From mboxrd@z Thu Jan 1 00:00:00 1970 Delivery-date: Thu, 16 Apr 2026 11:07:44 -0700 Received: from mail-ot1-f63.google.com ([209.85.210.63]) by mail.fairlystable.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (Exim 4.94.2) (envelope-from ) id 1wDR7u-0002In-Vr for bitcoindev@gnusha.org; Thu, 16 Apr 2026 11:07:43 -0700 Received: by mail-ot1-f63.google.com with SMTP id 46e09a7af769-7dbc48dd44esf1842850a34.1 for ; Thu, 16 Apr 2026 11:07:42 -0700 (PDT) ARC-Seal: i=3; a=rsa-sha256; t=1776362856; cv=pass; d=google.com; s=arc-20240605; b=IwkTCoC02A12aFRZYqTKzPsF8KNmZgFLCbYfC3jEkaURrVAVixZ03GMm95nsnXYbwd NswAhaNFl0TbsqqGwVKqn6IEoy0+0bGI2qJ+fwQQKJtyeWmRI/BjNzCO1wQb64dba6IH ae0bZh/MZNHjdONyXl06yyB8lJLLm3jWqAaDOtfs8a7J/ner+mKql9Yk4pHE/fkzuJBV XsI0/WVdKBs9hurB0PWxhYhVjkK/I4sxJxo8Cj4pYQ4cY4LynLTU5OLDaFaX08Ap3ubp QueOelB8XZ3FBsJQ/O/X2avmvBMxaNkwUTchXfVW03ZqMW+N+IxmFLMrTgVqOi2PDmtl HD6A== ARC-Message-Signature: i=3; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:sender:dkim-signature; bh=hBNH91uvOtuwwErq6FbJFJllVf9gVg4HS1YUDb5ZSa4=; fh=KqUHHOriy6qi/++/YH/mqYzKyUIMGDdlB8k6+OrHchc=; b=hoUM9ZRXVOqU96KjTCQN5IQGgBiSj7l8EqIZPT/y/kCVmNwk94TspuaeNIbWWeAlQL nw9PgPLLZr3PK0loNSjTrou5dAHsvPhnTfMJWrDj1c3RaikziQy3mPKI8vyYrSZ5ddPR jQTrkVKUWvdaqAAPSrYMc5EBTbZ0CgXeQ9LPucvfPxVrd83CL9VyLa4Q9dyJ6HnHs3BX pRP2rXBCipF0pXztBsYM682g1WO9EzoJJXF23MZ3xDXSKOMD6dhj9Z/a59ZxgEHU/sdP gukSGNlTjX2MoaJ212Bvki+sg6hQ3aY4K47lSkhGyRXH66qJbCMyL5xP2OqYWALIrHqO +U0g==; darn=gnusha.org ARC-Authentication-Results: i=3; gmr-mx.google.com; dkim=pass header.i=@q32-com.20251104.gappssmtp.com header.s=20251104 header.b="Tjt/9oIx"; arc=pass (i=1); spf=pass (google.com: domain of earonesty@gmail.com designates 2a00:1450:4864:20::533 as permitted sender) smtp.mailfrom=earonesty@gmail.com; dara=pass header.i=@googlegroups.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com; s=20251104; t=1776362856; x=1776967656; darn=gnusha.org; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:x-original-authentication-results :x-original-sender:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:sender:from:to:cc:subject:date:message-id :reply-to; bh=hBNH91uvOtuwwErq6FbJFJllVf9gVg4HS1YUDb5ZSa4=; b=NkOoe/v/SRlTLbn3AQylwpN9qlf8RiMbMlgyIQDBHKRcVjl7CQzIuQJLxYJW/6Yd90 nxnfSzmZlYgwE66kTMWzcl28jBN8v4vkfQKkx3JPzZXREFbO7WTcyo6XKiiVcLLvHy6g zLaDBxyYFFnsbBRGhFfo+rvQ2U2VrkKk4ORmb0CADnt4vcdE4Od6sf4u3Txni/wMdz+v eyfXUChLy7Iprg731SX6qQT3dN+Thtxo7h4mNHILqJoS0ixuDyXpMP8C0b9F9fkPu2ml SwG/GS/4nVuhJWHkLQaJp+MN4DO6Wg4IMbLQZizH66VXWA/xvUPAnDfIuFs+OxFGzkyj 8DKg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1776362856; x=1776967656; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:x-original-authentication-results :x-original-sender:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:x-gm-gg:x-beenthere:x-gm-message-state :sender:from:to:cc:subject:date:message-id:reply-to; bh=hBNH91uvOtuwwErq6FbJFJllVf9gVg4HS1YUDb5ZSa4=; b=AA8C+QfHf7YWD6N+a6XfjK74g9XltJYurPb5aZKq0hfT5XwrbNPgLTXxX2Ez6pa6lP mN7OEd3vduAYYNaQIJb2VUu1DUbGmjO3hRkpdLwDlSSt8KspK6nwizolWSJeqbSTPK5G m/K9iysEg/LsDBI0HkckDpYxU+XD3gv8B9j8NZoAWNPv8bf/I5mfBIEXhHSsCgOCgaME 2+Uq45UQSf5zaxWAnSA8CEIpIBh/apwsYu9YwAItp8sUbuhAUU8nXTygDya/h0UIdHZp tYPRvr4riMRJPrefMZY8DsydJatsd9B4OkmaFgy34qkCugLWNcjyOZtAvRpn8fGBDCUR LIcw== Sender: bitcoindev@googlegroups.com X-Forwarded-Encrypted: i=3; AFNElJ/99sX2EQQLdv3oycdDo9WcPL/fHu48wB54lTzZ2WYy5LzeyHuvsJNbY7VK4f/1VGoLDnZ3otObMcD2@gnusha.org X-Gm-Message-State: AOJu0YwUJiacvJrjup3Oi1AVQL2Wb9m8VSxUyjVZ5FS2E5s4dYTmcrha TA13KvnOei+J2fDCihAg0zFCapXSP1kpyNyey2kWlbj8vHv3bTW8qWCF X-Received: by 2002:a05:6820:7083:10b0:688:8c68:1f0a with SMTP id 006d021491bc7-6946168316dmr145947eaf.19.1776362856412; Thu, 16 Apr 2026 11:07:36 -0700 (PDT) X-BeenThere: bitcoindev@googlegroups.com; h="AYAyTiKYOFUIDpCif1K6EWpgwbK9OZFm8hrSLaxQMJ5KGqPcdA==" Received: by 2002:a05:6870:4d6:b0:423:73f9:2b3 with SMTP id 586e51a60fabf-4246f02f3c6ls482797fac.1.-pod-prod-00-us-canary; Thu, 16 Apr 2026 11:07:30 -0700 (PDT) X-Received: by 2002:a05:6808:4e89:b0:467:2f58:dff3 with SMTP id 5614622812f47-479996d9980mr119033b6e.18.1776362850561; Thu, 16 Apr 2026 11:07:30 -0700 (PDT) Received: by 2002:a05:6402:13cf:b0:672:a217:6f8e with SMTP id 4fb4d7f45d1cf-672a2177181msa12; Thu, 16 Apr 2026 09:28:43 -0700 (PDT) X-Received: by 2002:a17:906:4790:b0:b9e:98c:bd29 with SMTP id a640c23a62f3a-ba3dbfa8f05mr4356466b.18.1776356921998; Thu, 16 Apr 2026 09:28:41 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1776356921; cv=pass; d=google.com; s=arc-20240605; b=Wy0OCk8Lk5Hh8RATdel7cblDsbAXg2Tg0Yxxnt4tyZEU2AmMlMmDA5N2WKNtDofmdF GRWHay/s8QMbsqN44Rc1QLkhSYLM937/v6DGh8ua2xfo8ZAspfKWH2AvEekzxi12a6ii ydr4ka2+waUa85XFsfnUjKbrcYCDsCVLApxBfkQT6agt/xgDRGHxsNlM3yY43sN4k+a+ AKthqX3kIUuF8A9HBIdsiJScLqnsl/sw4C8+lHkXFzFCPi6OajMAEbjf5Ohc6EKO8bid aEk+1M7+VurqgVjsx7o2HIHM9OHtGw6s/gC/rclwnpjrmY+rGpnPsiKzEvBonduFKqO8 V2pw== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:dkim-signature; bh=GxActVMHKw8MGEgISzgsSOBlPxZr73nJPuoBQRp5SZI=; fh=xW8bxyqQYHE1uH3XvdCMfZVppoYs0vQZCdqgnVz97es=; b=NVnNiRFYkBSLyMplpmCbc7PTPSDxONFFaO5rJVmyrh2+hvwes9/+ZGhCIoHoms6Bw9 ymW+FiLErbFlrYPR98RLaIiJ0rUKHA4enOWCs4u1Tvuvh2ypjcXGIXtsLi7FeN0ikBpv 5hYIZkAvSSy94luBDMSC3islxUGAvep8kRSRlxoKytLx9UO+jmWT5osvz1yEFL12LSs9 7XhbmLqusEUD4QOT+nEjtQoTBMjg0nawjBu86GErf3wb1+7kyFMs/8w0AVRFkNy5qbKi 1AIp+/jtjQYpB+IfF3wrTv+JYxrWexEJsSxWk3aAMw+E2D3Imab/6RG3qAHsOIfu9GHv KoMQ==; dara=google.com ARC-Authentication-Results: i=2; gmr-mx.google.com; dkim=pass header.i=@q32-com.20251104.gappssmtp.com header.s=20251104 header.b="Tjt/9oIx"; arc=pass (i=1); spf=pass (google.com: domain of earonesty@gmail.com designates 2a00:1450:4864:20::533 as permitted sender) smtp.mailfrom=earonesty@gmail.com; dara=pass header.i=@googlegroups.com Received: from mail-ed1-x533.google.com (mail-ed1-x533.google.com. [2a00:1450:4864:20::533]) by gmr-mx.google.com with ESMTPS id a640c23a62f3a-ba17434e6ffsi10218266b.1.2026.04.16.09.28.41 for (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Thu, 16 Apr 2026 09:28:41 -0700 (PDT) Received-SPF: pass (google.com: domain of earonesty@gmail.com designates 2a00:1450:4864:20::533 as permitted sender) client-ip=2a00:1450:4864:20::533; Received: by mail-ed1-x533.google.com with SMTP id 4fb4d7f45d1cf-671dad7cac8so5641318a12.0 for ; Thu, 16 Apr 2026 09:28:41 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1776356921; cv=none; d=google.com; s=arc-20240605; b=KJ2WiIypBOS7QWj/Jvcv2B6O7fj+zE3XJG+7DTbOjHjI0k7zJMAlXmuvrwtFw/eBmR FZ1inM7qX0Lz5m8otjG45V7nWBz7YzeHkUaf0Rrb5uUe80+qMBuBmCj/WSRKnd/Po6hT wo+/NEP8Xf9XegAn8BfMNvdugvTpB38yFU0+PJ2jUqdbSc+CAfFHZ4670U1f0+QqSciF 4TpGnxvf/hjfsqSRL4UkUL31Hk/gLFF2z4RZlPGYyXidWjCfChhNTzTDCJ7O7tTjnD/w LPYLza+9Efl3iDpXybQx+gjrZzXn3zS5b0AoKuhMjN2M7Hu/2eaRmkqfdja1KisaG38G u51g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:dkim-signature; bh=GxActVMHKw8MGEgISzgsSOBlPxZr73nJPuoBQRp5SZI=; fh=xW8bxyqQYHE1uH3XvdCMfZVppoYs0vQZCdqgnVz97es=; b=ZVxWFS87JwsWPwUkcKQgR8Y4QgaaOhAwcS3rEt6fu7DlmtUfYwelGJ5QVtQBKLubJw qmfoBNzBRJ2L2+EcQsOoYYFCZ5vVC4w859AZqMI//di8echjGh/RXmCHNkdvA24i06O9 LUtYkywI3wEmdS4fm9NV+GsfDoBw/GJeVK4M/EjYyMkQvKv1amjnB9IJVqGwrFRKrwkk xbLqOu/0+Gz1hva1xRH8jenI79tA9n4l8L/RyTXIgE87gm5BzNSFPEhm4WRNkvvFYkos F/AbLUCg2/I7NL7P77lCQGJr9z0yt9NCKt6WrpG9QNi77eGCumNtnMUULCk6Mt4MvPZv ACmA==; dara=google.com ARC-Authentication-Results: i=1; mx.google.com; arc=none X-Gm-Gg: AeBDieuucUttrf/4ywpjWrrcLW9B4NAB0huN4opfp1aO8ocUvubH2cLOqIv6TLSFScR x1tRGSW0QFXuZ6Ro40sLZJc/EzDnmx+P2205Bdzpj1rTIozMmrW/4SbOzn2sZ3fgTanqBkrgxEt jMyw09ODiwlQp4Q1cSeA4YEOHGrfPvLVU1q+meHlpYsLKz1LmhDsmQwAPYJGK9CbMCQTtT7Hl5Y 29d6BY0La3HHWGA7VynHQu3oYqqOzQ7xO6jhFxzui89Tdgej63hnA5wcLmCuv3/CA5eIFa1Br30 Ww5T8/FUE35TS1cqhJPtfHSPUIBBbCw2oGbDHOdirdDHxIxNQpab5XoTgaQpJA== X-Received: by 2002:a17:906:f58b:b0:b8f:b32e:e196 with SMTP id a640c23a62f3a-ba3dda957cfmr2395266b.30.1776356920950; Thu, 16 Apr 2026 09:28:40 -0700 (PDT) MIME-Version: 1.0 References: <05E6D06B-1F72-48F6-B4F3-0225675BCC1F@mattcorallo.com> In-Reply-To: From: Erik Aronesty Date: Thu, 16 Apr 2026 09:28:30 -0700 X-Gm-Features: AQROBzDYkIiUuEQGJQJ8G3bdBC07qDBla0bQEtUplJkwXkbNgPTATNRYG1dAwjo Message-ID: Subject: Re: [bitcoindev] PQC - What is our Goal, Even? To: Matt Corallo Cc: Bitcoin Development Mailing List Content-Type: multipart/alternative; boundary="000000000000448ddb064f96537c" X-Original-Sender: erik@q32.com X-Original-Authentication-Results: gmr-mx.google.com; dkim=pass header.i=@q32-com.20251104.gappssmtp.com header.s=20251104 header.b="Tjt/9oIx"; arc=pass (i=1); spf=pass (google.com: domain of earonesty@gmail.com designates 2a00:1450:4864:20::533 as permitted sender) smtp.mailfrom=earonesty@gmail.com; dara=pass header.i=@googlegroups.com Precedence: list Mailing-list: list bitcoindev@googlegroups.com; contact bitcoindev+owners@googlegroups.com List-ID: X-Google-Group-Id: 786775582512 List-Post: , List-Help: , List-Archive: , List-Unsubscribe: , X-Spam-Score: -0.7 (/) --000000000000448ddb064f96537c Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable > you missed Olaoluwa's posts No, I didn't miss them. They're irrelevant. The base-case assumption is that the quantum assumption isn't attempting to forge a signature based on a public key. It has the private key. In which case there is no proof that can help. On Thu, Apr 16, 2026 at 4:17=E2=80=AFAM Matt Corallo wrote: > Hi Erik, > > It appears you missed Olaoluwa's posts on this very list where he did > exactly the thing you claim is > impossible - build a ZKP which allows someone to prove that they had the > private key to a > transaction in a way that no quantum computer can forge! > > Matt > > On 4/15/26 2:08 PM, Erik Aronesty wrote: > > Yes I agree, Matt. People are definitely talking past each other. To > me "safe coin maximization at > > the expense of decentralization and proof" seems like the completely > wrong goal in almost every way. > > > > I would like you to bear in mind that there is no reasonable way to a > certain that someone is the > > owner of a coin unless they show proof of that private key. I think we > all can agree there. > > > > And that with the theoretical magical quantum computers compromising > private keys they will be no > > distinction between a coin holder and an attack. There is no possible > ZKP that can fix this. > > > > I think the fundamental thing we need to do is provide sovereign and > active users the ability to > > protect their personal coins. Opting into this protection will occur a= s > the interested users > > determine that it needs to occur. This is the only sure way to prevent > a premature optimization for > > a computing paradigm that may never exist > > > > Maximizing sovereignty Is the entire purpose of a decentralized and > peer-to-peer protocol. > > > > Having decentralization and sovereignty be a secondary goal is like > ignoring freedom of speech and > > then pretending to be a democracy. > > > > > > > > > > > > On Wed, Apr 15, 2026, 9:52=E2=80=AFAM Matt Corallo > lists@mattcorallo.com>> wrote: > > > > Its become obvious in recent discussions that a large part of the > PQC discussion has people > > coming at it from very different fundamental goals, and as a result > the conversations often talk > > past each other without making real progress. So instead of doing > that more I'd like to write > > down what I think the actual, short-term goal *is*, what it it is > not. > > > > Fundamentally, it seems to me the most reasonable goal is that we > should be seeking to increase > > the number of coins which are reasonably likely to be secured by th= e > time a CRQC