I think the gap between our views is that I don't buy that the "percentage harm reduction" outcome
is all that interesting. Sure, there's some % where it certainly is, but its probably in the 99+%
range, not in the 75-90% range. I think maybe the biggest gap is I just don't find any "solution"
that results in 10-20% of bitcoin (*especially* active bitcoin people hold keys to that made some
progress in migrating but maybe screwed up address reuse) being stolen as at all interesting.

bit disingenuous tho, right?

technically right but only in a very narrow sense. if you reuse and reveal a pubkey, p2mr and p2trv2 collapse to the same security profile. nobody is arguing that.

but that’s not the same as “p2mr has zero advantage.” it just means you threw away the advantage by using it wrong. before reveal, p2mr is strictly better because there’s no key path sitting there exposed the whole time.

basically the same pattern we already have everywhere. schnorr nonce reuse -> instant loss. bad multisig setup -> instant loss. 

you should say “it has zero advantage for the users that behave badly” 

now, consider materiality.  who is going to use their 400 billion dollar quantum computer to break the law and steal 2btc from someone who failed to use a modern wallet protocol that prevents address reuse under some theoretical future where a P2MR quantum world matters?

so you're down to:  

this is a problem.... but only for people who create their own vulns by failing to follow protocol, and also happen to have an enormous stash


--
You received this message because you are subscribed to the Google Groups "Bitcoin Development Mailing List" group.
To unsubscribe from this group and stop receiving emails from it, send an email to bitcoindev+unsubscribe@googlegroups.com.
To view this discussion visit https://groups.google.com/d/msgid/bitcoindev/CAJowKg%2BPJRdNc6RQb%2BSAf7TkG4EPZMPhJVgYQw5ygxN7JdgjTg%40mail.gmail.com.