Altcoins Talks - Cryptocurrency Forum
Crypto Discussion Forum => Cryptocurrency discussions => Technical Discussion => Topic started by: ABCbits on March 19, 2025, 10:25:36 AM
-
Against Allowing Quantum Recovery of Bitcoin
An argument in favor of burning bitcoin in vulnerable addresses to prevent funds from being taken by those who win the quantum computing race.
The quantum computing debate is heating up. There are many controversial aspects to this debate, including whether or not quantum computers will ever actually become a practical threat. If you want a high level overview of the technical issues, check out my presentation from 2024: https://youtu.be/MTUzpR_mxAg (https://youtu.be/MTUzpR_mxAg). Read more here (https://blog.lopp.net/against-quantum-recovery-of-bitcoin/).
When people about this topic (quantum computer and vulnerable Bitcoin address), usually these are are 3 option frequently mentioned.
1. Do nothing.
2. Freeze all "vulnerable" address.
3. Redistribute Bitcoin on "vulnerable" address, before someone use Quantum computer to steal it.
Personally i prefer option 1, but Jameson Lopp write detailed and interesting argument regarding option 2. What do you all think?
-
Against Allowing Quantum Recovery of Bitcoin
An argument in favor of burning bitcoin in vulnerable addresses to prevent funds from being taken by those who win the quantum computing race.
What do you all think?
Burning actually seems like a fix but in my opinion I don't think it's feasible. Come to think of it, who would afford to burn their bitcoins? I mean take a good look at the ecosystem, everyone is most concerned about having a huge amount of Hodlings rather than tossing them away.
The only scenario I see burning feasible is back years ago when bitcoin relatively had no value. Infact the amount you would need to burn that would be significant is unbelievably large for holders to consider.
-
Against Allowing Quantum Recovery of Bitcoin
An argument in favor of burning bitcoin in vulnerable addresses to prevent funds from being taken by those who win the quantum computing race.
What do you all think?
Burning actually seems like a fix but in my opinion I don't think it's feasible. Come to think of it, who would afford to burn their bitcoins? I mean take a good look at the ecosystem, everyone is most concerned about having a huge amount of Hodlings rather than tossing them away.
The only scenario I see burning feasible is back years ago when bitcoin relatively had no value. Infact the amount you would need to burn that would be significant is unbelievably large for holders to consider.
I think you misunderstood Lopp's statement. He actually meant burning Bitcoin owned by Satoshi and everyone else who don't move their Bitcoin from vulnerable address until specific time. His idea describe burning from protocol side, rather than side of the Bitcoin owner.
-
Option 3 is a no go to me
Option 2 is like a last resort Imo( technically the only option for now)
Burning seem like our only solution now but it goes against one of Bitcoin principles which is self custody/freedom.
If someone still has the key to a wallet they have the right to move their coins.
Are they going burn the coins in the form of a soft fork like Segwit
Say making transactions spending these UTXOs invalid?
I feel burning should be placed as a last resort and we should use this time to find a Better solution.
Bitcoin isn't the only thing that would be at risk to quantum computing so others are still researching on how to build resistance.
-
None will happen.
Both 2 and 3 will be seen as the actions of a bank, you don't move your money in the account we say we confiscate them, you don't change your old notes by December with new notes no merchant will ever be allowed to accept them, let's not even go to the redistribution of wealth since that is commie behaviors once again.
You're basically having a bunch of people decide which of your money is good and bad, goodbye decentralization.
-
Are they going burn the coins in the form of a soft fork like Segwit
Say making transactions spending these UTXOs invalid?
The article mention few details about it.
"Of course they have to be confiscated. If and when (and that's a big if) the existence of a cryptography-breaking QC becomes a credible threat, the Bitcoin ecosystem has no other option than softforking out the ability to spend from signature schemes (including ECDSA and BIP340) that are vulnerable to QCs. The alternative is that millions of BTC become vulnerable to theft; I cannot see how the currency can maintain any value at all in such a setting. And this affects everyone; even those which diligently moved their coins to PQC-protected schemes."
- Pieter Wuille
Centralized Blacklisting Power
Burning vulnerable funds requires centralized decision-making - a soft fork to invalidate certain transactions. This sets a dangerous precedent for future interventions, eroding Bitcoin’s decentralization. If quantum theft is blocked, what’s next—reversing exchange hacks? The system must remain neutral, even if it means some lose out.
I think this could be a potential slippery slope if the proposal was to only burn specific addresses. Rather, I'd expect a neutral proposal to burn all funds in locking script types that are known to be quantum vulnerable. Thus, we could eliminate any subjectivity from the code.
