how do you prove that a utxo is yours? how would you do it in a non technical way?

Is it stealing if we’re saying they have no owner? (Freezing insinuates this)

"Preventing these coins from being stolen" sounds a lot like taking away agency from the coin owners, active intervention, even if with good intentions is what the fiat system constantly does.

Giving people the tools to move them to a safe address seems way more sane to me, if they don't take action it's on them whatever the outcome is. Of course that assumes they're even aware of it, but in the end freezing it would have them lose their coins anyway so with the former there's at least a chance for them to safeguard their coins.

So either they lose it for not being in the known and not moving or lose from a direct intervention, which seems more hostile and against the Bitcoin ethos to me.

Now how much economic actors value non interventionism vs "good interventionism" is up in the air.

IMO giving options is better than deciding for users, taking away their agency.

But what is that about having to freeze insecure spend paths? Doesn't that still gives people agency to pick that option instead of just losing their coins by default to being frozen?

The solution to that concern is lead time :). Provide a way to embed a QC-safe pubkey in outputs today, give wallets plenty of time to adopt it, then there will have been years and years of lead time :)

There's already less than 21m coins in circulation, as many keys have been lost or coins burned.

>”Ultimately the free market will decide”

Agree, and that’s the point I’m responding to. My view is that “the market” will value credibility of supply schedule over an absolute number of outstanding bitcoin. Maybe Matt is right that the fork would retain sufficient credibility and would ultimately win out, but I don’t think that will be on the basis of having a marginally lower supply.

How would you know the coin was stolen what’s the mechanism?

Oh also I forgot to respond to your second point - if we allow for claims via a seedphrase-based recovery scheme, we will not know which coins are frozen and which are not, so it remains 21M Bitcoin :)

Think there are a couple things getting lost in translation here:

1) Re the 5%, I was going off your closing comment about “an extra million coins,” which I took to be your approximation of total coins immediately vulnerable to a CRQC at rest (very old P2PK addresses etc). I’m not sure where the latest estimate stands on that, but that delta (which you cited in your post) is what I’m responding to. But even at a 10, 20, 50% etc difference between forks, the credibility point still seems more relevant to me in the long run than the absolute number.

2) I absolutely grant that suddenly reawakening a large amount of supply at once would impact the price in the short run. I think there are reasons to be skeptical that that’s actually how it would play out, but even granting that that happened, I don’t think it’s ideal to optimize critical design questions around short-term price dynamics (Bitcoin is not a company, but any company that makes material changes to strategy to avoid temporary declines in its stock price is one you want to avoid). The future I’m imagining is one where PQC signatures / quantum-safe options exist (obviously TBD but that’s it’s own question, and pointless to worry about freezing old coins if we can’t figure that out), so “stolen” coins could only be stolen once (presumably they would quickly end up in quantum-safe addresses, even if their thieves immediately dumped them on the open market), and the price of original bitcoin therefore wouldn’t be permanently impaired. That we should look into developing quantum-safe options to make that possible is a different conversation than what we should do or not do with vulnerable coins.

3) I’m not making any philosophical claims here about Bitcoin’s nature, though I have some objections to the way you frame your comments. My point was simply about how “the market” (as you framed it) would evaluate the two hypothetical chains, and I’m saying a) that evaluation would focus more on supply credibility than just absolute number of circulating bitcoin and b) it seems there’s good reason to believe it would find the original chain more credible in its supply schedule guarantees than the other.

nah

I’ve actually seen, the further I dig into it, that the apparent “progress” is essentially a collection of tricks to appear to factor much larger and larger numbers, only to break it down and realize the genuine entropy in the problem being solved is virtually no different than it was 10 years ago.

The highest *genuine* attempt to factor a number is apparently the number 35… and it didn’t actually work

Nobody is promised that their keys will always be safe. Bitcoin doesn’t promise that there are easy backups or your wallet is secure from any hack or possible vulnerability.

The only promise Bitcoin gives is that you are responsible, it’s permissionless, your coins won’t be frozen for political reasons, and there are only 21 million. The DO have the responsibility to move their coins if QC ever threatens ECDSA, but that has nothing to do with the decision to freeze their coins if they don’t.

