From mboxrd@z Thu Jan 1 00:00:00 1970 Delivery-date: Thu, 16 Apr 2026 04:44:24 -0700 Received: from mail-oa1-f56.google.com ([209.85.160.56]) by mail.fairlystable.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (Exim 4.94.2) (envelope-from ) id 1wDL8x-0006sB-Ag for bitcoindev@gnusha.org; Thu, 16 Apr 2026 04:44:23 -0700 Received: by mail-oa1-f56.google.com with SMTP id 586e51a60fabf-40ef793e45esf5939514fac.3 for ; Thu, 16 Apr 2026 04:44:22 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1776339857; cv=pass; d=google.com; s=arc-20240605; b=k0Y17F51x3GdTMRP2pgNaV8R1WHfvvHQ7vUYBPtU08Jauh1iIczFabwSZSQfpFbD9t Q2OJkJHqJVFRsBVq/jibrhraxEsJM5+NFELNMecOYm1Ba0/Pjaz+wtct3WxpttoCR1uh f2FUc1OR6HiTuHcqwfYEhK8zw1CVaGopE9NXEwziGsFG6ewhhkPC7UC58+Cd9Kh6U5FB XjodRtHWpejw9ClVrmijURbmY8s2RkIJzsUoiywkWLZFsbtXPqhg0toqtJvwCCgE8uml UCnjlf/pTApjYQrjIxQFir/BKUwwtEsu9deFMQpKaIDK0L2nmR22GQlqRrpNfL5hrxuM wCBg== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:content-transfer-encoding :in-reply-to:from:content-language:references:cc:to:subject :mime-version:date:message-id:sender:dkim-signature; bh=+S672/DzrECLvC3xtY1KaJb3r+tH3CpAMg3gacybYWk=; fh=2sJ0Yp8h1mirFnMxhi0yR7nBfvUiTvU3i6eYtYnqIZE=; b=lCp4SdAxYxg41K1mS+AwyJbrkQ/dOcD1ihYkgsJ96RZiNetqQSAu5O6t5fAlSt5m3S pG1OGdmsVqiH7Qhdhp8hZSXmAorkPc6KHLcof9GLakbgvavKwjYLD6okMsy49kL2Dzs/ CS0j1UNpHClrtsdRdOG+aWCH2G3CYFt66BIWuTmTQXT5R3GTxtFb7Oz7t1npVzgItiEF /+HMYnpozl4I83W90x/2nDzsPHB/x1aft4tWvzAIXjfivoxv6g02LCkiy27ZvsJR8hTy cR4OL2yTj88x/SBj/c8ZMrQ20D4kd0hy+26H0o4tDuH1VqoFZHrzeXQ6AUxHg8ij5Jf3 iM8Q==; darn=gnusha.org ARC-Authentication-Results: i=2; gmr-mx.google.com; dkim=pass header.i=@mattcorallo.com header.s=1776336062 header.b=G+LSsqkR; dkim=pass header.i=@clients.mail.as397444.net header.s=1776336064 header.b=I+8IaxK2; spf=pass (google.com: domain of lf-lists@mattcorallo.com designates 69.59.18.99 as permitted sender) smtp.mailfrom=lf-lists@mattcorallo.com; dmarc=pass (p=NONE sp=REJECT dis=NONE) header.from=mattcorallo.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com; s=20251104; t=1776339857; x=1776944657; darn=gnusha.org; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:x-original-authentication-results :x-original-sender:content-transfer-encoding:in-reply-to:from :content-language:references:cc:to:subject:mime-version:date :message-id:sender:from:to:cc:subject:date:message-id:reply-to; bh=+S672/DzrECLvC3xtY1KaJb3r+tH3CpAMg3gacybYWk=; b=LOOdEeREruZb4Ml5gu/jYnXP+n7MqoTA5amvI5oOYgj1XjAX4RKFc+XamfW3SOG2oc 0W8LAEqUM3g9AIMlTnO6szHmrib8x4117V1OPRMsre0RGpThQRuT4U1JvFdU8BfhWLCH hikKM8YJdsiFhKJSbAYIFguohvJy8mwHO+zAL0IaYTpPWJsFBzrjuYF+K7gxImNp5YmX TiUBZiO6zQ2TgLKJE8XF26O0etYE7++JGnNpUeOxPZ/rexEtGxm8GcrIoj1eE0q2NS2v /haeH5lZFOEKCUEOUsTr1xVXy/v/z0SZfWIfxeFpIcMoiwoVobjGEJUf+ijGKSgWyxns iMZA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1776339857; x=1776944657; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:x-original-authentication-results :x-original-sender:content-transfer-encoding:in-reply-to:from :content-language:references:cc:to:subject:mime-version:date :message-id:x-beenthere:x-gm-message-state:sender:from:to:cc:subject :date:message-id:reply-to; bh=+S672/DzrECLvC3xtY1KaJb3r+tH3CpAMg3gacybYWk=; b=I6JyQ2p49vpHcMf4hQmJx5OmXUIKS1fzyAgL6+o3v77ZjwmR7I4suiUR6YxaShGtLa uO8Qe2QV0riY+N+JaG/A9vqB6i+0JxwGJQizm/oJjwXzoUWtdeAt38jrCnAc1iyVY1Zn 0taag5oMZrd9Ig0cBeAUi2N0y9heip6KtqxDUK/2Wj74+ZW2ZlRZSh97bwIy3koshxtY mOkSBLnCgnZ9YGP1pjtX+pxlui1W1RkCLejIWrY2FKBXoRb2veNFO3h27r1qZ54+GKYx 5N/zLBo+hpXgc2ZcQmtrTlPlqv1HegIsAt1kogUuRh8E01YjlfH/04Vsdb21H3waogjg agwQ== Sender: bitcoindev@googlegroups.com X-Forwarded-Encrypted: i=2; AFNElJ8iNp0B93Leg1vWP0kRdiRamxjcN8OgDYsz0OTA1gGe03PX/HiKdD8bixUBYOBxvPM9aLm3+JCMQ2ek@gnusha.org X-Gm-Message-State: AOJu0YwgKfHrn8njBGC5DLgXA2TiNRxMowLnYx6HXxTLK8jE2CedxtUh tXzPFoAejq3IsJAtwgPDO1CBGH7FszOfMGtX5d2hwCS8IcQ1RyftgSkf X-Received: by 2002:a05:6870:1654:b0:423:cf:dabf with SMTP id 586e51a60fabf-423e10c449cmr15108044fac.20.1776339856991; Thu, 16 Apr 2026 04:44:16 -0700 (PDT) X-BeenThere: bitcoindev@googlegroups.com; h="AYAyTiJE6zwNOgXr8axL3EmLvstABdeQfbqZCjNnL+0r+EhgaA==" Received: by 2002:a05:6871:d615:b0:3c9:732d:60f2 with SMTP id 586e51a60fabf-4280c483a51ls340916fac.1.-pod-prod-02-us; Thu, 16 Apr 2026 04:44:12 -0700 (PDT) X-Received: by 2002:a05:6808:4f4f:b0:464:5f3:ed1 with SMTP id 5614622812f47-4789fc079d3mr12216953b6e.26.1776339852297; Thu, 16 Apr 2026 04:44:12 -0700 (PDT) Received: by 2002:a05:690c:3612:b0:7b3:13f7:5f3a with SMTP id 00721157ae682-7b8ade91770ms7b3; Thu, 16 Apr 2026 04:17:25 -0700 (PDT) X-Received: by 2002:a05:690e:43cf:b0:652:ddea:1679 with SMTP id 956f58d0204a3-652ddea253fmr4919403d50.16.1776338245002; Thu, 16 Apr 2026 04:17:25 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1776338244; cv=none; d=google.com; s=arc-20240605; b=IRzaDwM8kqh/sZQdhiSSBmZmnA1+Vw1/LGyvwh9CGVWMGZakgtMHw+0kNKIGHVcOec rDfuHb1N3lXvJdx4gDSFuXEnQTF6VYTE5Y29CR46xotQ5qr9eobGZnp8Fw03i5UR36da mRuM/HR5pVOf//tjqYuzOFq9ZHWhJgA2yTP7qrkoUigiKDkT2sl6b7be/dJy5mTmcRIK v+Is3lFnYoL0m01Vohn1ubair1X3rPLcybkZbtrTJwNAj9s1gfYyg04LUl21IGc1cXGb QstcpuWYqRSh6UU7E//aiNZX5WyFgQgLPiqBbDIaWcems5aZnudqmU1bp1kBNHZmOw4c 1ApA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=content-transfer-encoding:in-reply-to:from:content-language :references:cc:to:subject:mime-version:date:message-id :dkim-signature:dkim-signature; bh=ch0fHV7a6U9kn1/gKsEuHNmO1uuqF/qfhtR6IzKoUP4=; fh=t0xe4s6OwK/nag7dWixgc9y26E3m78ldPpNpzh4RGuU=; b=JQppAkxj5oDt7RN9J+JvvfpeFCYo8qywFLTZxxlmBfWjVlMXkknyQ2RZ4U3e70ike5 fac8Oy85lzFfBzwTozbny0nVTLhMsO7/AALhO/O7GMgaLSg4qa5IOOt2B0jrsBKpZmdk Ju1Gq6NzslDjgLRTpGaSKzIfoAUPkzi+RPzYAuvcVYFcBLzx9KVG5aMTpemiSfzpjvUz dSvT2jZWaFjyL9brcr2zfoC7Eoben7QB54U47wVv/Lahtld+F2NiC4PyaLPMfNo+hixB 5JiwPqZrklrghXDkCwqDOxBG/qNnTHcyVpQFYziDx5AezE5WGdwNjp3lvIGXO2pnQWyl J8Kw==; dara=google.com ARC-Authentication-Results: i=1; gmr-mx.google.com; dkim=pass header.i=@mattcorallo.com header.s=1776336062 header.b=G+LSsqkR; dkim=pass header.i=@clients.mail.as397444.net header.s=1776336064 header.b=I+8IaxK2; spf=pass (google.com: domain of lf-lists@mattcorallo.com designates 69.59.18.99 as permitted sender) smtp.mailfrom=lf-lists@mattcorallo.com; dmarc=pass (p=NONE sp=REJECT dis=NONE) header.from=mattcorallo.com Received: from mail.as397444.net (mail.as397444.net. [69.59.18.99]) by gmr-mx.google.com with ESMTPS id 956f58d0204a3-652e4530186si137525d50.2.2026.04.16.04.17.24 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 16 Apr 2026 04:17:24 -0700 (PDT) Received-SPF: pass (google.com: domain of lf-lists@mattcorallo.com designates 69.59.18.99 as permitted sender) client-ip=69.59.18.99; X-DKIM-Note: Keys used to sign are likely public at X-DKIM-Note: https://as397444.net/dkim/mattcorallo.com and X-DKIM-Note: https://as397444.net/dkim/clients.mail.as397444.net X-DKIM-Note: For more info, see https://as397444.net/dkim/ Received: by mail.as397444.net with esmtpsa (TLS1.3) (Exim) (envelope-from ) id 1wDKip-000000067nD-1z3K; Thu, 16 Apr 2026 11:17:23 +0000 Message-ID: Date: Thu, 16 Apr 2026 07:17:22 -0400 MIME-Version: 1.0 Subject: Re: [bitcoindev] PQC - What is our Goal, Even? To: Erik Aronesty Cc: Bitcoin Development Mailing List References: <05E6D06B-1F72-48F6-B4F3-0225675BCC1F@mattcorallo.com> Content-Language: en-US From: Matt Corallo In-Reply-To: Content-Type: text/plain; charset="UTF-8"; format=flowed Content-Transfer-Encoding: quoted-printable X-Original-Sender: lf-lists@mattcorallo.com X-Original-Authentication-Results: gmr-mx.google.com; dkim=pass header.i=@mattcorallo.com header.s=1776336062 header.b=G+LSsqkR; dkim=pass header.i=@clients.mail.as397444.net header.s=1776336064 header.b=I+8IaxK2; spf=pass (google.com: domain of lf-lists@mattcorallo.com designates 69.59.18.99 as permitted sender) smtp.mailfrom=lf-lists@mattcorallo.com; dmarc=pass (p=NONE sp=REJECT dis=NONE) header.from=mattcorallo.com Precedence: list Mailing-list: list bitcoindev@googlegroups.com; contact bitcoindev+owners@googlegroups.com List-ID: X-Google-Group-Id: 786775582512 List-Post: , List-Help: , List-Archive: , List-Unsubscribe: , X-Spam-Score: -0.8 (/) Hi Erik, It appears you missed Olaoluwa's posts on this very list where he did exact= ly the thing you claim is=20 impossible - build a ZKP which allows someone to prove that they had the pr= ivate key to a=20 transaction in a way that no quantum computer can forge! Matt On 4/15/26 2:08 PM, Erik Aronesty wrote: > Yes I agree, Matt.=C2=A0 People are definitely talking past each other.= =C2=A0 To me "safe coin maximization at=20 > the expense of decentralization and proof" seems like the completely wron= g goal in almost every way. >=20 > I would like you to bear in mind that there is no reasonable way to a cer= tain that someone is the=20 > owner of a coin unless they show proof of that private key.=C2=A0 I think= we all can agree there. >=20 > And that with the theoretical magical quantum computers compromising priv= ate keys they will be no=20 > distinction between a coin holder and an attack. There is no possible ZKP= that can fix this. >=20 > I think the fundamental thing we need to do is provide sovereign and acti= ve users the ability to=20 > protect their personal coins.=C2=A0 Opting into this protection will occu= r as the interested users=20 > determine that it needs to occur.=C2=A0 This is the only sure way to prev= ent a premature optimization for=20 > a computing paradigm that may never exist >=20 > Maximizing sovereignty Is the entire purpose of a decentralized and peer-= to-peer protocol. >=20 > Having decentralization and sovereignty be a secondary goal is like ignor= ing freedom of speech and=20 > then pretending to be a democracy. >=20 >=20 >=20 >=20 >=20 > On Wed, Apr 15, 2026, 9:52=E2=80=AFAM Matt Corallo lists@mattcorallo.com>> wrote: >=20 > Its become obvious in recent discussions that a large part of the PQC= discussion has people > coming at it from very different fundamental goals, and as a result t= he conversations often talk > past each other without making real progress. So instead of doing tha= t more I'd like to write > down what I think the actual, short-term goal *is*, what it it is not= . >=20 > Fundamentally, it seems to me the most reasonable goal is that we sho= uld be seeking to increase > the number of coins which are reasonably likely to be secured by the = time a CRQC exists. Put > another way, we should be seeking to minimize the chance that the Bit= coin community feels the > need to fork to burn coins by reducing the number of coins which can = be stolen to the minimum > number [1]. >=20 > This naturally means focusing on the wallets which are the *least lik= ely* to migrate or > otherwise get themselves in a safe spot. Focusing on those who are th= e most likely to migrate > does almost nothing to move the needle on the total number of coins p= rotected, nor, thus, on the > probability of a future Bitcoin community feeling the need to burn co= ins. Sadly, this probably > means the "top wallets" that are generally terrible at adopting Bitco= in standards. Wallets which > are the top listing on app stores like (currently in the top few in m= y app store): Bitcoin.com, > Trust Wallet, Coinbase Wallet, Blockchain.com, etc. These wallets gen= erally use a single static > address (because anything else confuses their users and they get addi= tional support tickets for > it!) and put very little time into Bitcoin, focusing instead on other= tokens and integrations. >=20 > A few non-goals: >=20 > * To ensure that advanced setups have the absolute best in post-quant= um security. I don't see > how this moves the needle on the above goal, and in fact in many case= s detracts from the above > goal. Of course if we can accomplish this without detracting from the= top-line goal above, great. >=20 > * To ensure we have the best possible design for the signature scheme= bitcoin will be using in a > world where a CRQC exists and we've gotten past the mess. We'll almos= t certainly know a lot more > about the security of various schemes and have more options for how t= o approach the problem by > the point we're dealing with the mess of a CRQC being imminent, so it= seems like a fools errand > to try to predict what we should build for this. But even if we know = no more then than we do > today, likely ending up with hash-based signatures as the scheme ever= yone uses, we'll almost > certainly be having conversations about additional witness discounts = or increased block sizes to > compensate for the sudden increase in transaction sizes. Maybe we wou= ld decide against such an > increase, but there's no question such a conversation would happen an= d it would be premature to > have it today. >=20 > Matt >=20 > [1] Of course I believe that the lost coin pool is large enough that = the Bitcoin community will, > almost without question, fork to disable insecure spend paths and bur= n some coins in the > process, but reducing the number of coins burned to the absolute mini= mum is of course best for > everyone. >=20 > --=20 > You received this message because you are subscribed to the Google Gr= oups "Bitcoin Development > Mailing List" group. > To unsubscribe from this group and stop receiving emails from it, sen= d an email to > bitcoindev+unsubscribe@googlegroups.com . > To view this discussion visit https://groups.google.com/d/msgid/bitco= indev/05E6D06B-1F72-48F6- > B4F3-0225675BCC1F%40mattcorallo.com bitcoindev/05E6D06B-1F72-48F6-B4F3-0225675BCC1F%40mattcorallo.com>. >=20 > --=20 > You received this message because you are subscribed to the Google Groups= "Bitcoin Development=20 > Mailing List" group. > To unsubscribe from this group and stop receiving emails from it, send an= email to=20 > bitcoindev+unsubscribe@googlegroups.com . > To view this discussion visit https://groups.google.com/d/msgid/bitcoinde= v/=20 > CAJowKgLKkSrzKGZAe2sSgCafjKx_U%2BoWz%2B-FxSb%2BAtppAayQXA%40mail.gmail.co= m groups.google.com/d/msgid/bitcoindev/CAJowKgLKkSrzKGZAe2sSgCafjKx_U%2BoWz= %2B-=20 > FxSb%2BAtppAayQXA%40mail.gmail.com?utm_medium=3Demail&utm_source=3Dfooter= >. --=20 You received this message because you are subscribed to the Google Groups "= Bitcoin Development Mailing List" group. To unsubscribe from this group and stop receiving emails from it, send an e= mail to bitcoindev+unsubscribe@googlegroups.com. To view this discussion visit https://groups.google.com/d/msgid/bitcoindev/= c495b375-ebf5-4d9d-a9f6-a9d9922fd3dc%40mattcorallo.com.