1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
1001
1002
1003
1004
1005
1006
1007
1008
1009
1010
1011
1012
1013
1014
1015
1016
1017
1018
1019
1020
1021
1022
1023
1024
1025
1026
1027
1028
1029
1030
1031
1032
1033
1034
1035
1036
1037
1038
1039
1040
1041
1042
1043
1044
1045
1046
1047
1048
1049
1050
1051
1052
1053
1054
1055
1056
1057
1058
1059
1060
1061
1062
1063
1064
1065
1066
1067
1068
1069
1070
1071
1072
1073
1074
1075
1076
1077
1078
1079
1080
1081
1082
1083
1084
1085
1086
1087
1088
1089
1090
1091
1092
1093
1094
1095
1096
1097
1098
1099
1100
1101
1102
1103
1104
1105
1106
1107
1108
1109
1110
1111
1112
1113
1114
1115
1116
1117
1118
1119
1120
1121
1122
1123
1124
1125
1126
1127
1128
1129
1130
1131
1132
1133
1134
1135
1136
1137
1138
1139
1140
1141
1142
1143
1144
1145
1146
1147
1148
1149
1150
1151
1152
1153
1154
1155
1156
1157
1158
1159
1160
1161
1162
1163
1164
1165
1166
1167
1168
1169
1170
1171
1172
1173
1174
1175
1176
1177
1178
1179
1180
1181
1182
1183
1184
1185
1186
1187
1188
1189
1190
1191
1192
1193
1194
1195
1196
1197
1198
1199
1200
1201
1202
1203
1204
1205
1206
1207
1208
1209
1210
1211
1212
1213
1214
1215
1216
1217
1218
1219
1220
1221
1222
1223
1224
1225
1226
1227
1228
1229
1230
1231
1232
1233
1234
1235
1236
1237
1238
1239
1240
1241
1242
1243
1244
1245
1246
1247
1248
1249
1250
1251
1252
1253
1254
1255
1256
1257
1258
1259
1260
1261
1262
1263
1264
1265
1266
1267
1268
1269
1270
1271
1272
1273
1274
1275
1276
1277
1278
1279
1280
1281
1282
1283
1284
1285
1286
1287
1288
1289
1290
1291
1292
1293
1294
1295
1296
1297
1298
1299
1300
1301
1302
1303
1304
1305
1306
1307
1308
1309
1310
1311
1312
1313
1314
1315
1316
1317
1318
1319
1320
1321
1322
1323
1324
1325
1326
1327
1328
1329
1330
1331
1332
1333
1334
1335
1336
1337
1338
1339
1340
1341
1342
1343
1344
1345
1346
1347
1348
1349
1350
1351
1352
1353
1354
1355
1356
1357
1358
1359
1360
1361
1362
1363
1364
1365
1366
1367
1368
1369
1370
1371
1372
1373
1374
1375
1376
1377
1378
1379
1380
1381
1382
1383
1384
1385
1386
1387
1388
1389
1390
1391
1392
1393
1394
1395
1396
1397
1398
1399
1400
1401
1402
1403
1404
1405
1406
1407
1408
1409
1410
1411
1412
1413
1414
1415
1416
1417
1418
1419
1420
1421
1422
1423
1424
1425
1426
1427
1428
1429
1430
1431
1432
1433
1434
1435
1436
1437
1438
1439
1440
1441
1442
1443
1444
1445
1446
1447
1448
1449
1450
1451
1452
1453
1454
1455
1456
1457
1458
1459
1460
1461
1462
1463
1464
1465
1466
1467
1468
1469
1470
1471
1472
1473
1474
1475
1476
1477
1478
1479
1480
1481
1482
1483
1484
1485
1486
1487
1488
1489
1490
1491
1492
1493
1494
1495
1496
1497
1498
1499
1500
1501
1502
1503
1504
1505
1506
1507
1508
1509
1510
1511
1512
1513
1514
1515
1516
1517
1518
1519
1520
1521
1522
1523
1524
1525
1526
1527
1528
1529
1530
1531
1532
1533
1534
1535
1536
1537
1538
1539
1540
1541
1542
1543
1544
1545
1546
1547
1548
1549
1550
1551
1552
1553
1554
1555
1556
1557
1558
1559
1560
1561
1562
1563
1564
1565
1566
1567
1568
1569
1570
1571
1572
1573
1574
1575
1576
1577
1578
1579
1580
1581
1582
1583
1584
1585
1586
1587
1588
1589
1590
1591
1592
1593
1594
1595
1596
1597
1598
1599
1600
1601
1602
1603
1604
1605
1606
1607
1608
1609
1610
1611
1612
1613
1614
1615
1616
1617
1618
1619
1620
1621
1622
1623
1624
1625
1626
1627
1628
1629
1630
1631
1632
1633
1634
1635
1636
1637
1638
1639
1640
1641
1642
1643
1644
1645
1646
1647
1648
1649
1650
1651
1652
1653
1654
1655
1656
1657
1658
1659
1660
1661
1662
1663
1664
1665
1666
1667
1668
1669
1670
1671
1672
1673
1674
1675
1676
1677
1678
1679
1680
1681
1682
1683
1684
1685
1686
1687
1688
1689
1690
1691
1692
1693
1694
1695
1696
1697
1698
1699
1700
1701
1702
1703
1704
1705
1706
1707
1708
1709
1710
1711
1712
1713
1714
1715
1716
1717
1718
1719
1720
1721
1722
1723
1724
1725
1726
1727
1728
1729
1730
1731
1732
1733
1734
1735
1736
1737
1738
1739
1740
1741
1742
1743
1744
1745
1746
1747
1748
1749
1750
1751
1752
1753
1754
1755
1756
1757
1758
1759
1760
1761
1762
1763
1764
1765
1766
1767
1768
1769
1770
1771
1772
1773
1774
1775
1776
1777
1778
1779
1780
1781
1782
1783
1784
1785
1786
1787
1788
1789
1790
1791
1792
1793
1794
1795
1796
1797
1798
1799
1800
1801
1802
1803
1804
1805
1806
1807
1808
1809
1810
1811
1812
1813
1814
1815
1816
1817
1818
1819
1820
1821
1822
1823
1824
1825
1826
1827
1828
1829
1830
1831
1832
1833
1834
1835
1836
1837
1838
1839
1840
1841
1842
1843
1844
1845
1846
1847
1848
1849
1850
1851
1852
1853
1854
1855
1856
1857
1858
1859
1860
1861
1862
1863
1864
1865
1866
1867
1868
1869
1870
1871
1872
1873
1874
1875
1876
1877
1878
1879
1880
1881
1882
1883
1884
1885
1886
1887
1888
1889
1890
1891
1892
1893
1894
1895
1896
1897
1898
1899
1900
1901
1902
1903
1904
1905
1906
1907
1908
1909
1910
1911
1912
1913
1914
1915
1916
1917
1918
1919
1920
1921
1922
1923
1924
1925
1926
1927
1928
1929
1930
1931
1932
1933
1934
1935
1936
1937
1938
1939
1940
1941
1942
1943
1944
1945
1946
1947
1948
1949
1950
1951
1952
1953
1954
1955
1956
1957
1958
1959
1960
1961
1962
1963
1964
1965
1966
1967
1968
1969
1970
1971
1972
1973
1974
1975
1976
1977
1978
1979
1980
1981
1982
1983
1984
1985
1986
1987
1988
1989
1990
1991
1992
1993
1994
1995
1996
1997
1998
1999
2000
2001
2002
2003
2004
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
2021
2022
2023
2024
2025
2026
2027
2028
2029
2030
2031
2032
2033
2034
2035
2036
2037
2038
2039
2040
2041
2042
2043
2044
2045
2046
2047
2048
2049
2050
2051
2052
2053
2054
2055
2056
2057
2058
2059
2060
2061
2062
2063
2064
2065
2066
2067
2068
2069
2070
2071
2072
2073
2074
2075
2076
2077
2078
2079
2080
2081
2082
2083
2084
2085
2086
2087
2088
2089
2090
2091
2092
2093
2094
2095
2096
2097
2098
2099
2100
2101
2102
2103
2104
2105
2106
2107
2108
2109
2110
2111
2112
2113
2114
2115
2116
2117
2118
2119
2120
2121
2122
2123
2124
2125
2126
2127
2128
2129
2130
2131
2132
2133
2134
2135
2136
2137
2138
2139
2140
2141
2142
2143
2144
2145
2146
2147
2148
2149
2150
2151
2152
2153
2154
2155
2156
2157
2158
2159
2160
2161
2162
2163
2164
2165
2166
2167
2168
|
Delivery-date: Sat, 07 Jun 2025 06:55:16 -0700
Received: from mail-yb1-f187.google.com ([209.85.219.187])
by mail.fairlystable.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
(Exim 4.94.2)
(envelope-from <bitcoindev+bncBDI23FE35EIBBNEJSHBAMGQEAHDSGAQ@googlegroups.com>)
id 1uNu0t-0001jm-UW
for bitcoindev@gnusha.org; Sat, 07 Jun 2025 06:55:16 -0700
Received: by mail-yb1-f187.google.com with SMTP id 3f1490d57ef6-e812e1573ecsf3222588276.2
for <bitcoindev@gnusha.org>; Sat, 07 Jun 2025 06:55:11 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=googlegroups.com; s=20230601; t=1749304506; x=1749909306; darn=gnusha.org;
h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post
:list-id:mailing-list:precedence:x-original-sender:mime-version
:subject:references:in-reply-to:message-id:to:from:date:sender:from
:to:cc:subject:date:message-id:reply-to;
bh=9up5hq4lJvtrJoktHUw8WLn/9puCsIJYdju6zi1b7nA=;
b=RkUlEpHFre0+3f82GTZxk6/rFrd9RLtd3Y/hH07LsiL+RHBUVzjCkDOacnKUyUak9U
/1Mfm68izCtNN3Hd+j6rwsMVLWRr6f+HmBvCjTag6NE5TvF+K7h4v7ln8069pAPkLV5I
3OUBUirsoMNApI4C0HWNvy/Yw8Fn3rdTZPcgadvvHArvcVDeD9aeDnkigFPiHAqO3sks
3Wa5u2ob0sXtRQmWPQ6A96Hi/vX2a5Xlo7h+hj8PvLcK/AEmMRKGLdqhg8SaBQdX98de
EJaqKOqg9ZwWoc47z4P6xhiuuH/CNE5ze8Wnj1GwGRI+CgsePe3Pg3fYe08EW1+pNAy1
8FaQ==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=gmail.com; s=20230601; t=1749304506; x=1749909306; darn=gnusha.org;
h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post
:list-id:mailing-list:precedence:x-original-sender:mime-version
:subject:references:in-reply-to:message-id:to:from:date:from:to:cc
:subject:date:message-id:reply-to;
bh=9up5hq4lJvtrJoktHUw8WLn/9puCsIJYdju6zi1b7nA=;
b=aeVjJaJ65W0ngv2oiSM35+bPvzZXKfLmVCCY+5st+PRhm74xvfpG1slgse9E2luQjP
KfR9MllX92bbd9sGqfL2ZrmotRegSrXNp2xNBGcHB8o5NwusTw2VJ5hwmmhKDWDG4Qxp
xtVaADjsDu71tploQB9cMQEMGIUGoITvGcRlW0CIOsaGcL7h9V/G9Ns3viX+BISDwrkQ
7D6Azg4wrfwBKOCBwqaGt7QZPtr9HRjckfccQ+ePRatoHZaMvYAHjsGCPJflBQLy5QCl
a/3QwZhm7WNYXgPDXX6dSkSuGYj75nf9xu8X307kKes9CL9aJU52iAchNvH4zLBFwEXh
3g3w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20230601; t=1749304506; x=1749909306;
h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post
:list-id:mailing-list:precedence:x-original-sender:mime-version
:subject:references:in-reply-to:message-id:to:from:date:x-beenthere
:x-gm-message-state:sender:from:to:cc:subject:date:message-id
:reply-to;
bh=9up5hq4lJvtrJoktHUw8WLn/9puCsIJYdju6zi1b7nA=;
b=gvUm7rz99Lo/Y53SAfLQuPdjcHaH2ys7OjygBnD6F37/tfihbvi9Q/nI4e5OjkzVl2
W1JNmxGH2idLB5/wTNsp7WpLdeoHtCefQyDEib4Lzz5SSRl8EJ/V58sDPkUgQtcD7d4p
HX/u0bzNZd+g4LFm+4t9jGrMus2/UdR9SVOcplKB70RfPOHEI42T6/UAUVwRHuhJb0Ss
E/H8U1bm0n5i9CLM8GQuh13tZPq14pP+IsZtmpMeRFKE58kMutGjCnAToJgnuS8lq5/n
esC/rXuXq56j46hf7IbpV3C0qMNXSmwizRkzF+2H+xuyneHXfEfpcX14+2xZnSDW5I7e
3DCg==
Sender: bitcoindev@googlegroups.com
X-Forwarded-Encrypted: i=1; AJvYcCVgU7ids4L4BTmyqm2Tb66yAjT+pgUM3kZfwL+rBu2vuDWE04d3dfgoXJ/V5ljk2xtbENbF1fxsEB5M@gnusha.org
X-Gm-Message-State: AOJu0YzeM25xCRvRB9DoqJy4NEUgQJljPbIBJARZ7pGh7+kkweQsDnOx
4P8UYLvCmE1e+94hcmyTknJKJzjMartI2+UsvsQ0Rpz2KOwHyIgRrOGW
X-Google-Smtp-Source: AGHT+IG2Br0Dp1pOKLfFwUWMTeKH6+g6IvzE/4mD7rSui0geEfrJmG0vbjo4qwNjbdBSmdRy62UWkg==
X-Received: by 2002:a05:6902:c06:b0:e7d:c9f4:ed7b with SMTP id 3f1490d57ef6-e81a227c993mr9757571276.1.1749304505627;
Sat, 07 Jun 2025 06:55:05 -0700 (PDT)
X-BeenThere: bitcoindev@googlegroups.com; h=AZMbMZfYGfIeHbTj2cq69vkQxDWQrC35RJGZY1av3o+1sp07bg==
Received: by 2002:a25:6953:0:b0:e81:7cf7:5008 with SMTP id 3f1490d57ef6-e8188826eb1ls2611055276.0.-pod-prod-03-us;
Sat, 07 Jun 2025 06:55:00 -0700 (PDT)
X-Received: by 2002:a05:690c:6c83:b0:6fb:b1dd:a00d with SMTP id 00721157ae682-710f771c5dfmr109416417b3.30.1749304500560;
Sat, 07 Jun 2025 06:55:00 -0700 (PDT)
Received: by 2002:a05:690c:ed6:b0:70d:e0e5:164f with SMTP id 00721157ae682-710f8f40b91ms7b3;
Sat, 7 Jun 2025 06:28:35 -0700 (PDT)
X-Received: by 2002:a05:690c:6f0b:b0:6fb:a696:b23b with SMTP id 00721157ae682-710f7739ae2mr99557867b3.33.1749302914045;
Sat, 07 Jun 2025 06:28:34 -0700 (PDT)
Date: Sat, 7 Jun 2025 06:28:33 -0700 (PDT)
From: waxwing/ AdamISZ <ekaggata@gmail.com>
To: Bitcoin Development Mailing List <bitcoindev@googlegroups.com>
Message-Id: <893891ea-34ec-4d60-9941-9f636be0d747n@googlegroups.com>
In-Reply-To: <ZVSyhRF6sP5xZxzih0EUn-_35mQxiVXYzrvxZ_Dz7tTygUqTmxxyVhFfXswTUmIquzCR6XNGbgLlNUCkHucTAliQf7aesPZBLRFoceu_9BY=@protonmail.com>
References: <E8269A1A-1899-46D2-A7CD-4D9D2B732364@astrotown.de>
<CAJDmzYxw+mXQKjS+h+r6mCoe1rwWUpa_yZDwmwx6U_eO5JhZLg@mail.gmail.com>
<zyx7G6H1TyB2sWVEKAfIYmCCvfXniazvrhGlaZuGLeFtjL3Ky7B-9nBptC0GCxuHMjjw8RasO7c3ZX46_6Nerv0SgCP0vOi5_nAXLmiCJOY=@proton.me>
<CAC3UE4+DR=DQqtT+X0SYvH1XCVnmatD7frcHC5dtdVAef39UnQ@mail.gmail.com>
<CAJDmzYycnXODG_e9ATqTkooUu3C-RS703P1-RQLW5CdcCehsqg@mail.gmail.com>
<ZVSyhRF6sP5xZxzih0EUn-_35mQxiVXYzrvxZ_Dz7tTygUqTmxxyVhFfXswTUmIquzCR6XNGbgLlNUCkHucTAliQf7aesPZBLRFoceu_9BY=@protonmail.com>
Subject: Re: [bitcoindev] Against Allowing Quantum Recovery of Bitcoin
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="----=_Part_18010_831844196.1749302913697"
X-Original-Sender: ekaggata@gmail.com
Precedence: list
Mailing-list: list bitcoindev@googlegroups.com; contact bitcoindev+owners@googlegroups.com
List-ID: <bitcoindev.googlegroups.com>
X-Google-Group-Id: 786775582512
List-Post: <https://groups.google.com/group/bitcoindev/post>, <mailto:bitcoindev@googlegroups.com>
List-Help: <https://groups.google.com/support/>, <mailto:bitcoindev+help@googlegroups.com>
List-Archive: <https://groups.google.com/group/bitcoindev
List-Subscribe: <https://groups.google.com/group/bitcoindev/subscribe>, <mailto:bitcoindev+subscribe@googlegroups.com>
List-Unsubscribe: <mailto:googlegroups-manage+786775582512+unsubscribe@googlegroups.com>,
<https://groups.google.com/group/bitcoindev/subscribe>
X-Spam-Score: 0.0 (/)
------=_Part_18010_831844196.1749302913697
Content-Type: multipart/alternative;
boundary="----=_Part_18011_501201720.1749302913697"
------=_Part_18011_501201720.1749302913697
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
> I'm not a lawyer, but if developers make a conscious decision to make a=
=20
code change that confiscates funds, even with a reasonable heads-up, I feel=
=20
like some lawyers might be tempted to make an argument that those=20
developers should be held responsible for any losses. As everyone knows,=20
Bitcoin has been under legal attacks before, and I'm not sure that anyone=
=20
would (or should) be willing to sign off on a change that might potentially=
=20
open them up to several billion dollars worth of personal responsibility -=
=20
especially if the "bonded courier" actually shows up and reveals a private=
=20
key that would have unlocked funds under the pre-QC scheme.
Coincidentally, Peter Todd has just made the same point in another=20
(apparently unrelated) thread, here:=20
https://groups.google.com/g/bitcoindev/c/bmV1QwYEN4k/m/kkHQZd_BAwAJ
For me it's very clear, that it's not an accident that such "unexpected"=20
side effects exist. It's a feature that I'd whimsically call "ethical=20
impedance-mismatch" (the term impedance mismatch has been used in=20
computing/programming, which itself borrowed it from the real meaning, in=
=20
physics). People have a moral/ethical desire to make bitcoin function as=20
well as possible, and see a failure mode in those using it for other=20
purposes, but that line of thought clashes with the essential, basic=20
principle of censorship-resistance.
So we see technical borked-ness like failure to get accurate fee rates and=
=20
the like, from doing something (attempting to filter at p2p level) that it=
=20
is intrinsically counter to the foundational ethical, functional purpose of=
=20
the system: censorship-resistance. And then we see "cascading failures" of=
=20
the type discussed here: if the devs are working to break bitcoin's ethical=
=20
promise of censorship-resistance, then thugs^H^H politicians and lawyers,=
=20
will seek to take control of that "break" for their own purposes.
That's why I'm not against "quantum recovery" as per the title of this=20
thread. Recovery, independent of outside control, *is* bitcoin's function.=
=20
If half a million btc get spent by someone who has "recovered" in an=20
unexpected way, tough titties. If the entire system collapses because we=20
can't get our act together before 2085 (OK I know some think it's 2035, I=
=20
don't, but whatever), then it is what it is. That is a huge unknown. But=20
Bitcoin will 100% fail if confiscation of *any* type becomes a thing.
Cheers,
AdamISZ/waxwing
On Wednesday, June 4, 2025 at 4:56:53=E2=80=AFAM UTC-3 ArmchairCryptologist=
wrote:
> Hi,
>
> With the longer grace period and selective deactivation, this seems more=
=20
> sensible, but there is one elephant in the room that I haven't seen=20
> mentioned here - namely, the legal aspect. (If it was, sorry I missed it.=
)
>
> I'm not a lawyer, but if developers make a conscious decision to make a=
=20
> code change that confiscates funds, even with a reasonable heads-up, I fe=
el=20
> like some lawyers might be tempted to make an argument that those=20
> developers should be held responsible for any losses. As everyone knows,=
=20
> Bitcoin has been under legal attacks before, and I'm not sure that anyone=
=20
> would (or should) be willing to sign off on a change that might potential=
ly=20
> open them up to several billion dollars worth of personal responsibility =
-=20
> especially if the "bonded courier" actually shows up and reveals a privat=
e=20
> key that would have unlocked funds under the pre-QC scheme.
>
> The only safe-ish way I can see to do this is to have it only affect fund=
s=20
> that are very likely to be lost in the first place. So at the very least,=
=20
> it could not affect UTXOs that could potentially be encumbered with a=20
> timelock (i.e. P2SH/P2WSH), and it could only affect UTXOs that have not=
=20
> moved for a very long time (say 15-20 years).=20
>
> If quantum computers capable of practical attacks against Bitcoin are eve=
r=20
> known to actually exist, *sending*=E2=80=8B to non-PQC addresses should o=
f course=20
> be disabled immediately. But I feel that the nature of a permissionless=
=20
> system implies a large degree of self-responsibility, so if someone choos=
es=20
> to keep using non-PQC addresses even after PQC addresses have become=20
> available and practical quantum attacks are suspected to be an imminent=
=20
> danger, it's not necessarily up to the developers to tell them they can't=
,=20
> only that they really shouldn't.
>
> --
> Regards,
> ArmchairCryptologist
>
> Sent with Proton Mail <https://proton.me/mail/home> secure email.=20
>
> On Monday, May 26th, 2025 at 2:48 AM, Agustin Cruz <agusti...@gmail.com>=
=20
> wrote:
>
> Hi everyone,
>
> QRAMP proposal aims to manage the quantum transition responsibly without=
=20
> disrupting Bitcoin=E2=80=99s core principles.
>
> QRAMP has three phases:
>
> 1. Allow wallets to optionally include PQC keys in Taproot outputs. This=
=20
> enables early adoption without forcing anyone.
>
> 2. Announce a soft fork to disable vulnerable scripts, with a long=20
> (~4-year) grace period. This gives ample time to migrate and avoids sudde=
n=20
> shocks.
>
> 3. Gradually deactivate vulnerable outputs based on age or inactivity.=20
> This avoids a harsh cutoff and gives time for adaptation.
>
> We can also allow exceptions via proof-of-possession, and delay=20
> restrictions on timelocked outputs to avoid harming future spenders.
>
> QRAMP is not about confiscation or control. It=E2=80=99s about aligning=
=20
> incentives, maintaining security, and offering a clear, non-coercive=20
> upgrade path.
>
> Best,
> Agustin Cruz
>
>
>
> El dom, 25 de may de 2025, 7:03=E2=80=AFp.m., Dustin Ray <dustinvo...@gma=
il.com>=20
> escribi=C3=B3:
>
>> The difference between the ETH/ETC split though was that no one had=20
>> anything confiscated except the DAO hacker, everyone retained an identic=
al=20
>> number of tokens on each chain. The proposal for BTC is very different i=
n=20
>> that some holders will lose access to their coins during the PQ migratio=
n=20
>> under the confiscation approach. Just wanted to point that out.
>>
>> On Sun, May 25, 2025 at 3:06=E2=80=AFPM 'conduition' via Bitcoin Develop=
ment=20
>> Mailing List <bitco...@googlegroups.com> wrote:
>>
>>> Hey Saulo,
>>>
>>> You're right about the possibility of an ugly split. Laggards who don't=
=20
>>> move coins to PQ address schemes will be incentivized to follow any cha=
in=20
>>> where they keep their coins. But those who do migrate will be incentivi=
zed=20
>>> to follow the chain where unmigrated pre-quantum coins are frozen.=20
>>>
>>> While you're comparing this event to the ETH/ETC split, we should=20
>>> remember that ETH remained the dominant chain despite their heavy-hande=
d=20
>>> rollback. Just goes to show, confusion and face-loss is a lesser evil t=
han=20
>>> allowing an adversary to pwn the network.=20
>>>
>>> This is the free-market way to solve problems without imposing rules on=
=20
>>> everyone.
>>>
>>>
>>> It'd still be a free market even if quantum-vulnerable coins are frozen=
.=20
>>> The only way to test the relative value of quantum-safe vs=20
>>> quantum-vulnerable coins is to split the chain and see how the market=
=20
>>> reacts.=20
>>>
>>> IMO, the "free market way" is to give people options and let their mone=
y=20
>>> flow to where it works best. That means people should be able to choose=
=20
>>> whether they want their money to be part of a system that allows quantu=
m=20
>>> attack, or part of one which does not. I know which I would choose, but=
=20
>>> neither you nor I can make that choice for everyone.
>>>
>>> regards,
>>> conduition
>>> On Monday, March 24th, 2025 at 7:19 AM, Agustin Cruz <
>>> agusti...@gmail.com> wrote:
>>>
>>> I=E2=80=99m against letting quantum computers scoop up funds from addre=
sses that=20
>>> don=E2=80=99t upgrade to quantum-resistant.=20
>>> Saulo=E2=80=99s idea of a free-market approach, leaving old coins up fo=
r grabs=20
>>> if people don=E2=80=99t move them, sounds fair at first. Let luck decid=
e, right?=20
>>> But I worry it=E2=80=99d turn into a mess. If quantum machines start cr=
acking keys=20
>>> and snagging coins, it=E2=80=99s not just lost Satoshi-era stuff at ris=
k. Plenty of=20
>>> active wallets, like those on the rich list Jameson mentioned, could ge=
t=20
>>> hit too. Imagine millions of BTC flooding the market. Prices tank, trus=
t in=20
>>> Bitcoin takes a dive, and we all feel the pain. Freezing those vulnerab=
le=20
>>> funds keeps that chaos in check.
>>> Plus, =E2=80=9Cyour keys, your coins=E2=80=9D is Bitcoin=E2=80=99s hear=
t. If quantum tech can=20
>>> steal from you just because you didn=E2=80=99t upgrade fast enough, tha=
t promise=20
>>> feels shaky. Freezing funds after a heads-up period (say, four years)=
=20
>>> protects that idea better than letting tech giants or rogue states play=
=20
>>> vampire with our network. It also nudges people to get their act togeth=
er=20
>>> and move to safer addresses, which strengthens Bitcoin long-term.
>>> Saulo=E2=80=99s right that freezing coins could confuse folks or spark =
a split=20
>>> like Ethereum Classic. But I=E2=80=99d argue quantum theft would look w=
orse.=20
>>> Bitcoin would seem broken, not just strict. A clear plan and enough tim=
e to=20
>>> migrate could smooth things over. History=E2=80=99s on our side too. Bi=
tcoin=E2=80=99s=20
>>> fixed bugs before, like SegWit. This feels like that, not a bailout.
>>> So yeah, I=E2=80=99d rather see vulnerable coins locked than handed to =
whoever=20
>>> builds the first quantum rig. It=E2=80=99s less about coddling people a=
nd more=20
>>> about keeping Bitcoin solid for everyone. What do you all think?
>>> Cheers,
>>> Agust=C3=ADn
>>>
>>>
>>> On Sun, Mar 23, 2025 at 10:29=E2=80=AFPM AstroTown <sa...@astrotown.de>=
wrote:
>>>
>>>> I believe that having some entity announce the decision to freeze old=
=20
>>>> UTXOs would be more damaging to Bitcoin=E2=80=99s image (and its value=
) than having=20
>>>> them gathered by QC. This would create another version of Bitcoin, sim=
ilar=20
>>>> to Ethereum Classic, causing confusion in the market.
>>>>
>>>> It would be better to simply implement the possibility of moving funds=
=20
>>>> to a PQC address without a deadline, allowing those who fail to do so =
to=20
>>>> rely on luck to avoid having their coins stolen. Most coins would be=
=20
>>>> migrated to PQC anyway, and in most cases, only the lost ones would re=
main=20
>>>> vulnerable. This is the free-market way to solve problems without impo=
sing=20
>>>> rules on everyone.
>>>>
>>>> Saulo Fonseca
>>>>
>>>>
>>>> On 16. Mar 2025, at 15:15, Jameson Lopp <jameso...@gmail.com> wrote:
>>>>
>>>> The quantum computing debate is heating up. There are many=20
>>>> controversial aspects to this debate, including whether or not quantum=
=20
>>>> computers will ever actually become a practical threat.
>>>>
>>>> I won't tread into the unanswerable question of how worried we should=
=20
>>>> be about quantum computers. I think it's far from a crisis, but given =
the=20
>>>> difficulty in changing Bitcoin it's worth starting to seriously discus=
s.=20
>>>> Today I wish to focus on a philosophical quandary related to one of th=
e=20
>>>> decisions that would need to be made if and when we implement a quantu=
m=20
>>>> safe signature scheme.
>>>>
>>>> Several Scenarios
>>>> Because this essay will reference game theory a fair amount, and there=
=20
>>>> are many variables at play that could change the nature of the game, I=
=20
>>>> think it's important to clarify the possible scenarios up front.
>>>>
>>>> 1. Quantum computing never materializes, never becomes a threat, and=
=20
>>>> thus everything discussed in this essay is moot.
>>>> 2. A quantum computing threat materializes suddenly and Bitcoin does=
=20
>>>> not have quantum safe signatures as part of the protocol. In this scen=
ario=20
>>>> it would likely make the points below moot because Bitcoin would be=20
>>>> fundamentally broken and it would take far too long to upgrade the=20
>>>> protocol, wallet software, and migrate user funds in order to restore=
=20
>>>> confidence in the network.
>>>> 3. Quantum computing advances slowly enough that we come to consensus=
=20
>>>> about how to upgrade Bitcoin and post quantum security has been minima=
lly=20
>>>> adopted by the time an attacker appears.
>>>> 4. Quantum computing advances slowly enough that we come to consensus=
=20
>>>> about how to upgrade Bitcoin and post quantum security has been highly=
=20
>>>> adopted by the time an attacker appears.
>>>>
>>>> For the purposes of this post, I'm envisioning being in situation 3 or=
=20
>>>> 4.
>>>>
>>>> To Freeze or not to Freeze?
>>>> I've started seeing more people weighing in on what is likely the most=
=20
>>>> contentious aspect of how a quantum resistance upgrade should be handl=
ed in=20
>>>> terms of migrating user funds. Should quantum vulnerable funds be left=
open=20
>>>> to be swept by anyone with a sufficiently powerful quantum computer OR=
=20
>>>> should they be permanently locked?
>>>>
>>>> "I don't see why old coins should be confiscated. The better option is=
=20
>>>>> to let those with quantum computers free up old coins. While this mig=
ht=20
>>>>> have an inflationary impact on bitcoin's price, to use a turn of phra=
se,=20
>>>>> the inflation is transitory. Those with low time preference should su=
pport=20
>>>>> returning lost coins to circulation."=20
>>>>
>>>> - Hunter Beast
>>>>
>>>>
>>>> On the other hand:
>>>>
>>>> "Of course they have to be confiscated. If and when (and that's a big=
=20
>>>>> if) the existence of a cryptography-breaking QC becomes a credible th=
reat,=20
>>>>> the Bitcoin ecosystem has no other option than softforking out the ab=
ility=20
>>>>> to spend from signature schemes (including ECDSA and BIP340) that are=
=20
>>>>> vulnerable to QCs. The alternative is that millions of BTC become=20
>>>>> vulnerable to theft; I cannot see how the currency can maintain any v=
alue=20
>>>>> at all in such a setting. And this affects everyone; even those which=
=20
>>>>> diligently moved their coins to PQC-protected schemes."
>>>>> - Pieter Wuille
>>>>
>>>>
>>>> I don't think "confiscation" is the most precise term to use, as the=
=20
>>>> funds are not being seized and reassigned. Rather, what we're really=
=20
>>>> discussing would be better described as "burning" - placing the funds =
*out=20
>>>> of reach of everyone*.
>>>>
>>>> Not freezing user funds is one of Bitcoin's inviolable properties.=20
>>>> However, if quantum computing becomes a threat to Bitcoin's elliptic c=
urve=20
>>>> cryptography, *an inviolable property of Bitcoin will be violated one=
=20
>>>> way or another*.
>>>>
>>>> Fundamental Properties at Risk
>>>> 5 years ago I attempted to comprehensively categorize all of Bitcoin's=
=20
>>>> fundamental properties that give it value.=20
>>>> https://nakamoto.com/what-are-the-key-properties-of-bitcoin/
>>>>
>>>> The particular properties in play with regard to this issue seem to be=
:
>>>>
>>>> *Censorship Resistance* - No one should have the power to prevent=20
>>>> others from using their bitcoin or interacting with the network.
>>>>
>>>> *Forward Compatibility* - changing the rules such that certain valid=
=20
>>>> transactions become invalid could undermine confidence in the protocol=
.
>>>>
>>>> *Conservatism* - Users should not be expected to be highly responsive=
=20
>>>> to system issues.
>>>>
>>>> As a result of the above principles, we have developed a strong meme=
=20
>>>> (kudos to Andreas Antonopoulos) that goes as follows:
>>>>
>>>> Not your keys, not your coins.
>>>>
>>>>
>>>> I posit that the corollary to this principle is:
>>>>
>>>> Your keys, only your coins.
>>>>
>>>>
>>>> A quantum capable entity breaks the corollary of this foundational=20
>>>> principle. We secure our bitcoin with the mathematical probabilities=
=20
>>>> related to extremely large random numbers. Your funds are only secure=
=20
>>>> because truly random large numbers should not be guessable or discover=
able=20
>>>> by anyone else in the world.
>>>>
>>>> This is the principle behind the motto *vires in numeris* - strength=
=20
>>>> in numbers. In a world with quantum enabled adversaries, this principl=
e is=20
>>>> null and void for many types of cryptography, including the elliptic c=
urve=20
>>>> digital signatures used in Bitcoin.
>>>>
>>>> Who is at Risk?
>>>> There has long been a narrative that Satoshi's coins and others from=
=20
>>>> the Satoshi era of P2PK locking scripts that exposed the public key=20
>>>> directly on the blockchain will be those that get scooped up by a quan=
tum=20
>>>> "miner." But unfortunately it's not that simple. If I had a powerful=
=20
>>>> quantum computer, which coins would I target? I'd go to the Bitcoin ri=
ch=20
>>>> list and find the wallets that have exposed their public keys due to=
=20
>>>> re-using addresses that have previously been spent from. You can easil=
y=20
>>>> find them at=20
>>>> https://bitinfocharts.com/top-100-richest-bitcoin-addresses.html
>>>>
>>>> Note that a few of these wallets, like Bitfinex / Kraken / Tether,=20
>>>> would be slightly harder to crack because they are multisig wallets. S=
o a=20
>>>> quantum attacker would need to reverse engineer 2 keys for Kraken or 3=
for=20
>>>> Bitfinex / Tether in order to spend funds. But many are single signatu=
re.
>>>>
>>>> Point being, it's not only the really old lost BTC that are at risk to=
=20
>>>> a quantum enabled adversary, at least at time of writing. If we add a=
=20
>>>> quantum safe signature scheme, we should expect those wallets to be so=
me of=20
>>>> the first to upgrade given their incentives.
>>>>
>>>> The Ethical Dilemma: Quantifying Harm
>>>> Which decision results in the most harm?
>>>>
>>>> By making quantum vulnerable funds unspendable we potentially harm som=
e=20
>>>> Bitcoin users who were not paying attention and neglected to migrate t=
heir=20
>>>> funds to a quantum safe locking script. This violates the "conservativ=
ism"=20
>>>> principle stated earlier. On the flip side, we prevent those funds plu=
s far=20
>>>> more lost funds from falling into the hands of the few privileged folk=
s who=20
>>>> gain early access to quantum computers.
>>>>
>>>> By leaving quantum vulnerable funds available to spend, the same set o=
f=20
>>>> users who would otherwise have funds frozen are likely to see them sto=
len.=20
>>>> And many early adopters who lost their keys will eventually see their=
=20
>>>> unreachable funds scooped up by a quantum enabled adversary.
>>>>
>>>> Imagine, for example, being James Howells, who accidentally threw away=
=20
>>>> a hard drive with 8,000 BTC on it, currently worth over $600M USD. He =
has=20
>>>> spent a decade trying to retrieve it from the landfill where he knows =
it's=20
>>>> buried, but can't get permission to excavate. I suspect that, given th=
e=20
>>>> choice, he'd prefer those funds be permanently frozen rather than fall=
into=20
>>>> someone else's possession - I know I would.
>>>>
>>>> Allowing a quantum computer to access lost funds doesn't make those=20
>>>> users any worse off than they were before, however it *would*have a=20
>>>> negative impact upon everyone who is currently holding bitcoin.
>>>>
>>>> It's prudent to expect significant economic disruption if large amount=
s=20
>>>> of coins fall into new hands. Since a quantum computer is going to hav=
e a=20
>>>> massive up front cost, expect those behind it to desire to recoup thei=
r=20
>>>> investment. We also know from experience that when someone suddenly fi=
nds=20
>>>> themselves in possession of 9+ figures worth of highly liquid assets, =
they=20
>>>> tend to diversify into other things by selling.
>>>>
>>>> Allowing quantum recovery of bitcoin is *tantamount to wealth=20
>>>> redistribution*. What we'd be allowing is for bitcoin to be=20
>>>> redistributed from those who are ignorant of quantum computers to thos=
e who=20
>>>> have won the technological race to acquire quantum computers. It's har=
d to=20
>>>> see a bright side to that scenario.
>>>>
>>>> Is Quantum Recovery Good for Anyone?
>>>>
>>>> Does quantum recovery HELP anyone? I've yet to come across an argument=
=20
>>>> that it's a net positive in any way. It certainly doesn't add any secu=
rity=20
>>>> to the network. If anything, it greatly decreases the security of the=
=20
>>>> network by allowing funds to be claimed by those who did not earn them=
.
>>>>
>>>> But wait, you may be thinking, wouldn't quantum "miners" have earned=
=20
>>>> their coins by all the work and resources invested in building a quant=
um=20
>>>> computer? I suppose, in the same sense that a burglar earns their spoi=
ls by=20
>>>> the resources they invest into surveilling targets and learning the sk=
ills=20
>>>> needed to break into buildings. What I say "earned" I mean through=20
>>>> productive mutual trade.
>>>>
>>>> For example:
>>>>
>>>> * Investors earn BTC by trading for other currencies.
>>>> * Merchants earn BTC by trading for goods and services.
>>>> * Miners earn BTC by trading thermodynamic security.
>>>> * Quantum miners don't trade anything, they are vampires feeding upon=
=20
>>>> the system.
>>>>
>>>> There's no reason to believe that allowing quantum adversaries to=20
>>>> recover vulnerable bitcoin will be of benefit to anyone other than the=
=20
>>>> select few organizations that win the technological arms race to build=
the=20
>>>> first such computers. Probably nation states and/or the top few larges=
t=20
>>>> tech companies.
>>>>
>>>> One could certainly hope that an organization with quantum supremacy i=
s=20
>>>> benevolent and acts in a "white hat" manner to return lost coins to th=
eir=20
>>>> owners, but that's incredibly optimistic and foolish to rely upon. Suc=
h a=20
>>>> situation creates an insurmountable ethical dilemma of only recovering=
lost=20
>>>> bitcoin rather than currently owned bitcoin. There's no way to precise=
ly=20
>>>> differentiate between the two; anyone can claim to have lost their bit=
coin=20
>>>> but if they have lost their keys then proving they ever had the keys=
=20
>>>> becomes rather difficult. I imagine that any such white hat recovery=
=20
>>>> efforts would have to rely upon attestations from trusted third partie=
s=20
>>>> like exchanges.
>>>>
>>>> Even if the first actor with quantum supremacy is benevolent, we must=
=20
>>>> assume the technology could fall into adversarial hands and thus think=
=20
>>>> adversarially about the potential worst case outcomes. Imagine, for=20
>>>> example, that North Korea continues scooping up billions of dollars fr=
om=20
>>>> hacking crypto exchanges and decides to invest some of those proceeds =
into=20
>>>> building a quantum computer for the biggest payday ever...
>>>>
>>>> Downsides to Allowing Quantum Recovery
>>>> Let's think through an exhaustive list of pros and cons for allowing o=
r=20
>>>> preventing the seizure of funds by a quantum adversary.
>>>>
>>>> Historical Precedent
>>>> Previous protocol vulnerabilities weren=E2=80=99t celebrated as "fair =
game" but=20
>>>> rather were treated as failures to be remediated. Treating quantum the=
ft=20
>>>> differently risks rewriting Bitcoin=E2=80=99s history as a free-for-al=
l rather than=20
>>>> a system that seeks to protect its users.
>>>>
>>>> Violation of Property Rights
>>>> Allowing a quantum adversary to take control of funds undermines the=
=20
>>>> fundamental principle of cryptocurrency - if you keep your keys in you=
r=20
>>>> possession, only you should be able to access your money. Bitcoin is b=
uilt=20
>>>> on the idea that private keys secure an individual=E2=80=99s assets, a=
nd=20
>>>> unauthorized access (even via advanced tech) is theft, not a legitimat=
e=20
>>>> transfer.
>>>>
>>>> Erosion of Trust in Bitcoin
>>>> If quantum attackers can exploit vulnerable addresses, confidence in=
=20
>>>> Bitcoin as a secure store of value would collapse. Users and investors=
rely=20
>>>> on cryptographic integrity, and widespread theft could drive adoption =
away=20
>>>> from Bitcoin, destabilizing its ecosystem.
>>>>
>>>> This is essentially the counterpoint to claiming the burning of=20
>>>> vulnerable funds is a violation of property rights. While some will=20
>>>> certainly see it as such, others will find the apathy toward stopping=
=20
>>>> quantum theft to be similarly concerning.
>>>>
>>>> Unfair Advantage
>>>> Quantum attackers, likely equipped with rare and expensive technology,=
=20
>>>> would have an unjust edge over regular users who lack access to such t=
ools.=20
>>>> This creates an inequitable system where only the technologically elit=
e can=20
>>>> exploit others, contradicting Bitcoin=E2=80=99s ethos of decentralized=
power.
>>>>
>>>> Bitcoin is designed to create an asymmetric advantage for DEFENDING=20
>>>> one's wealth. It's supposed to be impractically expensive for attacker=
s to=20
>>>> crack the entropy and cryptography protecting one's coins. But now we =
find=20
>>>> ourselves discussing a situation where this asymmetric advantage is=20
>>>> compromised in favor of a specific class of attackers.
>>>>
>>>> Economic Disruption
>>>> Large-scale theft from vulnerable addresses could crash Bitcoin=E2=80=
=99s price=20
>>>> as quantum recovered funds are dumped on exchanges. This would harm al=
l=20
>>>> holders, not just those directly targeted, leading to broader financia=
l=20
>>>> chaos in the markets.
>>>>
>>>> Moral Responsibility
>>>> Permitting theft via quantum computing sets a precedent that=20
>>>> technological superiority justifies unethical behavior. This is essent=
ially=20
>>>> taking a "code is law" stance in which we refuse to admit that both co=
de=20
>>>> and laws can be modified to adapt to previously unforeseen situations.
>>>>
>>>> Burning of coins can certainly be considered a form of theft, thus I=
=20
>>>> think it's worth differentiating the two different thefts being discus=
sed:
>>>>
>>>> 1. self-enriching & likely malicious
>>>> 2. harm prevention & not necessarily malicious
>>>>
>>>> Both options lack the consent of the party whose coins are being burnt=
=20
>>>> or transferred, thus I think the simple argument that theft is immoral=
=20
>>>> becomes a wash and it's important to drill down into the details of ea=
ch.
>>>>
>>>> Incentives Drive Security
>>>> I can tell you from a decade of working in Bitcoin security - the=20
>>>> average user is lazy and is a procrastinator. If Bitcoiners are given =
a=20
>>>> "drop dead date" after which they know vulnerable funds will be burned=
,=20
>>>> this pressure accelerates the adoption of post-quantum cryptography an=
d=20
>>>> strengthens Bitcoin long-term. Allowing vulnerable users to delay upgr=
ading=20
>>>> indefinitely will result in more laggards, leaving the network more ex=
posed=20
>>>> when quantum tech becomes available.
>>>>
>>>> Steel Manning
>>>> Clearly this is a complex and controversial topic, thus it's worth=20
>>>> thinking through the opposing arguments.
>>>>
>>>> Protecting Property Rights
>>>> Allowing quantum computers to take vulnerable bitcoin could potentiall=
y=20
>>>> be spun as a hard money narrative - we care so greatly about not viola=
ting=20
>>>> someone's access to their coins that we allow them to be stolen!
>>>>
>>>> But I think the flip side to the property rights narrative is that=20
>>>> burning vulnerable coins prevents said property from falling into=20
>>>> undeserving hands. If the entire Bitcoin ecosystem just stands around =
and=20
>>>> allows quantum adversaries to claim funds that rightfully belong to ot=
her=20
>>>> users, is that really a "win" in the "protecting property rights" cate=
gory?=20
>>>> It feels more like apathy to me.
>>>>
>>>> As such, I think the "protecting property rights" argument is a wash.
>>>>
>>>> Quantum Computers Won't Attack Bitcoin
>>>> There is a great deal of skepticism that sufficiently powerful quantum=
=20
>>>> computers will ever exist, so we shouldn't bother preparing for a=20
>>>> non-existent threat. Others have argued that even if such a computer w=
as=20
>>>> built, a quantum attacker would not go after bitcoin because they woul=
dn't=20
>>>> want to reveal their hand by doing so, and would instead attack other=
=20
>>>> infrastructure.
>>>>
>>>> It's quite difficult to quantify exactly how valuable attacking other=
=20
>>>> infrastructure would be. It also really depends upon when an entity ga=
ins=20
>>>> quantum supremacy and thus if by that time most of the world's systems=
have=20
>>>> already been upgraded. While I think you could argue that certain enti=
ties=20
>>>> gaining quantum capability might not attack Bitcoin, it would only del=
ay=20
>>>> the inevitable - eventually somebody will achieve the capability who=
=20
>>>> decides to use it for such an attack.
>>>>
>>>> Quantum Attackers Would Only Steal Small Amounts
>>>> Some have argued that even if a quantum attacker targeted bitcoin,=20
>>>> they'd only go after old, likely lost P2PK outputs so as to not arouse=
=20
>>>> suspicion and cause a market panic.
>>>>
>>>> I'm not so sure about that; why go after 50 BTC at a time when you=20
>>>> could take 250,000 BTC with the same effort as 50 BTC? This is a class=
ic=20
>>>> "zero day exploit" game theory in which an attacker knows they have a=
=20
>>>> limited amount of time before someone else discovers the exploit and e=
ither=20
>>>> benefits from it or patches it. Take, for example, the recent ByBit at=
tack=20
>>>> - the highest value crypto hack of all time. Lazarus Group had comprom=
ised=20
>>>> the Safe wallet front end JavaScript app and they could have simply ha=
d it=20
>>>> reassign ownership of everyone's Safe wallets as they were interacting=
with=20
>>>> their wallet. But instead they chose to only specifically target ByBit=
's=20
>>>> wallet with $1.5 billion in it because they wanted to maximize their=
=20
>>>> extractable value. If Lazarus had started stealing from every wallet, =
they=20
>>>> would have been discovered quickly and the Safe web app would likely h=
ave=20
>>>> been patched well before any billion dollar wallets executed the malic=
ious=20
>>>> code.
>>>>
>>>> I think the "only stealing small amounts" argument is strongest for=20
>>>> Situation #2 described earlier, where a quantum attacker arrives befor=
e=20
>>>> quantum safe cryptography has been deployed across the Bitcoin ecosyst=
em.=20
>>>> Because if it became clear that Bitcoin's cryptography was broken AND =
there=20
>>>> was nowhere safe for vulnerable users to migrate, the only logical opt=
ion=20
>>>> would be for everyone to liquidate their bitcoin as quickly as possibl=
e. As=20
>>>> such, I don't think it applies as strongly for situations in which we =
have=20
>>>> a migration path available.
>>>>
>>>> The 21 Million Coin Supply Should be in Circulation
>>>> Some folks are arguing that it's important for the "circulating /=20
>>>> spendable" supply to be as close to 21M as possible and that having a=
=20
>>>> significant portion of the supply out of circulation is somehow undesi=
rable.
>>>>
>>>> While the "21M BTC" attribute is a strong memetic narrative, I don't=
=20
>>>> think anyone has ever expected that it would all be in circulation. It=
has=20
>>>> always been understood that many coins will be lost, and that's actual=
ly=20
>>>> part of the game theory of owning bitcoin!
>>>>
>>>> And remember, the 21M number in and of itself is not a particularly=20
>>>> important detail - it's not even mentioned in the whitepaper. What's=
=20
>>>> important is that the supply is well known and not subject to change.
>>>>
>>>> Self-Sovereignty and Personal Responsibility
>>>> Bitcoin=E2=80=99s design empowers individuals to control their own wea=
lth, free=20
>>>> from centralized intervention. This freedom comes with the burden of=
=20
>>>> securing one's private keys. If quantum computing can break obsolete=
=20
>>>> cryptography, the fault lies with users who didn't move their funds to=
=20
>>>> quantum safe locking scripts. Expecting the network to shield users fr=
om=20
>>>> their own negligence undermines the principle that you, and not a thir=
d=20
>>>> party, are accountable for your assets.
>>>>
>>>> I think this is generally a fair point that "the community" doesn't ow=
e=20
>>>> you anything in terms of helping you. I think that we do, however, nee=
d to=20
>>>> consider the incentives and game theory in play with regard to quantum=
safe=20
>>>> Bitcoiners vs quantum vulnerable Bitcoiners. More on that later.
>>>>
>>>> Code is Law
>>>> Bitcoin operates on transparent, immutable rules embedded in its=20
>>>> protocol. If a quantum attacker uses superior technology to derive pri=
vate=20
>>>> keys from public keys, they=E2=80=99re not "hacking" the system - they=
're simply=20
>>>> following what's mathematically permissible within the current code.=
=20
>>>> Altering the protocol to stop this introduces subjective human=20
>>>> intervention, which clashes with the objective, deterministic nature o=
f=20
>>>> blockchain.
>>>>
>>>> While I tend to agree that code is law, one of the entire points of=20
>>>> laws is that they can be amended to improve their efficacy in reducing=
=20
>>>> harm. Leaning on this point seems more like a pro-ossification stance =
that=20
>>>> it's better to do nothing and allow harm to occur rather than take act=
ion=20
>>>> to stop an attack that was foreseen far in advance.
>>>>
>>>> Technological Evolution as a Feature, Not a Bug
>>>> It's well known that cryptography tends to weaken over time and=20
>>>> eventually break. Quantum computing is just the next step in this=20
>>>> progression. Users who fail to adapt (e.g., by adopting quantum-resist=
ant=20
>>>> wallets when available) are akin to those who ignored technological=20
>>>> advancements like multisig or hardware wallets. Allowing quantum theft=
=20
>>>> incentivizes innovation and keeps Bitcoin=E2=80=99s ecosystem dynamic,=
punishing=20
>>>> complacency while rewarding vigilance.
>>>>
>>>> Market Signals Drive Security
>>>> If quantum attackers start stealing funds, it sends a clear signal to=
=20
>>>> the market: upgrade your security or lose everything. This pressure=20
>>>> accelerates the adoption of post-quantum cryptography and strengthens=
=20
>>>> Bitcoin long-term. Coddling vulnerable users delays this necessary=20
>>>> evolution, potentially leaving the network more exposed when quantum t=
ech=20
>>>> becomes widely accessible. Theft is a brutal but effective teacher.
>>>>
>>>> Centralized Blacklisting Power
>>>> Burning vulnerable funds requires centralized decision-making - a soft=
=20
>>>> fork to invalidate certain transactions. This sets a dangerous precede=
nt=20
>>>> for future interventions, eroding Bitcoin=E2=80=99s decentralization. =
If quantum=20
>>>> theft is blocked, what=E2=80=99s next - reversing exchange hacks? The =
system must=20
>>>> remain neutral, even if it means some lose out.
>>>>
>>>> I think this could be a potential slippery slope if the proposal was t=
o=20
>>>> only burn specific addresses. Rather, I'd expect a neutral proposal to=
burn=20
>>>> all funds in locking script types that are known to be quantum vulnera=
ble.=20
>>>> Thus, we could eliminate any subjectivity from the code.
>>>>
>>>> Fairness in Competition
>>>> Quantum attackers aren't cheating; they're using publicly available=20
>>>> physics and math. Anyone with the resources and foresight can build or=
=20
>>>> access quantum tech, just as anyone could mine Bitcoin in 2009 with a =
CPU.=20
>>>> Early adopters took risks and reaped rewards; quantum innovators are d=
oing=20
>>>> the same. Calling it =E2=80=9Cunfair=E2=80=9D ignores that Bitcoin has=
never promised=20
>>>> equality of outcome - only equality of opportunity within its rules.
>>>>
>>>> I find this argument to be a mischaracterization because we're not=20
>>>> talking about CPUs. This is more akin to talking about ASICs, except e=
ach=20
>>>> ASIC costs millions if not billions of dollars. This is out of reach f=
rom=20
>>>> all but the wealthiest organizations.
>>>>
>>>> Economic Resilience
>>>> Bitcoin has weathered thefts before (MTGOX, Bitfinex, FTX, etc) and=20
>>>> emerged stronger. The market can absorb quantum losses, with unaffecte=
d=20
>>>> users continuing to hold and new entrants buying in at lower prices. F=
ear=20
>>>> of economic collapse overestimates the impact - the network=E2=80=99s =
antifragility=20
>>>> thrives on such challenges.
>>>>
>>>> This is a big grey area because we don't know when a quantum computer=
=20
>>>> will come online and we don't know how quickly said computers would be=
able=20
>>>> to steal bitcoin. If, for example, the first generation of sufficientl=
y=20
>>>> powerful quantum computers were stealing less volume than the current =
block=20
>>>> reward then of course it will have minimal economic impact. But if the=
y're=20
>>>> taking thousands of BTC per day and bringing them back into circulatio=
n,=20
>>>> there will likely be a noticeable market impact as it absorbs the new=
=20
>>>> supply.
>>>>
>>>> This is where the circumstances will really matter. If a quantum=20
>>>> attacker appears AFTER the Bitcoin protocol has been upgraded to suppo=
rt=20
>>>> quantum resistant cryptography then we should expect the most valuable=
=20
>>>> active wallets will have upgraded and the juiciest target would be the=
=20
>>>> 31,000 BTC in the address 12ib7dApVFvg82TXKycWBNpN8kFyiAN1dr which has=
been=20
>>>> dormant since 2010. In general I'd expect that the amount of BTC=20
>>>> re-entering the circulating supply would look somewhat similar to the=
=20
>>>> mining emission curve: volume would start off very high as the most=20
>>>> valuable addresses are drained and then it would fall off as quantum=
=20
>>>> computers went down the list targeting addresses with less and less BT=
C.
>>>>
>>>> Why is economic impact a factor worth considering? Miners and=20
>>>> businesses in general. More coins being liquidated will push down the=
=20
>>>> price, which will negatively impact miner revenue. Similarly, I can at=
test=20
>>>> from working in the industry for a decade, that lower prices result in=
less=20
>>>> demand from businesses across the entire industry. As such, burning qu=
antum=20
>>>> vulnerable bitcoin is good for the entire industry.
>>>>
>>>> Practicality & Neutrality of Non-Intervention
>>>> There=E2=80=99s no reliable way to distinguish =E2=80=9Ctheft=E2=80=9D=
from legitimate "white=20
>>>> hat" key recovery. If someone loses their private key and a quantum=20
>>>> computer recovers it, is that stealing or reclaiming? Policing quantum=
=20
>>>> actions requires invasive assumptions about intent, which Bitcoin=E2=
=80=99s=20
>>>> trustless design can=E2=80=99t accommodate. Letting the chips fall whe=
re they may=20
>>>> avoids this mess.
>>>>
>>>> Philosophical Purity
>>>> Bitcoin rejects bailouts. It=E2=80=99s a cold, hard system where outco=
mes=20
>>>> reflect preparation and skill, not sentimentality. If quantum computin=
g=20
>>>> upends the game, that=E2=80=99s the point - Bitcoin isn=E2=80=99t mean=
t to be safe or fair=20
>>>> in a nanny-state sense; it=E2=80=99s meant to be free. Users who lose =
funds to=20
>>>> quantum attacks are casualties of liberty and their own ignorance, not=
=20
>>>> victims of injustice.
>>>>
>>>> Bitcoin's DAO Moment
>>>> This situation has some similarities to The DAO hack of an Ethereum=20
>>>> smart contract in 2016, which resulted in a fork to stop the attacker =
and=20
>>>> return funds to their original owners. The game theory is similar beca=
use=20
>>>> it's a situation where a threat is known but there's some period of ti=
me=20
>>>> before the attacker can actually execute the theft. As such, there's t=
ime=20
>>>> to mitigate the attack by changing the protocol.
>>>>
>>>> It also created a schism in the community around the true meaning of=
=20
>>>> "code is law," resulting in Ethereum Classic, which decided to allow t=
he=20
>>>> attacker to retain control of the stolen funds.
>>>>
>>>> A soft fork to burn vulnerable bitcoin could certainly result in a har=
d=20
>>>> fork if there are enough miners who reject the soft fork and continue=
=20
>>>> including transactions.
>>>>
>>>> Incentives Matter
>>>> We can wax philosophical until the cows come home, but what are the=20
>>>> actual incentives for existing Bitcoin holders regarding this decision=
?
>>>>
>>>> "Lost coins only make everyone else's coins worth slightly more. Think=
=20
>>>>> of it as a donation to everyone." - Satoshi Nakamoto
>>>>
>>>>
>>>> If true, the corollary is:
>>>>
>>>> "Quantum recovered coins only make everyone else's coins worth less.=
=20
>>>>> Think of it as a theft from everyone." - Jameson Lopp
>>>>
>>>>
>>>> Thus, assuming we get to a point where quantum resistant signatures ar=
e=20
>>>> supported within the Bitcoin protocol, what's the incentive to let=20
>>>> vulnerable coins remain spendable?
>>>>
>>>> * It's not good for the actual owners of those coins. It=20
>>>> disincentivizes owners from upgrading until perhaps it's too late.
>>>> * It's not good for the more attentive / responsible owners of coins=
=20
>>>> who have quantum secured their stash. Allowing the circulating supply =
to=20
>>>> balloon will assuredly reduce the purchasing power of all bitcoin hold=
ers.
>>>>
>>>> Forking Game Theory
>>>> From a game theory point of view, I see this as incentivizing users to=
=20
>>>> upgrade their wallets. If you disagree with the burning of vulnerable=
=20
>>>> coins, all you have to do is move your funds to a quantum safe signatu=
re=20
>>>> scheme. Point being, I don't see there being an economic majority (or =
even=20
>>>> more than a tiny minority) of users who would fight such a soft fork. =
Why=20
>>>> expend significant resources fighting a fork when you can just move yo=
ur=20
>>>> coins to a new address?
>>>>
>>>> Remember that blocking spending of certain classes of locking scripts=
=20
>>>> is a tightening of the rules - a soft fork. As such, it can be meaning=
fully=20
>>>> enacted and enforced by a mere majority of hashpower. If miners genera=
lly=20
>>>> agree that it's in their best interest to burn vulnerable coins, are o=
ther=20
>>>> users going to care enough to put in the effort to run new node softwa=
re=20
>>>> that resists the soft fork? Seems unlikely to me.
>>>>
>>>> How to Execute Burning
>>>> In order to be as objective as possible, the goal would be to announce=
=20
>>>> to the world that after a specific block height / timestamp, Bitcoin n=
odes=20
>>>> will no longer accept transactions (or blocks containing such transact=
ions)=20
>>>> that spend funds from any scripts other than the newly instituted quan=
tum=20
>>>> safe schemes.
>>>>
>>>> It could take a staggered approach to first freeze funds that are=20
>>>> susceptible to long-range attacks such as those in P2PK scripts or tho=
se=20
>>>> that exposed their public keys due to previously re-using addresses, b=
ut I=20
>>>> expect the additional complexity would drive further controversy.
>>>>
>>>> How long should the grace period be in order to give the ecosystem tim=
e=20
>>>> to upgrade? I'd say a minimum of 1 year for software wallets to upgrad=
e. We=20
>>>> can only hope that hardware wallet manufacturers are able to implement=
post=20
>>>> quantum cryptography on their existing hardware with only a firmware u=
pdate.
>>>>
>>>> Beyond that, it will take at least 6 months worth of block space for=
=20
>>>> all users to migrate their funds, even in a best case scenario. Though=
if=20
>>>> you exclude dust UTXOs you could probably get 95% of BTC value migrate=
d in=20
>>>> 1 month. Of course this is a highly optimistic situation where everyon=
e is=20
>>>> completely focused on migrations - in reality it will take far longer.
>>>>
>>>> Regardless, I'd think that in order to reasonably uphold Bitcoin's=20
>>>> conservatism it would be preferable to allow a 4 year migration window=
. In=20
>>>> the meantime, mining pools could coordinate emergency soft forking log=
ic=20
>>>> such that if quantum attackers materialized, they could accelerate the=
=20
>>>> countdown to the quantum vulnerable funds burn.
