From mboxrd@z Thu Jan 1 00:00:00 1970 Delivery-date: Thu, 16 Apr 2026 11:07:56 -0700 Received: from mail-oa1-f56.google.com ([209.85.160.56]) by mail.fairlystable.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (Exim 4.94.2) (envelope-from ) id 1wDR87-0002Iu-D3 for bitcoindev@gnusha.org; Thu, 16 Apr 2026 11:07:56 -0700 Received: by mail-oa1-f56.google.com with SMTP id 586e51a60fabf-40f25e55f20sf12850648fac.0 for ; Thu, 16 Apr 2026 11:07:55 -0700 (PDT) ARC-Seal: i=3; a=rsa-sha256; t=1776362869; cv=pass; d=google.com; s=arc-20240605; b=jniRkzaG9zJF1HtzLYrImLDwv9FHeTBGXK8k7uz0JIK52vVaXaN27kTn7bH848i4oZ BGSZ8CxTXXca/+WRl6vkPZbUb9OU22X+2vR6QVj9w6VVKEFr2p/U0+9mg+h25ZGM9KHn QOvQPXf5yH5m1qb5WazjGXy8ZU/91W0rbb1JN3f2M5KJUL01KiscCvbyAVNFoKB4ivt6 srAdwJ3r3eGsMlqd/LzsBRGkygTEW9doc1O+DfpeU9G+aSIft5KCW5TMGH2986R20aKA CJ6NAHjK/gYB6+KV8QAE/26445/8nzi7ByXPKlr76bFNwf+xgDuoTJkpkPnBKP6ajVQr T3gQ== ARC-Message-Signature: i=3; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:sender:dkim-signature; bh=crtHeyxbMNkQBl1U8JRW1+rnwFmPv/KInraG25D2LW0=; fh=2huF3Jl8Iih4GfRyshCEQSYz3FUhF0WcPV84bIgJHk0=; b=Pvel0OwX4ifC578s2MEP/zH+/zfSLgE82L/ZPuOy6tT7bhhq6TNrzY2qfjzgtP02km CGwSRisnnTI7B2d1FzCXsxg7Ly1smnC6rRuhe88TmBcbG93+FTjYqHeJlLgl4GPK6awF akev8xn0xKgsESXNM/8bRwP74E7mChB600fuM0fFykscNW0bitxByGrPR2zmHbXizlIf H8faRIzyk+9On1MAXZ2NLovlXqswFSRezRuJBoxClIq8t92TU03wk6qvKfuwalkFnWm8 XiWhr4BGj/dUDHGTq/bOQVnnQlvjMTg4ba5mZ8A5zfBowBGuxl/L6DtKAULur12M7BIB Zi1w==; darn=gnusha.org ARC-Authentication-Results: i=3; gmr-mx.google.com; dkim=pass header.i=@q32-com.20251104.gappssmtp.com header.s=20251104 header.b=hctvdFEX; arc=pass (i=1); spf=pass (google.com: domain of earonesty@gmail.com designates 2a00:1450:4864:20::129 as permitted sender) smtp.mailfrom=earonesty@gmail.com; dara=pass header.i=@googlegroups.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com; s=20251104; t=1776362869; x=1776967669; darn=gnusha.org; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:x-original-authentication-results :x-original-sender:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:sender:from:to:cc:subject:date:message-id :reply-to; bh=crtHeyxbMNkQBl1U8JRW1+rnwFmPv/KInraG25D2LW0=; b=NN0h9uWrS2dEeEPLoxaG6SL5zJtj19CqiqEnsTn920aBvuaYEmN9rxbDzisZy5HGp7 1MVWYgnjcQdKKaSSP9Mqtm5WDemFGyblW6xwWC3u073p4CMVMrJiCh/ljHiWYT1R4Cy4 9TUylqDr6AytxdEGqRzgbxiYZgt0mI71YeFQ0ah0hsdTVGwAn8FUxcJVbquomWqqGRSC aVjKX7xyGPak1WKcPxMYibkGWoFlvUxuo4TtbGuOwLIRdyIH9TR4asi+qJxAg9yZlyVg lbLAuMPKWBb92DKO84fPVU5tRgfd9r2J+TfxVl30p/jJTm1Mk9s/gHJMTdRTJen/eHxv Kw9Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1776362869; x=1776967669; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:x-original-authentication-results :x-original-sender:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:x-gm-gg:x-beenthere:x-gm-message-state :sender:from:to:cc:subject:date:message-id:reply-to; bh=crtHeyxbMNkQBl1U8JRW1+rnwFmPv/KInraG25D2LW0=; b=enq9Ifozhl7l52B7tXBDdJWHUmq+/Qfy1ZLQiy0sfdBypuHIxHdLMup+wBbaAf0Gf8 deuLoUAzlNwkXqix99GzTI3Byv3Y4rhEaf/PWopVMMBlbM520O4EAm+xgTAVg9nMBIPS Q5rUYZ/Gm13NIy55PTwFqrtqXIWzWBiD3VReOTs6jyUIi/yUYbZTg9VQuQfT40pThZha 1hf2KhUt5InQSQRqgBDBpvCS69Q5dgZqM+TtUK4Ypvx6Cd8RPuVrYBn/qhJuNMwFS21D rdaXHdVPcRJ8Rjv4I3ptvYKOZ6+nKhQTpvDU2IQkC2kwQy+1VBGvRCaeDpGzJJQBeXFc 3P4g== Sender: bitcoindev@googlegroups.com X-Forwarded-Encrypted: i=3; AFNElJ8d9Kgl1jZ88OV67w0frv6joeddpbxGqIQaL5Uf3zuDacaoiTeaWKaNz/6wYuY7iC8Bxw+hXhvx6VI/@gnusha.org X-Gm-Message-State: AOJu0YygPAMY+kGLAExUBmX8BUiXyp615KGGYTSTxQXK8EfAAQQEyPNf VbxTQGl19cx30MGwDShIgC/kZ7t42PoPOfvR+K+qpsRljSiWGYOuIskB X-Received: by 2002:a05:6871:2ecd:b0:417:6402:395f with SMTP id 586e51a60fabf-4288f196327mr275490fac.13.1776362868988; Thu, 16 Apr 2026 11:07:48 -0700 (PDT) X-BeenThere: bitcoindev@googlegroups.com; h="AYAyTiKzPSghop1QX5ffnsqWkThaQmHzIZGU++uE8vNVnXKLrQ==" Received: by 2002:a05:6871:295:b0:417:5927:12e9 with SMTP id 586e51a60fabf-4280c660f3dls746544fac.2.-pod-prod-01-us; Thu, 16 Apr 2026 11:07:45 -0700 (PDT) X-Received: by 2002:a05:6808:528e:b0:467:f9ff:7c54 with SMTP id 5614622812f47-4789f906ef6mr14800705b6e.45.1776362865067; Thu, 16 Apr 2026 11:07:45 -0700 (PDT) Received: by 2002:a05:600c:35d5:b0:488:965a:b7a8 with SMTP id 5b1f17b1804b1-488f571bf23ms5e9; Thu, 16 Apr 2026 09:31:22 -0700 (PDT) X-Received: by 2002:a05:600c:a413:b0:488:a639:b787 with SMTP id 5b1f17b1804b1-488d67f39admr285480935e9.11.1776357080509; Thu, 16 Apr 2026 09:31:20 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1776357080; cv=pass; d=google.com; s=arc-20240605; b=NZdQwooqNQ/7Mdx1o1Uw0Og2NGYvSkgpxEHcebRrdzJrgxwBNNeOEvWNFvaQVXFMDD RCaxeaiw6brIpGcbt9zYtg8hFna1wMngh/1W6ABUP6K6F/Nq8FVUF3v1LiojkcsW/cud +iNC3KHJ5A2l/xw0s96vqXCd/MQFPBErErkrnDH2qtYlhh3rLdhAkWxQdK/oi7HSeOIg ACBwDUseYs20fKfjhDpaymwxXIh7KHSvxLo4XQ3MOBCXNpG1su6gzzJYHN1fYk3QPIU+ 8gRYXN8y6wHPQLB0A8PWHFNJrk7nquY3paxmvfrwJiih+932d7WOuo78QjJx5KJAeXAS Qwiw== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:dkim-signature; bh=dV51Rvi1xiBRWzf194P9qV4dVD0I4BwCMAfWDJWIpng=; fh=xW8bxyqQYHE1uH3XvdCMfZVppoYs0vQZCdqgnVz97es=; b=QLeG3c0spvpvAiQYkK385niSRgkipd/jsXrpym3zOCrU909TtmajC8GIQlN/sdegbm 3Mnup25BSlADVOGOyB1Urc5MBKCZ5TIG27wC+MsEhvYvOa0bK8nzwXU2Wyv8lSZO8uZe rTOpXhwjvuaGEPP6Df/loj+RZuzBtoP4vowsNZl9HYhMszqieoluWMl4qIOVHz+qF+nE IkzOKAQYRNx3jIFIj0JWGjnSu8vyTHBlqA5Um6M6pbYOYoncQaV8Q83HkakFCEcor9gV LzGwb8h7kWBcSUtgd87BinwSWHxbUZcwWLjqQiMOp5RZLgwvqt1xwDSZeL5LQk81BI1S JWMg==; dara=google.com ARC-Authentication-Results: i=2; gmr-mx.google.com; dkim=pass header.i=@q32-com.20251104.gappssmtp.com header.s=20251104 header.b=hctvdFEX; arc=pass (i=1); spf=pass (google.com: domain of earonesty@gmail.com designates 2a00:1450:4864:20::129 as permitted sender) smtp.mailfrom=earonesty@gmail.com; dara=pass header.i=@googlegroups.com Received: from mail-lf1-x129.google.com (mail-lf1-x129.google.com. [2a00:1450:4864:20::129]) by gmr-mx.google.com with ESMTPS id 5b1f17b1804b1-488f581607esi461565e9.2.2026.04.16.09.31.20 