exists. Put > > another way, we should be seeking to minimize the chance that the > Bitcoin community feels the > > need to fork to burn coins by reducing the number of coins which ca= n > be stolen to the minimum > > number [1]. > > > > This naturally means focusing on the wallets which are the *least > likely* to migrate or > > otherwise get themselves in a safe spot. Focusing on those who are > the most likely to migrate > > does almost nothing to move the needle on the total number of coins > protected, nor, thus, on the > > probability of a future Bitcoin community feeling the need to burn > coins. Sadly, this probably > > means the "top wallets" that are generally terrible at adopting > Bitcoin standards. Wallets which > > are the top listing on app stores like (currently in the top few in > my app store): Bitcoin.com, > > Trust Wallet, Coinbase Wallet, Blockchain.com, etc. These wallets > generally use a single static > > address (because anything else confuses their users and they get > additional support tickets for > > it!) and put very little time into Bitcoin, focusing instead on > other tokens and integrations. > > > > A few non-goals: > > > > * To ensure that advanced setups have the absolute best in > post-quantum security. I don't see > > how this moves the needle on the above goal, and in fact in many > cases detracts from the above > > goal. Of course if we can accomplish this without detracting from > the top-line goal above, great. > > > > * To ensure we have the best possible design for the signature > scheme bitcoin will be using in a > > world where a CRQC exists and we've gotten past the mess. We'll > almost certainly know a lot more > > about the security of various schemes and have more options for how > to approach the problem by > > the point we're dealing with the mess of a CRQC being imminent, so > it seems like a fools errand > > to try to predict what we should build for this. But even if we kno= w > no more then than we do > > today, likely ending up with hash-based signatures as the scheme > everyone uses, we'll almost > > certainly be having conversations about additional witness discount= s > or increased block sizes to > > compensate for the sudden increase in transaction sizes. Maybe we > would decide against such an > > increase, but there's no question such a conversation would happen > and it would be premature to > > have it today. > > > > Matt > > > > [1] Of course I believe that the lost coin pool is large enough tha= t > the Bitcoin community will, > > almost without question, fork to disable insecure spend paths and > burn some coins in the > > process, but reducing the number of coins burned to the absolute > minimum is of course best for > > everyone. > > > > -- > > You received this message because you are subscribed to the Google > Groups "Bitcoin Development > > Mailing List" group. > > To