Re: [bitcoindev] PQC - What is our Goal, Even?

Bitcoin Development Mailinglist
 help / color / mirror / Atom feed

From: Matt Corallo <lf-lists@mattcorallo.com>
To: conduition <conduition@proton.me>
Cc: Ethan Heilman <eth3rs@gmail.com>, bitcoindev@googlegroups.com
Subject: Re: [bitcoindev] PQC - What is our Goal, Even?
Date: Sun, 19 Apr 2026 15:43:12 -0400	[thread overview]
Message-ID: <ad1aca9e-c3b4-48ef-92ac-b44f98078d98@mattcorallo.com> (raw)
In-Reply-To: <71374026-6365-45fa-8168-ff1c8cb83dc9@mattcorallo.com>



On 4/19/26 12:37 PM, Matt Corallo wrote:
>>> I think the gap between our views is that I don't buy that the "percentage harm reduction" 
>>> outcome is all that interesting. Sure, there's some % where it certainly is, but its probably in 
>>> the 99+% range, not in the 75-90% range. I think maybe the biggest gap is I just don't find any 
>>> "solution" that results in 10-20% of bitcoin (*especially* active bitcoin people hold keys to 
>>> that made some progress in migrating but maybe screwed up address reuse) being stolen as at all 
>>> interesting. If we manage to get 90% of active coins secured and then 10-20% of active wallets 
>>> get some of their funds stolen, have we actually accomplished something grand, or is Bitcoin's 
>>> reputation so shot that we might as well pack it up and go work on some new fresh chain that is 
>>> PQC from day one? I'm fairly confident the answer is the second, not just in that "we"'ve failed, 
>>> but that the market will see it the same way.
>>
>> Am I reading this right? You think it'd be better to abandon the entire chain if a CRQC can steal 
>> more than 10% of the active coin supply? That's a bleak outlook. I hope you change your mind on 
>> this. I hope even more that we can prevent such theft from happening in the first place. But 
>> again, debating P2TRv2 and P2MR is irrelevant to that goal if you assume address reuse will be 
>> rampant and exploitable.
> 
> Yes, you are reading me right. I genuinely don't see why we should care about a bitcoin if some 
> nontrivial portion of wallets *that "upgraded" to be quantum-secure* get their funds stolen by a 
> quantum computer. The amount of reputational damage from this isn't trivial, but maybe more 
> importantly what on earth do we think the point of bitcoin is if its genuinely that hard to secure?

It was pointed out to me that this was maybe a bit ambiguous. By "active coin supply", I'm really 
talking about the coins which did use a PQC wallet, were theoretically "upgraded" to be safe, but 
then got screwed anyway, possibly just because of what some other sending wallet did and not any bad 
decisions on their (wallet's) part. They still ended up losing funds just because someone else 
screwed up.

I also have similar but maybe not as extreme reservations around broader coin supply, but that is a 
separate topic.

Matt

-- 
You received this message because you are subscribed to the Google Groups "Bitcoin Development Mailing List" group.
To unsubscribe from this group and stop receiving emails from it, send an email to bitcoindev+unsubscribe@googlegroups.com.
To view this discussion visit https://groups.google.com/d/msgid/bitcoindev/ad1aca9e-c3b4-48ef-92ac-b44f98078d98%40mattcorallo.com.

next prev parent reply	other threads:[~2026-04-19 19:58 UTC|newest]

Thread overview: 20+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2026-04-15 16:37 Matt Corallo
2026-04-15 18:08 ` Erik Aronesty
2026-04-16 11:17   ` Matt Corallo
2026-04-16 16:28     ` Erik Aronesty
2026-04-16 16:31       ` Erik Aronesty
2026-04-16 17:34     ` 'conduition' via Bitcoin Development Mailing List
2026-04-17 20:44       ` Matt Corallo
2026-04-17 21:28         ` Ethan Heilman
2026-04-18  0:37           ` Matt Corallo
2026-04-18 15:44             ` 'conduition' via Bitcoin Development Mailing List
2026-04-18 16:34               ` Erik Aronesty
2026-04-19  0:29               ` Matt Corallo
2026-04-19 12:57                 ` Erik Aronesty
2026-04-19 13:36                 ` Matt Corallo
2026-04-19 16:27                   ` 'conduition' via Bitcoin Development Mailing List
2026-04-19 16:37                     ` Matt Corallo
2026-04-19 19:43                       ` Matt Corallo [this message]
2026-04-20 20:20               ` 'Antoine Poinsot' via Bitcoin Development Mailing List
  -- strict thread matches above, loose matches on Subject: below --
2026-04-15 16:37 Matt Corallo
2026-04-20 18:04 ` 'Antoine Poinsot' via Bitcoin Development Mailing List

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=ad1aca9e-c3b4-48ef-92ac-b44f98078d98@mattcorallo.com \
    --to=lf-lists@mattcorallo.com \
    --cc=bitcoindev@googlegroups.com \
    --cc=conduition@proton.me \
    --cc=eth3rs@gmail.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox