From mboxrd@z Thu Jan 1 00:00:00 1970 Delivery-date: Sun, 13 Jul 2025 13:57:18 -0700 Received: from mail-yw1-f189.google.com ([209.85.128.189]) by mail.fairlystable.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (Exim 4.94.2) (envelope-from ) id 1ub3l7-0004eo-KR for bitcoindev@gnusha.org; Sun, 13 Jul 2025 13:57:17 -0700 Received: by mail-yw1-f189.google.com with SMTP id 00721157ae682-711136ed77fsf53323137b3.0 for ; Sun, 13 Jul 2025 13:57:17 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1752440231; cv=pass; d=google.com; s=arc-20240605; b=i6jJSaqBTh4JDfRfJshfUE3uP73zeavSqyN982Xjf9WmCRZhssLqH4K6MmEax27ekc kX7bgwFOJhHYz/t3Y0N6tyvbPpAjzfUXvjSZuBFxSEKt3+n4uG4avVKwWRu7kgc3iCrQ f8glaCFR0IGV01YmzTQjve94kUSBABROckPV1VfY6PQS0pHNZpdaMuyzOOGtpfxUq4Lt n+pOioclcOVIUeaB/qTU6gt1e3zzC8N61Xhq5SPi5vVHG9zbCKMDB7q+MI0bBXfSgnab uqzIpgTiZ8tPci/+0n0SnGz34rQYa/r3Ri7aeXiyU4LZVi9U/AH41b5I67hmeR8+0X+Y S4jA== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:content-transfer-encoding :mime-version:feedback-id:references:in-reply-to:message-id:subject :cc:from:to:date:sender:dkim-signature; bh=nPDZzcWrwE/scJ+wTuZ2YnpuIFLrkTBPO0+/bB+r8vY=; fh=FUYbUoymdqtswlYop0PHeG3JpoziTpi8aXBcNJ2UNwY=; b=J0l/Vuk5WkjvZawP3YIXgrgfkoC35lPZIlMizjMtwWDmmVs7VNYxIQXTSHX0ZIhdnt Mw6U7pRn8IrU4u+/ClMhoRXDlWmyeHG8EtfZXNOSY//w0NxrqbgVLz0g5CvlCARkR1Q1 i+0T4RuFZNhjX4JgkDKCQ1uHSlNuQHLpe7wjBU6ckCWZw70VuCkIoqvXTkJ7qm7ft/zn X5+7SQcMC72kbJYpE1764CTkybUy9n2wdpyXU5ZF7+rBVMQn3e2coEOfJMBHJj+Geq+W XHmYzZBGWIdCbufYuRB+TXk/rrPmu7Me4YLXHWHjkLYDiSQRUmj5m/NlR86jrMuxnhan 11ZQ==; darn=gnusha.org ARC-Authentication-Results: i=2; gmr-mx.google.com; dkim=pass header.i=@wuille.net header.s=protonmail2 header.b=DExjHNck; spf=pass (google.com: domain of bitcoin-dev@wuille.net designates 79.135.106.25 as permitted sender) smtp.mailfrom=bitcoin-dev@wuille.net; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=wuille.net DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com; s=20230601; t=1752440231; x=1753045031; darn=gnusha.org; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:x-original-authentication-results :x-original-sender:content-transfer-encoding:mime-version :feedback-id:references:in-reply-to:message-id:subject:cc:from:to :date:sender:from:to:cc:subject:date:message-id:reply-to; bh=nPDZzcWrwE/scJ+wTuZ2YnpuIFLrkTBPO0+/bB+r8vY=; b=MFf3qsJoY+6i6nudDlvom/7tXF3Gyg4vGhMKoCpUn/642UlvkW02dINeY8X10tr+1i 5Wnm8movietS9aOgZq9BAlcR6BUQ1J6TWR5qVkFZJfVG/e+TCuzfEec8SW+ax7ESvd5Q jKTUdo2NCGcZxuiEmJvIZj2A7x4EmbTKMekM0H6ubp9/dd0zi6dalpyTzo1x2qmkTVLh EnN230CxtbtwDefGIaMhm1NRotHkXRMDJsHN9dk9gbV1j+GECiCzy/+U2LpG0Li9XR01 9daJx5nNE3LSBNqo6PRD7E3ZPkpv1rk27Q4Auxate7puqQOZDeDa8F7Bgp3FqbkjdYrp HcOQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1752440231; x=1753045031; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:x-original-authentication-results :x-original-sender:content-transfer-encoding:mime-version :feedback-id:references:in-reply-to:message-id:subject:cc:from:to :date:x-beenthere:x-gm-message-state:sender:from:to:cc:subject:date :message-id:reply-to; bh=nPDZzcWrwE/scJ+wTuZ2YnpuIFLrkTBPO0+/bB+r8vY=; b=efii4E2npqZ1xpQadq79ZBY3IqjVuCyOpS5lo/MEi6VHaAx9jPDrU01NZEh0vbctis Oy29trlM/uz/Vnsz6A/y4WlbjoSAfqYPFVMO8pk3+roU2j1nnJzQjXZJuloJxsC3izZo /UUnT9n3ML3m+QQ2jfnwxigxVFy2r1JZxo8HQOkDCQGrb++Y7DEW413DAlXoSlJwAS6p 2OxQlQ0xfLcUl7PtQGbUJg4/a2a7cvcUcLVYU8YzNLctBYaNv6Wzlu74BcVYBJpLrIa+ V6DKc2oy/MuL1DJdl45WXzPRGeBYluCEw4rd8MiaSqZt8K2I5dCqt6s3gQckKReNju57 lKOg== Sender: bitcoindev@googlegroups.com X-Forwarded-Encrypted: i=2; AJvYcCVaKQh+JTyXTZ63xrTJ4OFLyUounAz/y1+MJr5Uc494Sk0ewEf/CWJ34pBAUoFaCxypAXoiZ3ZzwtW+@gnusha.org X-Gm-Message-State: AOJu0YxzOUF5yMFZig2s5dB4UF/r0Tbra0ZgtVopuQbMXFOOEGyBJAEa xSHOQUFRbXcpSL5So9LNVKamYV6QTGsTNMaxuAV61CBmCcfGomPdGTxO X-Google-Smtp-Source: AGHT+IF5d2uEi0jkXE7DCrVhHzUbCB6ZOD5ha5MHbU0VOdcbyMhP870e7C8+aJMEVidXv0+jR5WlXA== X-Received: by 2002:a05:690c:3801:b0:70f:84c8:312e with SMTP id 00721157ae682-717d78afed9mr180431547b3.1.1752440231282; Sun, 13 Jul 2025 13:57:11 -0700 (PDT) X-BeenThere: bitcoindev@googlegroups.com; h=AZMbMZcX7oqXS1SK5UuPNHl87Ml8ftBzttpInpcg6vOj4EPjTg== Received: by 2002:a25:df57:0:b0:e87:c996:a10 with SMTP id 3f1490d57ef6-e8b778de239ls760372276.1.-pod-prod-07-us; Sun, 13 Jul 2025 13:57:06 -0700 (PDT) X-Received: by 2002:a05:690c:6488:b0:716:43d5:ffe4 with SMTP id 00721157ae682-717d7a5ff48mr167989577b3.28.1752440226680; Sun, 13 Jul 2025 13:57:06 -0700 (PDT) Received: by 2002:a05:6504:e88:b0:2b1:9626:e73d with SMTP id a1c4a302cd1d6-2b91927775bmsc7a; Sun, 13 Jul 2025 12:28:54 -0700 (PDT) X-Received: by 2002:a05:6512:2316:b0:553:35ad:2f2d with SMTP id 2adb3069b0e04-55a044cc87bmr2865954e87.18.1752434932187; Sun, 13 Jul 2025 12:28:52 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1752434932; cv=none; d=google.com; s=arc-20240605; b=NLamWG+joPjhWV/jtCeyvNZTAy2Vh6u/LMvu7PcrTQqqhC1BQYoahVUsTOMRriKUru wlTNA4q8PEK/Rh9vJOTGGh+Um3/EuhZJbAlAxEWU5WRmLyLeSJtj5297O5BjZ9EADU+q Hl6YHZX/kPIxnMCG8Cjl8py6r4DkMWAhWr8oFo4bj1SzjQgzN8M7no+WucIeKDzpOotc ETWTO/sIM1R4vY2oaZsQev4wYW5fkG0/OA0MXzwvjHi+JzXvp7Pvq2XT3J/T1bQ3zhxt X0W23jla1KpS1as+hTCuNOFsrVQ8+TIqM2g0jhtVzZw8LHR9v4vcbAEMPzCyABc2DWfY X8gg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=content-transfer-encoding:mime-version:feedback-id:references :in-reply-to:message-id:subject:cc:from:to:date:dkim-signature; bh=AIobaq35p7OSFdwwRjBROFKYrYQbbN1pdgX2s8tfUL0=; fh=6b1pLcW6tcZ6I7AhOCDpUTdU/HBZRb+DjIxd1ga4+Sc=; b=BwQkwA5g7QWzr61z6NsxcP/hy+GzPaYS+frilKANDVy2tSd4w6VsprVmJA/RFhox1G rEU9acEhnu33wrNa16nc/hWhpiCyVXBJPfgxxrNIAdm26iaqRuIsDgX5nkuJJdQCu8DP wq3oIwEU62sz8+ivxdptu6uM2NKhQnFZ4/vIW8PDsvQUzXp84Inz22mg/bvYiV+Om5q5 f6Fi85XSicC18GSBBbDV//5w8hbTwJPrjirf5V64Otn2CHRDUeatsPC9PJvVoP6wEQXh 0eAH5aT8Ba9gu+yHHX39LyOngWlUuWUDZkvdAfJbUfxoz+fUyW+bQ+YFWAbblVZkm/1n 7fkA==; dara=google.com ARC-Authentication-Results: i=1; gmr-mx.google.com; dkim=pass header.i=@wuille.net header.s=protonmail2 