>>>>
>>>> Random Tangential Benefits
>>>> On the plus side, burning all quantum vulnerable bitcoin would allow u=
s=20
>>>> to prune all of those UTXOs out of the UTXO set, which would also clea=
n up=20
>>>> a lot of dust. Dust UTXOs are a bit of an annoyance and there has even=
been=20
>>>> a recent proposal for how to incentivize cleaning them up.
>>>>
>>>> We should also expect that incentivizing migration of the entire UTXO=
=20
>>>> set will create substantial demand for block space that will sustain a=
fee=20
>>>> market for a fairly lengthy amount of time.
>>>>
>>>> In Summary
>>>> While the moral quandary of violating any of Bitcoin's inviolable=20
>>>> properties can make this a very complex issue to discuss, the game the=
ory=20
>>>> and incentives between burning vulnerable coins versus allowing them t=
o be=20
>>>> claimed by entities with quantum supremacy appears to be a much simple=
r=20
>>>> issue.
>>>>
>>>> I, for one, am not interested in rewarding quantum capable entities by=
=20
>>>> inflating the circulating money supply just because some people lost t=
heir=20
>>>> keys long ago and some laggards are not upgrading their bitcoin wallet=
's=20
>>>> security.
>>>>
>>>> We can hope that this scenario never comes to pass, but hope is not a=
=20
>>>> strategy.
>>>>
>>>> I welcome your feedback upon any of the above points, and contribution=
=20
>>>> of any arguments I failed to consider.
>>>>
>>>> --=20
>>>> You received this message because you are subscribed to the Google=20
>>>> Groups "Bitcoin Development Mailing List" group.
>>>> To unsubscribe from this group and stop receiving emails from it, send=
=20
>>>> an email to bitcoindev+...@googlegroups.com.
>>>> To view this discussion visit=20
>>>> https://groups.google.com/d/msgid/bitcoindev/CADL_X_cF%3DUKVa7CitXReMq=
8nA_4RadCF%3D%3DkU4YG%2B0GYN97P6hQ%40mail.gmail.com
>>>> .
>>>>
>>>> --=20
>>>> You received this message because you are subscribed to the Google=20
>>>> Groups "Bitcoin Development Mailing List" group.
>>>> To unsubscribe from this group and stop receiving emails from it, send=
=20
>>>> an email to bitcoindev+...@googlegroups.com.
>>>> To view this discussion visit=20
>>>> https://groups.google.com/d/msgid/bitcoindev/E8269A1A-1899-46D2-A7CD-4=
D9D2B732364%40astrotown.de
>>>> .
>>>
>>>
>>>> --=20
>>> You received this message because you are subscribed to the Google=20
>>> Groups "Bitcoin Development Mailing List" group.
>>> To unsubscribe from this group and stop receiving emails from it, send=
=20
>>> an email to bitcoindev+...@googlegroups.com.
>>> To view this discussion visit=20
>>> https://groups.google.com/d/msgid/bitcoindev/CAJDmzYxw%2BmXQKjS%2Bh%2Br=
6mCoe1rwWUpa_yZDwmwx6U_eO5JhZLg%40mail.gmail.com
>>> .
>>>
>>>
>>> --=20
>>> You received this message because you are subscribed to the Google=20
>>> Groups "Bitcoin Development Mailing List" group.
>>> To unsubscribe from this group and stop receiving emails from it, send=
=20
>>> an email to bitcoindev+...@googlegroups.com.
>>> To view this discussion visit=20
>>> https://groups.google.com/d/msgid/bitcoindev/zyx7G6H1TyB2sWVEKAfIYmCCvf=
XniazvrhGlaZuGLeFtjL3Ky7B-9nBptC0GCxuHMjjw8RasO7c3ZX46_6Nerv0SgCP0vOi5_nAXL=
miCJOY%3D%40proton.me
>>> .
>>>
>> --=20
> You received this message because you are subscribed to the Google Groups=
=20
> "Bitcoin Development Mailing List" group.
> To unsubscribe from this group and stop receiving emails from it, send an=
=20
> email to bitcoindev+...@googlegroups.com.
>
> To view this discussion visit=20
> https://groups.google.com/d/msgid/bitcoindev/CAJDmzYycnXODG_e9ATqTkooUu3C=
-RS703P1-RQLW5CdcCehsqg%40mail.gmail.com
> .
>
>
>
--=20
You received this message because you are subscribed to the Google Groups "=
Bitcoin Development Mailing List" group.
To unsubscribe from this group and stop receiving emails from it, send an e=
mail to bitcoindev+unsubscribe@googlegroups.com.
To view this discussion visit https://groups.google.com/d/msgid/bitcoindev/=
893891ea-34ec-4d60-9941-9f636be0d747n%40googlegroups.com.
------=_Part_18011_501201720.1749302913697
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
<div>> I'm not a lawyer, but if developers make a conscious decision to =
make a=20
code change that confiscates funds, even with a reasonable heads-up, I=20
feel like some lawyers might be tempted to make an argument that those=20
developers should be held responsible for any losses. As everyone knows,
Bitcoin has been under legal attacks before, and I'm not sure that=20
anyone would (or should) be willing to sign off on a change that might=20
potentially open them up to several billion dollars worth of personal=20
responsibility - especially if the "bonded courier" actually shows up=20
and reveals a private key that would have unlocked funds under the=20
pre-QC scheme.</div><div><br /></div><div>Coincidentally, Peter Todd has ju=
st made the same point in another (apparently unrelated) thread, here: http=
s://groups.google.com/g/bitcoindev/c/bmV1QwYEN4k/m/kkHQZd_BAwAJ</div><div><=
br /></div><div>For me it's very clear, that it's not an accident that such=
"unexpected" side effects exist. It's a feature that I'd whimsically call =
"ethical impedance-mismatch" (the term impedance mismatch has been used in =
computing/programming, which itself borrowed it from the real meaning, in p=
hysics). People have a moral/ethical desire to make bitcoin function as wel=
l as possible, and see a failure mode in those using it for other purposes,=
but that line of thought clashes with the essential, basic principle of ce=
nsorship-resistance.</div><div><br /></div><div>So we see technical borked-=
ness like failure to get accurate fee rates and the like, from doing someth=
ing (attempting to filter at p2p level) that it is intrinsically counter to=
the foundational ethical, functional purpose of the system: censorship-res=
istance. And then we see "cascading failures" of the type discussed here: i=
f the devs are working to break bitcoin's ethical promise of censorship-res=
istance, then thugs^H^H politicians and lawyers, will seek to take control =
of that "break" for their own purposes.</div><div><br /></div><div>That's w=
hy I'm not against "quantum recovery" as per the title of this thread. Reco=
very, independent of outside control, *is* bitcoin's function. If half a mi=
llion btc get spent by someone who has "recovered" in an unexpected way, to=
ugh titties. If the entire system collapses because we can't get our act to=
gether before 2085 (OK I know some think it's 2035, I don't, but whatever),=
then it is what it is. That is a huge unknown. But Bitcoin will 100% fail =
if confiscation of *any* type becomes a thing.</div><br /><div>Cheers,</div=
>AdamISZ/waxwing<div class=3D"gmail_quote"><div dir=3D"auto" class=3D"gmail=
_attr">On Wednesday, June 4, 2025 at 4:56:53=E2=80=AFAM UTC-3 ArmchairCrypt=
ologist wrote:<br/></div><blockquote class=3D"gmail_quote" style=3D"margin:=
0 0 0 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;=
"><div style=3D"font-family:Arial,sans-serif;font-size:14px">Hi,</div><div =
style=3D"font-family:Arial,sans-serif;font-size:14px"><br></div><div style=
=3D"font-family:Arial,sans-serif;font-size:14px">With the longer grace peri=
od and selective deactivation, this seems more sensible, but there is one e=
lephant in the room that I haven't seen mentioned here - namely, the le=
gal aspect. (If it was, sorry I missed it.)</div><div style=3D"font-family:=
Arial,sans-serif;font-size:14px"><br></div><div style=3D"font-family:Arial,=
sans-serif;font-size:14px">I'm not a lawyer, but if developers make a c=
onscious decision to make a code change that confiscates funds, even with a=
reasonable heads-up, I feel like some lawyers might be tempted to make an =
argument that those developers should be held responsible for any losses. A=
s everyone knows, Bitcoin has been under legal attacks before, and I'm =
not sure that anyone would (or should) be willing to sign off on a change t=
hat might potentially open them up to several billion dollars worth of pers=
onal responsibility - especially if the "bonded courier" actually=
shows up and reveals a private key that would have unlocked funds under th=
e pre-QC scheme.</div><div style=3D"font-family:Arial,sans-serif;font-size:=
14px"><br></div><div style=3D"font-family:Arial,sans-serif;font-size:14px">=
The only safe-ish way I can see to do this is to have it only affect funds =
that are very likely to be lost in
the first place. So at the very least, it could not affect UTXOs that coul=
d potentially be encumbered with a timelock (i.e. P2SH/P2WSH), and it could=
only affect UTXOs that have not moved for a very long time (say 15-20 year=
s). </div><div style=3D"font-family:Arial,sans-serif;font-size:14px"><br></=
div><div style=3D"font-family:Arial,sans-serif;font-size:14px">If quantum c=
omputers capable of practical attacks against Bitcoin are ever known to act=
ually exist, <b>sending</b>=E2=80=8B to non-PQC addresses should of course =
be disabled immediately. But I feel that the nature of a permissionless sys=
tem implies a large degree of self-responsibility, so if someone chooses to=
keep using non-PQC addresses even after PQC addresses have become availabl=
e and practical quantum attacks are suspected to be an imminent danger, it&=
#39;s not necessarily up to the developers to tell them they can't, onl=
y that they really shouldn't.</div><div style=3D"font-family:Arial,sans=
-serif;font-size:14px"><br></div><div style=3D"font-family:Arial,sans-serif=
;font-size:14px">--</div><div style=3D"font-family:Arial,sans-serif;font-si=
ze:14px">Regards,</div><div style=3D"font-family:Arial,sans-serif;font-size=
:14px">ArmchairCryptologist</div><div style=3D"font-family:Arial,sans-serif=
;font-size:14px"><br></div>
<div style=3D"font-family:Arial,sans-serif;font-size:14px">
<div>
=20
</div>
=20
<div>
Sent with <a href=3D"https://proton.me/mail/home" target=3D"_blank"=
rel=3D"nofollow" data-saferedirecturl=3D"https://www.google.com/url?hl=3De=
n&q=3Dhttps://proton.me/mail/home&source=3Dgmail&ust=3D17493875=
99316000&usg=3DAOvVaw3kMMWbcvOvWny9b4RVrakM">Proton Mail</a> secure ema=
il.
</div>
</div>
<div style=3D"font-family:Arial,sans-serif;font-size:14px"><br><div></div><=
/div><div style=3D"font-family:Arial,sans-serif;font-size:14px"><div>
On Monday, May 26th, 2025 at 2:48 AM, Agustin Cruz <<a href data=
-email-masked rel=3D"nofollow">agusti...@gmail.com</a>> wrote:<br>
</div></div><div style=3D"font-family:Arial,sans-serif;font-size:14=
px"><div><blockquote type=3D"cite">
<div dir=3D"auto">Hi everyone,<div dir=3D"auto"><br></div><div =
dir=3D"auto">QRAMP proposal aims to manage the quantum transition responsib=
ly without disrupting Bitcoin=E2=80=99s core principles.</div><div dir=3D"a=
uto"><br></div><div dir=3D"auto">QRAMP has three phases:</div><div dir=3D"a=
uto"><br></div><div dir=3D"auto">1. Allow wallets to optionally include PQC=
keys in Taproot outputs. This enables early adoption without forcing anyon=
e.</div><div dir=3D"auto"><br></div><div dir=3D"auto">2. Announce a soft fo=
rk to disable vulnerable scripts, with a long (~4-year) grace period. This =
gives ample time to migrate and avoids sudden shocks.</div><div dir=3D"auto=
"><br></div><div dir=3D"auto">3. Gradually deactivate vulnerable outputs ba=
sed on age or inactivity. This avoids a harsh cutoff and gives time for ada=
ptation.</div><div dir=3D"auto"></div><div dir=3D"auto"><br></div><div dir=
=3D"auto">We can also allow exceptions via proof-of-possession, and delay r=
estrictions on timelocked outputs to avoid harming future spenders.</div><d=
iv dir=3D"auto"><br></div><div dir=3D"auto">QRAMP is not about confiscation=
or control. It=E2=80=99s about aligning incentives, maintaining security, =
and offering a clear, non-coercive upgrade path.</div><div dir=3D"auto"><br=
></div><div dir=3D"auto">Best,</div><div dir=3D"auto">Agustin Cruz</div><di=
v dir=3D"auto"><br></div><div dir=3D"auto"><br></div></div><br><div class=
=3D"gmail_quote"><div class=3D"gmail_attr" dir=3D"ltr">El dom, 25 de may de=
2025, 7:03=E2=80=AFp.m., Dustin Ray <<a href rel=3D"noreferrer nofollow=
noopener" data-email-masked>dustinvo...@gmail.com</a>> escribi=C3=B3:<b=
r></div><blockquote style=3D"margin:0 0 0 .8ex;border-left:1px #ccc solid;p=
adding-left:1ex" class=3D"gmail_quote"><div dir=3D"auto">The difference bet=
ween the ETH/ETC split though was that no one had anything confiscated exce=
pt the DAO hacker, everyone retained an identical number of tokens on each =
chain. The proposal for BTC is very different in that some holders will los=
e access to their coins during the PQ migration under the confiscation appr=
oach. Just wanted to point that out.</div><div><br><div class=3D"gmail_quot=
e"><div class=3D"gmail_attr" dir=3D"ltr">On Sun, May 25, 2025 at 3:06=E2=80=
=AFPM 'conduition' via Bitcoin Development Mailing List <<a rel=
=3D"noreferrer nofollow noopener" href data-email-masked>bitco...@googlegro=
ups.com</a>> wrote:<br></div><blockquote style=3D"margin:0px 0px 0px 0.8=
ex;border-left-width:1px;border-left-style:solid;padding-left:1ex;border-le=
ft-color:rgb(204,204,204)" class=3D"gmail_quote"><div style=3D"font-family:=
Arial,sans-serif;font-size:14px">Hey Saulo,</div><div style=3D"font-family:=
Arial,sans-serif;font-size:14px"><br></div><div style=3D"font-family:Arial,=
sans-serif;font-size:14px">You're right about the possibility of an ugl=
y split. Laggards who don't move coins to PQ address schemes will be in=
centivized to follow any chain where they keep their coins. But those who d=
o migrate will be incentivized to follow the chain where unmigrated pre-qua=
ntum coins are frozen. </div><div style=3D"font-family:Arial,sans-serif;fon=
t-size:14px"><br></div><div style=3D"font-family:Arial,sans-serif;font-size=
:14px">While you're comparing this event to the ETH/ETC split, we shoul=
d remember that ETH remained the dominant chain despite their heavy-handed =
rollback. Just goes to show, confusion and face-loss is a lesser evil than =
allowing an adversary to pwn the network. </div><div style=3D"font-family:A=
rial,sans-serif;font-size:14px"><br></div><blockquote style=3D"border-left:=
3px solid rgb(200,200,200);padding-left:10px;border-color:rgb(200,200,200);=
color:rgb(102,102,102)"><div style=3D"font-family:Arial,sans-serif;font-siz=
e:14px">This is the free-market way to solve problems without imposing rule=
s on everyone.<br></div></blockquote><div style=3D"font-family:Arial,sans-s=
erif;font-size:14px"><br></div><div style=3D"font-family:Arial,sans-serif;f=
ont-size:14px">It'd still be a free market even if quantum-vulnerable c=
oins are frozen. The only way to test the relative value of quantum-safe vs=
quantum-vulnerable coins is to split the chain and see how the market reac=
ts. </div><div style=3D"font-family:Arial,sans-serif;font-size:14px"><br></=
div><div style=3D"font-family:Arial,sans-serif;font-size:14px">IMO, the &qu=
ot;free market way" is to give people options and let their money flow=
to where it works best. That means people should be able to choose whether=
they want their money to be part of a system that allows quantum attack, o=
r part of one which does not. I know which I would choose, but neither you =
nor I can make that choice for everyone.</div><div style=3D"font-family:Ari=
al,sans-serif;font-size:14px"><br></div><div style=3D"font-family:Arial,san=
s-serif;font-size:14px">regards,</div><div style=3D"font-family:Arial,sans-=
serif;font-size:14px">conduition</div><div>
On Monday, March 24th, 2025 at 7:19 AM, Agustin Cruz <<a rel=3D"=
noreferrer nofollow noopener" href data-email-masked>agusti...@gmail.com</a=
>> wrote:<br>
<blockquote type=3D"cite">
<div dir=3D"ltr"><div dir=3D"ltr">I=E2=80=99m against letting q=
uantum computers scoop up funds from addresses that don=E2=80=99t upgrade t=
o quantum-resistant. <br>Saulo=E2=80=99s idea of a free-market approach, le=
aving old coins up for grabs if people don=E2=80=99t move them, sounds fair=
at first. Let luck decide, right? But I worry it=E2=80=99d turn into a mes=
s. If quantum machines start cracking keys and snagging coins, it=E2=80=99s=
not just lost Satoshi-era stuff at risk. Plenty of active wallets, like th=
ose on the rich list Jameson mentioned, could get hit too. Imagine millions=
of BTC flooding the market. Prices tank, trust in Bitcoin takes a dive, an=
d we all feel the pain. Freezing those vulnerable funds keeps that chaos in=
check.<br>Plus, =E2=80=9Cyour keys, your coins=E2=80=9D is Bitcoin=E2=80=
=99s heart. If quantum tech can steal from you just because you didn=E2=80=
=99t upgrade fast enough, that promise feels shaky. Freezing funds after a =
heads-up period (say, four years) protects that idea better than letting te=
ch giants or rogue states play vampire with our network. It also nudges peo=
ple to get their act together and move to safer addresses, which strengthen=
s Bitcoin long-term.<br>Saulo=E2=80=99s right that freezing coins could con=
fuse folks or spark a split like Ethereum Classic. But I=E2=80=99d argue qu=
antum theft would look worse. Bitcoin would seem broken, not just strict. A=
clear plan and enough time to migrate could smooth things over. History=E2=
=80=99s on our side too. Bitcoin=E2=80=99s fixed bugs before, like SegWit. =
This feels like that, not a bailout.<br>So yeah, I=E2=80=99d rather see vul=
nerable coins locked than handed to whoever builds the first quantum rig. I=
t=E2=80=99s less about coddling people and more about keeping Bitcoin solid=
for everyone. What do you all think?<br>Cheers,<br>Agust=C3=ADn<br><br></d=
iv><br><div class=3D"gmail_quote"><div dir=3D"ltr" class=3D"gmail_attr">On =
Sun, Mar 23, 2025 at 10:29=E2=80=AFPM AstroTown <<a rel=3D"noreferrer no=
follow noopener" href data-email-masked>sa...@astrotown.de</a>> wrote:<b=
r></div><blockquote class=3D"gmail_quote" style=3D"margin:0px 0px 0px 0.8ex=
;border-left-width:1px;border-left-style:solid;padding-left:1ex;border-left=
-color:rgb(204,204,204)"><div dir=3D"auto"><div dir=3D"ltr"><span style=3D"=
color:rgb(0,0,0)">I believe that having some entity announce the decision t=
o freeze old UTXOs would be more damaging to Bitcoin=E2=80=99s image (and i=
ts value) than having them gathered by QC. This would create another versio=
n of Bitcoin, similar to Ethereum Classic, causing confusion in the market.=
</span><div dir=3D"ltr"><div style=3D"color:rgb(0,0,0)"><br></div><div styl=
e=3D"color:rgb(0,0,0)">It would be better to simply implement the possibili=
ty of moving funds to a PQC address without a deadline, allowing those who =
fail to do so to rely on luck to avoid having their coins stolen. Most coin=
s would be migrated to PQC anyway, and in most cases, only the lost ones wo=
uld remain vulnerable. This is the free-market way to solve problems withou=
t imposing rules on everyone.</div><div style=3D"color:rgb(0,0,0)"><br></di=
v><div style=3D"color:rgb(0,0,0)">Saulo Fonseca</div><div style=3D"color:rg=
b(0,0,0)"><br></div><div style=3D"color:rgb(0,0,0)"><br><blockquote type=3D=
"cite"><div>On 16. Mar 2025, at 15:15, Jameson Lopp <<span dir=3D"ltr"><=
a rel=3D"noreferrer nofollow noopener" href data-email-masked>jameso...@gma=
il.com</a></span>> wrote:</div><br><div><div dir=3D"ltr">The quantum com=
puting debate is heating up. There are many controversial aspects to this d=
ebate, including whether or not quantum computers will ever actually become=
a practical threat.<div><br>I won't tread into the unanswerable questi=
on of how worried we should be about quantum computers. I think it's fa=
r from a crisis, but given the difficulty in changing Bitcoin it's wort=
h starting to seriously discuss. Today I wish to focus on a philosophical q=
uandary related to one of the decisions that would need to be made if and w=
hen we implement a quantum safe signature scheme.<br><br><font style=3D"col=
or:rgb(0,0,0)" size=3D"6">Several Scenarios<br></font>Because this essay wi=
ll reference game theory a fair amount, and there are many variables at pla=
y that could change the nature of the game, I think it's important to c=
larify the possible scenarios up front.<br><br>1. Quantum computing never m=
aterializes, never becomes a threat, and thus everything discussed in this =
essay is moot.<br>2. A quantum computing threat materializes suddenly and B=
itcoin does not have quantum safe signatures as part of the protocol. In th=
is scenario it would likely make the points below moot because Bitcoin woul=
d be fundamentally broken and it would take far too long to upgrade the pro=
tocol, wallet software, and migrate user funds in order to restore confiden=
ce in the network.<br>3. Quantum computing advances slowly enough that we c=
ome to consensus about how to upgrade Bitcoin and post quantum security has=
been minimally adopted by the time an attacker appears.<br>4. Quantum comp=
uting advances slowly enough that we come to consensus about how to upgrade=
Bitcoin and post quantum security has been highly adopted by the time an a=
ttacker appears.<br><br>For the purposes of this post, I'm envisioning =
being in situation 3 or 4.<br><br><font style=3D"color:rgb(0,0,0)" size=3D"=
6">To Freeze or not to Freeze?<br></font>I've started seeing more peopl=
e weighing in on what is likely the most contentious aspect of how a quantu=
m resistance upgrade should be handled in terms of migrating user funds. Sh=
ould quantum vulnerable funds be left open to be swept by anyone with a suf=
ficiently powerful quantum computer OR should they be permanently locked?<b=
r><br><blockquote class=3D"gmail_quote" style=3D"margin:0px 0px 0px 0.8ex;p=
adding-left:1ex;border-left-color:rgb(204,204,204)">"I don't see w=
hy old coins should be confiscated. The better option is to let those with =
quantum computers free up old coins. While this might have an inflationary =
impact on bitcoin's price, to use a turn of phrase, the inflation is tr=
ansitory. Those with low time preference should support returning lost coin=
s to circulation." </blockquote><blockquote class=3D"gmail_quote" styl=
e=3D"margin:0px 0px 0px 0.8ex;padding-left:1ex;border-left-color:rgb(204,20=
4,204)">- Hunter Beast</blockquote><div><br></div>On the other hand:</div><=
div><br><blockquote class=3D"gmail_quote" style=3D"margin:0px 0px 0px 0.8ex=
;padding-left:1ex;border-left-color:rgb(204,204,204)">"Of course they =
have to be confiscated. If and when (and that's a big if) the existence=
of a cryptography-breaking QC becomes a credible threat, the Bitcoin ecosy=
stem has no other option than softforking out the ability to spend from sig=
nature schemes (including ECDSA and BIP340) that are vulnerable to QCs. The=
alternative is that millions of BTC become vulnerable to theft; I cannot s=
ee how the currency can maintain any value at all in such a setting. And th=
is affects everyone; even those which diligently moved their coins to PQC-p=
rotected schemes."<br>- Pieter Wuille</blockquote><br>I don't thin=
k "confiscation" is the most precise term to use, as the funds ar=
e not being seized and reassigned. Rather, what we're really discussing=
would be better described as "burning" - placing the funds <b>ou=
t of reach of everyone</b>.<br><br>Not freezing user funds is one of Bitcoi=
n's inviolable properties. However, if quantum computing becomes a thre=
at to Bitcoin's elliptic curve cryptography, <b>an inviolable property =
of Bitcoin will be violated one way or another</b>.<br><br><font style=3D"c=
olor:rgb(0,0,0)" size=3D"6">Fundamental Properties at Risk<br></font>5 year=
s ago I attempted to comprehensively categorize all of Bitcoin's fundam=
ental properties that give it value. <a rel=3D"noreferrer nofollow noopener=
" href=3D"https://nakamoto.com/what-are-the-key-properties-of-bitcoin/" tar=
get=3D"_blank" data-saferedirecturl=3D"https://www.google.com/url?hl=3Den&a=
mp;q=3Dhttps://nakamoto.com/what-are-the-key-properties-of-bitcoin/&sou=
rce=3Dgmail&ust=3D1749387599316000&usg=3DAOvVaw0iqW5fFv-B1rrwD99rTI=
o-">https://nakamoto.com/what-are-the-key-properties-of-bitcoin/<br></a><br=
>The particular properties in play with regard to this issue seem to be:<br=
><br><b>Censorship Resistance</b> - No one should have the power to prevent=
others from using their bitcoin or interacting with the network.<br><br><b=
>Forward Compatibility</b> - changing the rules such that certain valid tra=
nsactions become invalid could undermine confidence in the protocol.<br><br=
><b>Conservatism</b> - Users should not be expected to be highly responsive=
to system issues.<br><br>As a result of the above principles, we have deve=
loped a strong meme (kudos to Andreas Antonopoulos) that goes as follows:<b=
r><br><blockquote class=3D"gmail_quote" style=3D"margin:0px 0px 0px 0.8ex;p=
adding-left:1ex;border-left-color:rgb(204,204,204)">Not your keys, not your=
coins.</blockquote><br>I posit that the corollary to this principle is:<br=
><br><blockquote class=3D"gmail_quote" style=3D"margin:0px 0px 0px 0.8ex;pa=
dding-left:1ex;border-left-color:rgb(204,204,204)">Your keys, only your coi=
ns.</blockquote><br>A quantum capable entity breaks the corollary of this f=
oundational principle. We secure our bitcoin with the mathematical probabil=
ities related to extremely large random numbers. Your funds are only secure=
because truly random large numbers should not be guessable or discoverable=
by anyone else in the world.<br><br>This is the principle behind the motto=
<i>vires in numeris</i> - strength in numbers. In a world with quantum ena=
bled adversaries, this principle is null and void for many types of cryptog=
raphy, including the elliptic curve digital signatures used in Bitcoin.<br>=
<br><font style=3D"color:rgb(0,0,0)" size=3D"6">Who is at Risk?<br></font>T=
here has long been a narrative that Satoshi's coins and others from the=
Satoshi era of P2PK locking scripts that exposed the public key directly o=
n the blockchain will be those that get scooped up by a quantum "miner=
." But unfortunately it's not that simple. If I had a powerful qua=
ntum computer, which coins would I target? I'd go to the Bitcoin rich l=
ist and find the wallets that have exposed their public keys due to re-usin=
g addresses that have previously been spent from. You can easily find them =
at <a rel=3D"noreferrer nofollow noopener" href=3D"https://bitinfocharts.co=
m/top-100-richest-bitcoin-addresses.html" target=3D"_blank" data-saferedire=
cturl=3D"https://www.google.com/url?hl=3Den&q=3Dhttps://bitinfocharts.c=
om/top-100-richest-bitcoin-addresses.html&source=3Dgmail&ust=3D1749=
387599316000&usg=3DAOvVaw1kKsE-BMLVFNYvXG--yjM_">https://bitinfocharts.=
com/top-100-richest-bitcoin-addresses.html</a><br><br>Note that a few of th=
ese wallets, like Bitfinex / Kraken / Tether, would be slightly harder to c=
rack because they are multisig wallets. So a quantum attacker would need to=
reverse engineer 2 keys for Kraken or 3 for Bitfinex / Tether in order to =
spend funds. But many are single signature.<br><br>Point being, it's no=
t only the really old lost BTC that are at risk to a quantum enabled advers=
ary, at least at time of writing. If we add a quantum safe signature scheme=
, we should expect those wallets to be some of the first to upgrade given t=
heir incentives.<br><br><font style=3D"color:rgb(0,0,0)" size=3D"6">The Eth=
ical Dilemma: Quantifying Harm<br></font>Which decision results in the most=
harm?<br><br>By making quantum vulnerable funds unspendable we potentially=
harm some Bitcoin users who were not paying attention and neglected to mig=
rate their funds to a quantum safe locking script. This violates the "=
conservativism" principle stated earlier. On the flip side, we prevent=
those funds plus far more lost funds from falling into the hands of the fe=
w privileged folks who gain early access to quantum computers.<br><br>By le=
aving quantum vulnerable funds available to spend, the same set of users wh=
o would otherwise have funds frozen are likely to see them stolen. And many=
early adopters who lost their keys will eventually see their unreachable f=
unds scooped up by a quantum enabled adversary.<br><br>Imagine, for example=
, being James Howells, who accidentally threw away a hard drive with 8,000 =
BTC on it, currently worth over $600M USD. He has spent a decade trying to =
retrieve it from the landfill where he knows it's buried, but can't=
get permission to excavate. I suspect that, given the choice, he'd pre=
fer those funds be permanently frozen rather than fall into someone else=
9;s possession - I know I would.<br><br>Allowing a quantum computer to acce=
ss lost funds doesn't make those users any worse off than they were bef=
ore, however it <i>would</i>have a negative impact upon everyone who is cur=
rently holding bitcoin.<br><br>It's prudent to expect significant econo=
mic disruption if large amounts of coins fall into new hands. Since a quant=
um computer is going to have a massive up front cost, expect those behind i=
t to desire to recoup their investment. We also know from experience that w=
hen someone suddenly finds themselves in possession of 9+ figures worth of =
highly liquid assets, they tend to diversify into other things by selling.<=
br><br>Allowing quantum recovery of bitcoin is <i>tantamount to wealth redi=
stribution</i>. What we'd be allowing is for bitcoin to be redistribute=
d from those who are ignorant of quantum computers to those who have won th=
e technological race to acquire quantum computers. It's hard to see a b=
right side to that scenario.<br><br><font style=3D"color:rgb(0,0,0)" size=
=3D"6">Is Quantum Recovery Good for Anyone?</font><br><br>Does quantum reco=
very HELP anyone? I've yet to come across an argument that it's a n=
et positive in any way. It certainly doesn't add any security to the ne=
twork. If anything, it greatly decreases the security of the network by all=
owing funds to be claimed by those who did not earn them.<br><br>But wait, =
you may be thinking, wouldn't quantum "miners" have earned th=
eir coins by all the work and resources invested in building a quantum comp=
uter? I suppose, in the same sense that a burglar earns their spoils by the=
resources they invest into surveilling targets and learning the skills nee=
ded to break into buildings. What I say "earned" I mean through p=
roductive mutual trade.<br><br>For example:<br><br>* Investors earn BTC by =
trading for other currencies.<br>* Merchants earn BTC by trading for goods =
and services.<br>* Miners earn BTC by trading thermodynamic security.<br>* =
Quantum miners don't trade anything, they are vampires feeding upon the=
system.<br><br>There's no reason to believe that allowing quantum adve=
rsaries to recover vulnerable bitcoin will be of benefit to anyone other th=
an the select few organizations that win the technological arms race to bui=
ld the first such computers. Probably nation states and/or the top few larg=
est tech companies.<br><br>One could certainly hope that an organization wi=
th quantum supremacy is benevolent and acts in a "white hat" mann=
er to return lost coins to their owners, but that's incredibly optimist=
ic and foolish to rely upon. Such a situation creates an insurmountable eth=
ical dilemma of only recovering lost bitcoin rather than currently owned bi=
tcoin. There's no way to precisely differentiate between the two; anyon=
e can claim to have lost their bitcoin but if they have lost their keys the=
n proving they ever had the keys becomes rather difficult. I imagine that a=
ny such white hat recovery efforts would have to rely upon attestations fro=
m trusted third parties like exchanges.<br><br>Even if the first actor with=
quantum supremacy is benevolent, we must assume the technology could fall =
into adversarial hands and thus think adversarially about the potential wor=
st case outcomes. Imagine, for example, that North Korea continues scooping=
up billions of dollars from hacking crypto exchanges and decides to invest=
some of those proceeds into building a quantum computer for the biggest pa=
yday ever...<br><br><font style=3D"color:rgb(0,0,0)" size=3D"6">Downsides t=
o Allowing Quantum Recovery</font><br>Let's think through an exhaustive=
list of pros and cons for allowing or preventing the seizure of funds by a=
quantum adversary.<br><br><font style=3D"color:rgb(0,0,0)" size=3D"4">Hist=
orical Precedent</font><br>Previous protocol vulnerabilities weren=E2=80=99=
t celebrated as "fair game" but rather were treated as failures t=
o be remediated. Treating quantum theft differently risks rewriting Bitcoin=
=E2=80=99s history as a free-for-all rather than a system that seeks to pro=
tect its users.<br><br><font style=3D"color:rgb(0,0,0)" size=3D"4">Violatio=
n of Property Rights</font><br>Allowing a quantum adversary to take control=
of funds undermines the fundamental principle of cryptocurrency - if you k=
eep your keys in your possession, only you should be able to access your mo=
ney. Bitcoin is built on the idea that private keys secure an individual=E2=
=80=99s assets, and unauthorized access (even via advanced tech) is theft, =
not a legitimate transfer.<br><br><font style=3D"color:rgb(0,0,0)" size=3D"=
4">Erosion of Trust in Bitcoin</font><br>If quantum attackers can exploit v=
ulnerable addresses, confidence in Bitcoin as a secure store of value would=
collapse. Users and investors rely on cryptographic integrity, and widespr=
ead theft could drive adoption away from Bitcoin, destabilizing its ecosyst=
em.<br><br>This is essentially the counterpoint to claiming the burning of =
vulnerable funds is a violation of property rights. While some will certain=
ly see it as such, others will find the apathy toward stopping quantum thef=
t to be similarly concerning.<br><br><font style=3D"color:rgb(0,0,0)" size=
=3D"4">Unfair Advantage</font><br>Quantum attackers, likely equipped with r=
are and expensive technology, would have an unjust edge over regular users =
who lack access to such tools. This creates an inequitable system where onl=
y the technologically elite can exploit others, contradicting Bitcoin=E2=80=
=99s ethos of decentralized power.<br><br>Bitcoin is designed to create an =
asymmetric advantage for DEFENDING one's wealth. It's supposed to b=
e impractically expensive for attackers to crack the entropy and cryptograp=
hy protecting one's coins. But now we find ourselves discussing a situa=
tion where this asymmetric advantage is compromised in favor of a specific =
class of attackers.<br><br><font style=3D"color:rgb(0,0,0)" size=3D"4">Econ=
omic Disruption</font><br>Large-scale theft from vulnerable addresses could=
crash Bitcoin=E2=80=99s price as quantum recovered funds are dumped on exc=
hanges. This would harm all holders, not just those directly targeted, lead=
ing to broader financial chaos in the markets.<br><br><font style=3D"color:=
rgb(0,0,0)" size=3D"4">Moral Responsibility</font><br>Permitting theft via =
quantum computing sets a precedent that technological superiority justifies=
unethical behavior. This is essentially taking a "code is law" s=
tance in which we refuse to admit that both code and laws can be modified t=
o adapt to previously unforeseen situations.<br><br>Burning of coins can ce=
rtainly be considered a form of theft, thus I think it's worth differen=
tiating the two different thefts being discussed:<br><br>1. self-enriching =
& likely malicious<br>2. harm prevention & not necessarily maliciou=
s<br><br>Both options lack the consent of the party whose coins are being b=
urnt or transferred, thus I think the simple argument that theft is immoral=
becomes a wash and it's important to drill down into the details of ea=
ch.<br><br><font style=3D"color:rgb(0,0,0)" size=3D"4">Incentives Drive Sec=
urity</font><br>I can tell you from a decade of working in Bitcoin security=
- the average user is lazy and is a procrastinator. If Bitcoiners are give=
n a "drop dead date" after which they know vulnerable funds will =
be burned, this pressure accelerates the adoption of post-quantum cryptogra=
phy and strengthens Bitcoin long-term. Allowing vulnerable users to delay u=
pgrading indefinitely will result in more laggards, leaving the network mor=
e exposed when quantum tech becomes available.<br><br><font style=3D"color:=
rgb(0,0,0)" size=3D"6">Steel Manning<br></font>Clearly this is a complex an=
d controversial topic, thus it's worth thinking through the opposing ar=
guments.<br><br><font style=3D"color:rgb(0,0,0)" size=3D"4">Protecting Prop=
erty Rights</font><br>Allowing quantum computers to take vulnerable bitcoin=
could potentially be spun as a hard money narrative - we care so greatly a=
bout not violating someone's access to their coins that we allow them t=
o be stolen!<br><br>But I think the flip side to the property rights narrat=
ive is that burning vulnerable coins prevents said property from falling in=
to undeserving hands. If the entire Bitcoin ecosystem just stands around an=
d allows quantum adversaries to claim funds that rightfully belong to other=
users, is that really a "win" in the "protecting property r=
ights" category? It feels more like apathy to me.<br><br>As such, I th=
ink the "protecting property rights" argument is a wash.<br><br><=
font style=3D"color:rgb(0,0,0)" size=3D"4">Quantum Computers Won't Atta=
ck Bitcoin</font><br>There is a great deal of skepticism that sufficiently =
powerful quantum computers will ever exist, so we shouldn't bother prep=
aring for a non-existent threat. Others have argued that even if such a com=
puter was built, a quantum attacker would not go after bitcoin because they=
wouldn't want to reveal their hand by doing so, and would instead atta=
ck other infrastructure.<br><br>It's quite difficult to quantify exactl=
y how valuable attacking other infrastructure would be. It also really depe=
nds upon when an entity gains quantum supremacy and thus if by that time mo=
st of the world's systems have already been upgraded. While I think you=
could argue that certain entities gaining quantum capability might not att=
ack Bitcoin, it would only delay the inevitable - eventually somebody will =
achieve the capability who decides to use it for such an attack.<br><br><fo=
nt style=3D"color:rgb(0,0,0)" size=3D"4">Quantum Attackers Would Only Steal=
Small Amounts</font><br>Some have argued that even if a quantum attacker t=
argeted bitcoin, they'd only go after old, likely lost P2PK outputs so =
as to not arouse suspicion and cause a market panic.<br><br>I'm not so =
sure about that; why go after 50 BTC at a time when you could take 250,000 =
BTC with the same effort as 50 BTC? This is a classic "zero day exploi=
t" game theory in which an attacker knows they have a limited amount o=
f time before someone else discovers the exploit and either benefits from i=
t or patches it. Take, for example, the recent ByBit attack - the highest v=
alue crypto hack of all time. Lazarus Group had compromised the Safe wallet=
front end JavaScript app and they could have simply had it reassign owners=
hip of everyone's Safe wallets as they were interacting with their wall=
et. But instead they chose to only specifically target ByBit's wallet w=
ith $1.5 billion in it because they wanted to maximize their extractable va=
lue. If Lazarus had started stealing from every wallet, they would have bee=
n discovered quickly and the Safe web app would likely have been patched we=
ll before any billion dollar wallets executed the malicious code.<br><br>I =
think the "only stealing small amounts" argument is strongest for=
Situation #2 described earlier, where a quantum attacker arrives before qu=
antum safe cryptography has been deployed across the Bitcoin ecosystem. Bec=
ause if it became clear that Bitcoin's cryptography was broken AND ther=
e was nowhere safe for vulnerable users to migrate, the only logical option=
would be for everyone to liquidate their bitcoin as quickly as possible. A=
s such, I don't think it applies as strongly for situations in which we=
have a migration path available.<br><br><font style=3D"color:rgb(0,0,0)" s=
ize=3D"4">The 21 Million Coin Supply Should be in Circulation</font><br>Som=
e folks are arguing that it's important for the "circulating / spe=
ndable" supply to be as close to 21M as possible and that having a sig=
nificant portion of the supply out of circulation is somehow undesirable.<b=
r><br>While the "21M BTC" attribute is a strong memetic narrative=
, I don't think anyone has ever expected that it would all be in circul=
ation. It has always been understood that many coins will be lost, and that=
's actually part of the game theory of owning bitcoin!<br><br>And remem=
ber, the 21M number in and of itself is not a particularly important detail=
- it's not even mentioned in the whitepaper. What's important is t=
hat the supply is well known and not subject to change.<br><br><font style=
=3D"color:rgb(0,0,0)" size=3D"4">Self-Sovereignty and Personal Responsibili=
ty</font><br>Bitcoin=E2=80=99s design empowers individuals to control their=
own wealth, free from centralized intervention. This freedom comes with th=
e burden of securing one's private keys. If quantum computing can break=
obsolete cryptography, the fault lies with users who didn't move their=
funds to quantum safe locking scripts. Expecting the network to shield use=
rs from their own negligence undermines the principle that you, and not a t=
hird party, are accountable for your assets.<br><br>I think this is general=
ly a fair point that "the community" doesn't owe you anything=
in terms of helping you. I think that we do, however, need to consider the=
incentives and game theory in play with regard to quantum safe Bitcoiners =
vs quantum vulnerable Bitcoiners. More on that later.<br><br><font style=3D=
"color:rgb(0,0,0)" size=3D"4">Code is Law</font><br>Bitcoin operates on tra=
nsparent, immutable rules embedded in its protocol. If a quantum attacker u=
ses superior technology to derive private keys from public keys, they=E2=80=
=99re not "hacking" the system - they're simply following wha=
t's mathematically permissible within the current code. Altering the pr=
otocol to stop this introduces subjective human intervention, which clashes=
with the objective, deterministic nature of blockchain.<br><br>While I ten=
d to agree that code is law, one of the entire points of laws is that they =
can be amended to improve their efficacy in reducing harm. Leaning on this =
point seems more like a pro-ossification stance that it's better to do =
nothing and allow harm to occur rather than take action to stop an attack t=
hat was foreseen far in advance.<br><br><font style=3D"color:rgb(0,0,0)" si=
ze=3D"4">Technological Evolution as a Feature, Not a Bug</font><br>It's=
well known that cryptography tends to weaken over time and eventually brea=
k. Quantum computing is just the next step in this progression. Users who f=
ail to adapt (e.g., by adopting quantum-resistant wallets when available) a=
re akin to those who ignored technological advancements like multisig or ha=
rdware wallets. Allowing quantum theft incentivizes innovation and keeps Bi=
tcoin=E2=80=99s ecosystem dynamic, punishing complacency while rewarding vi=
gilance.<br><br><font style=3D"color:rgb(0,0,0)" size=3D"4">Market Signals =
Drive Security</font><br>If quantum attackers start stealing funds, it send=
s a clear signal to the market: upgrade your security or lose everything. T=
his pressure accelerates the adoption of post-quantum cryptography and stre=
ngthens Bitcoin long-term. Coddling vulnerable users delays this necessary =
evolution, potentially leaving the network more exposed when quantum tech b=
ecomes widely accessible. Theft is a brutal but effective teacher.<br><br><=
font style=3D"color:rgb(0,0,0)" size=3D"4">Centralized Blacklisting Power</=
font><br>Burning vulnerable funds requires centralized decision-making - a =
soft fork to invalidate certain transactions. This sets a dangerous precede=
nt for future interventions, eroding Bitcoin=E2=80=99s decentralization. If=
quantum theft is blocked, what=E2=80=99s next - reversing exchange hacks? =
The system must remain neutral, even if it means some lose out.<br><br>I th=
ink this could be a potential slippery slope if the proposal was to only bu=
rn specific addresses. Rather, I'd expect a neutral proposal to burn al=
l funds in locking script types that are known to be quantum vulnerable. Th=
us, we could eliminate any subjectivity from the code.<br><br><font style=
=3D"color:rgb(0,0,0)" size=3D"4">Fairness in Competition</font><br>Quantum =
attackers aren't cheating; they're using publicly available physics=
and math. Anyone with the resources and foresight can build or access quan=
tum tech, just as anyone could mine Bitcoin in 2009 with a CPU. Early adopt=
ers took risks and reaped rewards; quantum innovators are doing the same. C=
alling it =E2=80=9Cunfair=E2=80=9D ignores that Bitcoin has never promised =
equality of outcome - only equality of opportunity within its rules.<br><br=
>I find this argument to be a mischaracterization because we're not tal=
king about CPUs. This is more akin to talking about ASICs, except each ASIC=
costs millions if not billions of dollars. This is out of reach from all b=
ut the wealthiest organizations.<br><br><font style=3D"color:rgb(0,0,0)" si=
ze=3D"4">Economic Resilience</font><br>Bitcoin has weathered thefts before =
(MTGOX, Bitfinex, FTX, etc) and emerged stronger. The market can absorb qua=
ntum losses, with unaffected users continuing to hold and new entrants buyi=
ng in at lower prices. Fear of economic collapse overestimates the impact -=
the network=E2=80=99s antifragility thrives on such challenges.<br><br>Thi=
