From: Matt Corallo <lf-lists@mattcorallo.com>
To: Erik Aronesty <erik@q32.com>
Cc: Bitcoin Development Mailing List <bitcoindev@googlegroups.com>
Subject: Re: [bitcoindev] PQC - What is our Goal, Even?
Date: Thu, 16 Apr 2026 07:17:22 -0400 [thread overview]
Message-ID: <c495b375-ebf5-4d9d-a9f6-a9d9922fd3dc@mattcorallo.com> (raw)
In-Reply-To: <CAJowKgLKkSrzKGZAe2sSgCafjKx_U+oWz+-FxSb+AtppAayQXA@mail.gmail.com>
Hi Erik,
It appears you missed Olaoluwa's posts on this very list where he did exactly the thing you claim is
impossible - build a ZKP which allows someone to prove that they had the private key to a
transaction in a way that no quantum computer can forge!
Matt
On 4/15/26 2:08 PM, Erik Aronesty wrote:
> Yes I agree, Matt. People are definitely talking past each other. To me "safe coin maximization at
> the expense of decentralization and proof" seems like the completely wrong goal in almost every way.
>
> I would like you to bear in mind that there is no reasonable way to a certain that someone is the
> owner of a coin unless they show proof of that private key. I think we all can agree there.
>
> And that with the theoretical magical quantum computers compromising private keys they will be no
> distinction between a coin holder and an attack. There is no possible ZKP that can fix this.
>
> I think the fundamental thing we need to do is provide sovereign and active users the ability to
> protect their personal coins. Opting into this protection will occur as the interested users
> determine that it needs to occur. This is the only sure way to prevent a premature optimization for
> a computing paradigm that may never exist
>
> Maximizing sovereignty Is the entire purpose of a decentralized and peer-to-peer protocol.
>
> Having decentralization and sovereignty be a secondary goal is like ignoring freedom of speech and
> then pretending to be a democracy.
>
>
>
>
>
> On Wed, Apr 15, 2026, 9:52 AM Matt Corallo <lf-lists@mattcorallo.com <mailto:lf-
> lists@mattcorallo.com>> wrote:
>
> Its become obvious in recent discussions that a large part of the PQC discussion has people
> coming at it from very different fundamental goals, and as a result the conversations often talk
> past each other without making real progress. So instead of doing that more I'd like to write
> down what I think the actual, short-term goal *is*, what it it is not.
>
> Fundamentally, it seems to me the most reasonable goal is that we should be seeking to increase
> the number of coins which are reasonably likely to be secured by the time a CRQC exists. Put
> another way, we should be seeking to minimize the chance that the Bitcoin community feels the
> need to fork to burn coins by reducing the number of coins which can be stolen to the minimum
> number [1].
>
> This naturally means focusing on the wallets which are the *least likely* to migrate or
> otherwise get themselves in a safe spot. Focusing on those who are the most likely to migrate
> does almost nothing to move the needle on the total number of coins protected, nor, thus, on the
> probability of a future Bitcoin community feeling the need to burn coins. Sadly, this probably
> means the "top wallets" that are generally terrible at adopting Bitcoin standards. Wallets which
> are the top listing on app stores like (currently in the top few in my app store): Bitcoin.com,
> Trust Wallet, Coinbase Wallet, Blockchain.com, etc. These wallets generally use a single static
> address (because anything else confuses their users and they get additional support tickets for
> it!) and put very little time into Bitcoin, focusing instead on other tokens and integrations.
>
> A few non-goals:
>
> * To ensure that advanced setups have the absolute best in post-quantum security. I don't see
> how this moves the needle on the above goal, and in fact in many cases detracts from the above
> goal. Of course if we can accomplish this without detracting from the top-line goal above, great.
>
> * To ensure we have the best possible design for the signature scheme bitcoin will be using in a
> world where a CRQC exists and we've gotten past the mess. We'll almost certainly know a lot more
> about the security of various schemes and have more options for how to approach the problem by
> the point we're dealing with the mess of a CRQC being imminent, so it seems like a fools errand
> to try to predict what we should build for this. But even if we know no more then than we do
> today, likely ending up with hash-based signatures as the scheme everyone uses, we'll almost
> certainly be having conversations about additional witness discounts or increased block sizes to
> compensate for the sudden increase in transaction sizes. Maybe we would decide against such an
> increase, but there's no question such a conversation would happen and it would be premature to
> have it today.
>
> Matt
>
> [1] Of course I believe that the lost coin pool is large enough that the Bitcoin community will,
> almost without question, fork to disable insecure spend paths and burn some coins in the
> process, but reducing the number of coins burned to the absolute minimum is of course best for
> everyone.
>
> --
> You received this message because you are subscribed to the Google Groups "Bitcoin Development
> Mailing List" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to
> bitcoindev+unsubscribe@googlegroups.com <mailto:bitcoindev%2Bunsubscribe@googlegroups.com>.
> To view this discussion visit https://groups.google.com/d/msgid/bitcoindev/05E6D06B-1F72-48F6-
> B4F3-0225675BCC1F%40mattcorallo.com <https://groups.google.com/d/msgid/
> bitcoindev/05E6D06B-1F72-48F6-B4F3-0225675BCC1F%40mattcorallo.com>.
>
> --
> You received this message because you are subscribed to the Google Groups "Bitcoin Development
> Mailing List" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to
> bitcoindev+unsubscribe@googlegroups.com <mailto:bitcoindev+unsubscribe@googlegroups.com>.
> To view this discussion visit https://groups.google.com/d/msgid/bitcoindev/
> CAJowKgLKkSrzKGZAe2sSgCafjKx_U%2BoWz%2B-FxSb%2BAtppAayQXA%40mail.gmail.com <https://
> groups.google.com/d/msgid/bitcoindev/CAJowKgLKkSrzKGZAe2sSgCafjKx_U%2BoWz%2B-
> FxSb%2BAtppAayQXA%40mail.gmail.com?utm_medium=email&utm_source=footer>.
--
You received this message because you are subscribed to the Google Groups "Bitcoin Development Mailing List" group.
To unsubscribe from this group and stop receiving emails from it, send an email to bitcoindev+unsubscribe@googlegroups.com.
To view this discussion visit https://groups.google.com/d/msgid/bitcoindev/c495b375-ebf5-4d9d-a9f6-a9d9922fd3dc%40mattcorallo.com.
next prev parent reply other threads:[~2026-04-16 11:44 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-04-15 16:37 Matt Corallo
2026-04-15 18:08 ` Erik Aronesty
2026-04-16 11:17 ` Matt Corallo [this message]
2026-04-16 16:28 ` Erik Aronesty
2026-04-16 16:31 ` Erik Aronesty
2026-04-16 17:34 ` 'conduition' via Bitcoin Development Mailing List
-- strict thread matches above, loose matches on Subject: below --
2026-04-15 16:37 Matt Corallo
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=c495b375-ebf5-4d9d-a9f6-a9d9922fd3dc@mattcorallo.com \
--to=lf-lists@mattcorallo.com \
--cc=bitcoindev@googlegroups.com \
--cc=erik@q32.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox