Re: [bitcoindev] Re: The limitations of cryptographic agility in Bitcoin

Bitcoin Development Mailinglist
 help / color / mirror / Atom feed

From: Ethan Heilman <eth3rs@gmail.com>
To: Erik Aronesty <erik@q32.com>
Cc: "waxwing/ AdamISZ" <ekaggata@gmail.com>,
	 Bitcoin Development Mailing List <bitcoindev@googlegroups.com>
Subject: Re: [bitcoindev] Re: The limitations of cryptographic agility in Bitcoin
Date: Wed, 25 Feb 2026 17:43:00 -0500	[thread overview]
Message-ID: <CAEM=y+W_KDes6WMWc-MtTptKHeEqrstnyi4fdxeEs1SstXQSKg@mail.gmail.com> (raw)
In-Reply-To: <CAJowKgJwq88yfJEQzZ+v-33EtEuYif1y6qsXtyoRyk2V+44cww@mail.gmail.com>

[-- Attachment #1: Type: text/plain, Size: 4348 bytes --]

>  the physics is cool, but the engineering needed to scale may still well
be impossible in the physical world.   bitcoin *cannot* respond to claims
that unicorns exist with protocol change

We may never have a CRQC that's a real but unlikely possibility. Let's say
you believe in your heart of hearts that CRQCs are impossible. Algorithm
agility is still critical to the future of Bitcoin in such a world.

To quote from Guidelines for Cryptographic Algorithm Agility and Selecting
Mandatory-to-Implement Algorithms (RFC 7596)
<https://datatracker.ietf.org/doc/html/rfc7696>

"Cryptographic algorithms age; they become weaker with time.  As new
cryptanalysis techniques are developed and computing capabilities improve,
the work required to break a particular cryptographic algorithm will
reduce, making an attack on the algorithm more feasible for more
attackers.  While it is unknown how cryptoanalytic attacks will evolve, it
is certain that they will get better."
...
Protocol designers need to assume that advances in computing power or
advances in cryptoanalytic techniques will eventually make any algorithm
obsolete."

A CRQC is one of many threats to the cryptography used in Bitcoin
signatures. If we want Bitcoin to be a secure store of value over at least
one human lifetime, then algorithm agility is a must. Part of that security
is that your coins don't get stolen due to cryptographic weaknesses, part
of that security is that know your coins are unlikely to get stolen,
i.e. epistemological problem.


On Wed, Feb 25, 2026 at 10:03 AM Erik Aronesty <erik@q32.com> wrote:

>
> I'm in, I think, a group of people now, that have pointed this out, here
>> and elsewhere ... I like to call it the "epistemological problem" because,
>> why use short words when a long one will do :) The scenario is all the
>> worse because (as, again, has been pointed out before): the "I have a CRQC"
>> signed message you mention is (more likely), or can be, someone who has
>> just placed a short in the market, rather than an actual CRQC holder. The
>> point is that during a period from "bitcoin doesn't have PQ algos" to
>> "bitcoin has PQ algos" the transition will always be essentially 100%
>> opaque; every honest action of moving to safety looks identical, onchain,
>> to theft.
>>
>
>
>   a key that is crackable in-advance of bitcoin being cracked, so that we
> know quanutm is "real".
>
>  1. deterministic random elliptic-curve address on a much
> smaller-bit-strength curve, but not so much smaller that classical attacks
> are feasable
>  2. bounty for the solution enforceable with a smart contract
>  3. refusal to accept that "i have a CRQC" message unless this
> well-known-key is used, because anything else is likely a scam (private key
> known in advance)
>  4. understanding that cracking a 180-bit key only gives us 6 months to a
> year of quantum engineering scaling to fix bitcoin
>  6. published plan to move quickly as needed
>
> the physics is cool, but the engineering needed to scale may still well be
> impossible in the physical world.   bitcoin *cannot* respond to claims that
> unicorns exist with protocol changes.  but we *can* respond with a bip that
> allows us to rapidly deploy defense against unicorn horns once irrefutable
> evicence arrives that they exist.
>
> --
> You received this message because you are subscribed to the Google Groups
> "Bitcoin Development Mailing List" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to bitcoindev+unsubscribe@googlegroups.com.
> To view this discussion visit
> https://groups.google.com/d/msgid/bitcoindev/CAJowKgJwq88yfJEQzZ%2Bv-33EtEuYif1y6qsXtyoRyk2V%2B44cww%40mail.gmail.com
> <https://groups.google.com/d/msgid/bitcoindev/CAJowKgJwq88yfJEQzZ%2Bv-33EtEuYif1y6qsXtyoRyk2V%2B44cww%40mail.gmail.com?utm_medium=email&utm_source=footer>
> .
>

-- 
You received this message because you are subscribed to the Google Groups "Bitcoin Development Mailing List" group.
To unsubscribe from this group and stop receiving emails from it, send an email to bitcoindev+unsubscribe@googlegroups.com.
To view this discussion visit https://groups.google.com/d/msgid/bitcoindev/CAEM%3Dy%2BW_KDes6WMWc-MtTptKHeEqrstnyi4fdxeEs1SstXQSKg%40mail.gmail.com.

[-- Attachment #2: Type: text/html, Size: 5366 bytes --]

next prev parent reply	other threads:[~2026-02-25 22:46 UTC|newest]

Thread overview: 16+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2026-02-13 16:20 [bitcoindev] " Pieter Wuille
2026-02-13 19:39 ` Erik Aronesty
2026-02-13 21:50 ` Light
2026-02-13 22:52   ` 'Antoine Poinsot' via Bitcoin Development Mailing List
2026-02-14  3:43     ` Light
2026-02-17 14:11       ` Garlo Nicon
2026-02-16  9:59   ` sadiq Ismail
2026-02-13 21:54 ` Ethan Heilman
2026-02-14 12:02 ` [bitcoindev] " waxwing/ AdamISZ
2026-02-17  3:49 ` [bitcoindev] " 'conduition' via Bitcoin Development Mailing List
2026-02-17 20:04 ` [bitcoindev] " Pieter Wuille
2026-02-19  7:22   ` 'conduition' via Bitcoin Development Mailing List
2026-02-25 12:00   ` waxwing/ AdamISZ
2026-02-25 14:39     ` Erik Aronesty
2026-02-25 22:43       ` Ethan Heilman [this message]
2026-02-26  2:07         ` Alex

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to='CAEM=y+W_KDes6WMWc-MtTptKHeEqrstnyi4fdxeEs1SstXQSKg@mail.gmail.com' \
    --to=eth3rs@gmail.com \
    --cc=bitcoindev@googlegroups.com \
    --cc=ekaggata@gmail.com \
    --cc=erik@q32.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox