has been under legal attacks before, and I&#39;m =
+not sure that anyone would (or should) be willing to sign off on a change t=
+hat might potentially open them up to several billion dollars worth of pers=
+onal responsibility - especially if the &quot;bonded courier&quot; actually=
+ shows up and reveals a private key that would have unlocked funds under th=
+e pre-QC scheme.</div><div style=3D"font-family:Arial,sans-serif;font-size:=
+14px"><br></div><div style=3D"font-family:Arial,sans-serif;font-size:14px">=
+The only safe-ish way I can see to do this is to have it only affect funds =
+that are very likely to be lost in
+ the first place. So at the very least, it could not affect UTXOs that coul=
+d potentially be encumbered with a timelock (i.e. P2SH/P2WSH), and it could=
+ only affect UTXOs that have not moved for a very long time (say 15-20 year=
+s). </div><div style=3D"font-family:Arial,sans-serif;font-size:14px"><br></=
+div><div style=3D"font-family:Arial,sans-serif;font-size:14px">If quantum c=
+omputers capable of practical attacks against Bitcoin are ever known to act=
+ually exist, <b>sending</b>=E2=80=8B to non-PQC addresses should of course =
+be disabled immediately. But I feel that the nature of a permissionless sys=
+tem implies a large degree of self-responsibility, so if someone chooses to=
+ keep using non-PQC addresses even after PQC addresses have become availabl=
+e and practical quantum attacks are suspected to be an imminent danger, it&=
+#39;s not necessarily up to the developers to tell them they can&#39;t, onl=
+y that they really shouldn&#39;t.</div><div style=3D"font-family:Arial,sans=
+-serif;font-size:14px"><br></div><div style=3D"font-family:Arial,sans-serif=
+;font-size:14px">--</div><div style=3D"font-family:Arial,sans-serif;font-si=
+ze:14px">Regards,</div><div style=3D"font-family:Arial,sans-serif;font-size=
+:14px">ArmchairCryptologist</div><div style=3D"font-family:Arial,sans-serif=
+;font-size:14px"><br></div>
+<div style=3D"font-family:Arial,sans-serif;font-size:14px">
+    <div>
+       =20
+            </div>
+   =20
+            <div>
+        Sent with <a href=3D"https://proton.me/mail/home" target=3D"_blank"=
+ rel=3D"nofollow" data-saferedirecturl=3D"https://www.google.com/url?hl=3De=
+n&amp;q=3Dhttps://proton.me/mail/home&amp;source=3Dgmail&amp;ust=3D17493875=
+99316000&amp;usg=3DAOvVaw3kMMWbcvOvWny9b4RVrakM">Proton Mail</a> secure ema=
+il.
+    </div>
+</div>
+<div style=3D"font-family:Arial,sans-serif;font-size:14px"><br><div></div><=
+/div><div style=3D"font-family:Arial,sans-serif;font-size:14px"><div>
+        On Monday, May 26th, 2025 at 2:48 AM, Agustin Cruz &lt;<a href data=
+-email-masked rel=3D"nofollow">agusti...@gmail.com</a>&gt; wrote:<br>
+        </div></div><div style=3D"font-family:Arial,sans-serif;font-size:14=
+px"><div><blockquote type=3D"cite">
+            <div dir=3D"auto">Hi everyone,<div dir=3D"auto"><br></div><div =
+dir=3D"auto">QRAMP proposal aims to manage the quantum transition responsib=
+ly without disrupting Bitcoin=E2=80=99s core principles.</div><div dir=3D"a=
+uto"><br></div><div dir=3D"auto">QRAMP has three phases:</div><div dir=3D"a=
+uto"><br></div><div dir=3D"auto">1. Allow wallets to optionally include PQC=
+ keys in Taproot outputs. This enables early adoption without forcing anyon=
+e.</div><div dir=3D"auto"><br></div><div dir=3D"auto">2. Announce a soft fo=
+rk to disable vulnerable scripts, with a long (~4-year) grace period. This =
+gives ample time to migrate and avoids sudden shocks.</div><div dir=3D"auto=
+"><br></div><div dir=3D"auto">3. Gradually deactivate vulnerable outputs ba=
+sed on age or inactivity. This avoids a harsh cutoff and gives time for ada=
+ptation.</div><div dir=3D"auto"></div><div dir=3D"auto"><br></div><div dir=
+=3D"auto">We can also allow exceptions via proof-of-possession, and delay r=
+estrictions on timelocked outputs to avoid harming future spenders.</div><d=
+iv dir=3D"auto"><br></div><div dir=3D"auto">QRAMP is not about confiscation=
+ or control. It=E2=80=99s about aligning incentives, maintaining security, =
+and offering a clear, non-coercive upgrade path.</div><div dir=3D"auto"><br=
+></div><div dir=3D"auto">Best,</div><div dir=3D"auto">Agustin Cruz</div><di=
+v dir=3D"auto"><br></div><div dir=3D"auto"><br></div></div><br><div class=
+=3D"gmail_quote"><div class=3D"gmail_attr" dir=3D"ltr">El dom, 25 de may de=
+ 2025, 7:03=E2=80=AFp.m., Dustin Ray &lt;<a href rel=3D"noreferrer nofollow=
+ noopener" data-email-masked>dustinvo...@gmail.com</a>&gt; escribi=C3=B3:<b=
+r></div><blockquote style=3D"margin:0 0 0 .8ex;border-left:1px #ccc solid;p=
+adding-left:1ex" class=3D"gmail_quote"><div dir=3D"auto">The difference bet=
+ween the ETH/ETC split though was that no one had anything confiscated exce=
+pt the DAO hacker, everyone retained an identical number of tokens on each =
+chain. The proposal for BTC is very different in that some holders will los=
+e access to their coins during the PQ migration under the confiscation appr=
+oach. Just wanted to point that out.</div><div><br><div class=3D"gmail_quot=
+e"><div class=3D"gmail_attr" dir=3D"ltr">On Sun, May 25, 2025 at 3:06=E2=80=
+=AFPM &#39;conduition&#39; via Bitcoin Development Mailing List &lt;<a rel=
+=3D"noreferrer nofollow noopener" href data-email-masked>bitco...@googlegro=
+ups.com</a>&gt; wrote:<br></div><blockquote style=3D"margin:0px 0px 0px 0.8=
+ex;border-left-width:1px;border-left-style:solid;padding-left:1ex;border-le=
+ft-color:rgb(204,204,204)" class=3D"gmail_quote"><div style=3D"font-family:=
+Arial,sans-serif;font-size:14px">Hey Saulo,</div><div style=3D"font-family:=
+Arial,sans-serif;font-size:14px"><br></div><div style=3D"font-family:Arial,=
+sans-serif;font-size:14px">You&#39;re right about the possibility of an ugl=
+y split. Laggards who don&#39;t move coins to PQ address schemes will be in=
+centivized to follow any chain where they keep their coins. But those who d=
+o migrate will be incentivized to follow the chain where unmigrated pre-qua=
+ntum coins are frozen. </div><div style=3D"font-family:Arial,sans-serif;fon=
+t-size:14px"><br></div><div style=3D"font-family:Arial,sans-serif;font-size=
+:14px">While you&#39;re comparing this event to the ETH/ETC split, we shoul=
+d remember that ETH remained the dominant chain despite their heavy-handed =
+rollback. Just goes to show, confusion and face-loss is a lesser evil than =
+allowing an adversary to pwn the network. </div><div style=3D"font-family:A=
+rial,sans-serif;font-size:14px"><br></div><blockquote style=3D"border-left:=
+3px solid rgb(200,200,200);padding-left:10px;border-color:rgb(200,200,200);=
+color:rgb(102,102,102)"><div style=3D"font-family:Arial,sans-serif;font-siz=
+e:14px">This is the free-market way to solve problems without imposing rule=
+s on everyone.<br></div></blockquote><div style=3D"font-family:Arial,sans-s=
+erif;font-size:14px"><br></div><div style=3D"font-family:Arial,sans-serif;f=
+ont-size:14px">It&#39;d still be a free market even if quantum-vulnerable c=
+oins are frozen. The only way to test the relative value of quantum-safe vs=
+ quantum-vulnerable coins is to split the chain and see how the market reac=
+ts. </div><div style=3D"font-family:Arial,sans-serif;font-size:14px"><br></=
+div><div style=3D"font-family:Arial,sans-serif;font-size:14px">IMO, the &qu=
+ot;free market way&quot; is to give people options and let their money flow=
+ to where it works best. That means people should be able to choose whether=
+ they want their money to be part of a system that allows quantum attack, o=
+r part of one which does not. I know which I would choose, but neither you =
+nor I can make that choice for everyone.</div><div style=3D"font-family:Ari=
+al,sans-serif;font-size:14px"><br></div><div style=3D"font-family:Arial,san=
+s-serif;font-size:14px">regards,</div><div style=3D"font-family:Arial,sans-=
+serif;font-size:14px">conduition</div><div>
+        On Monday, March 24th, 2025 at 7:19 AM, Agustin Cruz &lt;<a rel=3D"=
+noreferrer nofollow noopener" href data-email-masked>agusti...@gmail.com</a=
+>&gt; wrote:<br>
+        <blockquote type=3D"cite">
+            <div dir=3D"ltr"><div dir=3D"ltr">I=E2=80=99m against letting q=
+uantum computers scoop up funds from addresses that don=E2=80=99t upgrade t=
+o quantum-resistant. <br>Saulo=E2=80=99s idea of a free-market approach, le=
+aving old coins up for grabs if people don=E2=80=99t move them, sounds fair=
+ at first. Let luck decide, right? But I worry it=E2=80=99d turn into a mes=
+s. If quantum machines start cracking keys and snagging coins, it=E2=80=99s=
+ not just lost Satoshi-era stuff at risk. Plenty of active wallets, like th=
+ose on the rich list Jameson mentioned, could get hit too. Imagine millions=
+ of BTC flooding the market. Prices tank, trust in Bitcoin takes a dive, an=
+d we all feel the pain. Freezing those vulnerable funds keeps that chaos in=
+ check.<br>Plus, =E2=80=9Cyour keys, your coins=E2=80=9D is Bitcoin=E2=80=
+=99s heart. If quantum tech can steal from you just because you didn=E2=80=
+=99t upgrade fast enough, that promise feels shaky. Freezing funds after a =
+heads-up period (say, four years) protects that idea better than letting te=
+ch giants or rogue states play vampire with our network. It also nudges peo=
+ple to get their act together and move to safer addresses, which strengthen=
+s Bitcoin long-term.<br>Saulo=E2=80=99s right that freezing coins could con=
+fuse folks or spark a split like Ethereum Classic. But I=E2=80=99d argue qu=
+antum theft would look worse. Bitcoin would seem broken, not just strict. A=
+ clear plan and enough time to migrate could smooth things over. History=E2=
+=80=99s on our side too. Bitcoin=E2=80=99s fixed bugs before, like SegWit. =
+This feels like that, not a bailout.<br>So yeah, I=E2=80=99d rather see vul=
+nerable coins locked than handed to whoever builds the first quantum rig. I=
+t=E2=80=99s less about coddling people and more about keeping Bitcoin solid=
+ for everyone. What do you all think?<br>Cheers,<br>Agust=C3=ADn<br><br></d=
+iv><br><div class=3D"gmail_quote"><div dir=3D"ltr" class=3D"gmail_attr">On =
+Sun, Mar 23, 2025 at 10:29=E2=80=AFPM AstroTown &lt;<a rel=3D"noreferrer no=
+follow noopener" href data-email-masked>sa...@astrotown.de</a>&gt; wrote:<b=
+r></div><blockquote class=3D"gmail_quote" style=3D"margin:0px 0px 0px 0.8ex=
+;border-left-width:1px;border-left-style:solid;padding-left:1ex;border-left=
+-color:rgb(204,204,204)"><div dir=3D"auto"><div dir=3D"ltr"><span style=3D"=
+color:rgb(0,0,0)">I believe that having some entity announce the decision t=
+o freeze old UTXOs would be more damaging to Bitcoin=E2=80=99s image (and i=
+ts value) than having them gathered by QC. This would create another versio=
+n of Bitcoin, similar to Ethereum Classic, causing confusion in the market.=
+</span><div dir=3D"ltr"><div style=3D"color:rgb(0,0,0)"><br></div><div styl=
+e=3D"color:rgb(0,0,0)">It would be better to simply implement the possibili=
+ty of moving funds to a PQC address without a deadline, allowing those who =
+fail to do so to rely on luck to avoid having their coins stolen. Most coin=
+s would be migrated to PQC anyway, and in most cases, only the lost ones wo=
+uld remain vulnerable. This is the free-market way to solve problems withou=
+t imposing rules on everyone.</div><div style=3D"color:rgb(0,0,0)"><br></di=
+v><div style=3D"color:rgb(0,0,0)">Saulo Fonseca</div><div style=3D"color:rg=
+b(0,0,0)"><br></div><div style=3D"color:rgb(0,0,0)"><br><blockquote type=3D=
+"cite"><div>On 16. Mar 2025, at 15:15, Jameson Lopp &lt;<span dir=3D"ltr"><=
+a rel=3D"noreferrer nofollow noopener" href data-email-masked>jameso...@gma=
+il.com</a></span>&gt; wrote:</div><br><div><div dir=3D"ltr">The quantum com=
+puting debate is heating up. There are many controversial aspects to this d=
+ebate, including whether or not quantum computers will ever actually become=
+ a practical threat.<div><br>I won&#39;t tread into the unanswerable questi=
+on of how worried we should be about quantum computers. I think it&#39;s fa=
+r from a crisis, but given the difficulty in changing Bitcoin it&#39;s wort=
+h starting to seriously discuss. Today I wish to focus on a philosophical q=
+uandary related to one of the decisions that would need to be made if and w=
+hen we implement a quantum safe signature scheme.<br><br><font style=3D"col=
+or:rgb(0,0,0)" size=3D"6">Several Scenarios<br></font>Because this essay wi=
+ll reference game theory a fair amount, and there are many variables at pla=
+y that could change the nature of the game, I think it&#39;s important to c=
+larify the possible scenarios up front.<br><br>1. Quantum computing never m=
+aterializes, never becomes a threat, and thus everything discussed in this =
+essay is moot.<br>2. A quantum computing threat materializes suddenly and B=
+itcoin does not have quantum safe signatures as part of the protocol. In th=
+is scenario it would likely make the points below moot because Bitcoin woul=
+d be fundamentally broken and it would take far too long to upgrade the pro=
+tocol, wallet software, and migrate user funds in order to restore confiden=
+ce in the network.<br>3. Quantum computing advances slowly enough that we c=
+ome to consensus about how to upgrade Bitcoin and post quantum security has=
+ been minimally adopted by the time an attacker appears.<br>4. Quantum comp=
+uting advances slowly enough that we come to consensus about how to upgrade=
+ Bitcoin and post quantum security has been highly adopted by the time an a=
+ttacker appears.<br><br>For the purposes of this post, I&#39;m envisioning =
+being in situation 3 or 4.<br><br><font style=3D"color:rgb(0,0,0)" size=3D"=
+6">To Freeze or not to Freeze?<br></font>I&#39;ve started seeing more peopl=
+e weighing in on what is likely the most contentious aspect of how a quantu=
+m resistance upgrade should be handled in terms of migrating user funds. Sh=
+ould quantum vulnerable funds be left open to be swept by anyone with a suf=
+ficiently powerful quantum computer OR should they be permanently locked?<b=
+r><br><blockquote class=3D"gmail_quote" style=3D"margin:0px 0px 0px 0.8ex;p=
+adding-left:1ex;border-left-color:rgb(204,204,204)">&quot;I don&#39;t see w=
+hy old coins should be confiscated. The better option is to let those with =
+quantum computers free up old coins. While this might have an inflationary =
+impact on bitcoin&#39;s price, to use a turn of phrase, the inflation is tr=
+ansitory. Those with low time preference should support returning lost coin=
+s to circulation.&quot; </blockquote><blockquote class=3D"gmail_quote" styl=
+e=3D"margin:0px 0px 0px 0.8ex;padding-left:1ex;border-left-color:rgb(204,20=
+4,204)">- Hunter Beast</blockquote><div><br></div>On the other hand:</div><=
+div><br><blockquote class=3D"gmail_quote" style=3D"margin:0px 0px 0px 0.8ex=
+;padding-left:1ex;border-left-color:rgb(204,204,204)">&quot;Of course they =
+have to be confiscated. If and when (and that&#39;s a big if) the existence=
+ of a cryptography-breaking QC becomes a credible threat, the Bitcoin ecosy=
+stem has no other option than softforking out the ability to spend from sig=
+nature schemes (including ECDSA and BIP340) that are vulnerable to QCs. The=
+ alternative is that millions of BTC become vulnerable to theft; I cannot s=
+ee how the currency can maintain any value at all in such a setting. And th=
+is affects everyone; even those which diligently moved their coins to PQC-p=
+rotected schemes.&quot;<br>- Pieter Wuille</blockquote><br>I don&#39;t thin=
+k &quot;confiscation&quot; is the most precise term to use, as the funds ar=
+e not being seized and reassigned. Rather, what we&#39;re really discussing=
+ would be better described as &quot;burning&quot; - placing the funds <b>ou=
+t of reach of everyone</b>.<br><br>Not freezing user funds is one of Bitcoi=
+n&#39;s inviolable properties. However, if quantum computing becomes a thre=
+at to Bitcoin&#39;s elliptic curve cryptography, <b>an inviolable property =
+of Bitcoin will be violated one way or another</b>.<br><br><font style=3D"c=
+olor:rgb(0,0,0)" size=3D"6">Fundamental Properties at Risk<br></font>5 year=
+s ago I attempted to comprehensively categorize all of Bitcoin&#39;s fundam=
+ental properties that give it value. <a rel=3D"noreferrer nofollow noopener=
+" href=3D"https://nakamoto.com/what-are-the-key-properties-of-bitcoin/" tar=
+get=3D"_blank" data-saferedirecturl=3D"https://www.google.com/url?hl=3Den&a=
+mp;q=3Dhttps://nakamoto.com/what-are-the-key-properties-of-bitcoin/&amp;sou=
+rce=3Dgmail&amp;ust=3D1749387599316000&amp;usg=3DAOvVaw0iqW5fFv-B1rrwD99rTI=
+o-">https://nakamoto.com/what-are-the-key-properties-of-bitcoin/<br></a><br=
+>The particular properties in play with regard to this issue seem to be:<br=
+><br><b>Censorship Resistance</b> - No one should have the power to prevent=
+ others from using their bitcoin or interacting with the network.<br><br><b=
+>Forward Compatibility</b> - changing the rules such that certain valid tra=
+nsactions become invalid could undermine confidence in the protocol.<br><br=
+><b>Conservatism</b> - Users should not be expected to be highly responsive=
+ to system issues.<br><br>As a result of the above principles, we have deve=
+loped a strong meme (kudos to Andreas Antonopoulos) that goes as follows:<b=
+r><br><blockquote class=3D"gmail_quote" style=3D"margin:0px 0px 0px 0.8ex;p=
+adding-left:1ex;border-left-color:rgb(204,204,204)">Not your keys, not your=
+ coins.</blockquote><br>I posit that the corollary to this principle is:<br=
+><br><blockquote class=3D"gmail_quote" style=3D"margin:0px 0px 0px 0.8ex;pa=
+dding-left:1ex;border-left-color:rgb(204,204,204)">Your keys, only your coi=
+ns.</blockquote><br>A quantum capable entity breaks the corollary of this f=
+oundational principle. We secure our bitcoin with the mathematical probabil=
+ities related to extremely large random numbers. Your funds are only secure=
+ because truly random large numbers should not be guessable or discoverable=
+ by anyone else in the world.<br><br>This is the principle behind the motto=
+ <i>vires in numeris</i> - strength in numbers. In a world with quantum ena=
+bled adversaries, this principle is null and void for many types of cryptog=
+raphy, including the elliptic curve digital signatures used in Bitcoin.<br>=
+<br><font style=3D"color:rgb(0,0,0)" size=3D"6">Who is at Risk?<br></font>T=
+here has long been a narrative that Satoshi&#39;s coins and others from the=
+ Satoshi era of P2PK locking scripts that exposed the public key directly o=
+n the blockchain will be those that get scooped up by a quantum &quot;miner=
+.&quot; But unfortunately it&#39;s not that simple. If I had a powerful qua=
+ntum computer, which coins would I target? I&#39;d go to the Bitcoin rich l=
+ist and find the wallets that have exposed their public keys due to re-usin=
+g addresses that have previously been spent from. You can easily find them =
+at <a rel=3D"noreferrer nofollow noopener" href=3D"https://bitinfocharts.co=
+m/top-100-richest-bitcoin-addresses.html" target=3D"_blank" data-saferedire=
+cturl=3D"https://www.google.com/url?hl=3Den&amp;q=3Dhttps://bitinfocharts.c=
+om/top-100-richest-bitcoin-addresses.html&amp;source=3Dgmail&amp;ust=3D1749=
+387599316000&amp;usg=3DAOvVaw1kKsE-BMLVFNYvXG--yjM_">https://bitinfocharts.=
+com/top-100-richest-bitcoin-addresses.html</a><br><br>Note that a few of th=
+ese wallets, like Bitfinex / Kraken / Tether, would be slightly harder to c=
+rack because they are multisig wallets. So a quantum attacker would need to=
+ reverse engineer 2 keys for Kraken or 3 for Bitfinex / Tether in order to =
+spend funds. But many are single signature.<br><br>Point being, it&#39;s no=
+t only the really old lost BTC that are at risk to a quantum enabled advers=
+ary, at least at time of writing. If we add a quantum safe signature scheme=
+, we should expect those wallets to be some of the first to upgrade given t=
+heir incentives.<br><br><font style=3D"color:rgb(0,0,0)" size=3D"6">The Eth=
+ical Dilemma: Quantifying Harm<br></font>Which decision results in the most=
+ harm?<br><br>By making quantum vulnerable funds unspendable we potentially=
+ harm some Bitcoin users who were not paying attention and neglected to mig=
+rate their funds to a quantum safe locking script. This violates the &quot;=
+conservativism&quot; principle stated earlier. On the flip side, we prevent=
+ those funds plus far more lost funds from falling into the hands of the fe=
