Re: [bitcoindev] PQC - What is our Goal, Even?

Bitcoin Development Mailinglist
 help / color / mirror / Atom feed

From: Erik Aronesty <erik@q32.com>
To: Matt Corallo <lf-lists@mattcorallo.com>
Cc: conduition <conduition@proton.me>,
	Ethan Heilman <eth3rs@gmail.com>,
	bitcoindev@googlegroups.com
Subject: Re: [bitcoindev] PQC - What is our Goal, Even?
Date: Sun, 19 Apr 2026 05:57:10 -0700	[thread overview]
Message-ID: <CAJowKg+PJRdNc6RQb+SAf7TkG4EPZMPhJVgYQw5ygxN7JdgjTg@mail.gmail.com> (raw)
In-Reply-To: <2b8d2a1b-9e9c-4918-9ac7-4bdcb15f5886@mattcorallo.com>

[-- Attachment #1: Type: text/plain, Size: 2012 bytes --]

>
> I think the gap between our views is that I don't buy that the "percentage
> harm reduction" outcome
> is all that interesting. Sure, there's some % where it certainly is, but
> its probably in the 99+%
> range, not in the 75-90% range. I think maybe the biggest gap is I just
> don't find any "solution"
> that results in 10-20% of bitcoin (*especially* active bitcoin people hold
> keys to that made some
> progress in migrating but maybe screwed up address reuse) being stolen as
> at all interesting.

bit disingenuous tho, right?

technically right but only in a very narrow sense. if you reuse and reveal
a pubkey, p2mr and p2trv2 collapse to the same security profile. nobody is
arguing that.

but that’s not the same as “p2mr has zero advantage.” it just means you
threw away the advantage by using it wrong. before reveal, p2mr is strictly
better because there’s no key path sitting there exposed the whole time.

basically the same pattern we already have everywhere. schnorr nonce reuse
-> instant loss. bad multisig setup -> instant loss.
you should say “it has zero advantage *for the users that behave badly*”

now, consider materiality.  who is going to use their 400 billion dollar
quantum computer to break the law and steal 2btc from someone who failed to
use a modern wallet protocol that prevents address reuse under some
theoretical future where a P2MR quantum world matters?

so you're down to:

this is a problem.... but only for people who create their own vulns by
failing to follow protocol, and also happen to have an enormous stash

-- 
You received this message because you are subscribed to the Google Groups "Bitcoin Development Mailing List" group.
To unsubscribe from this group and stop receiving emails from it, send an email to bitcoindev+unsubscribe@googlegroups.com.
To view this discussion visit https://groups.google.com/d/msgid/bitcoindev/CAJowKg%2BPJRdNc6RQb%2BSAf7TkG4EPZMPhJVgYQw5ygxN7JdgjTg%40mail.gmail.com.

[-- Attachment #2: Type: text/html, Size: 2592 bytes --]

next prev parent reply	other threads:[~2026-04-19 13:24 UTC|newest]

Thread overview: 20+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2026-04-15 16:37 Matt Corallo
2026-04-15 18:08 ` Erik Aronesty
2026-04-16 11:17   ` Matt Corallo
2026-04-16 16:28     ` Erik Aronesty
2026-04-16 16:31       ` Erik Aronesty
2026-04-16 17:34     ` 'conduition' via Bitcoin Development Mailing List
2026-04-17 20:44       ` Matt Corallo
2026-04-17 21:28         ` Ethan Heilman
2026-04-18  0:37           ` Matt Corallo
2026-04-18 15:44             ` 'conduition' via Bitcoin Development Mailing List
2026-04-18 16:34               ` Erik Aronesty
2026-04-19  0:29               ` Matt Corallo
2026-04-19 12:57                 ` Erik Aronesty [this message]
2026-04-19 13:36                 ` Matt Corallo
2026-04-19 16:27                   ` 'conduition' via Bitcoin Development Mailing List
2026-04-19 16:37                     ` Matt Corallo
2026-04-19 19:43                       ` Matt Corallo
2026-04-20 20:20               ` 'Antoine Poinsot' via Bitcoin Development Mailing List
  -- strict thread matches above, loose matches on Subject: below --
2026-04-15 16:37 Matt Corallo
2026-04-20 18:04 ` 'Antoine Poinsot' via Bitcoin Development Mailing List

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=CAJowKg+PJRdNc6RQb+SAf7TkG4EPZMPhJVgYQw5ygxN7JdgjTg@mail.gmail.com \
    --to=erik@q32.com \
    --cc=bitcoindev@googlegroups.com \
    --cc=conduition@proton.me \
    --cc=eth3rs@gmail.com \
    --cc=lf-lists@mattcorallo.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox