From mboxrd@z Thu Jan 1 00:00:00 1970 Delivery-date: Wed, 25 Feb 2026 14:46:09 -0800 Received: from mail-oi1-f189.google.com ([209.85.167.189]) by mail.fairlystable.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (Exim 4.94.2) (envelope-from ) id 1vvNdw-0005dp-Rf for bitcoindev@gnusha.org; Wed, 25 Feb 2026 14:46:09 -0800 Received: by mail-oi1-f189.google.com with SMTP id 5614622812f47-463c4133ccasf3218594b6e.2 for ; Wed, 25 Feb 2026 14:46:08 -0800 (PST) ARC-Seal: i=3; a=rsa-sha256; t=1772059562; cv=pass; d=google.com; s=arc-20240605; b=jzHybxru9JxiiQjbEGetrV17ghxIDXMKz++W1C/Qj3Ok+bgSNGSpa4OxdW7Sk/GFgB BgtPL/HrkR6ALmNffFJepUGyWFjxHdMuTPdphzvBQ3TK8CwhhyL0LcZoH29qTtuOvXql d07R2eQb8d/UcrhKjWSa0+ZYIw17a9d3zUFb+pz/zdIF9mVUGy9P3+/cT3VdYouSNDr4 rYYIK453C0nC3+8MlTWGAdz73+K1ngfM0Guo/mTUxhMTG92hmlhEYLN8iezapYP3ohpR UrSJGIyDPWN9sTFPzTnhiZb5hCnhFPl7bAUtHUmgAOQPJBSKuunCWeQUDukBz9AY2YP+ Mq2A== ARC-Message-Signature: i=3; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:sender:dkim-signature :dkim-signature; bh=1IWS2vMClM45/fXMGQBH9dk8zfK/HrrQIFV2EfZC5sw=; fh=2MAQhMmyExyMmAI/U3kzT6DTZ1q006FprBSNpgOwg+A=; b=Q1R8eWk/DsKoT4PMhuMuDEeu7S+S0/KTBPlVi4Ll8MtxMhKHbIt6jdIhrusqsIiiyw gtomV56JBcVsE4tOlheciFB3d1Vhxd6v2o/QXjq4u6cZ4wsIw6HeWzxrJCIQHx2GWLyf 0qCofuHWHecS5jY0pwZ2vfNOpfC7E+yg4f37LNBrZ/Ej0PwUXxou7SLHDkqQ4VI4YJoH mXTPJ2lZ83p8Buuo8b/qGMkNA3s55jPtRBjsM9ToAwlcOD+8lXbO0Bcd/ZLvuJ3XhSfn Q/E+aA2XTPXqYvgLU9SBjM8+nHrRdlbN/WLEskQVKMSkkt6DfHAHvg0ckWTLb6jNzZzC Lh9w==; darn=gnusha.org ARC-Authentication-Results: i=3; gmr-mx.google.com; dkim=pass header.i=@gmail.com header.s=20230601 header.b=P4uiT9dI; arc=pass (i=1); spf=pass (google.com: domain of eth3rs@gmail.com designates 2607:f8b0:4864:20::1036 as permitted sender) smtp.mailfrom=eth3rs@gmail.com; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com; dara=pass header.i=@googlegroups.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com; s=20230601; t=1772059562; x=1772664362; darn=gnusha.org; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:x-original-authentication-results :x-original-sender:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:sender:from:to:cc:subject:date:message-id :reply-to; bh=1IWS2vMClM45/fXMGQBH9dk8zfK/HrrQIFV2EfZC5sw=; b=dIOSXtjqFUuRjekouNFDcTvmSW+RrZXjCvdzEe1Zl6H2dGLErbHkoR5K0ch38tYBLO ShKau71ZRJMPQEufdiLAwqVR005cAumTexPhFYmgoa83FxYBPZGIxweRg4XsIMSWaCkO QQVIi2DMwjosdkdsQL6qyvQDQsEnt4e7tYrAZfga20j62jtqRifS82LTK222dB+905F8 GFyIvmbHEc9H6SxmJ5Zjd97aLGVkwJQvre1cnGyl5Nj0Lu/NFralszRwSv7UdSwMJV0W +Vj+N4kY4nV8vHmj9HrN1Reie7e7H0ikqxOVOaQ9+LmUrdOVKW1yGVbORO2M+9AjhPxD XOTg== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1772059562; x=1772664362; darn=gnusha.org; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:x-original-authentication-results :x-original-sender:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:from:to:cc:subject:date:message-id:reply-to; bh=1IWS2vMClM45/fXMGQBH9dk8zfK/HrrQIFV2EfZC5sw=; b=RUYcYu877G8K+ZKs4DjpJLmhxyLOQcAEj8sr/YRNGYfGsYL88HRl3K7WsfkmyikBrx IJodNytkuJB2cl3NDHSDC5Gi4JlhxlvRyY77ZUUb66qprFEiP3M0BCKHMBPQSq4AMP8K nVcQmai981p1fPkvsBtM0CyBWERYPU8lrVDZ/xjp7NqW/6J9TgDceHYstMkhQcCHK0Go JkwhTWsdXg62Y3lHVHqOAjtSz2FzWKGhBYsMh5msYhwtb4tRzEXfR859jjgK/8pX59c8 SYSfdVXnNgpUym8wPwN9JAFY3kWPToDU15cMmsb1NbIC4eIT5E5krTYxJPU1UdgOftZJ bRvA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1772059562; x=1772664362; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:x-original-authentication-results :x-original-sender:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:x-gm-gg:x-beenthere:x-gm-message-state :sender:from:to:cc:subject:date:message-id:reply-to; bh=1IWS2vMClM45/fXMGQBH9dk8zfK/HrrQIFV2EfZC5sw=; b=lOV0kfu1TSRF3KbUq9U6gxbeZOVNw72uFCx1UUyLdLhv3eJJu/KWK1nz57I63GI2US A7uNQkdHbzjZ0IjY9SqiBrap7JisRR69xUITMFkr3uNZqm/bwn7/BodKKi5qfb8QA5+k LA+vRqJ4Hr5rqf+qqVg0RCppI79ztiPHKnrkryJ81EbT0ryk3TUVYVzeaecJP7sbBfkG /ah4FJdrrCjUsQPTEi1TkM7CMuTWy1mZkaRA7cbRP3kXEz7A2Qajkrjvcm9+Oq2vVZqi t/3bo3Wwd47BVNjsAoNRrN7e2Dc/l8sc/jQXaauclHtK3OJzKb6InsfOhOGlxCVCxqKd Wsjg== Sender: bitcoindev@googlegroups.com X-Forwarded-Encrypted: i=3; AJvYcCX1FHq+vr/DACJ9LcR+xNm3lGesktdmHN+PFSAZ+K7yc2gU337VC+VBWnPDBhHHW8IhH30apBpqkkqM@gnusha.org X-Gm-Message-State: AOJu0YyNW9udWd7wwj+BNOIDvgY6QAf0itBl8ewVCuVP0LlM695x5b+5 KnwJbF8/pChxnarpBIaz0pbd4ffz9ltXjdw9OW+XvvTClXtxjwxiXpwv X-Received: by 2002:a05:6808:1184:b0:450:bb92:7fb6 with SMTP id 5614622812f47-464a9566ed4mr6174b6e.39.1772059562165; Wed, 25 Feb 2026 14:46:02 -0800 (PST) X-BeenThere: bitcoindev@googlegroups.com; h="AV1CL+HwQGjJ+nLjHxP3uUFgOzA4LIkzqO2FnTGspdXMhfO8TQ==" Received: by 2002:a05:6870:5354:20b0:404:2f39:e1c0 with SMTP id 586e51a60fabf-415effd1651ls408254fac.2.-pod-prod-08-us; Wed, 25 Feb 2026 14:45:57 -0800 (PST) X-Forwarded-Encrypted: i=3; AJvYcCX5De65R3P56YDjR9rcZHfTWQ1nu0pQUDCaod7DHgVdqxTSxLyEl1vefOykHXCHp1QrWyS68YD3w6dP@googlegroups.com X-Received: by 2002:a05:6808:11c1:b0:45c:832a:cf43 with SMTP id 5614622812f47-464a9420567mr8090b6e.14.1772059557288; Wed, 25 Feb 2026 14:45:57 -0800 (PST) Received: by 2002:a05:620a:11a9:b0:8cb:7903:6696 with SMTP id af79cd13be357-8cbc114d327ms85a; Wed, 25 Feb 2026 14:44:18 -0800 (PST) X-Forwarded-Encrypted: i=3; AJvYcCW/1HwW4p1FJtqMfnrknXjcCze3nXI81EGLRlQUA7On0kSjOrrcFnnX6fo/dxd4CZYEwok0Z6VRVksJ@googlegroups.com X-Received: by 2002:a05:6123:46:b0:567:50c7:8d9b with SMTP id 71dfb90a1353d-56a93103be4mr123293e0c.8.1772059457955; Wed, 25 Feb 2026 14:44:17 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1772059457; cv=pass; d=google.com; s=arc-20240605; b=e/h3Q+bJDwL5fxHgWBCdfU3luRcwlT28mHFTvD4a1TmqjXIN5UIbKjkAEgz+8wOCit 1gMe7xr7dXPIgwc1bp+BUo2re5QlZCq3c71Se7Yw/qg7Jge+Gup5eI5ulJ+A7/NN0mDt cL93SxfrsZZ5UBbi8ag7mtE1f4aC2CSW6bXMXxnoJnASq/X9TXgmJSc2rjbefROLY5ar Te8rHdK7XjshpUdDpSKblaaTItEIjf44K4/hkLAZiBUCeJFNnepCk5drTNZqQUFPbjMs UWP3oNXhsKHry+AGrNvuOit59Y44K03hPT9+dwS8BllmcwQgO9fdEeZokzN5+MXh6F8Q Vkyw== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:dkim-signature; bh=AOKVt8E9A2Vq3TjTykw8rbLnQUd80H1+CyP5UvWmcu8=; fh=qAep22JDvh8re8OeAW59/rf80zlsyYVsG6JqYYLNJc4=; b=f0JgihVSCm3IDEN6XR+LOcGd6bywl6mepZGo656CwyHpPfQONCLgsQzQLKKMygpXgX vG9OyAYW6HpfDx6qVM76fAAGqPJ5UHBgsT2ZGjEjkIVGm469jmPrOG6zozfGSz/uBr4i KN5lhkilwvV6wCOOQ2S+nZlq9WNbZp+8X8izQueX437oMEKhCEN+5BesWqBwaRcLtAlj 9hOPfq0Dj9g1PqLQibwgx61J6tpUYpdf716VAtdLBPsVj9XWsZuNoB6yi798AwkgIjch HAmlD5ljylJVs9ZlaAbCVGqTyNI7lDzKa60rimlZC8sB/AFwRXGiSExTyuKe6nL3tovP 4NNw==; dara=google.com ARC-Authentication-Results: i=2; gmr-mx.google.com; dkim=pass header.i=@gmail.com header.s=20230601 header.b=P4uiT9dI; arc=pass (i=1); spf=pass (google.com: domain of eth3rs@gmail.com designates 2607:f8b0:4864:20::1036 as permitted sender) smtp.mailfrom=eth3rs@gmail.com; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com; dara=pass header.i=@googlegroups.com Received: from mail-pj1-x1036.google.com (mail-pj1-x1036.google.com. [2607:f8b0:4864:20::1036]) by gmr-mx.google.com with ESMTPS id 71dfb90a1353d-56a92172e91si11507e0c.8.2026.02.25.14.44.17 for (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Wed, 25 Feb 2026 14:44:17 -0800 (PST) Received-SPF: pass (google.com: domain of eth3rs@gmail.com designates 2607:f8b0:4864:20::1036 as permitted sender) client-ip=2607:f8b0:4864:20::1036; Received: by mail-pj1-x1036.google.com with SMTP id 98e67ed59e1d1-35640ad94d3so70308a91.1 for ; Wed, 25 Feb 2026 14:44:17 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1772059457; cv=none; d=google.com; s=arc-20240605; b=XsDO/9GMtNBJVyBHLNj5aWOX6Q7XTdP+kZZcOpXjuZl6VRWao/oJq3/i63toUzDCnd epIjhdvRPY/d5ltCBU+KSXMxpEndY8fE/8hm9YGEqVlc2Autwxflo/aHb8rbrYXmGOZf SIB6JwNNUnLKjWwI7sUuDH9YGF5L0VOcs2V7Xngy/Lq7mqBDFbvHVZoNLyAaK4MjZv22 JkPjuoKmjFsVlIC3Gfk+m9tHejFqF5HToGwNHtAyNkNZljamWAb0CMuWX7cjQB0q+kxn X0BClZ0WrDUpneMjTHRveW4OnEtzQ0Or9ywcomLN+GU5y5MjpQqU/nhFofKDDSSoxIzY Ch5w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:dkim-signature; bh=AOKVt8E9A2Vq3TjTykw8rbLnQUd80H1+CyP5UvWmcu8=; fh=qAep22JDvh8re8OeAW59/rf80zlsyYVsG6JqYYLNJc4=; b=PTjOAa01zYjzI9yTEmhCm1Q+dAS6wmIX1ChE7waAdlPzDQPmH3TA2emNTbUdCdUzrR SEsMwrAOZc6g3gKauS+DrCKPh8/NnEfIRxok07heEJdgHVMU8FcKcaBNvyUgt8mqDDzN oTlAwIE17dCpI926l+LMvIXsY/ovcd9YCnzm0Haaz3R0aVDpmC3yJ1vSYp6zHAvYeVTZ vFX7Br4Gu12VpPboZdjGt/7hDhTBDLdlCUGiM0PPlIQwBqcNjpwAJJK0yeTOZHbfyj3h ftwUrlS1dS2hZIqsTQnpkkjW53xDZJIhu9YTwCWnVw488Ncp3eliX3wgoaW79UvZmoLZ Hw4g==; dara=google.com ARC-Authentication-Results: i=1; mx.google.com; arc=none X-Forwarded-Encrypted: i=1; AJvYcCWYMBwHAKajbruYPaqKn5As19jfBS0LKp9Z5gROqwQJlrwDNzarc6RLLRHd1HiZGiuqmRWptD3jri3/@googlegroups.com X-Gm-Gg: ATEYQzzI5sOAsjzEagr/5Z6ASzkPAB8fAI6P7CLIwWT2rgkPiJbLcRqPNpubST/45Fi XSbhYeVX62cABxkxtqxFRQf79KZ4SCl2Aw+xB/BeHxKmyhrDOP9A+vhjUzEH8OpMhfenxrWnsu3 +x2fwEpGiAdd1DmqxvwYuMtmdQMZRivvH/RV6ST3uwRQgTep4j2O7+gFoSLbDuX7FI0mNP7YR62 HMeIFPJxx53GJ0mI2pF3VMfndFWaOVfPTIc2nitY/5SYjfnZURn6nZkcrm4VhqPi9YqywQsqAv0 5T3gKGHKHsS40oml3Zj/YGbWn4ZrPqbloD806Ynu8OZdOBlZMY+4VSaYM3o7uHNMDgUn3jrUIDC 4NGcY38A+mmtb77Nn/RNLfWFVCQA8LJ85uX27uEEZLWXyHTBv2Xq6nfcLZ544E1u6DXwU7vzSGg 