+w privileged folks who gain early access to quantum computers.<br><br>By le=
+aving quantum vulnerable funds available to spend, the same set of users wh=
+o would otherwise have funds frozen are likely to see them stolen. And many=
+ early adopters who lost their keys will eventually see their unreachable f=
+unds scooped up by a quantum enabled adversary.<br><br>Imagine, for example=
+, being James Howells, who accidentally threw away a hard drive with 8,000 =
+BTC on it, currently worth over $600M USD. He has spent a decade trying to =
+retrieve it from the landfill where he knows it&#39;s buried, but can&#39;t=
+ get permission to excavate. I suspect that, given the choice, he&#39;d pre=
+fer those funds be permanently frozen rather than fall into someone else&#3=
+9;s possession - I know I would.<br><br>Allowing a quantum computer to acce=
+ss lost funds doesn&#39;t make those users any worse off than they were bef=
+ore, however it <i>would</i>have a negative impact upon everyone who is cur=
+rently holding bitcoin.<br><br>It&#39;s prudent to expect significant econo=
+mic disruption if large amounts of coins fall into new hands. Since a quant=
+um computer is going to have a massive up front cost, expect those behind i=
+t to desire to recoup their investment. We also know from experience that w=
+hen someone suddenly finds themselves in possession of 9+ figures worth of =
+highly liquid assets, they tend to diversify into other things by selling.<=
+br><br>Allowing quantum recovery of bitcoin is <i>tantamount to wealth redi=
+stribution</i>. What we&#39;d be allowing is for bitcoin to be redistribute=
+d from those who are ignorant of quantum computers to those who have won th=
+e technological race to acquire quantum computers. It&#39;s hard to see a b=
+right side to that scenario.<br><br><font style=3D"color:rgb(0,0,0)" size=
+=3D"6">Is Quantum Recovery Good for Anyone?</font><br><br>Does quantum reco=
+very HELP anyone? I&#39;ve yet to come across an argument that it&#39;s a n=
+et positive in any way. It certainly doesn&#39;t add any security to the ne=
+twork. If anything, it greatly decreases the security of the network by all=
+owing funds to be claimed by those who did not earn them.<br><br>But wait, =
+you may be thinking, wouldn&#39;t quantum &quot;miners&quot; have earned th=
+eir coins by all the work and resources invested in building a quantum comp=
+uter? I suppose, in the same sense that a burglar earns their spoils by the=
+ resources they invest into surveilling targets and learning the skills nee=
+ded to break into buildings. What I say &quot;earned&quot; I mean through p=
+roductive mutual trade.<br><br>For example:<br><br>* Investors earn BTC by =
+trading for other currencies.<br>* Merchants earn BTC by trading for goods =
+and services.<br>* Miners earn BTC by trading thermodynamic security.<br>* =
+Quantum miners don&#39;t trade anything, they are vampires feeding upon the=
+ system.<br><br>There&#39;s no reason to believe that allowing quantum adve=
+rsaries to recover vulnerable bitcoin will be of benefit to anyone other th=
+an the select few organizations that win the technological arms race to bui=
+ld the first such computers. Probably nation states and/or the top few larg=
+est tech companies.<br><br>One could certainly hope that an organization wi=
+th quantum supremacy is benevolent and acts in a &quot;white hat&quot; mann=
+er to return lost coins to their owners, but that&#39;s incredibly optimist=
+ic and foolish to rely upon. Such a situation creates an insurmountable eth=
+ical dilemma of only recovering lost bitcoin rather than currently owned bi=
+tcoin. There&#39;s no way to precisely differentiate between the two; anyon=
+e can claim to have lost their bitcoin but if they have lost their keys the=
+n proving they ever had the keys becomes rather difficult. I imagine that a=
+ny such white hat recovery efforts would have to rely upon attestations fro=
+m trusted third parties like exchanges.<br><br>Even if the first actor with=
+ quantum supremacy is benevolent, we must assume the technology could fall =
+into adversarial hands and thus think adversarially about the potential wor=
+st case outcomes. Imagine, for example, that North Korea continues scooping=
+ up billions of dollars from hacking crypto exchanges and decides to invest=
+ some of those proceeds into building a quantum computer for the biggest pa=
+yday ever...<br><br><font style=3D"color:rgb(0,0,0)" size=3D"6">Downsides t=
+o Allowing Quantum Recovery</font><br>Let&#39;s think through an exhaustive=
+ list of pros and cons for allowing or preventing the seizure of funds by a=
+ quantum adversary.<br><br><font style=3D"color:rgb(0,0,0)" size=3D"4">Hist=
+orical Precedent</font><br>Previous protocol vulnerabilities weren=E2=80=99=
+t celebrated as &quot;fair game&quot; but rather were treated as failures t=
+o be remediated. Treating quantum theft differently risks rewriting Bitcoin=
+=E2=80=99s history as a free-for-all rather than a system that seeks to pro=
+tect its users.<br><br><font style=3D"color:rgb(0,0,0)" size=3D"4">Violatio=
+n of Property Rights</font><br>Allowing a quantum adversary to take control=
+ of funds undermines the fundamental principle of cryptocurrency - if you k=
+eep your keys in your possession, only you should be able to access your mo=
+ney. Bitcoin is built on the idea that private keys secure an individual=E2=
+=80=99s assets, and unauthorized access (even via advanced tech) is theft, =
+not a legitimate transfer.<br><br><font style=3D"color:rgb(0,0,0)" size=3D"=
+4">Erosion of Trust in Bitcoin</font><br>If quantum attackers can exploit v=
+ulnerable addresses, confidence in Bitcoin as a secure store of value would=
+ collapse. Users and investors rely on cryptographic integrity, and widespr=
+ead theft could drive adoption away from Bitcoin, destabilizing its ecosyst=
+em.<br><br>This is essentially the counterpoint to claiming the burning of =
+vulnerable funds is a violation of property rights. While some will certain=
+ly see it as such, others will find the apathy toward stopping quantum thef=
+t to be similarly concerning.<br><br><font style=3D"color:rgb(0,0,0)" size=
+=3D"4">Unfair Advantage</font><br>Quantum attackers, likely equipped with r=
+are and expensive technology, would have an unjust edge over regular users =
+who lack access to such tools. This creates an inequitable system where onl=
+y the technologically elite can exploit others, contradicting Bitcoin=E2=80=
+=99s ethos of decentralized power.<br><br>Bitcoin is designed to create an =
+asymmetric advantage for DEFENDING one&#39;s wealth. It&#39;s supposed to b=
+e impractically expensive for attackers to crack the entropy and cryptograp=
+hy protecting one&#39;s coins. But now we find ourselves discussing a situa=
+tion where this asymmetric advantage is compromised in favor of a specific =