unsubscribe from this group and stop receiving emails from it, > send an email to > > bitcoindev+unsubscribe@googlegroups.com bitcoindev%2Bunsubscribe@googlegroups.com>. > > To view this discussion visit > https://groups.google.com/d/msgid/bitcoindev/05E6D06B-1F72-48F6- > > B4F3-0225675BCC1F%40mattcorallo.com < > https://groups.google.com/d/msgid/ > > bitcoindev/05E6D06B-1F72-48F6-B4F3-0225675BCC1F%40mattcorallo.com>. > > > > -- > > You received this message because you are subscribed to the Google > Groups "Bitcoin Development > > Mailing List" group. > > To unsubscribe from this group and stop receiving emails from it, send > an email to > > bitcoindev+unsubscribe@googlegroups.com bitcoindev+unsubscribe@googlegroups.com>. > > To view this discussion visit > https://groups.google.com/d/msgid/bitcoindev/ > > CAJowKgLKkSrzKGZAe2sSgCafjKx_U%2BoWz%2B-FxSb%2BAtppAayQXA% > 40mail.gmail.com > > groups.google.com/d/msgid/bitcoindev/CAJowKgLKkSrzKGZAe2sSgCafjKx_U%2BoWz= %2B- > > FxSb%2BAtppAayQXA%40mail.gmail.com?utm_medium=3Demail&utm_source=3Dfoot= er>. > > --=20 You received this message because you are subscribed to the Google Groups "= Bitcoin Development Mailing List" group. To unsubscribe from this group and stop receiving emails from it, send an e= mail to bitcoindev+unsubscribe@googlegroups.com. To view this discussion visit https://groups.google.com/d/msgid/bitcoindev/= CAJowKgJ8vNpkm-aQHpeMvfW4QOVF3k7APzFMt72y%3DYYzhF_BbA%40mail.gmail.com. --000000000000448ddb064f96537c Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
>=C2=A0 =C2=A0you missed Olaoluwa's posts=C2=A0

No, I didn't miss th= em. They're irrelevant.=C2=A0 =C2=A0The base-case assumption is that th= e quantum assumption isn't attempting to forge a signature based on a p= ublic key.=C2=A0 It has the private key.

In which case there is no p= roof that can help.

On Thu, Apr 16, 2026 at 4:17=E2=80= =AFAM Matt Corallo <lf-lists= @mattcorallo.com> wrote:
Hi Erik,

It appears you missed Olaoluwa's posts on this very list where he did e= xactly the thing you claim is
impossible - build a ZKP which allows someone to prove that they had the pr= ivate key to a
transaction in a way that no quantum computer can forge!

Matt

On 4/15/26 2:08 PM, Erik Aronesty wrote:
> Yes I agree, Matt.=C2=A0 People are definitely talking past each other= .=C2=A0 To me "safe coin maximization at
> the expense of decentralization and proof" seems like the complet= ely wrong goal in almost every way.
>
> I would like you to bear in mind that there is no reasonable way to a = certain that someone is the
> owner of a coin unless they show proof of that private key.=C2=A0 I th= ink we all can agree there.
>
> And that with the theoretical magical quantum computers compromising p= rivate keys they will be no
> distinction between a coin holder and an attack. There is no possible = ZKP that can fix this.
>
> I think the fundamental thing we need to do is provide sovereign and a= ctive users the ability to
> protect their personal coins.=C2=A0 Opting into this protection will o= ccur as the interested users
> determine that it needs to occur.=C2=A0 This is the only sure way to p= revent a premature optimization for
> a computing paradigm that may never exist
>
> Maximizing sovereignty Is the entire purpose of a decentralized and pe= er-to-peer protocol.
>
> Having decentralization and sovereignty be a secondary goal is like ig= noring freedom of speech and
> then pretending to be a democracy.
>
>
>
>
>
> On Wed, Apr 15, 2026, 9:52=E2=80=AFAM Matt Corallo <lf-lists@mattcorallo.com= <mailto:lf-
> lists@mattc= orallo.com>> wrote:
>
>=C2=A0 =C2=A0 =C2=A0Its become obvious in recent discussions that a lar= ge part of the PQC discussion has people
>=C2=A0 =C2=A0 =C2=A0coming at it from very different fundamental goals,= and as a result the conversations often talk
>=C2=A0 =C2=A0 =C2=A0past each other without making real progress. So in= stead of doing that more I'd like to write
>=C2=A0 =C2=A0 =C2=A0down what I think the actual, short-term goal *is*,= what it it is not.
>
>=C2=A0 =C2=A0 =C2=A0Fundamentally, it seems to me the most reasonable g= oal is that we should be seeking to increase
>=C2=A0 =C2=A0 =C2=A0the number of coins which are reasonably likely to = be secured by the time a CRQC exists. Put
>=C2=A0 =C2=A0 =C2=A0another way, we should be seeking to minimize the c= hance that the Bitcoin community feels the
>=C2=A0 =C2=A0 =C2=A0need to fork to burn coins by reducing the number o= f coins which can be stolen to the minimum
>=C2=A0 =C2=A0 =C2=A0number [1].
>
>=C2=A0 =C2=A0 =C2=A0This naturally means focusing on the wallets which = are the *least likely* to migrate or
>=C2=A0 =C2=A0 =C2=A0otherwise get themselves in a safe spot. Focusing o= n those who are the most likely to migrate
>=C2=A0 =C2=A0 =C2=A0does almost nothing to move the needle on the total= number of coins protected, nor, thus, on the
>=C2=A0 =C2=A0 =C2=A0probability of a future Bitcoin community feeling t= he need to burn coins. Sadly, this probably
>=C2=A0 =C2=A0 =C2=A0means the "top wallets" that are generall= y terrible at adopting Bitcoin standards. Wallets which
>=C2=A0 =C2=A0 =C2=A0are the top listing on app stores like (currently i= n the top few in my app store): Bitcoin.com,
>=C2=A0 =C2=A0 =C2=A0Trust Wallet, Coinbase Wallet, Blockchain.com, etc.= These wallets generally use a single static
>=C2=A0 =C2=A0 =C2=A0address (because anything else confuses their users= and they get additional support tickets for
>=C2=A0 =C2=A0 =C2=A0it!) and put very little time into Bitcoin, focusin= g instead on other tokens and integrations.
>
>=C2=A0 =C2=A0 =C2=A0A few non-goals:
>
>=C2=A0 =C2=A0 =C2=A0* To ensure that advanced setups have the absolute = best in post-quantum security. I don't see
>=C2=A0 =C2=A0 =C2=A0how this moves the needle on the above goal, and in= fact in many cases detracts from the above
>=C2=A0 =C2=A0 =C2=A0goal. Of course if we can accomplish this without d= etracting from the top-line goal above, great.
>
>=C2=A0 =C2=A0 =C2=A0* To ensure we have the best possible design for th= e signature scheme bitcoin will be using in a
>=C2=A0 =C2=A0 =C2=A0world where a CRQC exists and we've gotten past= the mess. We'll almost certainly know a lot more
>=C2=A0 =C2=A0 =C2=A0about the security of various schemes and have more= options for how to approach the problem by
>=C2=A0 =C2=A0 =C2=A0the point we're dealing with the mess of a CRQC= being imminent, so it seems like a fools errand
>=C2=A0 =C2=A0 =C2=A0to try to predict what we should build for this. Bu= t even if we know no more then than we do
>=C2=A0 =C2=A0 =C2=A0today, likely ending up with hash-based signatures = as the scheme everyone uses, we'll almost
>=C2=A0 =C2=A0 =C2=A0certainly be having conversations about additional = witness discounts or increased block sizes to
>=C2=A0 =C2=A0 =C2=A0compensate for the sudden increase in transaction s= izes. Maybe we would decide against such an
>=C2=A0 =C2=A0 =C2=A0increase, but there's no question such a conver= sation would happen and it would be premature to
>=C2=A0 =C2=A0 =C2=A0have it today.
>
>=C2=A0 =C2=A0 =C2=A0Matt
>
>=C2=A0 =C2=A0 =C2=A0[1] Of course I believe that the lost coin pool is = large enough that the Bitcoin community will,
>=C2=A0 =C2=A0 =C2=A0almost without question, fork to disable insecure s= pend paths and burn some coins in the
>=C2=A0 =C2=A0 =C2=A0process, but reducing the number of coins burned to= the absolute minimum is of course best for
>=C2=A0 =C2=A0 =C2=A0everyone.
>
>=C2=A0 =C2=A0 =C2=A0--
>=C2=A0 =C2=A0 =C2=A0You received this message because you are subscribe= d to the Google Groups "Bitcoin Development
>=C2=A0 =C2=A0 =C2=A0Mailing List" group.
>=C2=A0 =C2=A0 =C2=A0To unsubscribe from this group and stop receiving e= mails from it, send an email to
>=C2=A0 =C2=A0 =C2=A0bitcoindev+unsubscribe@googlegroups.com <= ;mailto:bitcoindev%2Bunsubscribe@googlegroups.com>.
>=C2=A0 =C2=A0 =C2=A0To view this discussion visit https://groups.google.com/d/msgid/bitcoindev/05E6D06B-1F7= 2-48F6-
>=C2=A0 =C2=A0 =C2=A0B4F3-0225675BCC1F%40mattcorallo.com <https://groups.google.com/d/msgid/
>=C2=A0 =C2=A0 =C2=A0bitcoindev/05E6D06B-1F72-48F6-B4F3-0225675BCC1F%40ma= ttcorallo.com>.
>
> --
> You received this message because you are subscribed to the Google Gro= ups "Bitcoin Development
> Mailing List" group.
> To unsubscribe from this group and stop receiving emails from it, send= an email to
> bitcoindev+unsubscribe@googlegroups.com <mailto:bitcoin= dev+unsubscribe@googlegroups.com>.
> To view this discussion visit https://groups.googl= e.com/d/msgid/bitcoindev/
> CAJowKgLKkSrzKGZAe2sSgCafjKx_U%2BoWz%2B-FxSb%2BAtppAayQXA%40mail.gmail.c= om <https://
> groups.goog= le.com/d/msgid/bitcoindev/CAJowKgLKkSrzKGZAe2sSgCafjKx_U%2BoWz%2B-
> FxSb%2BAtppAayQXA%40mail.gmai= l.com?utm_medium=3Demail&utm_source=3Dfooter>.

--
You received this message because you are subscribed to the Google Groups &= quot;Bitcoin Development Mailing List" group.
To unsubscribe from this group and stop receiving emails from it, send an e= mail to bitcoind= ev+unsubscribe@googlegroups.com.
To view this discussion visit https://groups.google.com/d/= msgid/bitcoindev/CAJowKgJ8vNpkm-aQHpeMvfW4QOVF3k7APzFMt72y%3DYYzhF_BbA%40ma= il.gmail.com.
--000000000000448ddb064f96537c--