A soft fork to burn vulnerable bitcoin could certainly result in a hard fork if there are enough miners who reject the soft fork and continue including transactions.
In short,
1. It could be either soft fork or hard fork depending on miners support.
2. The "burning" process could be by blacklist either certain address, certain cryptography or certain locking/spending script.
-
This has always been (and will be) a very tricky question, because if we did something (option 2 or 3) then we would behave as the traditional financial system behaves, but at the same time if we do nothing there is a possibility that someone in the future will actually hack the coins belonging to Satoshi or to one of the early miners who for some reason never "consumed" them.
However, perhaps we should not focus only on the three mentioned options, but also look for a possible fourth. The ideal solution would be that we could somehow "patch" the vulnerable protocol in such a way that these coins would still remain safe - or that a consensus would be created by which trusted people would perform something that would enable these coins to be transferred safely without the possibility that the same concept would ever be misused.
-
However, perhaps we should not focus only on the three mentioned options, but also look for a possible fourth. The ideal solution would be that we could somehow "patch" the vulnerable protocol in such a way that these coins would still remain safe - or that a consensus would be created by which trusted people would perform something that would enable these coins to be transferred safely without the possibility that the same concept would ever be misused.
We can't.
Quantum will exploit the public key first and then with some serious advancement I still doubt possible will be able to break even an address itself.
There is no patch that can change something set before that, a patch to make the public key secure would require first to make that unspendable so, we're back to step 2 or 3.
-
However, perhaps we should not focus only on the three mentioned options, but also look for a possible fourth. The ideal solution would be that we could somehow "patch" the vulnerable protocol in such a way that these coins would still remain safe
The problem isn't vulnerable protocol, but rather vulnerable cryptography and fixed way to spend BTC from vulnerable address.
- or that a consensus would be created by which trusted people would perform something that would enable these coins to be transferred safely without the possibility that the same concept would ever be misused.
Bringing more trust to Bitcoin protocol (especially about messing with Bitcoin ownership) unlikely to be accepted by Bitcoin community.,
-
In that case, we obviously have to accept that sooner or later someone will dig up the "BTC treasure" that has been lying unused for a long time. I can think of one situation in which no one would have to do anything radical to prevent this - and that is that Satoshi might have to come out of the shadows at some point and move his coins to safety, because realistically it would be less damaging for him to do so than for someone to "steal" those coins and dump them on the market.
-
In that case, we obviously have to accept that sooner or later someone will dig up the "BTC treasure" that has been lying unused for a long time. I can think of one situation in which no one would have to do anything radical to prevent this - and that is that Satoshi might have to come out of the shadows at some point and move his coins to safety, because realistically it would be less damaging for him to do so than for someone to "steal" those coins and dump them on the market.
If Satoshi ever come back to move his Bitcoin from vulnerable address, it's likely he'll burn it. For example, by sending Bitcoin to OP_RETURN. And while i agree do nothing (to Bitcoin on vulnerable address) is likely outcome, i wonder what will centralized exchange do if they receive deposit from address that presumed to be owned by Satoshi.
-
~snip~
i wonder what will centralized exchange do if they receive deposit from address that presumed to be owned by Satoshi.
I doubt they would do anything about it, maybe only if Satoshi came forward and said that someone had hacked him - because over the years we have had a lot of coins from 2009 and 2010 that have moved, and although it is possible that some of those coins are part of Satoshi coins, there has been no reaction from CEXs on that issue.
We can hope that these coins will one day be rescued by someone who will store them safely or destroy them.
-
In that case, we obviously have to accept that sooner or later someone will dig up the "BTC treasure" that has been lying unused for a long time. I can think of one situation in which no one would have to do anything radical to prevent this - and that is that Satoshi might have to come out of the shadows at some point and move his coins to safety, because realistically it would be less damaging for him to do so than for someone to "steal" those coins and dump them on the market.
If Satoshi ever come back to move his Bitcoin from vulnerable address, it's likely he'll burn it. For example, by sending Bitcoin to OP_RETURN. And while i agree do nothing (to Bitcoin on vulnerable address) is likely outcome, i wonder what will centralized exchange do if they receive deposit from address that presumed to be owned by Satoshi.
I think those Satoshi's addresses should all be freeze for good, in the protocol level.
They are too dangerous. Imagine if someday someone might be able to hack one of them and claim to be satoshi.
We have already too many volatility and confusion in this ecossystem....
-
--snip--
I think those Satoshi's addresses should all be freeze for good, in the protocol level.
They are too dangerous. Imagine if someday someone might be able to hack one of them and claim to be satoshi.
We have already too many volatility and confusion in this ecossystem....
Even if address presumed to be owned by Satoshi is frozen, the hacker still could sign the message using one of frozen address to make false claim.
-
Even if address presumed to be owned by Satoshi is frozen, the hacker still could sign the message using one of frozen address to make false claim.
Yeah, that is true.
Nobody can do anything about it... Even freezing addresses will be useless... someone could impersonate him if get access to his private keys
-
I think those Satoshi's addresses should all be freeze for good, in the protocol level.
They are too dangerous. Imagine if someday someone might be able to hack one of them and claim to be satoshi.
We have already too many volatility and confusion in this ecossystem....
Yeah, let's just freeze (steal) the coins of the guy that said this:
Banks must be trusted to hold our money and transfer it electronically, but they lend it out in waves of credit bubbles with barely a fraction in reserve. We have to trust them with our privacy, trust them not to let identity thieves drain our accounts.
Data could be secured in a way that was physically impossible for others to access, no matter for what reason, no matter how good the excuse, no matter what.
Yeah, let's take a dump on Bitcoin's whitepaper, .... because reasons. ;D
-
I just read all the replies in this post since honestly how Quantum Computing can "hack" Bitcoin and addresses can be something beyond my comprehension. In conclusion, there seems to be no conclusion on what can be the best option to deal with the possible future problem so maybe the "do nothing" option will eventually come to haunt us later. However, it is good at this early stage, there is already a healthy discussion on this matter so that maybe a solid solution can be found in the right time, something that can be acceptable to most of us in the cryptocurrency industry.
-
Against Allowing Quantum Recovery of Bitcoin
An argument in favor of burning bitcoin in vulnerable addresses to prevent funds from being taken by those who win the quantum computing race.
The quantum computing debate is heating up. There are many controversial aspects to this debate, including whether or not quantum computers will ever actually become a practical threat. If you want a high level overview of the technical issues, check out my presentation from 2024: https://youtu.be/MTUzpR_mxAg (https://youtu.be/MTUzpR_mxAg). Read more here (https://blog.lopp.net/against-quantum-recovery-of-bitcoin/).
When people about this topic (quantum computer and vulnerable Bitcoin address), usually these are are 3 option frequently mentioned.
1. Do nothing.
2. Freeze all "vulnerable" address.
3. Redistribute Bitcoin on "vulnerable" address, before someone use Quantum computer to steal it.
Personally i prefer option 1, but Jameson Lopp write detailed and interesting argument regarding option 2. What do you all think?
In option 3, how will it be possible to Redistribute Bitcoin on vulnerable address, are we going to find anyone or people that are sincere that will do the distribution and to what address will it be distributed to? The price of Bitcoin is getting more and more expensive, Freezing those vulnerable address will be the best option, to take, but no one for now will be able to tell how much things the Quantum Computing will be able to do.
On both sides, in a matter of time, the Quantum Computing will be used for both good and bad, as we are in a world of competition and who holds the power of leadership.
-
In option 3, how will it be possible to Redistribute Bitcoin on vulnerable address, are we going to find anyone or people that are sincere that will do the distribution and to what address will it be distributed to?
--snip--
From what i've seen, people usually suggest it's done by changing Bitcoin protocol rather than hoping someone (who have Quantum Computer) to do it manually. For example,
1. Sending all Bitcoin from "vulnerable" address to non "vulnerable" address.
2. Let miner claim specific amount of Bitcoin from "vulnerable" address on each block.
-
I just read all the replies in this post since honestly how Quantum Computing can "hack" Bitcoin and addresses can be something beyond my comprehension.
Quantum computers can deal with huge numbers even better than Trump and because they deal with non-linear calculations, they can use the Shor alghorythm, which is basically a way to detect large prime numbers, and keys are made out of large prime numbers, but explaining it as simply as possible is that
- Your average person can do the math for 10x10 in a second
- Your normal computer has no trouble with 123456789x123456789
- Your quantum computer has no trouble extracting the root from \(\sqrt[4]{1524157<insert ton of numebrs here 8750190521}\) in still a single line
Since RSA is using large prime numbers for encryption any algorithm that can deal with factorization at that scale could easily deal with the basic RSA encryption, as long as the process is stable for enough time.
The price of Bitcoin is getting more and more expensive, Freezing those vulnerable address will be the best option, to take, but no one for now will be able to tell how much things the Quantum Computing will be able to do.
And this doesn't remind you even a bit about banning people from exchanging their currency to dollars to keep the value of the said currency afloat or bank runs ;)