for (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Thu, 16 Apr 2026 09:31:20 -0700 (PDT) Received-SPF: pass (google.com: domain of earonesty@gmail.com designates 2a00:1450:4864:20::129 as permitted sender) client-ip=2a00:1450:4864:20::129; Received: by mail-lf1-x129.google.com with SMTP id 2adb3069b0e04-5a41099fa86so924606e87.2 for ; Thu, 16 Apr 2026 09:31:20 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1776357080; cv=none; d=google.com; s=arc-20240605; b=QFFbforDQzTG1CZlge3jCWneO9W8Er/f4lPn94CIhZg4jNy/szUjSFNyu6M9ys2ELJ TBclNiD6M5RFi0+rZCw08FWPhMPcydtS6Dpss4dbAWx3+AM6Al6dPmFednFqR5ozPgiD thpRl6QEOyIklpQN/kQs92bECWSkyC4FB++uPBH1sPr9Bi4ypWpWhKBNkUPEOrGr8ZKW jbE5NCSp1nk78pFA7JmWYbIYSQQAkGp9nQdzsbu1lJfTeGhy0Cc44KFIdu0C2hbCSWfl hRMVLqfO3KwbPE00GykojCi7ZyD5dxD2QGI8LPCjsB/vEqY6Xa1+Bv8wqqmmM+riyCqd vvQA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:dkim-signature; bh=dV51Rvi1xiBRWzf194P9qV4dVD0I4BwCMAfWDJWIpng=; fh=xW8bxyqQYHE1uH3XvdCMfZVppoYs0vQZCdqgnVz97es=; b=hqCyWRyahEcgrW1nwLrDQqX7AX4HOwXj0n8tlTqTJApAOjJNR/CcCQkSz5l/ZRHnbV q3JqJPtqE+/bwEqZDGGPZ3Q72T7rVsCoso0CmSIjTv8kfyg3/QzCn1O7SDQQkw6RgfwE Myvc9P8zusYgX4AD9flb6GoFsgTVZvhr1osmlpoOTBS5xGSznZbIRyUcT4PNvBvd4Q5y nZrlz4bL2Zjmqsfqzo1eO2b43z85ZjPwZ/L6R6T961YKhCt0RDPgHI+A+u9+8UqU0dKu ClyH5ohKLmwO7ji2x+90BHEdTqofeqjeL+S94FIMRwKo1W6vGhPvAZnd+pinXtP3AND2 fgoA==; dara=google.com ARC-Authentication-Results: i=1; mx.google.com; arc=none X-Gm-Gg: AeBDieu1rdT249XHzoKKEBl1ouP7xC7x4cZYza1/Zk/Gy2XE1VmsbKSasvyKWIZLH2N vdO3KNJcW+d+HgRRBHgTxhB+FkzK9qsJlu/ovWrttcEthqLW0ZrjoFV9WXmUDIuLFYbfCLpFpMJ VHsVQXFFtZh3k4QO99L9HXhbIoHgaZHa3HD1Wqqoq/2PMc41W2KKwUGPgFtqR2rpaevQfOUvhuI Q64g4vfPzD5ecKekhFI8m1Tl4SNAmx5kS7D788x2W0TRNmolutLE6nNoXq8igk6vByc0q/zQEAJ t7IDgVo3+RwKTOxR2j6e1OabeLTCp8gzRrel6F369h7ovvQwdDw= X-Received: by 2002:a05:6512:31d6:b0:5a2:a355:aa4e with SMTP id 2adb3069b0e04-5a415563f9dmr11737e87.31.1776357079146; Thu, 16 Apr 2026 09:31:19 -0700 (PDT) MIME-Version: 1.0 References: <05E6D06B-1F72-48F6-B4F3-0225675BCC1F@mattcorallo.com> In-Reply-To: From: Erik Aronesty Date: Thu, 16 Apr 2026 09:31:07 -0700 X-Gm-Features: AQROBzDzgD4CGOoxN1dim6UvM-5OR90nxbqnnBaicYndZH7-LbmfaWKaYeCiopg Message-ID: Subject: Re: [bitcoindev] PQC - What is our Goal, Even? To: Matt Corallo Cc: Bitcoin Development Mailing List Content-Type: multipart/alternative; boundary="000000000000b28856064f965c85" X-Original-Sender: erik@q32.com X-Original-Authentication-Results: gmr-mx.google.com; dkim=pass header.i=@q32-com.20251104.gappssmtp.com header.s=20251104 header.b=hctvdFEX; arc=pass (i=1); spf=pass (google.com: domain of earonesty@gmail.com designates 2a00:1450:4864:20::129 as permitted sender) smtp.mailfrom=earonesty@gmail.com; dara=pass header.i=@googlegroups.com Precedence: list Mailing-list: list bitcoindev@googlegroups.com; contact bitcoindev+owners@googlegroups.com List-ID: X-Google-Group-Id: 786775582512 List-Post: , List-Help: , List-Archive: , List-Unsubscribe: , X-Spam-Score: -0.7 (/) --000000000000b28856064f965c85 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable The assumption Olaoluwa made is that there was a seed derivation at all. Most of the exposed early coins don't have this. On Thu, Apr 16, 2026 at 9:28=E2=80=AFAM Erik Aronesty wrote: > > you missed Olaoluwa's posts > > No, I didn't miss them. They're irrelevant. The base-case assumption is > that the quantum assumption isn't attempting to forge a signature based o= n > a public key. It has the private key. > > In which case there is no proof that can help. > > On Thu, Apr 16, 2026 at 4:17=E2=80=AFAM Matt Corallo > wrote: > >> Hi Erik, >> >> It appears you missed Olaoluwa's posts on this very list where he did >> exactly the thing you claim is >> impossible - build a ZKP which allows someone to prove that they had the >> private key to a >> transaction in a way that no quantum computer can forge! >> >> Matt >> >> On 4/15/26 2:08 PM, Erik Aronesty wrote: >> > Yes I agree, Matt. People are definitely talking past each other. To >> me "safe coin maximization at >> > the expense of decentralization and proof" seems like the completely >> wrong goal in almost every way. >> > >> > I would like you to bear in mind that there is no reasonable way to a >> certain that someone is the >> > owner of a coin unless they show proof of that private key. I think w= e >> all can agree there. >> > >> > And that with the theoretical magical quantum computers compromising >> private keys they will be no >> > distinction between a coin holder and an attack. There is no possible >> ZKP that can fix this. >> > >> > I think the fundamental thing we need to do is provide sovereign and >> active users the ability to >> > protect their personal coins. Opting into this protection will occur >> as the interested users >> > determine that it needs to occur. This is the only sure way to preven= t >> a premature optimization for >> > a computing paradigm that may never exist >> > >> > Maximizing sovereignty Is the entire purpose of a decentralized and >> peer-to-peer protocol. >> > >> > Having decentralization and sovereignty be a secondary goal is like >> ignoring freedom of speech and >> > then pretending to be a democracy. >> > >> > >> > >> > >> > >> > On Wed, Apr 15, 2026, 9:52=E2=80=AFAM Matt Corallo > > > lists@mattcorallo.com>> wrote: >> > >> > Its become obvious in recent discussions that a large part of the >> PQC discussion has people >> > coming at it from very different fundamental goals, and as a resul= t >> the conversations often talk >> > past each other without making real progress. So instead of doing >> that more I'd like to write >> > down what I think the actual, short-term goal *is*, what it it is >> not. >> > >> > Fundamentally, it seems to me the most reasonable goal is that we >> should be seeking to increase >> > the number of coins which are reasonably likely to be secured by >> the time a CRQC exists. Put >> > another way, we should be seeking to minimize the chance that the >> Bitcoin community feels the >> > need to fork to burn coins by reducing the number of coins which >> can be stolen to the minimum >> > number [1]. >> > >> > This naturally means focusing on the wallets which are the *least >> likely* to migrate or >> > otherwise get themselves in a safe spot. Focusing on those who are >> the most likely to migrate >> > does almost nothing to move the needle on the total number of coin= s >> protected, nor, thus, on the >> > probability of a future Bitcoin community feeling the need to burn >> coins. Sadly, this probably >> > means the "top wallets" that are generally terrible at adopting >> Bitcoin standards. Wallets which >> > are the top listing on app stores like (currently in the top few i= n >> my app store): Bitcoin.com, >> > Trust Wallet, Coinbase Wallet, Blockchain.com, etc. These wallets >> generally use a single static >> > address (because anything else confuses their users and they get >> additional support tickets for >> > it!) and put very little time into Bitcoin, focusing instead on >> other tokens and integrations. >> > >> > A few non-goals: >> > >> > * To ensure that advanced setups have the absolute best in >> post-quantum security. I don't see >> > how this moves the needle on the above goal, and in fact in many >> cases detracts from the above >> > goal. Of course if we can accomplish this without detracting from >> the top-line goal above, great. >> > >> > * To ensure we have the best possible design for the signature >> scheme bitcoin will be using in a >> > world where a CRQC exists and we've gotten past the mess. We'll >> almost certainly know a lot more >> > about the security of various schemes and have more options for ho= w >> to approach the problem by >> > the point we're dealing with the mess of a CRQC being imminent, so >> it seems like a fools errand >> > to try to predict what we should build for this. But even if we >> know no more then than we do >> > today, likely ending up with hash-based signatures as the scheme >> everyone uses, we'll almost >> > certainly be having conversations about additional witness >> discounts or increased block sizes to >> > compensate for the sudden increase in transaction sizes. Maybe we >> would decide against such an >> > increase, but there's no question such a conversation would happen >> and it would be premature to >> > have it today. >> > >> > Matt >> > >> > [1] Of course I believe that the lost coin pool is large enough >> that the Bitcoin community will, >> > almost without question, fork to disable insecure spend paths and >> burn some coins in the >> > process, but reducing the number of coins burned to the absolute >> minimum is of course best for >> > everyone. >> > >> > -- >> > You received this message because you are subscribed to the Google >> Groups "Bitcoin Development >> > Mailing List" group. >> > To