s is a big grey area because we don't know when a quantum computer will=
come online and we don't know how quickly said computers would be able=
to steal bitcoin. If, for example, the first generation of sufficiently po=
werful quantum computers were stealing less volume than the current block r=
eward then of course it will have minimal economic impact. But if they'=
re taking thousands of BTC per day and bringing them back into circulation,=
there will likely be a noticeable market impact as it absorbs the new supp=
ly.<br><br>This is where the circumstances will really matter. If a quantum=
attacker appears AFTER the Bitcoin protocol has been upgraded to support q=
uantum resistant cryptography then we should expect the most valuable activ=
e wallets will have upgraded and the juiciest target would be the 31,000 BT=
C in the address 12ib7dApVFvg82TXKycWBNpN8kFyiAN1dr which has been dormant =
since 2010. In general I'd expect that the amount of BTC re-entering th=
e circulating supply would look somewhat similar to the mining emission cur=
ve: volume would start off very high as the most valuable addresses are dra=
ined and then it would fall off as quantum computers went down the list tar=
geting addresses with less and less BTC.<br><br>Why is economic impact a fa=
ctor worth considering? Miners and businesses in general. More coins being =
liquidated will push down the price, which will negatively impact miner rev=
enue. Similarly, I can attest from working in the industry for a decade, th=
at lower prices result in less demand from businesses across the entire ind=
ustry. As such, burning quantum vulnerable bitcoin is good for the entire i=
ndustry.<br><br><font style=3D"color:rgb(0,0,0)" size=3D"4">Practicality &a=
mp; Neutrality of Non-Intervention</font><br>There=E2=80=99s no reliable wa=
y to distinguish =E2=80=9Ctheft=E2=80=9D from legitimate "white hat&qu=
ot; key recovery. If someone loses their private key and a quantum computer=
recovers it, is that stealing or reclaiming? Policing quantum actions requ=
ires invasive assumptions about intent, which Bitcoin=E2=80=99s trustless d=
esign can=E2=80=99t accommodate. Letting the chips fall where they may avoi=
ds this mess.<br><br><font style=3D"color:rgb(0,0,0)" size=3D"4">Philosophi=
cal Purity</font><br>Bitcoin rejects bailouts. It=E2=80=99s a cold, hard sy=
stem where outcomes reflect preparation and skill, not sentimentality. If q=
uantum computing upends the game, that=E2=80=99s the point - Bitcoin isn=E2=
=80=99t meant to be safe or fair in a nanny-state sense; it=E2=80=99s meant=
to be free. Users who lose funds to quantum attacks are casualties of libe=
rty and their own ignorance, not victims of injustice.<br><br><font style=
=3D"color:rgb(0,0,0)" size=3D"6">Bitcoin's DAO Moment</font><br>This si=
tuation has some similarities to The DAO hack of an Ethereum smart contract=
in 2016, which resulted in a fork to stop the attacker and return funds to=
their original owners. The game theory is similar because it's a situa=
tion where a threat is known but there's some period of time before the=
attacker can actually execute the theft. As such, there's time to miti=
gate the attack by changing the protocol.<br><br>It also created a schism i=
n the community around the true meaning of "code is law," resulti=
ng in Ethereum Classic, which decided to allow the attacker to retain contr=
ol of the stolen funds.<br><br>A soft fork to burn vulnerable bitcoin could=
certainly result in a hard fork if there are enough miners who reject the =
soft fork and continue including transactions.<br><br><font style=3D"color:=
rgb(0,0,0)" size=3D"6">Incentives Matter</font><br>We can wax philosophical=
until the cows come home, but what are the actual incentives for existing =
Bitcoin holders regarding this decision?<br><br><blockquote class=3D"gmail_=
quote" style=3D"margin:0px 0px 0px 0.8ex;padding-left:1ex;border-left-color=
:rgb(204,204,204)">"Lost coins only make everyone else's coins wor=
th slightly more. Think of it as a donation to everyone." - Satoshi Na=
kamoto</blockquote><br>If true, the corollary is:<br><br><blockquote class=
=3D"gmail_quote" style=3D"margin:0px 0px 0px 0.8ex;padding-left:1ex;border-=
left-color:rgb(204,204,204)">"Quantum recovered coins only make everyo=
ne else's coins worth less. Think of it as a theft from everyone."=
- Jameson Lopp</blockquote><br>Thus, assuming we get to a point where quan=
tum resistant signatures are supported within the Bitcoin protocol, what=
9;s the incentive to let vulnerable coins remain spendable?<br><br>* It'=
;s not good for the actual owners of those coins. It disincentivizes owners=
from upgrading until perhaps it's too late.<br>* It's not good for=
the more attentive / responsible owners of coins who have quantum secured =
their stash. Allowing the circulating supply to balloon will assuredly redu=
ce the purchasing power of all bitcoin holders.<br><br><font style=3D"color=
:rgb(0,0,0)" size=3D"6">Forking Game Theory</font><br>From a game theory po=
int of view, I see this as incentivizing users to upgrade their wallets. If=
you disagree with the burning of vulnerable coins, all you have to do is m=
ove your funds to a quantum safe signature scheme. Point being, I don't=
see there being an economic majority (or even more than a tiny minority) o=
f users who would fight such a soft fork. Why expend significant resources =
fighting a fork when you can just move your coins to a new address?<br><br>=
Remember that blocking spending of certain classes of locking scripts is a =
tightening of the rules - a soft fork. As such, it can be meaningfully enac=
ted and enforced by a mere majority of hashpower. If miners generally agree=
that it's in their best interest to burn vulnerable coins, are other u=
sers going to care enough to put in the effort to run new node software tha=
t resists the soft fork? Seems unlikely to me.<br><br><font style=3D"color:=
rgb(0,0,0)" size=3D"6">How to Execute Burning</font><br>In order to be as o=
bjective as possible, the goal would be to announce to the world that after=
a specific block height / timestamp, Bitcoin nodes will no longer accept t=
ransactions (or blocks containing such transactions) that spend funds from =
any scripts other than the newly instituted quantum safe schemes.<br><br>It=
could take a staggered approach to first freeze funds that are susceptible=
to long-range attacks such as those in P2PK scripts or those that exposed =
their public keys due to previously re-using addresses, but I expect the ad=
ditional complexity would drive further controversy.<br><br>How long should=
the grace period be in order to give the ecosystem time to upgrade? I'=
d say a minimum of 1 year for software wallets to upgrade. We can only hope=
that hardware wallet manufacturers are able to implement post quantum cryp=
tography on their existing hardware with only a firmware update.<br><br>Bey=
ond that, it will take at least 6 months worth of block space for all users=
to migrate their funds, even in a best case scenario. Though if you exclud=
e dust UTXOs you could probably get 95% of BTC value migrated in 1 month. O=
f course this is a highly optimistic situation where everyone is completely=
focused on migrations - in reality it will take far longer.<br><br>Regardl=
ess, I'd think that in order to reasonably uphold Bitcoin's conserv=
atism it would be preferable to allow a 4 year migration window. In the mea=
ntime, mining pools could coordinate emergency soft forking logic such that=
if quantum attackers materialized, they could accelerate the countdown to =
the quantum vulnerable funds burn.<br><br><font style=3D"color:rgb(0,0,0)" =
size=3D"6">Random Tangential Benefits</font><br>On the plus side, burning a=
ll quantum vulnerable bitcoin would allow us to prune all of those UTXOs ou=
t of the UTXO set, which would also clean up a lot of dust. Dust UTXOs are =
a bit of an annoyance and there has even been a recent proposal for how to =
incentivize cleaning them up.<br><br>We should also expect that incentivizi=
ng migration of the entire UTXO set will create substantial demand for bloc=
k space that will sustain a fee market for a fairly lengthy amount of time.=
<br><br><font style=3D"color:rgb(0,0,0)" size=3D"6">In Summary</font><br>Wh=
ile the moral quandary of violating any of Bitcoin's inviolable propert=
ies can make this a very complex issue to discuss, the game theory and ince=
ntives between burning vulnerable coins versus allowing them to be claimed =
by entities with quantum supremacy appears to be a much simpler issue.<br><=
br>I, for one, am not interested in rewarding quantum capable entities by i=
nflating the circulating money supply just because some people lost their k=
eys long ago and some laggards are not upgrading their bitcoin wallet's=
security.<br><br>We can hope that this scenario never comes to pass, but h=
ope is not a strategy.<br><br>I welcome your feedback upon any of the above=
points, and contribution of any arguments I failed to consider.</div></div=
><div><br></div>-- <br>You received this message because you are subscribed=
to the Google Groups "Bitcoin Development Mailing List" group.<b=
r>To unsubscribe from this group and stop receiving emails from it, send an=
email to <a rel=3D"noreferrer nofollow noopener" href data-email-masked>bi=
tcoindev+...@googlegroups.com</a>.<br>To view this discussion visit <a rel=
=3D"noreferrer nofollow noopener" href=3D"https://groups.google.com/d/msgid=
/bitcoindev/CADL_X_cF%3DUKVa7CitXReMq8nA_4RadCF%3D%3DkU4YG%2B0GYN97P6hQ%40m=
ail.gmail.com" target=3D"_blank" data-saferedirecturl=3D"https://www.google=
.com/url?hl=3Den&q=3Dhttps://groups.google.com/d/msgid/bitcoindev/CADL_=
X_cF%253DUKVa7CitXReMq8nA_4RadCF%253D%253DkU4YG%252B0GYN97P6hQ%2540mail.gma=
il.com&source=3Dgmail&ust=3D1749387599317000&usg=3DAOvVaw1nWmtN=
HWj25mhraYVZS_Xy">https://groups.google.com/d/msgid/bitcoindev/CADL_X_cF%3D=
UKVa7CitXReMq8nA_4RadCF%3D%3DkU4YG%2B0GYN97P6hQ%40mail.gmail.com</a>.</div>=
</blockquote></div><div dir=3D"ltr"></div></div></div></div>
<p></p>
-- <br>
You received this message because you are subscribed to the Google Groups &=
quot;Bitcoin Development Mailing List" group.<br>
To unsubscribe from this group and stop receiving emails from it, send an e=
mail to <a rel=3D"noreferrer nofollow noopener" href data-email-masked>bitc=
oindev+...@googlegroups.com</a>.<br>
To view this discussion visit <a rel=3D"noreferrer nofollow noopener" href=
=3D"https://groups.google.com/d/msgid/bitcoindev/E8269A1A-1899-46D2-A7CD-4D=
9D2B732364%40astrotown.de" target=3D"_blank" data-saferedirecturl=3D"https:=
//www.google.com/url?hl=3Den&q=3Dhttps://groups.google.com/d/msgid/bitc=
oindev/E8269A1A-1899-46D2-A7CD-4D9D2B732364%2540astrotown.de&source=3Dg=
mail&ust=3D1749387599317000&usg=3DAOvVaw2PR2vuTOZH_Ek_t4GgnuJJ">htt=
ps://groups.google.com/d/msgid/bitcoindev/E8269A1A-1899-46D2-A7CD-4D9D2B732=
364%40astrotown.de</a>.</blockquote></div></div></blockquote></div><div><bl=
ockquote type=3D"cite"><div dir=3D"ltr"><div class=3D"gmail_quote"><blockqu=
ote class=3D"gmail_quote" style=3D"margin:0px 0px 0px 0.8ex;border-left-wid=
th:1px;border-left-style:solid;padding-left:1ex;border-left-color:rgb(204,2=
04,204)"><br>
</blockquote></div></div>
<p></p>
-- <br>
You received this message because you are subscribed to the Google Groups &=
quot;Bitcoin Development Mailing List" group.<br>
To unsubscribe from this group and stop receiving emails from it, send an e=
mail to <a rel=3D"noreferrer nofollow noopener" href data-email-masked>bitc=
oindev+...@googlegroups.com</a>.<br>
To view this discussion visit <a rel=3D"noreferrer nofollow noopener" href=
=3D"https://groups.google.com/d/msgid/bitcoindev/CAJDmzYxw%2BmXQKjS%2Bh%2Br=
6mCoe1rwWUpa_yZDwmwx6U_eO5JhZLg%40mail.gmail.com" target=3D"_blank" data-sa=
feredirecturl=3D"https://www.google.com/url?hl=3Den&q=3Dhttps://groups.=
google.com/d/msgid/bitcoindev/CAJDmzYxw%252BmXQKjS%252Bh%252Br6mCoe1rwWUpa_=
yZDwmwx6U_eO5JhZLg%2540mail.gmail.com&source=3Dgmail&ust=3D17493875=
99317000&usg=3DAOvVaw0HJzgCo9hLdARu_fL6UDUf">https://groups.google.com/=
d/msgid/bitcoindev/CAJDmzYxw%2BmXQKjS%2Bh%2Br6mCoe1rwWUpa_yZDwmwx6U_eO5JhZL=
g%40mail.gmail.com</a>.<br>
</blockquote><br>
</div>
<p></p>
-- <br>
You received this message because you are subscribed to the Google Groups &=
quot;Bitcoin Development Mailing List" group.<br>
To unsubscribe from this group and stop receiving emails from it, send an e=
mail to <a rel=3D"noreferrer nofollow noopener" href data-email-masked>bitc=
oindev+...@googlegroups.com</a>.<br>
To view this discussion visit <a rel=3D"noreferrer nofollow noopener" href=
=3D"https://groups.google.com/d/msgid/bitcoindev/zyx7G6H1TyB2sWVEKAfIYmCCvf=
XniazvrhGlaZuGLeFtjL3Ky7B-9nBptC0GCxuHMjjw8RasO7c3ZX46_6Nerv0SgCP0vOi5_nAXL=
miCJOY%3D%40proton.me" target=3D"_blank" data-saferedirecturl=3D"https://ww=
w.google.com/url?hl=3Den&q=3Dhttps://groups.google.com/d/msgid/bitcoind=
ev/zyx7G6H1TyB2sWVEKAfIYmCCvfXniazvrhGlaZuGLeFtjL3Ky7B-9nBptC0GCxuHMjjw8Ras=
O7c3ZX46_6Nerv0SgCP0vOi5_nAXLmiCJOY%253D%2540proton.me&source=3Dgmail&a=
mp;ust=3D1749387599317000&usg=3DAOvVaw1WeDdjOHiNYWK_U17-OcRr">https://g=
roups.google.com/d/msgid/bitcoindev/zyx7G6H1TyB2sWVEKAfIYmCCvfXniazvrhGlaZu=
GLeFtjL3Ky7B-9nBptC0GCxuHMjjw8RasO7c3ZX46_6Nerv0SgCP0vOi5_nAXLmiCJOY%3D%40p=
roton.me</a>.<br>
</blockquote></div></div>
</blockquote></div>
<p></p>
-- <br>
You received this message because you are subscribed to the Google Groups &=
quot;Bitcoin Development Mailing List" group.<br>
To unsubscribe from this group and stop receiving emails from it, send an e=
mail to <a href rel=3D"noreferrer nofollow noopener" data-email-masked>bitc=
oindev+...@googlegroups.com</a>.<br></blockquote></div></div><div style=3D"=
font-family:Arial,sans-serif;font-size:14px"><div><blockquote type=3D"cite"=
>
To view this discussion visit <a href=3D"https://groups.google.com/d/msgid/=
bitcoindev/CAJDmzYycnXODG_e9ATqTkooUu3C-RS703P1-RQLW5CdcCehsqg%40mail.gmail=
.com" rel=3D"noreferrer nofollow noopener" target=3D"_blank" data-saferedir=
ecturl=3D"https://www.google.com/url?hl=3Den&q=3Dhttps://groups.google.=
com/d/msgid/bitcoindev/CAJDmzYycnXODG_e9ATqTkooUu3C-RS703P1-RQLW5CdcCehsqg%=
2540mail.gmail.com&source=3Dgmail&ust=3D1749387599317000&usg=3D=
AOvVaw20sKcGYqK1w1lbqEinULpJ">https://groups.google.com/d/msgid/bitcoindev/=
CAJDmzYycnXODG_e9ATqTkooUu3C-RS703P1-RQLW5CdcCehsqg%40mail.gmail.com</a>.<b=
r>
</blockquote><br>
</div></div></blockquote></div>
<p></p>
-- <br />
You received this message because you are subscribed to the Google Groups &=
quot;Bitcoin Development Mailing List" group.<br />
To unsubscribe from this group and stop receiving emails from it, send an e=
mail to <a href=3D"mailto:bitcoindev+unsubscribe@googlegroups.com">bitcoind=
ev+unsubscribe@googlegroups.com</a>.<br />
To view this discussion visit <a href=3D"https://groups.google.com/d/msgid/=
bitcoindev/893891ea-34ec-4d60-9941-9f636be0d747n%40googlegroups.com?utm_med=
ium=3Demail&utm_source=3Dfooter">https://groups.google.com/d/msgid/bitcoind=
ev/893891ea-34ec-4d60-9941-9f636be0d747n%40googlegroups.com</a>.<br />
------=_Part_18011_501201720.1749302913697--
------=_Part_18010_831844196.1749302913697--
|