+class of attackers.<br><br><font style=3D"color:rgb(0,0,0)" size=3D"4">Econ=
+omic Disruption</font><br>Large-scale theft from vulnerable addresses could=
+ crash Bitcoin=E2=80=99s price as quantum recovered funds are dumped on exc=
+hanges. This would harm all holders, not just those directly targeted, lead=
+ing to broader financial chaos in the markets.<br><br><font style=3D"color:=
+rgb(0,0,0)" size=3D"4">Moral Responsibility</font><br>Permitting theft via =
+quantum computing sets a precedent that technological superiority justifies=
+ unethical behavior. This is essentially taking a &quot;code is law&quot; s=
+tance in which we refuse to admit that both code and laws can be modified t=
+o adapt to previously unforeseen situations.<br><br>Burning of coins can ce=
+rtainly be considered a form of theft, thus I think it&#39;s worth differen=
+tiating the two different thefts being discussed:<br><br>1. self-enriching =
+&amp; likely malicious<br>2. harm prevention &amp; not necessarily maliciou=
+s<br><br>Both options lack the consent of the party whose coins are being b=
+urnt or transferred, thus I think the simple argument that theft is immoral=
+ becomes a wash and it&#39;s important to drill down into the details of ea=
+ch.<br><br><font style=3D"color:rgb(0,0,0)" size=3D"4">Incentives Drive Sec=
+urity</font><br>I can tell you from a decade of working in Bitcoin security=
+ - the average user is lazy and is a procrastinator. If Bitcoiners are give=
+n a &quot;drop dead date&quot; after which they know vulnerable funds will =
+be burned, this pressure accelerates the adoption of post-quantum cryptogra=
+phy and strengthens Bitcoin long-term. Allowing vulnerable users to delay u=
+pgrading indefinitely will result in more laggards, leaving the network mor=
+e exposed when quantum tech becomes available.<br><br><font style=3D"color:=
+rgb(0,0,0)" size=3D"6">Steel Manning<br></font>Clearly this is a complex an=
+d controversial topic, thus it&#39;s worth thinking through the opposing ar=
+guments.<br><br><font style=3D"color:rgb(0,0,0)" size=3D"4">Protecting Prop=
+erty Rights</font><br>Allowing quantum computers to take vulnerable bitcoin=
+ could potentially be spun as a hard money narrative - we care so greatly a=
+bout not violating someone&#39;s access to their coins that we allow them t=
+o be stolen!<br><br>But I think the flip side to the property rights narrat=
+ive is that burning vulnerable coins prevents said property from falling in=
+to undeserving hands. If the entire Bitcoin ecosystem just stands around an=
+d allows quantum adversaries to claim funds that rightfully belong to other=
+ users, is that really a &quot;win&quot; in the &quot;protecting property r=
+ights&quot; category? It feels more like apathy to me.<br><br>As such, I th=
+ink the &quot;protecting property rights&quot; argument is a wash.<br><br><=
+font style=3D"color:rgb(0,0,0)" size=3D"4">Quantum Computers Won&#39;t Atta=
+ck Bitcoin</font><br>There is a great deal of skepticism that sufficiently =
+powerful quantum computers will ever exist, so we shouldn&#39;t bother prep=
+aring for a non-existent threat. Others have argued that even if such a com=
+puter was built, a quantum attacker would not go after bitcoin because they=
+ wouldn&#39;t want to reveal their hand by doing so, and would instead atta=
+ck other infrastructure.<br><br>It&#39;s quite difficult to quantify exactl=
+y how valuable attacking other infrastructure would be. It also really depe=
+nds upon when an entity gains quantum supremacy and thus if by that time mo=
+st of the world&#39;s systems have already been upgraded. While I think you=
+ could argue that certain entities gaining quantum capability might not att=
+ack Bitcoin, it would only delay the inevitable - eventually somebody will =
+achieve the capability who decides to use it for such an attack.<br><br><fo=
+nt style=3D"color:rgb(0,0,0)" size=3D"4">Quantum Attackers Would Only Steal=
+ Small Amounts</font><br>Some have argued that even if a quantum attacker t=
+argeted bitcoin, they&#39;d only go after old, likely lost P2PK outputs so =
+as to not arouse suspicion and cause a market panic.<br><br>I&#39;m not so =
+sure about that; why go after 50 BTC at a time when you could take 250,000 =
+BTC with the same effort as 50 BTC? This is a classic &quot;zero day exploi=
+t&quot; game theory in which an attacker knows they have a limited amount o=
+f time before someone else discovers the exploit and either benefits from i=
+t or patches it. Take, for example, the recent ByBit attack - the highest v=
+alue crypto hack of all time. Lazarus Group had compromised the Safe wallet=
+ front end JavaScript app and they could have simply had it reassign owners=
+hip of everyone&#39;s Safe wallets as they were interacting with their wall=
+et. But instead they chose to only specifically target ByBit&#39;s wallet w=
+ith $1.5 billion in it because they wanted to maximize their extractable va=
+lue. If Lazarus had started stealing from every wallet, they would have bee=
+n discovered quickly and the Safe web app would likely have been patched we=
+ll before any billion dollar wallets executed the malicious code.<br><br>I =
+think the &quot;only stealing small amounts&quot; argument is strongest for=
+ Situation #2 described earlier, where a quantum attacker arrives before qu=
+antum safe cryptography has been deployed across the Bitcoin ecosystem. Bec=
+ause if it became clear that Bitcoin&#39;s cryptography was broken AND ther=
+e was nowhere safe for vulnerable users to migrate, the only logical option=
+ would be for everyone to liquidate their bitcoin as quickly as possible. A=
+s such, I don&#39;t think it applies as strongly for situations in which we=
+ have a migration path available.<br><br><font style=3D"color:rgb(0,0,0)" s=
+ize=3D"4">The 21 Million Coin Supply Should be in Circulation</font><br>Som=
+e folks are arguing that it&#39;s important for the &quot;circulating / spe=
+ndable&quot; supply to be as close to 21M as possible and that having a sig=
+nificant portion of the supply out of circulation is somehow undesirable.<b=
+r><br>While the &quot;21M BTC&quot; attribute is a strong memetic narrative=
+, I don&#39;t think anyone has ever expected that it would all be in circul=
+ation. It has always been understood that many coins will be lost, and that=
+&#39;s actually part of the game theory of owning bitcoin!<br><br>And remem=
+ber, the 21M number in and of itself is not a particularly important detail=
+ - it&#39;s not even mentioned in the whitepaper. What&#39;s important is t=
+hat the supply is well known and not subject to change.<br><br><font style=
+=3D"color:rgb(0,0,0)" size=3D"4">Self-Sovereignty and Personal Responsibili=
+ty</font><br>Bitcoin=E2=80=99s design empowers individuals to control their=
+ own wealth, free from centralized intervention. This freedom comes with th=
+e burden of securing one&#39;s private keys. If quantum computing can break=
+ obsolete cryptography, the fault lies with users who didn&#39;t move their=
+ funds to quantum safe locking scripts. Expecting the network to shield use=
+rs from their own negligence undermines the principle that you, and not a t=
+hird party, are accountable for your assets.<br><br>I think this is general=
+ly a fair point that &quot;the community&quot; doesn&#39;t owe you anything=
+ in terms of helping you. I think that we do, however, need to consider the=
+ incentives and game theory in play with regard to quantum safe Bitcoiners =
+vs quantum vulnerable Bitcoiners. More on that later.<br><br><font style=3D=
+"color:rgb(0,0,0)" size=3D"4">Code is Law</font><br>Bitcoin operates on tra=
+nsparent, immutable rules embedded in its protocol. If a quantum attacker u=
+ses superior technology to derive private keys from public keys, they=E2=80=
+=99re not &quot;hacking&quot; the system - they&#39;re simply following wha=
+t&#39;s mathematically permissible within the current code. Altering the pr=
+otocol to stop this introduces subjective human intervention, which clashes=
+ with the objective, deterministic nature of blockchain.<br><br>While I ten=
+d to agree that code is law, one of the entire points of laws is that they =
+can be amended to improve their efficacy in reducing harm. Leaning on this =
+point seems more like a pro-ossification stance that it&#39;s better to do =
+nothing and allow harm to occur rather than take action to stop an attack t=
+hat was foreseen far in advance.<br><br><font style=3D"color:rgb(0,0,0)" si=
+ze=3D"4">Technological Evolution as a Feature, Not a Bug</font><br>It&#39;s=
+ well known that cryptography tends to weaken over time and eventually brea=
+k. Quantum computing is just the next step in this progression. Users who f=
+ail to adapt (e.g., by adopting quantum-resistant wallets when available) a=
+re akin to those who ignored technological advancements like multisig or ha=
+rdware wallets. Allowing quantum theft incentivizes innovation and keeps Bi=
+tcoin=E2=80=99s ecosystem dynamic, punishing complacency while rewarding vi=
+gilance.<br><br><font style=3D"color:rgb(0,0,0)" size=3D"4">Market Signals =
+Drive Security</font><br>If quantum attackers start stealing funds, it send=
+s a clear signal to the market: upgrade your security or lose everything. T=
+his pressure accelerates the adoption of post-quantum cryptography and stre=
+ngthens Bitcoin long-term. Coddling vulnerable users delays this necessary =
+evolution, potentially leaving the network more exposed when quantum tech b=
+ecomes widely accessible. Theft is a brutal but effective teacher.<br><br><=
+font style=3D"color:rgb(0,0,0)" size=3D"4">Centralized Blacklisting Power</=
+font><br>Burning vulnerable funds requires centralized decision-making - a =
+soft fork to invalidate certain transactions. This sets a dangerous precede=
+nt for future interventions, eroding Bitcoin=E2=80=99s decentralization. If=
+ quantum theft is blocked, what=E2=80=99s next - reversing exchange hacks? =
+The system must remain neutral, even if it means some lose out.<br><br>I th=
+ink this could be a potential slippery slope if the proposal was to only bu=
+rn specific addresses. Rather, I&#39;d expect a neutral proposal to burn al=
+l funds in locking script types that are known to be quantum vulnerable. Th=
+us, we could eliminate any subjectivity from the code.<br><br><font style=
+=3D"color:rgb(0,0,0)" size=3D"4">Fairness in Competition</font><br>Quantum =
+attackers aren&#39;t cheating; they&#39;re using publicly available physics=
+ and math. Anyone with the resources and foresight can build or access quan=
+tum tech, just as anyone could mine Bitcoin in 2009 with a CPU. Early adopt=
+ers took risks and reaped rewards; quantum innovators are doing the same. C=
+alling it =E2=80=9Cunfair=E2=80=9D ignores that Bitcoin has never promised =
+equality of outcome - only equality of opportunity within its rules.<br><br=
+>I find this argument to be a mischaracterization because we&#39;re not tal=
+king about CPUs. This is more akin to talking about ASICs, except each ASIC=
+ costs millions if not billions of dollars. This is out of reach from all b=
+ut the wealthiest organizations.<br><br><font style=3D"color:rgb(0,0,0)" si=
+ze=3D"4">Economic Resilience</font><br>Bitcoin has weathered thefts before =
+(MTGOX, Bitfinex, FTX, etc) and emerged stronger. The market can absorb qua=
+ntum losses, with unaffected users continuing to hold and new entrants buyi=
+ng in at lower prices. Fear of economic collapse overestimates the impact -=
+ the network=E2=80=99s antifragility thrives on such challenges.<br><br>Thi=
+s is a big grey area because we don&#39;t know when a quantum computer will=
+ come online and we don&#39;t know how quickly said computers would be able=
+ to steal bitcoin. If, for example, the first generation of sufficiently po=
+werful quantum computers were stealing less volume than the current block r=
+eward then of course it will have minimal economic impact. But if they&#39;=
+re taking thousands of BTC per day and bringing them back into circulation,=
+ there will likely be a noticeable market impact as it absorbs the new supp=
+ly.<br><br>This is where the circumstances will really matter. If a quantum=
+ attacker appears AFTER the Bitcoin protocol has been upgraded to support q=
+uantum resistant cryptography then we should expect the most valuable activ=
+e wallets will have upgraded and the juiciest target would be the 31,000 BT=
+C in the address 12ib7dApVFvg82TXKycWBNpN8kFyiAN1dr which has been dormant =
+since 2010. In general I&#39;d expect that the amount of BTC re-entering th=
+e circulating supply would look somewhat similar to the mining emission cur=
+ve: volume would start off very high as the most valuable addresses are dra=
+ined and then it would fall off as quantum computers went down the list tar=
+geting addresses with less and less BTC.<br><br>Why is economic impact a fa=
+ctor worth considering? Miners and businesses in general. More coins being =
+liquidated will push down the price, which will negatively impact miner rev=
+enue. Similarly, I can attest from working in the industry for a decade, th=
+at lower prices result in less demand from businesses across the entire ind=
+ustry. As such, burning quantum vulnerable bitcoin is good for the entire i=
+ndustry.<br><br><font style=3D"color:rgb(0,0,0)" size=3D"4">Practicality &a=
+mp; Neutrality of Non-Intervention</font><br>There=E2=80=99s no reliable wa=
+y to distinguish =E2=80=9Ctheft=E2=80=9D from legitimate &quot;white hat&qu=
+ot; key recovery. If someone loses their private key and a quantum computer=