unsubscribe from this group and stop receiving emails from it, >> send an email to >> > bitcoindev+unsubscribe@googlegroups.com > bitcoindev%2Bunsubscribe@googlegroups.com>. >> > To view this discussion visit >> https://groups.google.com/d/msgid/bitcoindev/05E6D06B-1F72-48F6- >> > B4F3-0225675BCC1F%40mattcorallo.com < >> https://groups.google.com/d/msgid/ >> > bitcoindev/05E6D06B-1F72-48F6-B4F3-0225675BCC1F%40mattcorallo.com>= . >> > >> > -- >> > You received this message because you are subscribed to the Google >> Groups "Bitcoin Development >> > Mailing List" group. >> > To unsubscribe from this group and stop receiving emails from it, send >> an email to >> > bitcoindev+unsubscribe@googlegroups.com > bitcoindev+unsubscribe@googlegroups.com>. >> > To view this discussion visit >> https://groups.google.com/d/msgid/bitcoindev/ >> > CAJowKgLKkSrzKGZAe2sSgCafjKx_U%2BoWz%2B-FxSb%2BAtppAayQXA% >> 40mail.gmail.com > > >> groups.google.com/d/msgid/bitcoindev/CAJowKgLKkSrzKGZAe2sSgCafjKx_U%2BoW= z%2B- >> > FxSb%2BAtppAayQXA%40mail.gmail.com?utm_medium=3Demail&utm_source=3Dfoo= ter>. >> >> --=20 You received this message because you are subscribed to the Google Groups "= Bitcoin Development Mailing List" group. To unsubscribe from this group and stop receiving emails from it, send an e= mail to bitcoindev+unsubscribe@googlegroups.com. To view this discussion visit https://groups.google.com/d/msgid/bitcoindev/= CAJowKgJUzfNXi8JLoN9oqVHjX%2BgQqPZypMgQbnW5mpgZ4HhHmA%40mail.gmail.com. --000000000000b28856064f965c85 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
The assumption=C2=A0 Olaoluwa made is that the= re was a seed derivation at all.=C2=A0 Most of the exposed early coins don&= #39;t have this.

On Thu, Apr 16, 2026 at= 9:28=E2=80=AFAM Erik Aronesty <erik@q32= .com> wrote:
>=C2=A0 =C2=A0you missed Olaoluwa's posts=C2=A0

No, I didn't miss th= em. They're irrelevant.=C2=A0 =C2=A0The base-case assumption is that th= e quantum assumption isn't attempting to forge a signature based on a p= ublic key.=C2=A0 It has the private key.

In which case there is no p= roof that can help.

On Thu, Apr 16, 2026 at 4:17=E2=80=AFAM Matt Corallo <= ;lf-lists@mat= tcorallo.com> wrote:
Hi Erik,

It appears you missed Olaoluwa's posts on this very list where he did e= xactly the thing you claim is
impossible - build a ZKP which allows someone to prove that they had the pr= ivate key to a
transaction in a way that no quantum computer can forge!

Matt

On 4/15/26 2:08 PM, Erik Aronesty wrote:
> Yes I agree, Matt.=C2=A0 People are definitely talking past each other= .=C2=A0 To me "safe coin maximization at
> the expense of decentralization and proof" seems like the complet= ely wrong goal in almost every way.
>
> I would like you to bear in mind that there is no reasonable way to a = certain that someone is the
> owner of a coin unless they show proof of that private key.=C2=A0 I th= ink we all can agree there.
>
> And that with the theoretical magical quantum computers compromising p= rivate keys they will be no
> distinction between a coin holder and an attack. There is no possible = ZKP that can fix this.
>
> I think the fundamental thing we need to do is provide sovereign and a= ctive users the ability to
> protect their personal coins.=C2=A0 Opting into this protection will o= ccur as the interested users
> determine that it needs to occur.=C2=A0 This is the only sure way to p= revent a premature optimization for
> a computing paradigm that may never exist
>
> Maximizing sovereignty Is the entire purpose of a decentralized and pe= er-to-peer protocol.
>
> Having decentralization and sovereignty be a secondary goal is like ig= noring freedom of speech and
> then pretending to be a democracy.
>
>
>
>
>
> On Wed, Apr 15, 2026, 9:52=E2=80=AFAM Matt Corallo <lf-lists@mattcorallo.com= <mailto:lf-
> lists@mattc= orallo.com>> wrote:
>
>=C2=A0 =C2=A0 =C2=A0Its become obvious in recent discussions that a lar= ge part of the PQC discussion has people
>=C2=A0 =C2=A0 =C2=A0coming at it from very different fundamental goals,= and as a result the conversations often talk
>=C2=A0 =C2=A0 =C2=A0past each other without making real progress. So in= stead of doing that more I'd like to write
>=C2=A0 =C2=A0 =C2=A0down what I think the actual, short-term goal *is*,= what it it is not.
>
>=C2=A0 =C2=A0 =C2=A0Fundamentally, it seems to me the most reasonable g= oal is that we should be seeking to increase
>=C2=A0 =C2=A0 =C2=A0the number of coins which are reasonably likely to = be secured by the time a CRQC exists. Put
>=C2=A0 =C2=A0 =C2=A0another way, we should be seeking to minimize the c= hance that the Bitcoin community feels the
>=C2=A0 =C2=A0 =C2=A0need to fork to burn coins by reducing the number o= f coins which can be stolen to the minimum
>=C2=A0 =C2=A0 =C2=A0number [1].
>
>=C2=A0 =C2=A0 =C2=A0This naturally means focusing on the wallets which = are the *least likely* to migrate or
>=C2=A0 =C2=A0 =C2=A0otherwise get themselves in a safe spot. Focusing o= n those who are the most likely to migrate
>=C2=A0 =C2=A0 =C2=A0does almost nothing to move the needle on the total= number of coins protected, nor, thus, on the
>=C2=A0 =C2=A0 =C2=A0probability of a future Bitcoin community feeling t= he need to burn coins. Sadly, this probably
>=C2=A0 =C2=A0 =C2=A0means the "top wallets" that are generall= y terrible at adopting Bitcoin standards. Wallets which
>=C2=A0 =C2=A0 =C2=A0are the top listing on app stores like (currently i= n the top few in my app store): Bitcoin.com,
>=C2=A0 =C2=A0 =C2=A0Trust Wallet, Coinbase Wallet, Blockchain.com, etc.= These wallets generally use a single static
>=C2=A0 =C2=A0 =C2=A0address (because anything else confuses their users= and they get additional support tickets for
>=C2=A0 =C2=A0 =C2=A0it!) and put very little time into Bitcoin, focusin= g instead on other tokens and integrations.
>
>=C2=A0 =C2=A0 =C2=A0A few non-goals:
>
>=C2=A0 =C2=A0 =C2=A0* To ensure that advanced setups have the absolute = best in post-quantum security. I don't see
>=C2=A0 =C2=A0 =C2=A0how this moves the needle on the above goal, and in= fact in many cases detracts from the above
>=C2=A0 =C2=A0 =C2=A0goal. Of course if we can accomplish this without d= etracting from the top-line goal above, great.