header.b=DExjHNck; spf=pass (google.com: domain of bitcoin-dev@wuille.net designates 79.135.106.25 as permitted sender) smtp.mailfrom=bitcoin-dev@wuille.net; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=wuille.net Received: from mail-10625.protonmail.ch (mail-10625.protonmail.ch. [79.135.106.25]) by gmr-mx.google.com with ESMTPS id 2adb3069b0e04-5593c7e790fsi305445e87.1.2025.07.13.12.28.51 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 13 Jul 2025 12:28:52 -0700 (PDT) Received-SPF: pass (google.com: domain of bitcoin-dev@wuille.net designates 79.135.106.25 as permitted sender) client-ip=79.135.106.25; Date: Sun, 13 Jul 2025 19:28:49 +0000 To: Boris Nagaev From: Pieter Wuille Cc: Bitcoin Development Mailing List Subject: Re: [bitcoindev] Against Allowing Quantum Recovery of Bitcoin Message-ID: In-Reply-To: <9644c572-8cb9-4ce5-8d3c-a01602dc0e1dn@googlegroups.com> References: <893891ea-34ec-4d60-9941-9f636be0d747n@googlegroups.com> <1ae281cd-20a8-4b50-98b7-c228f090ad7an@googlegroups.com> <9644c572-8cb9-4ce5-8d3c-a01602dc0e1dn@googlegroups.com> Feedback-ID: 19463299:user:proton X-Pm-Message-ID: 49e48570c1542afed88401bbf4a25489e2292711 MIME-Version: 1.0 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Original-Sender: bitcoin-dev@wuille.net X-Original-Authentication-Results: gmr-mx.google.com; dkim=pass header.i=@wuille.net header.s=protonmail2 header.b=DExjHNck; spf=pass (google.com: domain of bitcoin-dev@wuille.net designates 79.135.106.25 as permitted sender) smtp.mailfrom=bitcoin-dev@wuille.net; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=wuille.net Precedence: list Mailing-list: list bitcoindev@googlegroups.com; contact bitcoindev+owners@googlegroups.com List-ID: X-Google-Group-Id: 786775582512 List-Post: , List-Help: , List-Archive: , List-Unsubscribe: , X-Spam-Score: -0.8 (/) On Sunday, July 13th, 2025 at 2:01 PM, Boris Nagaev wro= te: > On Sunday, July 13, 2025 at 1:09:01=E2=80=AFPM UTC-3 Ethan Heilman wrote: >=20 >=20 > > That is, quantum vulnerable outputs, in the presence of a quantum compu= ter, have already had their value destroyed. They no longer function as pro= perty, but instead function as an inflationary reward for owning a quantum = computer. Freezing them simply reflects this reality and protects quantum r= esistant coins from the inflation caused by quantum attacks. >=20 >=20 > The key issue is that we don't know whether the quantum threat will mater= ialize. It's an open question. Jameson's proposal requires taking action be= fore such a threat actually exists. But without knowing if or when it will = happen, it's hard to justify such a significant change. I want to make a perhaps controversial nuance here. I believe the the main quantum-related threat to bitcoin, at least in the m= edium term, is not the actual materialization of a cryptographically-releva= nt quantum computer (CRQC), but **the belief** whether one may exist soon a= fter. I don't mean to imply that such a machine won't ever appear, but I be= lieve the fear that one may exist will likely have a more meaningful impact= , and come much earlier. Furthermore, I don't think the availability of quantum-safe output types wi= ll be sufficient to mitigate this fear-threat, because I don't see how the = mere existence of quantum-safe outputs will be sufficient to incentivize th= e vast majority of coin holders to move their coins. Some may not believe a= CRQC will ever exist. Some may have use cases that are incompatible with t= hem (e.g. nothing BIP32-like for them, no key aggregation/thresholds, or th= ey're too large for certain use cases). Some may simply not bother to imple= ment whatever is required, because they're busy building altcoin infrastruc= ture[1] that's more profitable (there are still major ecosystem players tha= t cannot even *send* to taproot outputs...). And all of that is ignoring co= ins which have simply been lost, which will definitely not move. All of that together means that the mere existence of quantum-safe outputs = will not be sufficient to largely remove the presence of CRQC-vulnerable co= ins from the system. And without that, the fear of the existence of a CRQC = may remain an existential threat due to the sell pressure it may cause. Eve= n those who have moved their coins to quantum-safe outputs may worry about = an exchange-rate crash caused by a QRQC operator selling stolen coins, whic= h may fuel even more sell pressure. It's quite possible I'm wrong here, about sentiment, or about what happens = in what order. But I think it's worth considering. And if so, then I think = the conclusion is that the actual mitigation to (the fear of) a quantum thr= eat is (the prospect of) freezing CRQC-vulnerable coins. Everything else, u= p to and including investigating, proposing, activating, and advocating for= usage, of quantum-safe outputs, is just be preparatory. Those would be nec= essary first steps of course, but absent a subsequent prospect of actually = disabling quantum-vulnerable outputs, they may be irrelevant in the grand s= cheme of things. To be clear, I am not advocating for any specific cause of action here. Not= on BIPs, timelines, approach, or even whether something should be done at = all. However, I do consider it naive to say that simply making post-quantum= output types available is a solution. [1] https://rusty.ozlabs.org/2020/05/27/bitcoin-exchanges-are-now-the-ene= my.html Cheers, --=20 Pieter --=20 You received this message because you are subscribed to the Google Groups "= Bitcoin Development Mailing List" group. To unsubscribe from this group and stop receiving emails from it, send an e= mail to bitcoindev+unsubscribe@googlegroups.com. To view this discussion visit https://groups.google.com/d/msgid/bitcoindev/= qiwLbcmBGlNhbgEb-1WMrZdOS-JQpYVyxfAxcKYmkLSwcwvAKI9faDZigqE94yaPV9-snFurf5X= 9OXlgXqOGgyJSGJ11AhgrYXgVBjhflw0%3D%40wuille.net.