On Sunday, July 13th, 2025 at 2:01 PM, Boris Nagaev <[email protected]> wrote:
> On Sunday, July 13, 2025 at 1:09:01 PM UTC-3 Ethan Heilman wrote: > > > > That is, quantum vulnerable outputs, in the presence of a quantum computer, > > have already had their value destroyed. They no longer function as > > property, but instead function as an inflationary reward for owning a > > quantum computer. Freezing them simply reflects this reality and protects > > quantum resistant coins from the inflation caused by quantum attacks. > > > The key issue is that we don't know whether the quantum threat will > materialize. It's an open question. Jameson's proposal requires taking action > before such a threat actually exists. But without knowing if or when it will > happen, it's hard to justify such a significant change. I want to make a perhaps controversial nuance here. I believe the the main quantum-related threat to bitcoin, at least in the medium term, is not the actual materialization of a cryptographically-relevant quantum computer (CRQC), but **the belief** whether one may exist soon after. I don't mean to imply that such a machine won't ever appear, but I believe the fear that one may exist will likely have a more meaningful impact, and come much earlier. Furthermore, I don't think the availability of quantum-safe output types will be sufficient to mitigate this fear-threat, because I don't see how the mere existence of quantum-safe outputs will be sufficient to incentivize the vast majority of coin holders to move their coins. Some may not believe a CRQC will ever exist. Some may have use cases that are incompatible with them (e.g. nothing BIP32-like for them, no key aggregation/thresholds, or they're too large for certain use cases). Some may simply not bother to implement whatever is required, because they're busy building altcoin infrastructure[1] that's more profitable (there are still major ecosystem players that cannot even *send* to taproot outputs...). And all of that is ignoring coins which have simply been lost, which will definitely not move. All of that together means that the mere existence of quantum-safe outputs will not be sufficient to largely remove the presence of CRQC-vulnerable coins from the system. And without that, the fear of the existence of a CRQC may remain an existential threat due to the sell pressure it may cause. Even those who have moved their coins to quantum-safe outputs may worry about an exchange-rate crash caused by a QRQC operator selling stolen coins, which may fuel even more sell pressure. It's quite possible I'm wrong here, about sentiment, or about what happens in what order. But I think it's worth considering. And if so, then I think the conclusion is that the actual mitigation to (the fear of) a quantum threat is (the prospect of) freezing CRQC-vulnerable coins. Everything else, up to and including investigating, proposing, activating, and advocating for usage, of quantum-safe outputs, is just be preparatory. Those would be necessary first steps of course, but absent a subsequent prospect of actually disabling quantum-vulnerable outputs, they may be irrelevant in the grand scheme of things. To be clear, I am not advocating for any specific cause of action here. Not on BIPs, timelines, approach, or even whether something should be done at all. However, I do consider it naive to say that simply making post-quantum output types available is a solution. [1] https://rusty.ozlabs.org/2020/05/27/bitcoin-exchanges-are-now-the-enemy.html Cheers, -- Pieter -- You received this message because you are subscribed to the Google Groups "Bitcoin Development Mailing List" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion visit https://groups.google.com/d/msgid/bitcoindev/qiwLbcmBGlNhbgEb-1WMrZdOS-JQpYVyxfAxcKYmkLSwcwvAKI9faDZigqE94yaPV9-snFurf5X9OXlgXqOGgyJSGJ11AhgrYXgVBjhflw0%3D%40wuille.net.