>
>=C2=A0 =C2=A0 =C2=A0* To ensure we have the best possible design for th= e signature scheme bitcoin will be using in a
>=C2=A0 =C2=A0 =C2=A0world where a CRQC exists and we've gotten past= the mess. We'll almost certainly know a lot more
>=C2=A0 =C2=A0 =C2=A0about the security of various schemes and have more= options for how to approach the problem by
>=C2=A0 =C2=A0 =C2=A0the point we're dealing with the mess of a CRQC= being imminent, so it seems like a fools errand
>=C2=A0 =C2=A0 =C2=A0to try to predict what we should build for this. Bu= t even if we know no more then than we do
>=C2=A0 =C2=A0 =C2=A0today, likely ending up with hash-based signatures = as the scheme everyone uses, we'll almost
>=C2=A0 =C2=A0 =C2=A0certainly be having conversations about additional = witness discounts or increased block sizes to
>=C2=A0 =C2=A0 =C2=A0compensate for the sudden increase in transaction s= izes. Maybe we would decide against such an
>=C2=A0 =C2=A0 =C2=A0increase, but there's no question such a conver= sation would happen and it would be premature to
>=C2=A0 =C2=A0 =C2=A0have it today.
>
>=C2=A0 =C2=A0 =C2=A0Matt
>
>=C2=A0 =C2=A0 =C2=A0[1] Of course I believe that the lost coin pool is = large enough that the Bitcoin community will,
>=C2=A0 =C2=A0 =C2=A0almost without question, fork to disable insecure s= pend paths and burn some coins in the
>=C2=A0 =C2=A0 =C2=A0process, but reducing the number of coins burned to= the absolute minimum is of course best for
>=C2=A0 =C2=A0 =C2=A0everyone.
>
>=C2=A0 =C2=A0 =C2=A0--
>=C2=A0 =C2=A0 =C2=A0You received this message because you are subscribe= d to the Google Groups "Bitcoin Development
>=C2=A0 =C2=A0 =C2=A0Mailing List" group.
>=C2=A0 =C2=A0 =C2=A0To unsubscribe from this group and stop receiving e= mails from it, send an email to
>=C2=A0 =C2=A0 =C2=A0bitcoindev+unsubscribe@googlegroups.com <= ;mailto:bitcoindev%2Bunsubscribe@googlegroups.com>.
>=C2=A0 =C2=A0 =C2=A0To view this discussion visit https://groups.google.com/d/msgid/bitcoindev/05E6D06B-1F7= 2-48F6-
>=C2=A0 =C2=A0 =C2=A0B4F3-0225675BCC1F%40mattcorallo.com <https://groups.google.com/d/msgid/
>=C2=A0 =C2=A0 =C2=A0bitcoindev/05E6D06B-1F72-48F6-B4F3-0225675BCC1F%40ma= ttcorallo.com>.
>
> --
> You received this message because you are subscribed to the Google Gro= ups "Bitcoin Development
> Mailing List" group.
> To unsubscribe from this group and stop receiving emails from it, send= an email to
> bitcoindev+unsubscribe@googlegroups.com <mailto:bitcoin= dev+unsubscribe@googlegroups.com>.
> To view this discussion visit https://groups.googl= e.com/d/msgid/bitcoindev/
> CAJowKgLKkSrzKGZAe2sSgCafjKx_U%2BoWz%2B-FxSb%2BAtppAayQXA%40mail.gmail.c= om <https://
> groups.goog= le.com/d/msgid/bitcoindev/CAJowKgLKkSrzKGZAe2sSgCafjKx_U%2BoWz%2B-
> FxSb%2BAtppAayQXA%40mail.gmai= l.com?utm_medium=3Demail&utm_source=3Dfooter>.

--
You received this message because you are subscribed to the Google Groups &= quot;Bitcoin Development Mailing List" group.
To unsubscribe from this group and stop receiving emails from it, send an e= mail to bitcoind= ev+unsubscribe@googlegroups.com.
To view this discussion visit https://groups.google.com/d/= msgid/bitcoindev/CAJowKgJUzfNXi8JLoN9oqVHjX%2BgQqPZypMgQbnW5mpgZ4HhHmA%40ma= il.gmail.com.
--000000000000b28856064f965c85--