🤔
Discussion
I’ve given this some thought. It could be done with a soft fork.
A fair way to do it would be to have a rolling block-height before which UTXOs become unspendable. A simple implementation would be something like MAX_BLOCK_AGE=900000, which would mean that any UTXO from more than 900000 blocks ago would be invalid. This implementation would move the wall forward at a rate of 1 block per block mined. That is, a window of 900000 blocks would always be valid.
But you could have the wall move forward more slowly, like at a rate of one block per every X blocks mined. This would create a lengthening window.
In any case, such a soft fork would be incredibly contentions because it violates the your-keys-your-coins doctrine. It may be more popular with the community to simply have old abandoned coins act as bounty for quantum pirates.
I agree that the coins should be left as a bounty. Also, that soft fork would undermine the use of bitcoin for very long term store of value. You could always move your multi-generational savings every 80000 blocks, but why force the extra transaction volume, and why would we want money to expire?
Seems like it's actually a good thing to have the bounty, so that white hat hackers have an incentive to find any possible way to break the signature scheme without actually stealing anyone's coins. They could steal, but world probably be worse of, because it would undermine trust in the asset they just acquired. If they find a security flaw, and help patch it, they have earned the bounty.
I’m also generally of the opinion that insecure coins should remain as a bounty. For the rest of us, it’s a tripwire that signals when it’s time to upgrade security.