9qxnKd9khQW036/5PpF1GUqHYgBUaaUCD/JV1tm/GjyL4pa5Ns+FGFJOWmJNfzcwD+OUkW+izcc rtYvJS6 X-Received: by 2002:a17:90b:510a:b0:356:3cfd:3ed5 with SMTP id 98e67ed59e1d1-3593db4e02fmr202149a91.18.1772059456915; Wed, 25 Feb 2026 14:44:16 -0800 (PST) MIME-Version: 1.0 References: <823db0fa-08d3-4273-a428-04dc3d6da4d2n@googlegroups.com> In-Reply-To: From: Ethan Heilman Date: Wed, 25 Feb 2026 17:43:00 -0500 X-Gm-Features: AaiRm51_GVlFLBWlxeBJ16Dt-ZtZEzHU9AJ_SQBEH1_jKg56wyCl5ahBDvXEUzg Message-ID: Subject: Re: [bitcoindev] Re: The limitations of cryptographic agility in Bitcoin To: Erik Aronesty Cc: "waxwing/ AdamISZ" , Bitcoin Development Mailing List Content-Type: multipart/alternative; boundary="000000000000734b67064badbe60" X-Original-Sender: eth3rs@gmail.com X-Original-Authentication-Results: gmr-mx.google.com; dkim=pass header.i=@gmail.com header.s=20230601 header.b=P4uiT9dI; arc=pass (i=1); spf=pass (google.com: domain of eth3rs@gmail.com designates 2607:f8b0:4864:20::1036 as permitted sender) smtp.mailfrom=eth3rs@gmail.com; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com; dara=pass header.i=@googlegroups.com Precedence: list Mailing-list: list bitcoindev@googlegroups.com; contact bitcoindev+owners@googlegroups.com List-ID: X-Google-Group-Id: 786775582512 List-Post: , List-Help: , List-Archive: , List-Unsubscribe: , X-Spam-Score: -0.5 (/) --000000000000734b67064badbe60 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable > the physics is cool, but the engineering needed to scale may still well be impossible in the physical world. bitcoin *cannot* respond to claims that unicorns exist with protocol change We may never have a CRQC that's a real but unlikely possibility. Let's say you believe in your heart of hearts that CRQCs are impossible. Algorithm agility is still critical to the future of Bitcoin in such a world. To quote from Guidelines for Cryptographic Algorithm Agility and Selecting Mandatory-to-Implement Algorithms (RFC 7596) "Cryptographic algorithms age; they become weaker with time. As new cryptanalysis techniques are developed and computing capabilities improve, the work required to break a particular cryptographic algorithm will reduce, making an attack on the algorithm more feasible for more attackers. While it is unknown how cryptoanalytic attacks will evolve, it is certain that they will get better." ... Protocol designers need to assume that advances in computing power or advances in cryptoanalytic techniques will eventually make any algorithm obsolete." A CRQC is one of many threats to the cryptography used in Bitcoin signatures. If we want Bitcoin to be a secure store of value over at least one human lifetime, then algorithm agility is a must. Part of that security is that your coins don't get stolen due to cryptographic weaknesses, part of that security is that know your coins are unlikely to get stolen, i.e. epistemological problem. On Wed, Feb 25, 2026 at 10:03=E2=80=AFAM Erik Aronesty wrote= : > > I'm in, I think, a group of