GM. Timelocks are cool.
Liana Wallet
Liana Wallet
npub1ejky...expu
Liana is a simple Bitcoin wallet with built-in loss protection and inheritance. Developed by Wizard Sardine.
How quantum computing affects Bitcoiners, Part II
The second part of our summary of Chaincode Labs' excellent paper on Bitcoin and quantum resistance.
Migration strategies and the burn vs steal debate.
Bitcoins that are locked in addresses with publicly-revealed public keys are most vulnerable to theft from future quantum computers:
- Satoshi's coins
- Other early coins that may be lost
- Reused addresses
Researchers estimate that there are 6 million such vulnerable bitcoin
It's not just Satoshi's coins and coins with lost keys that are vulnerable
Some prominent examples of addresses with exposed public keys are yellow highlighted in this image from @Jameson Lopp 's article on quantum resistance:
Ideally, we come up with a way to make all coins safe from quantum attack
All quantum resistance proposals currently require that users send their coins to new, quantum resistant addresses
There are ~190 million UTXOs
The good folks at Chaincode Labs pulled together research on how long it might take to migrate everyone's bitcoin to quantum resistant addresses
Estimates vary between 140 and 560 days
This is one very strong reason to start working on this problem long before it becomes a problem
There are a number of proposals for how this migration could work:
But all of them first require a soft fork or hard fork to introduce new quantum resistant address types
Commit-Delay-Reveal (CDR) has users create a quantum-resistant tx with an op-return that references the public key of their vulnerable coins
A soft fork then enforces a time delay before the coins can be moved by a 2nd tx that is signed by the original key and the op-return key
Quantum Resistant Address Migration Protocol (QRAMP) proposes a hard fork that enforces a flag day beyond which coins in quantum vulnerable addresses can no longer be spent
QRAMP could be used in combination with proposed BIP 360: pay to quantum resistant hash addresses
Hourglass strategy
A soft fork enforces a new rule that only a certain number of txs spending from quantum vulnerable addresses may be included in any one block
This slows the rate at which such coins could be stolen (or spent)
Might also generate a lot of fees for miners
In addition to the question of how Bitcoin achieves quantum resistance, there is also this:
What happens to the coins to which nobody has the keys?
Some proposals permanently freeze them while others leave them up for quantum theft.
Burn or steal?
The burn argument goes like this: Sure we don't want to prevent anyone from spending their coins, but this is a clear vulnerability: coins that the protocol guarantees as safe can be stolen.
Therefore, permanently freezing the lost coins best maintains Bitcoin's rules
The steal argument goes like this: Bitcoin is built on enforcing the sovereignty of key-owners. Changing the protocol to freeze some coins violates this important value.
Bitcoin should never change its rules such that we risk preventing a user from spending their coins.
Where does this leave us?
Making Bitcoin quantum resistant requires
1. A soft fork
2. Migrating all coins to new addresses
3. Tough decisions about what to do with coins that can't migrate
Bitcoin has so many stakeholders at this point that such an undertaking will clearly be slow
Even if you think that quantum computing is far overhyped, we really should start moving on it.
The best thing you can do is educate yourself. Read Chaincode Labs' paper here:
.pdf
Huge props to Clara Shik and @deadmanoz for their work!
Cypherpunk Cogitations
Against Allowing Quantum Recovery of Bitcoin
An argument in favor of burning bitcoin in vulnerable addresses to prevent funds from being taken by those who win the quantum computing race.
Ideally, we come up with a way to make all coins safe from quantum attack
All quantum resistance proposals currently require that users send their coins to new, quantum resistant addresses
There are ~190 million UTXOs
The good folks at Chaincode Labs pulled together research on how long it might take to migrate everyone's bitcoin to quantum resistant addresses
Estimates vary between 140 and 560 days
This is one very strong reason to start working on this problem long before it becomes a problem
There are a number of proposals for how this migration could work:
But all of them first require a soft fork or hard fork to introduce new quantum resistant address types
Commit-Delay-Reveal (CDR) has users create a quantum-resistant tx with an op-return that references the public key of their vulnerable coins
A soft fork then enforces a time delay before the coins can be moved by a 2nd tx that is signed by the original key and the op-return key
Quantum Resistant Address Migration Protocol (QRAMP) proposes a hard fork that enforces a flag day beyond which coins in quantum vulnerable addresses can no longer be spent
QRAMP could be used in combination with proposed BIP 360: pay to quantum resistant hash addresses
Hourglass strategy
A soft fork enforces a new rule that only a certain number of txs spending from quantum vulnerable addresses may be included in any one block
This slows the rate at which such coins could be stolen (or spent)
Might also generate a lot of fees for miners
In addition to the question of how Bitcoin achieves quantum resistance, there is also this:
What happens to the coins to which nobody has the keys?
Some proposals permanently freeze them while others leave them up for quantum theft.
Burn or steal?
The burn argument goes like this: Sure we don't want to prevent anyone from spending their coins, but this is a clear vulnerability: coins that the protocol guarantees as safe can be stolen.
Therefore, permanently freezing the lost coins best maintains Bitcoin's rules
The steal argument goes like this: Bitcoin is built on enforcing the sovereignty of key-owners. Changing the protocol to freeze some coins violates this important value.
Bitcoin should never change its rules such that we risk preventing a user from spending their coins.
Where does this leave us?
Making Bitcoin quantum resistant requires
1. A soft fork
2. Migrating all coins to new addresses
3. Tough decisions about what to do with coins that can't migrate
Bitcoin has so many stakeholders at this point that such an undertaking will clearly be slow
Even if you think that quantum computing is far overhyped, we really should start moving on it.
The best thing you can do is educate yourself. Read Chaincode Labs' paper here:
.pdf
Huge props to Clara Shik and @deadmanoz for their work!