We have coins on chain today that we can tell were created from old vulnerable wallets and entropy. They get stole by bots brute forcing those keys. Why don’t we freeze those coins

It seems really dumb to freeze coins that aren’t stolen preemptively that we don’t even know can be stolen. There are vulnerable keys on bitcoin all the time. If anyone has problems with confiscating >1000 sat UTXOs with some proposal like the cat (which I agree is way too far, btw), then I can’t see how freezing coins - not because QC is here - but because enough people are afraid that it’s eminent that we are going to go ahead and essentially cause the very harm that others would be vulnerable to (losing their coins) before the quantum attacker does it.

So what? Still not your coins!

Freezing is stealing. It's extremely dishonest of you to frame it as others are stealing but you're not. Call it stealing for the greater good if you like, but it is still stealing.

Yo, I feel ya on the core principle vibe, but let’s break it down! 🤔 If we’re stuck choosing between getting our coins snatched by a QC startup or freezing them by a fork, what’s the play? Is there a way to keep it decentralized and still protect our assets? #Bitcoin #CryptoTalk

Freezing other people’s bitcoins is wrong, no matter what the motivation. In my view there is only one way to preserve Bitcoin’s censorship‑resistance without violating that principle:

Introduce quantum‑resistant addresses - By adding a new address format that is provably secure against any foreseeable quantum attack, users who consider quantum computers a real threat can voluntarily move their funds to those addresses. The choice remains entirely in the hands of the coin holder. If a holder decides not to migrate —whether because they have lost the private‑key, because they distrust the new format, or for any other personal reason — then they accept the associated risk. The potential loss is a direct consequence of their own decision, not of an imposed freeze.

Should quantum computing enable the reactivation of old Bitcoin addresses, their influx may cause a crash in the price, but the price can recover. A temporary price-correction is not a reason to compromise the protocol’s core guarantees.

Preserving Bitcoin’s immutable, permission‑less nature must remain the highest priority.

IOW, you can allow (probably) a good majority of (not-lost) funds to be recovered, but *only* if you freeze other spend paths!

So you want to steal coins for the greater good.

its a social problem masked as a technical problem

i dont think preemptively stealing coin because they may theoretically get stolen in the future makes sense

once you go down that route it’s a slippery slope

There are basically three camps, as I understand it, who all agree this is impossible.

1. Gil Kalai and friends who buy QM but says there is "correlated-noise" that will limit scale even with perfect engineering

2. Roger Penrose and friends who don't buy QM as it stands but have another model and would say there is "self-decoherence" because of gravity and such

3. The aristotelian/common sense camp (which I agree with) that says that quantum weirdness is a total misunderstanding because materialists are looking at the world upside down

Whoever has the right model, there are more people than you might think who agree it's obviously not physically possible. That doesn't mean we dont think the eimnginers are good enough. It means it is not possible because reality has rules and those rules called physics make it fundamentally totally impossible.

I think from a non-insane point of view, as things get bigger you end up with a normal universe and not a quantum weird universe. Have you ever violated the principle of non-contradiction in real life? Have you ever known a cat that was both alive and dead?

Whatever the details are, the result is the same. If you are a "Believe the Science" type, rather than a common sense person, I suggest Gil Kalai. They've been running these experiments for a long time and never proven his math or his point wrong this whole time. I am pretty sure a lot of the researchers secretly think he is probably right by now, but what are they going to do?

I don't want to burn any coins either, though I have not looked hard enough at The Cat yet to decide if I think it is valid to kill the spam and dust. I do not agree with supporting non-menetary abuses of the network. So maybe that makes sense but I I'm not taking a hard position right now and I'm not focused on that and haven't dug in enough.

What I do care about is that doing anything about QC right now is objectively very destructive to Bitcoin and freedom tech in general. ECC is our best weapon and we shouldn't give it up based on an an unfalsifiable and unoroven belief that QC is even possible, much less eminent.

If they crack a key with shor we will have plenty of time to deal with it before it becomes and economically viable threat. Which will never happen anyway. So let's shut this FUD attack down for now. There are a lot of bad incentives for promoting this scare and it is all bullshit.