1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
|
Delivery-date: Sun, 09 Mar 2025 01:30:33 -0800
Received: from mail-oo1-f60.google.com ([209.85.161.60])
by mail.fairlystable.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
(Exim 4.94.2)
(envelope-from <bitcoindev+bncBAABBL57WW7AMGQE6QZ7DJY@googlegroups.com>)
id 1trCzQ-00063J-2K
for bitcoindev@gnusha.org; Sun, 09 Mar 2025 01:30:33 -0800
Received: by mail-oo1-f60.google.com with SMTP id 006d021491bc7-6015b5d1bdesf92815eaf.2
for <bitcoindev@gnusha.org>; Sun, 09 Mar 2025 01:30:31 -0800 (PST)
ARC-Seal: i=2; a=rsa-sha256; t=1741512626; cv=pass;
d=google.com; s=arc-20240605;
b=HYXAJ4QsxaKcrk2VnNxkoCqmIGuC/2n8y/e0yGeJEFJPC9R7TMiAxoQR2f/5U8+WEt
Vj5Mf0SjWn5y3q2yPqdpZAe49By2h7w1CUUgPofXEW8rbgn/ee5IAM4m89p/JSo6XQk2
ku80ydScjNpf5t5DnpacBxMtSLOO6BLX4iAaw4jbU4vcuORdaTfK2hNLrURwcejacLHS
QYAkihskiQFlXltR5zoxJ0ECcisEFSKfXqLAClFPMfP0yVYnEGilfK9u5E6Re1COvpqL
RLw7bk0SXvAfC/wmyaMgbOZp9WXUmjMMODYTJXtipZqhM/AVB5ry5OsCIwONXWGuelFM
l8Mg==
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605;
h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post
:list-id:mailing-list:precedence:reply-to:mime-version:feedback-id
:references:in-reply-to:message-id:subject:from:to:date
:dkim-signature;
bh=7WC9za2urk3VXl6nh8Ig8eaOvHyWaF8Ffeu02b50+2k=;
fh=ifa8DoF/firQPnl5mPBVTMUTqY+tAaValgTrb4gPO+U=;
b=k9wKRO3YFHjDtwBApqdhyP1ga2IK4rjXAe5sl3upsp+1dAy/bfqFrAaH9vZG1RoSXX
o/0uUuqNy7AOjX1LVWJlZVdzH8gI9vPVHmAIJQePwqen/ybCQxEJ42Kzf3g8wouVvHcK
dk58MADORAZjEIiQH+iAA9NKTOBZUbEwtugKRpENHo9UhND38gJkUeA4bWpW96Ql9TjE
wPO4Dll2yAFZJZWyvnhZGpKq1u4dnRy7ip7lsrX3UoyF1yF6BkkJg7Q16Qh7e+cRs8rY
z2PKvqvrhtVpvB0YFmIKpMzemVUrsmun8Gc++xXZHSCn8vtRasKC7GOmJ+ya3/jBcah4
tkFw==;
darn=gnusha.org
ARC-Authentication-Results: i=2; gmr-mx.google.com;
dkim=pass header.i=@protonmail.com header.s=protonmail3 header.b=K76ejj6V;
spf=pass (google.com: domain of armchaircryptologist@protonmail.com designates 79.135.106.30 as permitted sender) smtp.mailfrom=ArmchairCryptologist@protonmail.com;
dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=protonmail.com
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=googlegroups.com; s=20230601; t=1741512626; x=1742117426; darn=gnusha.org;
h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post
:list-id:mailing-list:precedence:reply-to
:x-original-authentication-results:x-original-sender:mime-version
:feedback-id:references:in-reply-to:message-id:subject:from:to:date
:from:to:cc:subject:date:message-id:reply-to;
bh=7WC9za2urk3VXl6nh8Ig8eaOvHyWaF8Ffeu02b50+2k=;
b=mwnTuCJBqCmENJmvxIihcCMR/4U77w4JIzH6ZvbyBJZe3z569sdX09M8NFy39wumDy
XdgVGAmB3V+4GJ8t20T8H/7vI27OhsBcDtJdN1vKLr6DizRsMiBCcfBOqk86R60L97Ck
hRth0FR54sJO3shhTNX5mAvZvslJKiaFiNzSCbn8JAJgqWsE7VbMGSbatUrQXp2bpJOR
uFR4Vp7CzluofnIqSp7MBx0ZUJws5VkDIQv4ACnrBOZtszm5q9JaKiXIBrQPsxDbb+GI
LQe/jOsAaDGHafyk2GHK7AEZc4dokS5Zq3ZHSjEdxaL5pjM5k4mn+H0+YY8h57U0Oq4l
lIag==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20230601; t=1741512626; x=1742117426;
h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post
:list-id:mailing-list:precedence:reply-to
:x-original-authentication-results:x-original-sender:mime-version
:feedback-id:references:in-reply-to:message-id:subject:from:to:date
