There's already less than 21m coins in circulation, as many keys have been lost or coins burned.

>”Ultimately the free market will decide”

Agree, and that’s the point I’m responding to. My view is that “the market” will value credibility of supply schedule over an absolute number of outstanding bitcoin. Maybe Matt is right that the fork would retain sufficient credibility and would ultimately win out, but I don’t think that will be on the basis of having a marginally lower supply.

How would you know the coin was stolen what’s the mechanism?

Oh also I forgot to respond to your second point - if we allow for claims via a seedphrase-based recovery scheme, we will not know which coins are frozen and which are not, so it remains 21M Bitcoin :)

Think there are a couple things getting lost in translation here:

1) Re the 5%, I was going off your closing comment about “an extra million coins,” which I took to be your approximation of total coins immediately vulnerable to a CRQC at rest (very old P2PK addresses etc). I’m not sure where the latest estimate stands on that, but that delta (which you cited in your post) is what I’m responding to. But even at a 10, 20, 50% etc difference between forks, the credibility point still seems more relevant to me in the long run than the absolute number.

2) I absolutely grant that suddenly reawakening a large amount of supply at once would impact the price in the short run. I think there are reasons to be skeptical that that’s actually how it would play out, but even granting that that happened, I don’t think it’s ideal to optimize critical design questions around short-term price dynamics (Bitcoin is not a company, but any company that makes material changes to strategy to avoid temporary declines in its stock price is one you want to avoid). The future I’m imagining is one where PQC signatures / quantum-safe options exist (obviously TBD but that’s it’s own question, and pointless to worry about freezing old coins if we can’t figure that out), so “stolen” coins could only be stolen once (presumably they would quickly end up in quantum-safe addresses, even if their thieves immediately dumped them on the open market), and the price of original bitcoin therefore wouldn’t be permanently impaired. That we should look into developing quantum-safe options to make that possible is a different conversation than what we should do or not do with vulnerable coins.

3) I’m not making any philosophical claims here about Bitcoin’s nature, though I have some objections to the way you frame your comments. My point was simply about how “the market” (as you framed it) would evaluate the two hypothetical chains, and I’m saying a) that evaluation would focus more on supply credibility than just absolute number of circulating bitcoin and b) it seems there’s good reason to believe it would find the original chain more credible in its supply schedule guarantees than the other.