In my latest essay I weigh in on the controversial issue of how to deal with quantum vulnerable bitcoin in a post-quantum future.
After great consideration, I think it's best if we burn quantum vulnerable coins.
Discussion
Nic Carter has an idea toward that end, I'm not sure it he ever wrote it up. Basically tax unused utxos after some time to keep the mining rewards higher for longer. The complexity and push against tax probably makes this DOA, but interesting still.
I wonder what the technical side of this would look like. How would the tax transactions even be signed? I don't see how you could tax any amount without essentially controlling the entire amount.
It would probably require a hard fork to allow a portion of funds to be moved based on address type and time. This spending would only be allowed to subsidize moving further through some unknown mechanism. It isn't a transaction tax, but more like the network taxing unused assets.
Not sure I agree with everything, but it's a good discussion
It's a node vote between bitcoiners who are still stacking and want the price low and bitcoiners who are sitting on their stack and want the price higher now.
Yea. You give people power to take from others, take they will.
I was promised Bitcoiner’s were different.
Don't think it's possible to get consensus on burning millions of BTC. The more conservative approach of letting vulnerable coins remain seems both more ethical and more likely to be adopted.
If it redistributes some wealth to those with quantum computers this is not too much different from the way coin distribution has already worked in BTC. Over the long term it won't matter, but the precedent of seizing coins would.
If I have lost sats (which I do), I'd want to be able to hire a quantum service engineer to unlock them for me.
What makes you think that said engineer has any better chance at recovering them for you than anyone else who would just keep the sats for themselves?
What if someone has hundreds of UTXOs because they've stacking using DCA? They would need to do hundreds of small transactions (one input to one quantum resistant output) or one transaction consolidating UTXOs into one address, thus undermining their privacy.
if you've created a bunch of small utxos that's not a issue with quantum, you are screwing yourself with bad utxo management
Also, dumb question: is there a way to make the current UTXO set quantum resistant, with no need to migrate to quantum resistant addresses?
If there is, nobody has figured out how.
It seems to me that you could prove a hardened derivation or a BIP-39 derivation. Unfortunately this reveals your secret key, so you need to either use a (quantum resistant!) ZKP, or a two-stage reveal: hash of the proof, what outputs you will spend, and an indication of what address you want to transfer the coins to, then after that is mined, you do the spend at put the derivation in the annex (or, for non-taproot, in an OP_RETURN).
We could introduce a way to commit a PQ public key as a companion for a sec256k public key, without revealing the latter. A (later) soft fork could enforce that each sec256k signature must be paired with a PQ signature if such a commitment is there.
Both the commitment as well the PQ signature could go into a newly introduced section of the blockchain (like the witness) and get discounted to be on par with sec256k signatures. This way the tx rate would not be negatively affected.
Thanks for your service. I'll read it tonight
₿ will find a solution when the problem arises. An update will be done and everyone will move on to the next update. It's not an urgent problem right now.
What do you think Bitcoin is?
Bitcoin is made of people.
It's a good time to discuss now precisely because it's not urgent.
Of course! What I just said! Just talk about it and prepare for a possible problem that doesn't exist today but that could come in the future. I agree with you. Bitcoin is an idea 🧡⚡️😉
and that's why i run a node, so people like lopp don't fuck with Bitcoin
Your node will happily accept a soft forked chain of new blocks.
I would be a little shocked (and very disappointed) if a consensus could even be achieved to invalidate keys without explicit owner consent.
Putting that aside, assuming such a consensus were possible, I don't think there will be a clear moment in time that funds move from being non-quantum vulnerable to quantum vulnerable... i.e. in either of the relevant scenarios (quantum capabilities advance slowly), funds will be slowly moving from their current state of near-zero vulnerability bit by bit in the direction of certain insecurity. Good luck forming a consensus on defining a bright line along that spectrum for what and when would constitute "sufficient vulnerability".
we would be sure if satoshi is still alive then. I guess he'd move his coins then.
I like the idea of a 4 year deadline before the burn. If you miss that deadline it's your own fault.
I guess every Bitcoiner needs to follow obscure discussions on nostr? It’s not like there’s one big mailing list where everyone gets updates like this.
I guess word would go around pretty fast. Exchanges would notify their users, wallet software could introduce allerts...
Has someone done the math on the number of transactions required to move all pre-quantum coins to a new address? I sure hope this migration introduces some new block sizes. (Ducks)
Quantum recovered coins sound like inflation 🤔
When steel manning your argument, I think you missed a big one: Allowing this jackpot to continue to exist will incentivize research into quantum computing, and one would hope that would be a net benefit for humanity.
It's similar how Bitcoin mining incentivizes the development of stranded renewable power in Africa. That's a negative for existing Bitcoin miners (increased competition), but a net benefit for humanity (electricity for those who previously did not have access).
This topic pulled my heart, gut, and mind in different directions. Landfill guy was the first to come to mind when I started reading this. White hats or bleeding hearts, I can't see them possessing the power and/or value system to be the first.
My finances and heart like your argument, but my mind says, he who has the best math wins, and this would be the already wealthiest orgs capable of affording QC and are very likely at least somewhat bad...and this makes my stomach turn. I liked your differentiation of theft, and I really want to believe that burning is less bad for most and more good than bad for the network. I am curious if I theory this from different perspectives with varying levels of stake in the network and varying levels of humanity (good to bad, human to actual network), what will come up for me. Thanks for the food for thought.
but, this kills the incentive for developing quantum computers :)
It'd be tantamount to rolling back the chain. People are responsible for their own coins. If they leave them laying around unsecured, so be it. Better they be stolen by a quantum adversary than stolen by a band of those who would compromise the immutability of the chain.
Great article. Thanks.
How will quantum computing affect garden variety bitcoin mining? Do quantum computers have any supped up ability to mine?
Is the expectation that all other assets would be quantum resistant before bitcoin?
Also, in a world of quantum computers what would the quantum folks want to diversify into? Nothing else is particularly scarce. What would happen with a massive market buy of the dollar? I wonder how the currencies would respond?
The conservative & Self-Sovereignty arguments speak to me the most. There will always be people for whom 21m supply of Bitcoin will be a an inherent feature.
i dont know if i agree with this but appreciate you putting your thoughts out there
Sounds like a slippery slope 🧼
Love this topic - it is slowly taking the space in my mind of inter species communication.
Is it a useless thought when I question how does quantum overcome quantum ? By going faster than light ? Is there something that is more random than quantum ?
The biggest threat to Bitcoin is not quantum computers; it’s our response.
Perceived threat ≠ actual threat
When will Bitcoiners acknowledge the inherent problem of centralization in quantum computing? When will Bitcoiners acknowledge that Bitcoin is the only functional and operational quantum computer at scale for 16 years? Are we ready to exit the “Bitcoin is money/currency phase”?
Go ahead, trust the science and trust the physicists. Fork Bitcoin and burn coins over a fake threat. They only have to convince the masses that a quantum threat is real. Remember, we’re too stupid to understand quantum mechanics.
Bitcoin needs to be understood from a physics level before we propose and implement any other fork. Quantum is not a threat; it’s us, who is the threat.
Great article and thank you for what you do! It’s good to have a plan, and plans can change along the way!
Quantum is fundamentally a very sophisticated way of stealing keys. We should not change Bitcoin to prevent stealing keys, or remediate after the fact. Just because it's high-tech, and hasn't happened yet, doesn't justify it. Once we start allowing changes based on righting perceived wrongs it's over. If there is any other way, such as adding a quantum-proof address scheme, then this is enough.
I think that would be a bit "etherianish"...
QC ist FUD to scam more research funding out of governments and low-IQ investors. There isn't even a PoC yet, only vast claims. Build a PoC that can crack an 8bit key, then let's talk. Until then GTFO.
I have gone back and forth on this. Another potential option is to throttle these UTXOs. I don't know if I like that either but it is worth discussing.