:x-beenthere:x-gm-message-state:from:to:cc:subject:date:message-id
:reply-to;
bh=7WC9za2urk3VXl6nh8Ig8eaOvHyWaF8Ffeu02b50+2k=;
b=a+PnjLRX9wBcy47BlIj9eTxkuhBnaZYYtPmROhSX+umeTgjU50N1g7SHSCum0cohw6
O+jnPlkFa87/HmhkD7nSaZiE1PLNYYjS7cvRpBtG0h1CBn8uvOq07yGQGnyejWfaNmu/
Y6uEmuLc2IHq4KR5+eK5fFpfFVMXKSgY3AEIvbNr1qbiWDxCOQDPgMWGZZAu3v0GaXdP
z36+PE6KO9slOyvLeGDjo7eovY/RpJLVaFHfN0tSKYByLUkSz9adPYvXdG4Wy4ZJFiCb
giv+r7F1LK3sk9mPbhgaydk6AkL4MYGYMZyN2GtgxuSFO69mBrHKyd6Y0pC4TOMeFh/x
rn4g==
X-Forwarded-Encrypted: i=2; AJvYcCWpSFh5BjzC/Qh4mUHNJa2L1tmIR+0LtGECfPcHhU8gP9bjEOeiXix2es29sZjxmfPO7fKTjy661OhC@gnusha.org
X-Gm-Message-State: AOJu0YyAUD9/DKFWd0jZlpW/mxu8dEwQPRxXCwq8cKy/HEsKDkt4D/EK
21ANrrzksbLOb1vdf6IjmV4DOifOiwXhR9TRxcwhzRVspcgMuRf3
X-Google-Smtp-Source: AGHT+IFulT2Z/zyuFO5dOM+Kllv5qahRShS5NCS7zqUb+xViymGXP1TEZnmm+kOIG9XBXV8pdbDHug==
X-Received: by 2002:a05:6808:144c:b0:3f4:fc5:d2b4 with SMTP id 5614622812f47-3f697b1b189mr5230518b6e.2.1741512625872;
Sun, 09 Mar 2025 01:30:25 -0800 (PST)
X-BeenThere: bitcoindev@googlegroups.com; h=Adn5yVGTMgmuuJJoXeKFx69irf1+4w4tyOY6IuOPxI4dtYsuMA==
Received: by 2002:a4a:dbda:0:b0:600:34a8:4c70 with SMTP id 006d021491bc7-6003eab747dls766136eaf.2.-pod-prod-04-us;
Sun, 09 Mar 2025 01:30:22 -0800 (PST)
X-Received: by 2002:a05:6808:2e93:b0:3f6:d59c:6a2d with SMTP id 5614622812f47-3f6d59c6ca4mr1743526b6e.39.1741512622815;
Sun, 09 Mar 2025 01:30:22 -0800 (PST)
Received: by 2002:ab3:6bd2:0:b0:293:23eb:d65a with SMTP id a1c4a302cd1d6-29323ebdc08msc7a;
Sun, 9 Mar 2025 01:20:08 -0800 (PST)
X-Received: by 2002:a2e:a99f:0:b0:30b:d543:5a71 with SMTP id 38308e7fff4ca-30bf44d9818mr24895741fa.1.1741512006600;
Sun, 09 Mar 2025 01:20:06 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1741512006; cv=none;
d=google.com; s=arc-20240605;
b=fEx52n6pf6mFp7rcxQo7hGiNsoA2eZ/szS/sAq31Br+SloTRsXHH8r+iK7bDsGvjfP
3pYqENwqTBIGSle8Twv6facNcKwq/tz1eEJevDdv1f7/FtZhQbVVaqjbzt7VACBFTE/+
4CCS8/w35A+Qbr7FtEA+205AmVOkCDE6S/zXvrtSIkSfHWp7k7OKC++Qaz0Y2x6zilQa
25AZ9BRt6pCaB8MsY73BccnXloYX9Hru95YSfIb40nZwRHsSrcNuV+3yGJoLGZiT0LIX
Pk5F/swHFPyB2t16P3is5a9UX42rbU+l0+2wCX68lgynYEguFhk0O9VaOT2C85CVt6Rr
/UTg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605;
h=mime-version:feedback-id:references:in-reply-to:message-id:subject
:from:to:date:dkim-signature;
bh=X+IQDOy+VjgI3PHPa+gmfeYbtVQEcW11v8BElcXFc+Y=;
fh=DMP0F9ULS1guKiqimntQRCN8ZraraesEgQuVcn7F0Z0=;
b=kfa11IKhZZE64Qbcwn53PZLmxrizyr4VKZ/OEfmvd+4SPgVik0tQ+pzK5P8+jIFcNI
CvCEfWUYnsy7aO6kzXK8Rb8U6zPOvN3VYqkNs/2zwD81gPY9CAMAeeVB2qWraei/8x53
jewiRfgrAOxG8vzzSS/v3DhrUK5AZPtFD8eOcCJueQ6QlTMS45pz6ls6CL0K1SRuqQFL
bcCSkV/2c5gQxdga9WuLlyviZ2/75GoMHe7SQ2XAXUlU73w+HM5qPiN7zEyyXQCfEv8r
1EkM1qS9NgNmwaego1wQwvUyQNqt6GLYTHuEw+pp4aQYWQVuU8ZTpYBxDtNa534JSlSs
1+VQ==;
dara=google.com
ARC-Authentication-Results: i=1; gmr-mx.google.com;
dkim=pass header.i=@protonmail.com header.s=protonmail3 header.b=K76ejj6V;
spf=pass (google.com: domain of armchaircryptologist@protonmail.com designates 79.135.106.30 as permitted sender) smtp.mailfrom=ArmchairCryptologist@protonmail.com;
dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=protonmail.com
Received: from mail-10630.protonmail.ch (mail-10630.protonmail.ch. [79.135.106.30])
by gmr-mx.google.com with ESMTPS id 38308e7fff4ca-30be99c911dsi1325841fa.5.2025.03.09.01.20.06
for <bitcoindev@googlegroups.com>
(version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
Sun, 09 Mar 2025 01:20:06 -0800 (PST)
Received-SPF: pass (google.com: domain of armchaircryptologist@protonmail.com designates 79.135.106.30 as permitted sender) client-ip=79.135.106.30;
Date: Sun, 09 Mar 2025 09:19:59 +0000
To: Bitcoin Development Mailing List <bitcoindev@googlegroups.com>
From: "'ArmchairCryptologist' via Bitcoin Development Mailing List" <bitcoindev@googlegroups.com>
Subject: Re: [bitcoindev] Re: Proposal for Quantum-Resistant Address Migration
Protocol (QRAMP) BIP
Message-ID: <ExSOriyqgy0FlVg3j_ZU9jMNQo5rgPRp2mVlp50gJEAtEy79NgFVMBOxchgG2mi6OVJWNN5UM5oXgrPrML_OAhT6v2-S1KVZ1oI14PjSEcw=@protonmail.com>
In-Reply-To: <CAJDmzYxAv8ahPOoTVryqy6oE8nUX0+49BHHhO==M1HpZCuMNbQ@mail.gmail.com>
References: <08a544fa-a29b-45c2-8303-8c5bde8598e7n@googlegroups.com> <83e89408-a20c-4297-96eb-3ca353be02abn@googlegroups.com> <CAJDmzYxAv8ahPOoTVryqy6oE8nUX0+49BHHhO==M1HpZCuMNbQ@mail.gmail.com>
Feedback-ID: 24244585:user:proton
X-Pm-Message-ID: 79b93cf62912cd686b1006a3dfea46dea9b47b8d
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="b1=_9oou56Y5i9ixeKojLOHOoTPRTuF8aBwrw1m5flfNrhQ"
X-Original-Sender: armchaircryptologist@protonmail.com
X-Original-Authentication-Results: gmr-mx.google.com; dkim=pass
header.i=@protonmail.com header.s=protonmail3 header.b=K76ejj6V;
spf=pass (google.com: domain of armchaircryptologist@protonmail.com
designates 79.135.106.30 as permitted sender) smtp.mailfrom=ArmchairCryptologist@protonmail.com;
dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=protonmail.com
X-Original-From: ArmchairCryptologist <ArmchairCryptologist@protonmail.com>
Reply-To: ArmchairCryptologist <ArmchairCryptologist@protonmail.com>
Precedence: list
Mailing-list: list bitcoindev@googlegroups.com; contact bitcoindev+owners@googlegroups.com
List-ID: <bitcoindev.googlegroups.com>
X-Google-Group-Id: 786775582512
List-Post: <https://groups.google.com/group/bitcoindev/post>, <mailto:bitcoindev@googlegroups.com>
List-Help: <https://groups.google.com/support/>, <mailto:bitcoindev+help@googlegroups.com>
List-Archive: <https://groups.google.com/group/bitcoindev
List-Subscribe: <https://groups.google.com/group/bitcoindev/subscribe>, <mailto:bitcoindev+subscribe@googlegroups.com>
List-Unsubscribe: <mailto:googlegroups-manage+786775582512+unsubscribe@googlegroups.com>,
<https://groups.google.com/group/bitcoindev/subscribe>
X-Spam-Score: -1.0 (-)
--b1=_9oou56Y5i9ixeKojLOHOoTPRTuF8aBwrw1m5flfNrhQ
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
One major issue with a mandatory transition to quantum-resistant addresses =
that I haven't seen brought up is that block size is limited. In such a sce=
nario, it could be highly beneficial for parties that benefit from high fee=
s to flood the network with bogus transactions to force the fees arbitraril=
y high, since people would then be forced to either pay exorbitant fees to =
move their funds by the deadline, or lose their funds entirely. As such, th=
is does not seem like a good idea in general, at least unless the transitio=
n period is extremely long (say 10 years or more).
A less drastic proposal could be to (at least initially) only disable spend=
ing from the less common outputs that have no inherent quantum resistance b=
y virtue of having a hashed public key, such as P2PK and P2TR, while leavin=
g the safer variants with hashed public keys like P2PKH and P2WPKH spendabl=
e. Most analyses of quantum algorithms I have read suggest that at least in=
itially, they would take a significant amount of time to calculate a privat=
e key even if the public key is known, which means that even if there were =
a quantum breakthrough, there should be a relatively low chance of having f=
unds intercepted between broadcasting it (which would of course reveal the =
public key) and having it included in a block. Furthermore, there would alw=
ays be the option of only revealing the transaction to a trusted miner rath=
er than broadcasting it, foregoing the risk entirely.
UTXOs with hashed public keys might still need to be disabled at some point=
, seeing as a non-insignificant number of them have a revealed public key d=
ue to address reuse, and that quantum computers might eventually reach the =
point where the chance of breaking a private key after broadcasting but bef=
ore block inclusion is non-insignificant, but this should at least alleviat=
e the initial rush of disabling everything at once.
--
Best,
ArmchairCryptologist
On Sunday, March 9th, 2025 at 1:53 AM, Agustin Cruz <agustin.cruz@gmail.com=
> wrote:
> Hi Michal,
>
> I completely understand your point of view. However, the concern with QRA=
MP isn=E2=80=99t about arbitrarily punishing users or confiscating assets w=
ithout reason. Rather, it=E2=80=99s about mitigating a very real, systemic =
risk. If a significant amount of funds remains in legacy addresses and a qu=
antum breakthrough occurs, the attack wouldn=E2=80=99t be a one-off inciden=
t targeting a few unlucky individuals. Instead, it could compromise the sec=
urity of the entire network, affecting countless users and shaking confiden=
ce in Bitcoin as a whole.
>
> The enforcement aspect of QRAMP is intended as a last-resort safety mecha=
nism after a long and well-communicated migration period. It=E2=80=99s desi=
gned to ensure that by the time any quantum-capable adversary comes along, =
almost everyone=E2=80=99s funds are protected by quantum-resistant cryptogr=
aphy. The goal is to preempt a scenario where the vulnerability becomes so =
widespread that a malicious actor could trigger a massive, destabilizing re=
allocation of wealth.
>
> The enforced migration is less about penalizing users and more about pres=
erving the long-term security and stability of the network for everyone.
>
> Best regards,
> Agustin
>
> El s=C3=A1b, 8 de mar de 2025, 9:22=E2=80=AFp. m., Michal Koles=C3=A1r <m=
ichal@zeleny-ctverec.cz> escribi=C3=B3:
>
>> Dear Agustin,
>>
>> enforcement in general doesn=E2=80=99t seem like a good choice to me. If=
I were to compare it to the real world, it=E2=80=99s as if people had mone=
y or jewelry in bank vaults that were unbreakable at the time they were sto=
red. After a certain period, it=E2=80=99s discovered that these vaults coul=
d be breached, and we=E2=80=99d tell everyone they have to buy new vaults a=
nd move their diamonds, gold, and banknotes into them. If they don=E2=80=99=
t do it, everything in their old vaults would be confiscated and destroyed.=
Surely, it=E2=80=99s normal that people would naturally buy new vaults (or=
move to safer ones) if they=E2=80=99re informed well in advance and loudly=
enough about the outdated vaults. And if they decide not to replace them, =
someone will eventually break in sooner or later and become the new owner o=
f their "wealth." That=E2=80=99s how it works in the real world, after all.=
Yes, perhaps if someone steals a large amount of Bitcoin en masse, it migh=
t temporarily lower its value. But that=E2=80=99s fine=E2=80=94it would jus=
t redistribute old, lost, or unused Bitcoins into new ownership, where some=
one would start using them. It=E2=80=99s like finding a lost treasure from =
the past at the bottom of the ocean.
>>
>> Best regards,
>> Michal
>>
>> On Wednesday, February 12, 2025 at 1:10:17=E2=80=AFAM UTC+1 Agustin Cruz=
wrote:
>>
>>> Dear Bitcoin Developers,
>>>
>>> I am writing to share my proposal for a new Bitcoin Improvement Proposa=
l (BIP) titled Quantum-Resistant Address Migration Protocol (QRAMP). The go=
al of this proposal is to safeguard Bitcoin against potential future quantu=
m attacks by enforcing a mandatory migration period for funds held in legac=
y Bitcoin addresses (secured by ECDSA) to quantum-resistant addresses.
>>>
>>> The proposal outlines:
>>>
>>> - Reducing Vulnerabilities: Transitioning funds to quantum-resistant sc=
hemes preemptively to eliminate the risk posed by quantum attacks on expose=
d public keys.
>>> - Enforcing Timelines: A hard migration deadline that forces timely act=
ion, rather than relying on a gradual, voluntary migration that might leave=
many users at risk.
>>> - Balancing Risks: Weighing the non-trivial risk of funds being permane=
ntly locked against the potential catastrophic impact of a quantum attack o=
n Bitcoin=E2=80=99s security.
>>>
>>> Additionally, the proposal addresses common criticisms such as the risk=
of permanent fund loss, uncertain quantum timelines, and the potential for=
chain splits. It also details backwards compatibility measures, comprehens=
ive security considerations, an extensive suite of test cases, and a refere=
nce implementation plan that includes script interpreter changes, wallet so=
ftware updates, and network monitoring tools.
>>>
>>> For your convenience, I have published the full proposal on my GitHub r=
epository. You can review it at the following link:
>>>
>>> [Quantum-Resistant Address Migration Protocol (QRAMP) Proposal on GitHu=
b](https://github.com/chucrut/bips/blob/master/bip-xxxxx.md)
>>>
>>> I welcome your feedback and suggestions and look forward to engaging in=
a constructive discussion on how best to enhance the security and resilien=
ce of the Bitcoin network in the quantum computing era.
>>>
>>> Thank you for your time and consideration.
>>>
>>> Best regards,
>>>
>>> Agustin Cruz
>>
>> --
>> You received this message because you are subscribed to the Google Group=
s "Bitcoin Development Mailing List" group.
>> To unsubscribe from this group and stop receiving emails from it, send a=
n email to bitcoindev+unsubscribe@googlegroups.com.
>> To view this discussion visit https://groups.google.com/d/msgid/bitcoind=
ev/83e89408-a20c-4297-96eb-3ca353be02abn%40googlegroups.com.
>
> --
> You received this message because you are subscribed to the Google Groups=
"Bitcoin Development Mailing List" group.
> To unsubscribe from this group and stop receiving emails from it, send an=
email to bitcoindev+unsubscribe@googlegroups.com.
> To view this discussion visit https://groups.google.com/d/msgid/bitcoinde=
v/CAJDmzYxAv8ahPOoTVryqy6oE8nUX0%2B49BHHhO%3D%3DM1HpZCuMNbQ%40mail.gmail.co=
m.
--=20
You received this message because you are subscribed to the Google Groups "=
Bitcoin Development Mailing List" group.
To unsubscribe from this group and stop receiving emails from it, send an e=
mail to bitcoindev+unsubscribe@googlegroups.com.
To view this discussion visit https://groups.google.com/d/msgid/bitcoindev/=
ExSOriyqgy0FlVg3j_ZU9jMNQo5rgPRp2mVlp50gJEAtEy79NgFVMBOxchgG2mi6OVJWNN5UM5o=
XgrPrML_OAhT6v2-S1KVZ1oI14PjSEcw%3D%40protonmail.com.
--b1=_9oou56Y5i9ixeKojLOHOoTPRTuF8aBwrw1m5flfNrhQ
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
<div style=3D"font-family: Arial, sans-serif; font-size: 14px;">One major i=
ssue with a mandatory transition to quantum-resistant addresses that I have=
n't seen brought up is that block size is limited. In such a scenario, it c=
ould be highly beneficial for parties that benefit from high fees to flood =
the network with bogus transactions to force the fees arbitrarily high, sin=
ce people would then be forced to either pay exorbitant fees to move their =
funds by the deadline, or lose their funds entirely. As such, this does not=
seem like a good idea in general, at least unless the transition period is=
extremely long (say 10 years or more).</div><div style=3D"font-family: Ari=
al, sans-serif; font-size: 14px;"><br></div><div style=3D"font-family: Aria=
l, sans-serif; font-size: 14px;">A less drastic proposal could be to (at le=
ast initially) only disable spending from the less common outputs that have=
no inherent quantum resistance by virtue of having a hashed public key, su=
ch as P2PK and P2TR, while leaving the safer variants with hashed public ke=
ys like P2PKH and P2WPKH spendable. <span></span><span>Most
analyses of quantum algorithms I have read suggest that at least=20
initially, they would take a significant amount of time to calculate a priv=
ate key even if the public key is known, which means that even if there wer=
e a quantum breakthrough, there should be a relatively low chance of having=
funds intercepted between broadcasting it (which would of course reveal th=
e public key) and having it included in a block. Furthermore, there would a=
lways be the option of only revealing the transaction to a trusted miner ra=
ther than broadcasting it, foregoing the risk entirely.</span></div><div st=
yle=3D"font-family: Arial, sans-serif; font-size: 14px;"><br> </div><div st=
yle=3D"font-family: Arial, sans-serif; font-size: 14px;">UTXOs with hashed =
public keys might still need to be disabled at some point, seeing as a non-=
insignificant number of them have a revealed public key due to address reus=
e, and that quantum computers might eventually reach the point where the ch=
ance of breaking a private key after broadcasting but before block inclusio=
n is non-insignificant, but this should at least alleviate the initial rush=
of disabling everything at once.</div><div style=3D"font-family: Arial, sa=
ns-serif; font-size: 14px; color: rgb(0, 0, 0); background-color: rgb(255, =
255, 255);"><br></div><div style=3D"font-family: Arial, sans-serif; font-si=
ze: 14px; color: rgb(0, 0, 0); background-color: rgb(255, 255, 255);">--</d=
iv><div style=3D"font-family: Arial, sans-serif; font-size: 14px; color: rg=
b(0, 0, 0); background-color: rgb(255, 255, 255);">Best,</div><div style=3D=
"font-family: Arial, sans-serif; font-size: 14px; color: rgb(0, 0, 0); back=
ground-color: rgb(255, 255, 255);">ArmchairCryptologist</div><div style=3D"=
font-family: Arial, sans-serif; font-size: 14px; color: rgb(0, 0, 0); backg=
round-color: rgb(255, 255, 255);"><br></div><div class=3D"protonmail_quote"=
>
On Sunday, March 9th, 2025 at 1:53 AM, Agustin Cruz <agustin.cru=
z@gmail.com> wrote:<br>
<blockquote class=3D"protonmail_quote" type=3D"cite">
<div dir=3D"auto"><p dir=3D"ltr">Hi Michal,</p>
<p dir=3D"ltr">I completely understand your point of view. However, the con=
cern with QRAMP isn=E2=80=99t about arbitrarily punishing users or confisca=
ting assets without reason. Rather, it=E2=80=99s about mitigating a very re=
al, systemic risk. If a significant amount of funds remains in legacy addre=
sses and a quantum breakthrough occurs, the attack wouldn=E2=80=99t be a on=
e-off incident targeting a few unlucky individuals. Instead, it could compr=
omise the security of the entire network, affecting countless users and sha=
king confidence in Bitcoin as a whole.</p>
<p dir=3D"ltr">The enforcement aspect of QRAMP is intended as a last-resort=
safety mechanism after a long and well-communicated migration period. It=
=E2=80=99s designed to ensure that by the time any quantum-capable adversar=
y comes along, almost everyone=E2=80=99s funds are protected by quantum-res=
istant cryptography. The goal is to preempt a scenario where the vulnerabil=
ity becomes so widespread that a malicious actor could trigger a massive, d=
estabilizing reallocation of wealth.</p>
<p dir=3D"ltr">The enforced migration is less about penalizing users and mo=
re about preserving the long-term security and stability of the network for=
everyone.</p>
<p dir=3D"ltr">Best regards,<br>
Agustin</p></div><br><div class=3D"gmail_quote gmail_quote_container"><div =
class=3D"gmail_attr" dir=3D"ltr">El s=C3=A1b, 8 de mar de 2025, 9:22=E2=80=
=AFp. m., Michal Koles=C3=A1r <<a href=3D"mailto:michal@zeleny-ctverec.c=
z" rel=3D"noreferrer nofollow noopener">michal@zeleny-ctverec.cz</a>> es=
cribi=C3=B3:<br></div><blockquote style=3D"margin:0 0 0 .8ex;border-left:1p=
x #ccc solid;padding-left:1ex" class=3D"gmail_quote"><div style=3D"font-fam=
ily: sans-serif; color: black; background-color: transparent;">Dear Agustin=
,</div><div style=3D"font-family: sans-serif; color: black; background-colo=
r: transparent;"><br></div><div style=3D"font-family: sans-serif; color: bl=
ack; background-color: transparent;">enforcement in general doesn=E2=80=99t=
seem like a good choice to me. If I were to compare it to the real world, =
it=E2=80=99s as if people had money or jewelry in bank vaults that were unb=
reakable at the time they were stored. After a certain period, it=E2=80=99s=
discovered that these vaults could be breached, and we=E2=80=99d tell ever=
yone they have to buy new vaults and move their diamonds, gold, and banknot=
es into them. If they don=E2=80=99t do it, everything in their old vaults w=
ould be confiscated and destroyed. Surely, it=E2=80=99s normal that people =
would naturally buy new vaults (or move to safer ones) if they=E2=80=99re i=
nformed well in advance and loudly enough about the outdated vaults. And if=
they decide not to replace them, someone will eventually break in sooner o=
r later and become the new owner of their "wealth." That=E2=80=99s how it w=
orks in the real world, after all. Yes, perhaps if someone steals a large a=
mount of Bitcoin en masse, it might temporarily lower its value. But that=
=E2=80=99s fine=E2=80=94it would just redistribute old, lost, or unused Bit=
coins into new ownership, where someone would start using them. It=E2=80=99=
s like finding a lost treasure from the past at the bottom of the ocean.</d=
iv><div style=3D"font-family: sans-serif; color: black; background-color: t=
ransparent;"><br></div><div style=3D"font-family: sans-serif; color: black;=
background-color: transparent;">Best regards,</div><div style=3D"font-fami=
ly: sans-serif; color: black; background-color: transparent;">Michal</div><=
br><div><div dir=3D"auto">On Wednesday, February 12, 2025 at 1:10:17=E2=80=
=AFAM UTC+1 Agustin Cruz wrote:<br></div><blockquote style=3D"margin:0px 0p=
x 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><p sty=
le=3D"font-family: Arial, Helvetica, sans-serif; font-size: small; color: r=
gb(34, 34, 34);">Dear Bitcoin Developers,</p><p style=3D"font-family: Arial=
, Helvetica, sans-serif; font-size: small; color: rgb(34, 34, 34);">I am wr=
iting to share my proposal for a new Bitcoin Improvement Proposal (BIP) tit=
led <strong>Quantum-Resistant Address Migration Protocol (QRAMP)</strong>. =
The goal of this proposal is to safeguard Bitcoin against potential future =
quantum attacks by enforcing a mandatory migration period for funds held in=
legacy Bitcoin addresses (secured by ECDSA) to quantum-resistant addresses=
.</p><p style=3D"font-family: Arial, Helvetica, sans-serif; font-size: smal=
l; color: rgb(34, 34, 34);">The proposal outlines:</p><ul style=3D"font-fam=
ily: Arial, Helvetica, sans-serif; font-size: small; color: rgb(34, 34, 34)=
;"><li style=3D"margin-left:15px"><strong>Reducing Vulnerabilities:</strong=
> Transitioning funds to quantum-resistant schemes preemptively to eliminat=
e the risk posed by quantum attacks on exposed public keys.</li><li style=
=3D"margin-left:15px"><strong>Enforcing Timelines:</strong> A hard migratio=
n deadline that forces timely action, rather than relying on a gradual, vol=
untary migration that might leave many users at risk.</li><li style=3D"marg=
in-left:15px"><strong>Balancing Risks:</strong> Weighing the non-trivial ri=
sk of funds being permanently locked against the potential catastrophic imp=
act of a quantum attack on Bitcoin=E2=80=99s security.</li></ul><p style=3D=
"font-family: Arial, Helvetica, sans-serif; font-size: small; color: rgb(34=
, 34, 34);">Additionally, the proposal addresses common criticisms such as =
the risk of permanent fund loss, uncertain quantum timelines, and the poten=
tial for chain splits. It also details backwards compatibility measures, co=
mprehensive security considerations, an extensive suite of test cases, and =
a reference implementation plan that includes script interpreter changes, w=
allet software updates, and network monitoring tools.</p><p style=3D"font-f=
amily: Arial, Helvetica, sans-serif; font-size: small; color: rgb(34, 34, 3=
4);">For your convenience, I have published the full proposal on my GitHub =
repository. You can review it at the following link:</p><p style=3D"font-fa=
mily: Arial, Helvetica, sans-serif; font-size: small; color: rgb(34, 34, 34=
);"><a target=3D"_blank" style=3D"color: rgb(17, 85, 204);" href=3D"https:/=
/github.com/chucrut/bips/blob/master/bip-xxxxx.md" rel=3D"noreferrer nofoll=
ow noopener">Quantum-Resistant Address Migration Protocol (QRAMP) Proposal =
on GitHub</a></p><p style=3D"font-family: Arial, Helvetica, sans-serif; fon=
t-size: small; color: rgb(34, 34, 34);">I welcome your feedback and suggest=
ions and look forward to engaging in a constructive discussion on how best =
to enhance the security and resilience of the Bitcoin network in the quantu=
m computing era.</p><p style=3D"font-family: Arial, Helvetica, sans-serif; =
font-size: small; color: rgb(34, 34, 34);">Thank you for your time and cons=
ideration.</p><p style=3D"font-family: Arial, Helvetica, sans-serif; font-s=
ize: small; color: rgb(34, 34, 34);">Best regards,</p><p style=3D"font-fami=
ly: Arial, Helvetica, sans-serif; font-size: small; color: rgb(34, 34, 34);=
">Agustin Cruz</p></blockquote></div>
<p></p>
-- <br>
You received this message because you are subscribed to the Google Groups "=
Bitcoin Development Mailing List" group.<br>
To unsubscribe from this group and stop receiving emails from it, send an e=
mail to <a rel=3D"noreferrer nofollow noopener" target=3D"_blank" href=3D"m=
ailto:bitcoindev+unsubscribe@googlegroups.com">bitcoindev+unsubscribe@googl=
egroups.com</a>.<br>
To view this discussion visit <a rel=3D"noreferrer nofollow noopener" targe=
t=3D"_blank" href=3D"https://groups.google.com/d/msgid/bitcoindev/83e89408-=
a20c-4297-96eb-3ca353be02abn%40googlegroups.com">https://groups.google.com/=
d/msgid/bitcoindev/83e89408-a20c-4297-96eb-3ca353be02abn%40googlegroups.com=
</a>.<br>
</blockquote></div>
<p></p>
-- <br>
You received this message because you are subscribed to the Google Groups "=
Bitcoin Development Mailing List" group.<br>
To unsubscribe from this group and stop receiving emails from it, send an e=
mail to <a href=3D"mailto:bitcoindev+unsubscribe@googlegroups.com" rel=3D"n=
oreferrer nofollow noopener">bitcoindev+unsubscribe@googlegroups.com</a>.<b=
r>
To view this discussion visit <a href=3D"https://groups.google.com/d/msgid/=
bitcoindev/CAJDmzYxAv8ahPOoTVryqy6oE8nUX0%2B49BHHhO%3D%3DM1HpZCuMNbQ%40mail=
.gmail.com" target=3D"_blank" rel=3D"noreferrer nofollow noopener">https://=
groups.google.com/d/msgid/bitcoindev/CAJDmzYxAv8ahPOoTVryqy6oE8nUX0%2B49BHH=
hO%3D%3DM1HpZCuMNbQ%40mail.gmail.com</a>.<br>
</blockquote><br>
</div>
<p></p>
-- <br />
You received this message because you are subscribed to the Google Groups &=
quot;Bitcoin Development Mailing List" group.<br />
To unsubscribe from this group and stop receiving emails from it, send an e=
mail to <a href=3D"mailto:bitcoindev+unsubscribe@googlegroups.com">bitcoind=
ev+unsubscribe@googlegroups.com</a>.<br />
To view this discussion visit <a href=3D"https://groups.google.com/d/msgid/=
bitcoindev/ExSOriyqgy0FlVg3j_ZU9jMNQo5rgPRp2mVlp50gJEAtEy79NgFVMBOxchgG2mi6=
OVJWNN5UM5oXgrPrML_OAhT6v2-S1KVZ1oI14PjSEcw%3D%40protonmail.com?utm_medium=
=3Demail&utm_source=3Dfooter">https://groups.google.com/d/msgid/bitcoindev/=
ExSOriyqgy0FlVg3j_ZU9jMNQo5rgPRp2mVlp50gJEAtEy79NgFVMBOxchgG2mi6OVJWNN5UM5o=
XgrPrML_OAhT6v2-S1KVZ1oI14PjSEcw%3D%40protonmail.com</a>.<br />
--b1=_9oou56Y5i9ixeKojLOHOoTPRTuF8aBwrw1m5flfNrhQ--
|
