From: Erik Aronesty <erik@q32.com>
To: Matt Corallo <lf-lists@mattcorallo.com>
Cc: Bitcoin Development Mailing List <bitcoindev@googlegroups.com>
Subject: Re: [bitcoindev] PQC - What is our Goal, Even?
Date: Wed, 15 Apr 2026 11:08:55 -0700 [thread overview]
Message-ID: <CAJowKgLKkSrzKGZAe2sSgCafjKx_U+oWz+-FxSb+AtppAayQXA@mail.gmail.com> (raw)
In-Reply-To: <05E6D06B-1F72-48F6-B4F3-0225675BCC1F@mattcorallo.com>
[-- Attachment #1: Type: text/plain, Size: 5296 bytes --]
Yes I agree, Matt. People are definitely talking past each other. To me
"safe coin maximization at the expense of decentralization and proof" seems
like the completely wrong goal in almost every way.
I would like you to bear in mind that there is no reasonable way to a
certain that someone is the owner of a coin unless they show proof of that
private key. I think we all can agree there.
And that with the theoretical magical quantum computers compromising
private keys they will be no distinction between a coin holder and an
attack. There is no possible ZKP that can fix this.
I think the fundamental thing we need to do is provide sovereign and active
users the ability to protect their personal coins. Opting into this
protection will occur as the interested users determine that it needs to
occur. This is the only sure way to prevent a premature optimization for a
computing paradigm that may never exist
Maximizing sovereignty Is the entire purpose of a decentralized and
peer-to-peer protocol.
Having decentralization and sovereignty be a secondary goal is like
ignoring freedom of speech and then pretending to be a democracy.
On Wed, Apr 15, 2026, 9:52 AM Matt Corallo <lf-lists@mattcorallo.com> wrote:
> Its become obvious in recent discussions that a large part of the PQC
> discussion has people coming at it from very different fundamental goals,
> and as a result the conversations often talk past each other without making
> real progress. So instead of doing that more I'd like to write down what I
> think the actual, short-term goal *is*, what it it is not.
>
> Fundamentally, it seems to me the most reasonable goal is that we should
> be seeking to increase the number of coins which are reasonably likely to
> be secured by the time a CRQC exists. Put another way, we should be seeking
> to minimize the chance that the Bitcoin community feels the need to fork to
> burn coins by reducing the number of coins which can be stolen to the
> minimum number [1].
>
> This naturally means focusing on the wallets which are the *least likely*
> to migrate or otherwise get themselves in a safe spot. Focusing on those
> who are the most likely to migrate does almost nothing to move the needle
> on the total number of coins protected, nor, thus, on the probability of a
> future Bitcoin community feeling the need to burn coins. Sadly, this
> probably means the "top wallets" that are generally terrible at adopting
> Bitcoin standards. Wallets which are the top listing on app stores like
> (currently in the top few in my app store): Bitcoin.com, Trust Wallet,
> Coinbase Wallet, Blockchain.com, etc. These wallets generally use a single
> static address (because anything else confuses their users and they get
> additional support tickets for it!) and put very little time into Bitcoin,
> focusing instead on other tokens and integrations.
>
> A few non-goals:
>
> * To ensure that advanced setups have the absolute best in post-quantum
> security. I don't see how this moves the needle on the above goal, and in
> fact in many cases detracts from the above goal. Of course if we can
> accomplish this without detracting from the top-line goal above, great.
>
> * To ensure we have the best possible design for the signature scheme
> bitcoin will be using in a world where a CRQC exists and we've gotten past
> the mess. We'll almost certainly know a lot more about the security of
> various schemes and have more options for how to approach the problem by
> the point we're dealing with the mess of a CRQC being imminent, so it seems
> like a fools errand to try to predict what we should build for this. But
> even if we know no more then than we do today, likely ending up with
> hash-based signatures as the scheme everyone uses, we'll almost certainly
> be having conversations about additional witness discounts or increased
> block sizes to compensate for the sudden increase in transaction sizes.
> Maybe we would decide against such an increase, but there's no question
> such a conversation would happen and it would be premature to have it today.
>
> Matt
>
> [1] Of course I believe that the lost coin pool is large enough that the
> Bitcoin community will, almost without question, fork to disable insecure
> spend paths and burn some coins in the process, but reducing the number of
> coins burned to the absolute minimum is of course best for everyone.
>
> --
> You received this message because you are subscribed to the Google Groups
> "Bitcoin Development Mailing List" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to bitcoindev+unsubscribe@googlegroups.com.
> To view this discussion visit
> https://groups.google.com/d/msgid/bitcoindev/05E6D06B-1F72-48F6-B4F3-0225675BCC1F%40mattcorallo.com
> .
>
--
You received this message because you are subscribed to the Google Groups "Bitcoin Development Mailing List" group.
To unsubscribe from this group and stop receiving emails from it, send an email to bitcoindev+unsubscribe@googlegroups.com.
To view this discussion visit https://groups.google.com/d/msgid/bitcoindev/CAJowKgLKkSrzKGZAe2sSgCafjKx_U%2BoWz%2B-FxSb%2BAtppAayQXA%40mail.gmail.com.
[-- Attachment #2: Type: text/html, Size: 6406 bytes --]
next prev parent reply other threads:[~2026-04-15 19:00 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-04-15 16:37 Matt Corallo
2026-04-15 18:08 ` Erik Aronesty [this message]
2026-04-16 11:17 ` Matt Corallo
2026-04-16 16:28 ` Erik Aronesty
2026-04-16 16:31 ` Erik Aronesty
2026-04-16 17:34 ` 'conduition' via Bitcoin Development Mailing List
-- strict thread matches above, loose matches on Subject: below --
2026-04-15 16:37 Matt Corallo
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CAJowKgLKkSrzKGZAe2sSgCafjKx_U+oWz+-FxSb+AtppAayQXA@mail.gmail.com \
--to=erik@q32.com \
--cc=bitcoindev@googlegroups.com \
--cc=lf-lists@mattcorallo.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox