1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
|
Delivery-date: Sun, 13 Jul 2025 13:57:18 -0700
Received: from mail-yw1-f189.google.com ([209.85.128.189])
by mail.fairlystable.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
(Exim 4.94.2)
(envelope-from <bitcoindev+bncBAABBI532DBQMGQECVBV35I@googlegroups.com>)
id 1ub3l7-0004eo-KR
for bitcoindev@gnusha.org; Sun, 13 Jul 2025 13:57:17 -0700
Received: by mail-yw1-f189.google.com with SMTP id 00721157ae682-711136ed77fsf53323137b3.0
for <bitcoindev@gnusha.org>; Sun, 13 Jul 2025 13:57:17 -0700 (PDT)
ARC-Seal: i=2; a=rsa-sha256; t=1752440231; cv=pass;
d=google.com; s=arc-20240605;
b=i6jJSaqBTh4JDfRfJshfUE3uP73zeavSqyN982Xjf9WmCRZhssLqH4K6MmEax27ekc
kX7bgwFOJhHYz/t3Y0N6tyvbPpAjzfUXvjSZuBFxSEKt3+n4uG4avVKwWRu7kgc3iCrQ
f8glaCFR0IGV01YmzTQjve94kUSBABROckPV1VfY6PQS0pHNZpdaMuyzOOGtpfxUq4Lt
n+pOioclcOVIUeaB/qTU6gt1e3zzC8N61Xhq5SPi5vVHG9zbCKMDB7q+MI0bBXfSgnab
uqzIpgTiZ8tPci/+0n0SnGz34rQYa/r3Ri7aeXiyU4LZVi9U/AH41b5I67hmeR8+0X+Y
S4jA==
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605;
h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post
:list-id:mailing-list:precedence:content-transfer-encoding
:mime-version:feedback-id:references:in-reply-to:message-id:subject
:cc:from:to:date:sender:dkim-signature;
bh=nPDZzcWrwE/scJ+wTuZ2YnpuIFLrkTBPO0+/bB+r8vY=;
fh=FUYbUoymdqtswlYop0PHeG3JpoziTpi8aXBcNJ2UNwY=;
b=J0l/Vuk5WkjvZawP3YIXgrgfkoC35lPZIlMizjMtwWDmmVs7VNYxIQXTSHX0ZIhdnt
Mw6U7pRn8IrU4u+/ClMhoRXDlWmyeHG8EtfZXNOSY//w0NxrqbgVLz0g5CvlCARkR1Q1
i+0T4RuFZNhjX4JgkDKCQ1uHSlNuQHLpe7wjBU6ckCWZw70VuCkIoqvXTkJ7qm7ft/zn
X5+7SQcMC72kbJYpE1764CTkybUy9n2wdpyXU5ZF7+rBVMQn3e2coEOfJMBHJj+Geq+W
XHmYzZBGWIdCbufYuRB+TXk/rrPmu7Me4YLXHWHjkLYDiSQRUmj5m/NlR86jrMuxnhan
11ZQ==;
darn=gnusha.org
ARC-Authentication-Results: i=2; gmr-mx.google.com;
dkim=pass header.i=@wuille.net header.s=protonmail2 header.b=DExjHNck;
spf=pass (google.com: domain of bitcoin-dev@wuille.net designates 79.135.106.25 as permitted sender) smtp.mailfrom=bitcoin-dev@wuille.net;
dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=wuille.net
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=googlegroups.com; s=20230601; t=1752440231; x=1753045031; darn=gnusha.org;
h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post
:list-id:mailing-list:precedence:x-original-authentication-results
:x-original-sender:content-transfer-encoding:mime-version
:feedback-id:references:in-reply-to:message-id:subject:cc:from:to
:date:sender:from:to:cc:subject:date:message-id:reply-to;
bh=nPDZzcWrwE/scJ+wTuZ2YnpuIFLrkTBPO0+/bB+r8vY=;
b=MFf3qsJoY+6i6nudDlvom/7tXF3Gyg4vGhMKoCpUn/642UlvkW02dINeY8X10tr+1i
5Wnm8movietS9aOgZq9BAlcR6BUQ1J6TWR5qVkFZJfVG/e+TCuzfEec8SW+ax7ESvd5Q
jKTUdo2NCGcZxuiEmJvIZj2A7x4EmbTKMekM0H6ubp9/dd0zi6dalpyTzo1x2qmkTVLh
EnN230CxtbtwDefGIaMhm1NRotHkXRMDJsHN9dk9gbV1j+GECiCzy/+U2LpG0Li9XR01
9daJx5nNE3LSBNqo6PRD7E3ZPkpv1rk27Q4Auxate7puqQOZDeDa8F7Bgp3FqbkjdYrp
HcOQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20230601; t=1752440231; x=1753045031;
h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post
:list-id:mailing-list:precedence:x-original-authentication-results
:x-original-sender:content-transfer-encoding:mime-version
:feedback-id:references:in-reply-to:message-id:subject:cc:from:to