people now, that have pointed this out, here >> and elsewhere ... I like to call it the "epistemological problem" becaus= e, >> why use short words when a long one will do :) The scenario is all the >> worse because (as, again, has been pointed out before): the "I have a CR= QC" >> signed message you mention is (more likely), or can be, someone who has >> just placed a short in the market, rather than an actual CRQC holder. Th= e >> point is that during a period from "bitcoin doesn't have PQ algos" to >> "bitcoin has PQ algos" the transition will always be essentially 100% >> opaque; every honest action of moving to safety looks identical, onchain= , >> to theft. >> > > > a key that is crackable in-advance of bitcoin being cracked, so that we > know quanutm is "real". > > 1. deterministic random elliptic-curve address on a much > smaller-bit-strength curve, but not so much smaller that classical attack= s > are feasable > 2. bounty for the solution enforceable with a smart contract > 3. refusal to accept that "i have a CRQC" message unless this > well-known-key is used, because anything else is likely a scam (private k= ey > known in advance) > 4. understanding that cracking a 180-bit key only gives us 6 months to a > year of quantum engineering scaling to fix bitcoin > 6. published plan to move quickly as needed > > the physics is cool, but the engineering needed to scale may still well b= e > impossible in the physical world. bitcoin *cannot* respond to claims th= at > unicorns exist with protocol changes. but we *can* respond with a bip th= at > allows us to rapidly deploy defense against unicorn horns once irrefutabl= e > evicence arrives that they exist. > > -- > You received this message because you are subscribed to the Google Groups > "Bitcoin Development Mailing List" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to bitcoindev+unsubscribe@googlegroups.com. > To view this discussion visit > https://groups.google.com/d/msgid/bitcoindev/CAJowKgJwq88yfJEQzZ%2Bv-33Et= EuYif1y6qsXtyoRyk2V%2B44cww%40mail.gmail.com > > . > --=20 You received this message because you are subscribed to the Google Groups "= Bitcoin Development Mailing List" group. To unsubscribe from this group and stop receiving emails from it, send an e= mail to bitcoindev+unsubscribe@googlegroups.com. To view this discussion visit https://groups.google.com/d/msgid/bitcoindev/= CAEM%3Dy%2BW_KDes6WMWc-MtTptKHeEqrstnyi4fdxeEs1SstXQSKg%40mail.gmail.com. --000000000000734b67064badbe60 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
>=C2=A0 the physics is cool, but the engineering needed to scale may still well be = impossible in the physical world.=C2=A0 =C2=A0bitcoin *cannot* respond to c= laims that unicorns exist with protocol change

We may never have a C= RQC that's a real but unlikely possibility. Let's say you believe i= n your heart of hearts that CRQCs=C2=A0are impossible. Algorithm agility is= still=C2=A0critical to the future of Bitcoin in such a world.

To qu= ote from Guidelin= es for Cryptographic Algorithm Agility and Selecting Mandatory-to-Implement= Algorithms (RFC 7596)

"Cryptographic algorithms age; they = become weaker with time.=C2=A0 As new cryptanalysis techniques are develope= d and computing capabilities=C2=A0improve, the work required to break a par= ticular cryptographic=C2=A0algorithm will reduce, making an attack on the a= lgorithm more=C2=A0feasible for more attackers.=C2=A0 While it is unknown h= ow cryptoanalytic attacks will evolve, it is certain that they will get bet= ter."
...
Protocol designers need to assume that advances in com= puting=C2=A0power or advances in cryptoanalytic techniques will eventually = make any algorithm obsolete."

A CRQC is one of many threats to = the cryptography used in Bitcoin signatures. If we want Bitcoin to be a sec= ure store of value over at least one human lifetime, then algorithm agility= is a must. Part of that security is that your coins don't get stolen d= ue to cryptographic weaknesses, part of that security is that know your coi= ns are unlikely to get stolen, i.e.=C2=A0epistemological problem.


On Wed, Feb 25, 2026 at 10:03=E2=80=AFAM Erik Aronesty = <erik@q32.com> wrote:

I'm in, I think, a group of people now, that = have pointed this out, here and elsewhere ... I like to call it the "e= pistemological problem" because, why use short words when a long one w= ill do :) The scenario is all the worse because (as, again, has been pointe= d out before): the "I have a CRQC" signed message you mention is = (more likely), or can be, someone who has just placed a short in the market= , rather than an actual CRQC holder. The point is that during a period from= "bitcoin doesn't have PQ algos" to "bitcoin has PQ algo= s" the transition will always be essentially 100% opaque; every honest= action of moving to safety looks identical, onchain, to theft.


=C2=A0 a key that is crackable in= -advance of bitcoin being cracked, so that we know quanutm is "real&qu= ot;.

=C2=A01. deterministic random elliptic-curve address on a much = smaller-bit-strength curve, but not so much smaller that classical attacks = are feasable=C2=A0 =C2=A0=C2=A0
=C2=A02. bounty for the solution enforce= able with a smart contract
=C2=A03. refusal to accept that "i have = a CRQC" message unless this well-known-key is used, because anything e= lse is likely a scam (private key known in advance)
=C2=A04. understandi= ng that cracking a 180-bit key only gives us 6 months to a year of quantum = engineering scaling to fix bitcoin
=C2=A06. published plan to move quick= ly as needed
=C2=A0
the physics is cool, but the engineering needed t= o scale may still well be impossible in the physical world.=C2=A0 =C2=A0bit= coin *cannot* respond to claims that unicorns exist with protocol changes.= =C2=A0 but we *can* respond with a bip that allows us to rapidly deploy def= ense against unicorn horns once irrefutable evicence arrives that they exis= t.=C2=A0 =C2=A0

--
You received this message because you are subscribed to the Google Groups &= quot;Bitcoin Development Mailing List" group.
To unsubscribe from this group and stop receiving emails from it, send an e= mail to bitcoindev+unsubscribe@googlegroups.com.
To view this discussion visit http= s://groups.google.com/d/msgid/bitcoindev/CAJowKgJwq88yfJEQzZ%2Bv-33EtEuYif1= y6qsXtyoRyk2V%2B44cww%40mail.gmail.com.

--
You received this message because you are subscribed to the Google Groups &= quot;Bitcoin Development Mailing List" group.
To unsubscribe from this group and stop receiving emails from it, send an e= mail to bitcoind= ev+unsubscribe@googlegroups.com.
To view this discussion visit https://groups.google.com/= d/msgid/bitcoindev/CAEM%3Dy%2BW_KDes6WMWc-MtTptKHeEqrstnyi4fdxeEs1SstXQSKg%= 40mail.gmail.com.
--000000000000734b67064badbe60--