+ recovers it, is that stealing or reclaiming? Policing quantum actions requ=
+ires invasive assumptions about intent, which Bitcoin=E2=80=99s trustless d=
+esign can=E2=80=99t accommodate. Letting the chips fall where they may avoi=
+ds this mess.<br><br><font style=3D"color:rgb(0,0,0)" size=3D"4">Philosophi=
+cal Purity</font><br>Bitcoin rejects bailouts. It=E2=80=99s a cold, hard sy=
+stem where outcomes reflect preparation and skill, not sentimentality. If q=
+uantum computing upends the game, that=E2=80=99s the point - Bitcoin isn=E2=
+=80=99t meant to be safe or fair in a nanny-state sense; it=E2=80=99s meant=
+ to be free. Users who lose funds to quantum attacks are casualties of libe=
+rty and their own ignorance, not victims of injustice.<br><br><font style=
+=3D"color:rgb(0,0,0)" size=3D"6">Bitcoin&#39;s DAO Moment</font><br>This si=
+tuation has some similarities to The DAO hack of an Ethereum smart contract=
+ in 2016, which resulted in a fork to stop the attacker and return funds to=
+ their original owners. The game theory is similar because it&#39;s a situa=
+tion where a threat is known but there&#39;s some period of time before the=
+ attacker can actually execute the theft. As such, there&#39;s time to miti=
+gate the attack by changing the protocol.<br><br>It also created a schism i=
+n the community around the true meaning of &quot;code is law,&quot; resulti=
+ng in Ethereum Classic, which decided to allow the attacker to retain contr=
+ol of the stolen funds.<br><br>A soft fork to burn vulnerable bitcoin could=
+ certainly result in a hard fork if there are enough miners who reject the =
+soft fork and continue including transactions.<br><br><font style=3D"color:=
+rgb(0,0,0)" size=3D"6">Incentives Matter</font><br>We can wax philosophical=
+ until the cows come home, but what are the actual incentives for existing =
+Bitcoin holders regarding this decision?<br><br><blockquote class=3D"gmail_=
+quote" style=3D"margin:0px 0px 0px 0.8ex;padding-left:1ex;border-left-color=
+:rgb(204,204,204)">&quot;Lost coins only make everyone else&#39;s coins wor=
+th slightly more. Think of it as a donation to everyone.&quot; - Satoshi Na=
+kamoto</blockquote><br>If true, the corollary is:<br><br><blockquote class=
+=3D"gmail_quote" style=3D"margin:0px 0px 0px 0.8ex;padding-left:1ex;border-=
+left-color:rgb(204,204,204)">&quot;Quantum recovered coins only make everyo=
+ne else&#39;s coins worth less. Think of it as a theft from everyone.&quot;=
+ - Jameson Lopp</blockquote><br>Thus, assuming we get to a point where quan=
+tum resistant signatures are supported within the Bitcoin protocol, what&#3=
+9;s the incentive to let vulnerable coins remain spendable?<br><br>* It&#39=
+;s not good for the actual owners of those coins. It disincentivizes owners=
+ from upgrading until perhaps it&#39;s too late.<br>* It&#39;s not good for=
+ the more attentive / responsible owners of coins who have quantum secured =
+their stash. Allowing the circulating supply to balloon will assuredly redu=
+ce the purchasing power of all bitcoin holders.<br><br><font style=3D"color=
+:rgb(0,0,0)" size=3D"6">Forking Game Theory</font><br>From a game theory po=
+int of view, I see this as incentivizing users to upgrade their wallets. If=
+ you disagree with the burning of vulnerable coins, all you have to do is m=
+ove your funds to a quantum safe signature scheme. Point being, I don&#39;t=
+ see there being an economic majority (or even more than a tiny minority) o=
+f users who would fight such a soft fork. Why expend significant resources =
+fighting a fork when you can just move your coins to a new address?<br><br>=
+Remember that blocking spending of certain classes of locking scripts is a =
+tightening of the rules - a soft fork. As such, it can be meaningfully enac=
+ted and enforced by a mere majority of hashpower. If miners generally agree=
+ that it&#39;s in their best interest to burn vulnerable coins, are other u=
+sers going to care enough to put in the effort to run new node software tha=
+t resists the soft fork? Seems unlikely to me.<br><br><font style=3D"color:=
+rgb(0,0,0)" size=3D"6">How to Execute Burning</font><br>In order to be as o=
+bjective as possible, the goal would be to announce to the world that after=
+ a specific block height / timestamp, Bitcoin nodes will no longer accept t=
+ransactions (or blocks containing such transactions) that spend funds from =
+any scripts other than the newly instituted quantum safe schemes.<br><br>It=
+ could take a staggered approach to first freeze funds that are susceptible=
+ to long-range attacks such as those in P2PK scripts or those that exposed =
+their public keys due to previously re-using addresses, but I expect the ad=
+ditional complexity would drive further controversy.<br><br>How long should=
+ the grace period be in order to give the ecosystem time to upgrade? I&#39;=
+d say a minimum of 1 year for software wallets to upgrade. We can only hope=
+ that hardware wallet manufacturers are able to implement post quantum cryp=
+tography on their existing hardware with only a firmware update.<br><br>Bey=
+ond that, it will take at least 6 months worth of block space for all users=
+ to migrate their funds, even in a best case scenario. Though if you exclud=
+e dust UTXOs you could probably get 95% of BTC value migrated in 1 month. O=
+f course this is a highly optimistic situation where everyone is completely=
+ focused on migrations - in reality it will take far longer.<br><br>Regardl=
+ess, I&#39;d think that in order to reasonably uphold Bitcoin&#39;s conserv=
+atism it would be preferable to allow a 4 year migration window. In the mea=
+ntime, mining pools could coordinate emergency soft forking logic such that=
+ if quantum attackers materialized, they could accelerate the countdown to =
+the quantum vulnerable funds burn.<br><br><font style=3D"color:rgb(0,0,0)" =
+size=3D"6">Random Tangential Benefits</font><br>On the plus side, burning a=
+ll quantum vulnerable bitcoin would allow us to prune all of those UTXOs ou=
+t of the UTXO set, which would also clean up a lot of dust. Dust UTXOs are =
+a bit of an annoyance and there has even been a recent proposal for how to =
+incentivize cleaning them up.<br><br>We should also expect that incentivizi=
+ng migration of the entire UTXO set will create substantial demand for bloc=
+k space that will sustain a fee market for a fairly lengthy amount of time.=
+<br><br><font style=3D"color:rgb(0,0,0)" size=3D"6">In Summary</font><br>Wh=
+ile the moral quandary of violating any of Bitcoin&#39;s inviolable propert=
+ies can make this a very complex issue to discuss, the game theory and ince=
+ntives between burning vulnerable coins versus allowing them to be claimed =
+by entities with quantum supremacy appears to be a much simpler issue.<br><=
+br>I, for one, am not interested in rewarding quantum capable entities by i=