:date:x-beenthere:x-gm-message-state:sender:from:to:cc:subject:date
:message-id:reply-to;
bh=nPDZzcWrwE/scJ+wTuZ2YnpuIFLrkTBPO0+/bB+r8vY=;
b=efii4E2npqZ1xpQadq79ZBY3IqjVuCyOpS5lo/MEi6VHaAx9jPDrU01NZEh0vbctis
Oy29trlM/uz/Vnsz6A/y4WlbjoSAfqYPFVMO8pk3+roU2j1nnJzQjXZJuloJxsC3izZo
/UUnT9n3ML3m+QQ2jfnwxigxVFy2r1JZxo8HQOkDCQGrb++Y7DEW413DAlXoSlJwAS6p
2OxQlQ0xfLcUl7PtQGbUJg4/a2a7cvcUcLVYU8YzNLctBYaNv6Wzlu74BcVYBJpLrIa+
V6DKc2oy/MuL1DJdl45WXzPRGeBYluCEw4rd8MiaSqZt8K2I5dCqt6s3gQckKReNju57
lKOg==
Sender: bitcoindev@googlegroups.com
X-Forwarded-Encrypted: i=2; AJvYcCVaKQh+JTyXTZ63xrTJ4OFLyUounAz/y1+MJr5Uc494Sk0ewEf/CWJ34pBAUoFaCxypAXoiZ3ZzwtW+@gnusha.org
X-Gm-Message-State: AOJu0YxzOUF5yMFZig2s5dB4UF/r0Tbra0ZgtVopuQbMXFOOEGyBJAEa
xSHOQUFRbXcpSL5So9LNVKamYV6QTGsTNMaxuAV61CBmCcfGomPdGTxO
X-Google-Smtp-Source: AGHT+IF5d2uEi0jkXE7DCrVhHzUbCB6ZOD5ha5MHbU0VOdcbyMhP870e7C8+aJMEVidXv0+jR5WlXA==
X-Received: by 2002:a05:690c:3801:b0:70f:84c8:312e with SMTP id 00721157ae682-717d78afed9mr180431547b3.1.1752440231282;
Sun, 13 Jul 2025 13:57:11 -0700 (PDT)
X-BeenThere: bitcoindev@googlegroups.com; h=AZMbMZcX7oqXS1SK5UuPNHl87Ml8ftBzttpInpcg6vOj4EPjTg==
Received: by 2002:a25:df57:0:b0:e87:c996:a10 with SMTP id 3f1490d57ef6-e8b778de239ls760372276.1.-pod-prod-07-us;
Sun, 13 Jul 2025 13:57:06 -0700 (PDT)
X-Received: by 2002:a05:690c:6488:b0:716:43d5:ffe4 with SMTP id 00721157ae682-717d7a5ff48mr167989577b3.28.1752440226680;
Sun, 13 Jul 2025 13:57:06 -0700 (PDT)
Received: by 2002:a05:6504:e88:b0:2b1:9626:e73d with SMTP id a1c4a302cd1d6-2b91927775bmsc7a;
Sun, 13 Jul 2025 12:28:54 -0700 (PDT)
X-Received: by 2002:a05:6512:2316:b0:553:35ad:2f2d with SMTP id 2adb3069b0e04-55a044cc87bmr2865954e87.18.1752434932187;
Sun, 13 Jul 2025 12:28:52 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1752434932; cv=none;
d=google.com; s=arc-20240605;
b=NLamWG+joPjhWV/jtCeyvNZTAy2Vh6u/LMvu7PcrTQqqhC1BQYoahVUsTOMRriKUru
wlTNA4q8PEK/Rh9vJOTGGh+Um3/EuhZJbAlAxEWU5WRmLyLeSJtj5297O5BjZ9EADU+q
Hl6YHZX/kPIxnMCG8Cjl8py6r4DkMWAhWr8oFo4bj1SzjQgzN8M7no+WucIeKDzpOotc
ETWTO/sIM1R4vY2oaZsQev4wYW5fkG0/OA0MXzwvjHi+JzXvp7Pvq2XT3J/T1bQ3zhxt
X0W23jla1KpS1as+hTCuNOFsrVQ8+TIqM2g0jhtVzZw8LHR9v4vcbAEMPzCyABc2DWfY
X8gg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605;
h=content-transfer-encoding:mime-version:feedback-id:references
:in-reply-to:message-id:subject:cc:from:to:date:dkim-signature;
bh=AIobaq35p7OSFdwwRjBROFKYrYQbbN1pdgX2s8tfUL0=;
fh=6b1pLcW6tcZ6I7AhOCDpUTdU/HBZRb+DjIxd1ga4+Sc=;
b=BwQkwA5g7QWzr61z6NsxcP/hy+GzPaYS+frilKANDVy2tSd4w6VsprVmJA/RFhox1G
rEU9acEhnu33wrNa16nc/hWhpiCyVXBJPfgxxrNIAdm26iaqRuIsDgX5nkuJJdQCu8DP
wq3oIwEU62sz8+ivxdptu6uM2NKhQnFZ4/vIW8PDsvQUzXp84Inz22mg/bvYiV+Om5q5
f6Fi85XSicC18GSBBbDV//5w8hbTwJPrjirf5V64Otn2CHRDUeatsPC9PJvVoP6wEQXh
0eAH5aT8Ba9gu+yHHX39LyOngWlUuWUDZkvdAfJbUfxoz+fUyW+bQ+YFWAbblVZkm/1n
7fkA==;
dara=google.com
ARC-Authentication-Results: i=1; gmr-mx.google.com;
dkim=pass header.i=@wuille.net header.s=protonmail2 header.b=DExjHNck;
spf=pass (google.com: domain of bitcoin-dev@wuille.net designates 79.135.106.25 as permitted sender) smtp.mailfrom=bitcoin-dev@wuille.net;
dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=wuille.net
Received: from mail-10625.protonmail.ch (mail-10625.protonmail.ch. [79.135.106.25])
by gmr-mx.google.com with ESMTPS id 2adb3069b0e04-5593c7e790fsi305445e87.1.2025.07.13.12.28.51
for <bitcoindev@googlegroups.com>
(version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
Sun, 13 Jul 2025 12:28:52 -0700 (PDT)
Received-SPF: pass (google.com: domain of bitcoin-dev@wuille.net designates 79.135.106.25 as permitted sender) client-ip=79.135.106.25;
Date: Sun, 13 Jul 2025 19:28:49 +0000
To: Boris Nagaev <bnagaev@gmail.com>
From: Pieter Wuille <bitcoin-dev@wuille.net>
Cc: Bitcoin Development Mailing List <bitcoindev@googlegroups.com>
Subject: Re: [bitcoindev] Against Allowing Quantum Recovery of Bitcoin
Message-ID: <qiwLbcmBGlNhbgEb-1WMrZdOS-JQpYVyxfAxcKYmkLSwcwvAKI9faDZigqE94yaPV9-snFurf5X9OXlgXqOGgyJSGJ11AhgrYXgVBjhflw0=@wuille.net>
In-Reply-To: <9644c572-8cb9-4ce5-8d3c-a01602dc0e1dn@googlegroups.com>
References: <E8269A1A-1899-46D2-A7CD-4D9D2B732364@astrotown.de> <ZVSyhRF6sP5xZxzih0EUn-_35mQxiVXYzrvxZ_Dz7tTygUqTmxxyVhFfXswTUmIquzCR6XNGbgLlNUCkHucTAliQf7aesPZBLRFoceu_9BY=@protonmail.com> <893891ea-34ec-4d60-9941-9f636be0d747n@googlegroups.com> <CADL_X_dz6Zuoh6T=p+531kQkgVUbr5iKHeLNe01s5=QDp6iw9g@mail.gmail.com> <1ae281cd-20a8-4b50-98b7-c228f090ad7an@googlegroups.com> <CADL_X_fOpwpNx0-FN+kDjxYg+SHJha6hv9ucDEMAzFgcjNzrtA@mail.gmail.com> <ba994ea8-b089-4f0d-a7a3-e5845d2890ean@googlegroups.com> <CAEM=y+V4eem6PYVZW-f21-TtZg-vCFjAeSHWcRVd_XH+zcbeag@mail.gmail.com> <9644c572-8cb9-4ce5-8d3c-a01602dc0e1dn@googlegroups.com>
Feedback-ID: 19463299:user:proton
X-Pm-Message-ID: 49e48570c1542afed88401bbf4a25489e2292711
MIME-Version: 1.0
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Original-Sender: bitcoin-dev@wuille.net
X-Original-Authentication-Results: gmr-mx.google.com; dkim=pass
header.i=@wuille.net header.s=protonmail2 header.b=DExjHNck; spf=pass
(google.com: domain of bitcoin-dev@wuille.net designates 79.135.106.25 as
permitted sender) smtp.mailfrom=bitcoin-dev@wuille.net; dmarc=pass
(p=NONE sp=NONE dis=NONE) header.from=wuille.net
Precedence: list
Mailing-list: list bitcoindev@googlegroups.com; contact bitcoindev+owners@googlegroups.com
List-ID: <bitcoindev.googlegroups.com>
X-Google-Group-Id: 786775582512
List-Post: <https://groups.google.com/group/bitcoindev/post>, <mailto:bitcoindev@googlegroups.com>
List-Help: <https://groups.google.com/support/>, <mailto:bitcoindev+help@googlegroups.com>
List-Archive: <https://groups.google.com/group/bitcoindev
List-Subscribe: <https://groups.google.com/group/bitcoindev/subscribe>, <mailto:bitcoindev+subscribe@googlegroups.com>
List-Unsubscribe: <mailto:googlegroups-manage+786775582512+unsubscribe@googlegroups.com>,
<https://groups.google.com/group/bitcoindev/subscribe>
X-Spam-Score: -0.8 (/)
On Sunday, July 13th, 2025 at 2:01 PM, Boris Nagaev <bnagaev@gmail.com> wro=
te:
> On Sunday, July 13, 2025 at 1:09:01=E2=80=AFPM UTC-3 Ethan Heilman wrote:
>=20
>=20
> > That is, quantum vulnerable outputs, in the presence of a quantum compu=
ter, have already had their value destroyed. They no longer function as pro=
perty, but instead function as an inflationary reward for owning a quantum =
computer. Freezing them simply reflects this reality and protects quantum r=
esistant coins from the inflation caused by quantum attacks.
>=20
>=20
> The key issue is that we don't know whether the quantum threat will mater=
ialize. It's an open question. Jameson's proposal requires taking action be=
fore such a threat actually exists. But without knowing if or when it will =
happen, it's hard to justify such a significant change.
I want to make a perhaps controversial nuance here.
I believe the the main quantum-related threat to bitcoin, at least in the m=
edium term, is not the actual materialization of a cryptographically-releva=
nt quantum computer (CRQC), but **the belief** whether one may exist soon a=
fter. I don't mean to imply that such a machine won't ever appear, but I be=
lieve the fear that one may exist will likely have a more meaningful impact=
, and come much earlier.
Furthermore, I don't think the availability of quantum-safe output types wi=
ll be sufficient to mitigate this fear-threat, because I don't see how the =
mere existence of quantum-safe outputs will be sufficient to incentivize th=
e vast majority of coin holders to move their coins. Some may not believe a=
CRQC will ever exist. Some may have use cases that are incompatible with t=
hem (e.g. nothing BIP32-like for them, no key aggregation/thresholds, or th=
ey're too large for certain use cases). Some may simply not bother to imple=
ment whatever is required, because they're busy building altcoin infrastruc=
ture[1] that's more profitable (there are still major ecosystem players tha=
t cannot even *send* to taproot outputs...). And all of that is ignoring co=
ins which have simply been lost, which will definitely not move.
All of that together means that the mere existence of quantum-safe outputs =
will not be sufficient to largely remove the presence of CRQC-vulnerable co=
ins from the system. And without that, the fear of the existence of a CRQC =
may remain an existential threat due to the sell pressure it may cause. Eve=
n those who have moved their coins to quantum-safe outputs may worry about =
an exchange-rate crash caused by a QRQC operator selling stolen coins, whic=
h may fuel even more sell pressure.
It's quite possible I'm wrong here, about sentiment, or about what happens =
in what order. But I think it's worth considering. And if so, then I think =
the conclusion is that the actual mitigation to (the fear of) a quantum thr=
eat is (the prospect of) freezing CRQC-vulnerable coins. Everything else, u=
p to and including investigating, proposing, activating, and advocating for=
usage, of quantum-safe outputs, is just be preparatory. Those would be nec=
essary first steps of course, but absent a subsequent prospect of actually =
disabling quantum-vulnerable outputs, they may be irrelevant in the grand s=
cheme of things.
To be clear, I am not advocating for any specific cause of action here. Not=
on BIPs, timelines, approach, or even whether something should be done at =
all. However, I do consider it naive to say that simply making post-quantum=
output types available is a solution.
[1] https://rusty.ozlabs.org/2020/05/27/bitcoin-exchanges-are-now-the-ene=
my.html
Cheers,
--=20
Pieter
--=20
You received this message because you are subscribed to the Google Groups "=
Bitcoin Development Mailing List" group.
To unsubscribe from this group and stop receiving emails from it, send an e=
mail to bitcoindev+unsubscribe@googlegroups.com.
To view this discussion visit https://groups.google.com/d/msgid/bitcoindev/=
qiwLbcmBGlNhbgEb-1WMrZdOS-JQpYVyxfAxcKYmkLSwcwvAKI9faDZigqE94yaPV9-snFurf5X=
9OXlgXqOGgyJSGJ11AhgrYXgVBjhflw0%3D%40wuille.net.
|