+nflating the circulating money supply just because some people lost their k=
+eys long ago and some laggards are not upgrading their bitcoin wallet&#39;s=
+ security.<br><br>We can hope that this scenario never comes to pass, but h=
+ope is not a strategy.<br><br>I welcome your feedback upon any of the above=
+ points, and contribution of any arguments I failed to consider.</div></div=
+><div><br></div>-- <br>You received this message because you are subscribed=
+ to the Google Groups &quot;Bitcoin Development Mailing List&quot; group.<b=
+r>To unsubscribe from this group and stop receiving emails from it, send an=
+ email to <a rel=3D"noreferrer nofollow noopener" href data-email-masked>bi=
+tcoindev+...@googlegroups.com</a>.<br>To view this discussion visit <a rel=
+=3D"noreferrer nofollow noopener" href=3D"https://groups.google.com/d/msgid=
+/bitcoindev/CADL_X_cF%3DUKVa7CitXReMq8nA_4RadCF%3D%3DkU4YG%2B0GYN97P6hQ%40m=
+ail.gmail.com" target=3D"_blank" data-saferedirecturl=3D"https://www.google=
+.com/url?hl=3Den&amp;q=3Dhttps://groups.google.com/d/msgid/bitcoindev/CADL_=
+X_cF%253DUKVa7CitXReMq8nA_4RadCF%253D%253DkU4YG%252B0GYN97P6hQ%2540mail.gma=
+il.com&amp;source=3Dgmail&amp;ust=3D1749387599317000&amp;usg=3DAOvVaw1nWmtN=
+HWj25mhraYVZS_Xy">https://groups.google.com/d/msgid/bitcoindev/CADL_X_cF%3D=
+UKVa7CitXReMq8nA_4RadCF%3D%3DkU4YG%2B0GYN97P6hQ%40mail.gmail.com</a>.</div>=
+</blockquote></div><div dir=3D"ltr"></div></div></div></div>
+
+<p></p>
+
+-- <br>
+You received this message because you are subscribed to the Google Groups &=
+quot;Bitcoin Development Mailing List&quot; group.<br>
+To unsubscribe from this group and stop receiving emails from it, send an e=
+mail to <a rel=3D"noreferrer nofollow noopener" href data-email-masked>bitc=
+oindev+...@googlegroups.com</a>.<br>
+To view this discussion visit <a rel=3D"noreferrer nofollow noopener" href=
+=3D"https://groups.google.com/d/msgid/bitcoindev/E8269A1A-1899-46D2-A7CD-4D=
+9D2B732364%40astrotown.de" target=3D"_blank" data-saferedirecturl=3D"https:=
+//www.google.com/url?hl=3Den&amp;q=3Dhttps://groups.google.com/d/msgid/bitc=
+oindev/E8269A1A-1899-46D2-A7CD-4D9D2B732364%2540astrotown.de&amp;source=3Dg=
+mail&amp;ust=3D1749387599317000&amp;usg=3DAOvVaw2PR2vuTOZH_Ek_t4GgnuJJ">htt=
+ps://groups.google.com/d/msgid/bitcoindev/E8269A1A-1899-46D2-A7CD-4D9D2B732=
+364%40astrotown.de</a>.</blockquote></div></div></blockquote></div><div><bl=
+ockquote type=3D"cite"><div dir=3D"ltr"><div class=3D"gmail_quote"><blockqu=
+ote class=3D"gmail_quote" style=3D"margin:0px 0px 0px 0.8ex;border-left-wid=
+th:1px;border-left-style:solid;padding-left:1ex;border-left-color:rgb(204,2=
+04,204)"><br>
+</blockquote></div></div>
+
+<p></p>
+
+-- <br>
+You received this message because you are subscribed to the Google Groups &=
+quot;Bitcoin Development Mailing List&quot; group.<br>
+To unsubscribe from this group and stop receiving emails from it, send an e=
+mail to <a rel=3D"noreferrer nofollow noopener" href data-email-masked>bitc=
+oindev+...@googlegroups.com</a>.<br>
+To view this discussion visit <a rel=3D"noreferrer nofollow noopener" href=
+=3D"https://groups.google.com/d/msgid/bitcoindev/CAJDmzYxw%2BmXQKjS%2Bh%2Br=
+6mCoe1rwWUpa_yZDwmwx6U_eO5JhZLg%40mail.gmail.com" target=3D"_blank" data-sa=
+feredirecturl=3D"https://www.google.com/url?hl=3Den&amp;q=3Dhttps://groups.=
+google.com/d/msgid/bitcoindev/CAJDmzYxw%252BmXQKjS%252Bh%252Br6mCoe1rwWUpa_=
+yZDwmwx6U_eO5JhZLg%2540mail.gmail.com&amp;source=3Dgmail&amp;ust=3D17493875=
+99317000&amp;usg=3DAOvVaw0HJzgCo9hLdARu_fL6UDUf">https://groups.google.com/=
+d/msgid/bitcoindev/CAJDmzYxw%2BmXQKjS%2Bh%2Br6mCoe1rwWUpa_yZDwmwx6U_eO5JhZL=
+g%40mail.gmail.com</a>.<br>
+
+        </blockquote><br>
+    </div>
+
+<p></p>
+
+-- <br>
+You received this message because you are subscribed to the Google Groups &=
+quot;Bitcoin Development Mailing List&quot; group.<br>
+To unsubscribe from this group and stop receiving emails from it, send an e=
+mail to <a rel=3D"noreferrer nofollow noopener" href data-email-masked>bitc=
+oindev+...@googlegroups.com</a>.<br>
+To view this discussion visit <a rel=3D"noreferrer nofollow noopener" href=
+=3D"https://groups.google.com/d/msgid/bitcoindev/zyx7G6H1TyB2sWVEKAfIYmCCvf=
+XniazvrhGlaZuGLeFtjL3Ky7B-9nBptC0GCxuHMjjw8RasO7c3ZX46_6Nerv0SgCP0vOi5_nAXL=
+miCJOY%3D%40proton.me" target=3D"_blank" data-saferedirecturl=3D"https://ww=
+w.google.com/url?hl=3Den&amp;q=3Dhttps://groups.google.com/d/msgid/bitcoind=
+ev/zyx7G6H1TyB2sWVEKAfIYmCCvfXniazvrhGlaZuGLeFtjL3Ky7B-9nBptC0GCxuHMjjw8Ras=
+O7c3ZX46_6Nerv0SgCP0vOi5_nAXLmiCJOY%253D%2540proton.me&amp;source=3Dgmail&a=
+mp;ust=3D1749387599317000&amp;usg=3DAOvVaw1WeDdjOHiNYWK_U17-OcRr">https://g=
+roups.google.com/d/msgid/bitcoindev/zyx7G6H1TyB2sWVEKAfIYmCCvfXniazvrhGlaZu=
+GLeFtjL3Ky7B-9nBptC0GCxuHMjjw8RasO7c3ZX46_6Nerv0SgCP0vOi5_nAXLmiCJOY%3D%40p=
+roton.me</a>.<br>
+</blockquote></div></div>
+</blockquote></div>
+
+<p></p>
+
+-- <br>
+You received this message because you are subscribed to the Google Groups &=
+quot;Bitcoin Development Mailing List&quot; group.<br>
+To unsubscribe from this group and stop receiving emails from it, send an e=
+mail to <a href rel=3D"noreferrer nofollow noopener" data-email-masked>bitc=
+oindev+...@googlegroups.com</a>.<br></blockquote></div></div><div style=3D"=
+font-family:Arial,sans-serif;font-size:14px"><div><blockquote type=3D"cite"=
+>
+To view this discussion visit <a href=3D"https://groups.google.com/d/msgid/=
+bitcoindev/CAJDmzYycnXODG_e9ATqTkooUu3C-RS703P1-RQLW5CdcCehsqg%40mail.gmail=
+.com" rel=3D"noreferrer nofollow noopener" target=3D"_blank" data-saferedir=
+ecturl=3D"https://www.google.com/url?hl=3Den&amp;q=3Dhttps://groups.google.=
+com/d/msgid/bitcoindev/CAJDmzYycnXODG_e9ATqTkooUu3C-RS703P1-RQLW5CdcCehsqg%=
+2540mail.gmail.com&amp;source=3Dgmail&amp;ust=3D1749387599317000&amp;usg=3D=
+AOvVaw20sKcGYqK1w1lbqEinULpJ">https://groups.google.com/d/msgid/bitcoindev/=
+CAJDmzYycnXODG_e9ATqTkooUu3C-RS703P1-RQLW5CdcCehsqg%40mail.gmail.com</a>.<b=
+r>
+
+        </blockquote><br>
+    </div></div></blockquote></div>
+
+<p></p>
+
+-- <br />
+You received this message because you are subscribed to the Google Groups &=
+quot;Bitcoin Development Mailing List&quot; group.<br />
+To unsubscribe from this group and stop receiving emails from it, send an e=
+mail to <a href=3D"mailto:bitcoindev+unsubscribe@googlegroups.com">bitcoind=
+ev+unsubscribe@googlegroups.com</a>.<br />
+To view this discussion visit <a href=3D"https://groups.google.com/d/msgid/=
+bitcoindev/893891ea-34ec-4d60-9941-9f636be0d747n%40googlegroups.com?utm_med=
+ium=3Demail&utm_source=3Dfooter">https://groups.google.com/d/msgid/bitcoind=
+ev/893891ea-34ec-4d60-9941-9f636be0d747n%40googlegroups.com</a>.<br />
+
+------=_Part_18011_501201720.1749302913697--
+
+------=_Part_18010_831844196.1749302913697--
+