From mboxrd@z Thu Jan 1 00:00:00 1970 Delivery-date: Sat, 14 Feb 2026 13:39:59 -0800 Received: from mail-oi1-f189.google.com ([209.85.167.189]) by mail.fairlystable.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (Exim 4.94.2) (envelope-from ) id 1vrNMs-0000VG-EN for bitcoindev@gnusha.org; Sat, 14 Feb 2026 13:39:59 -0800 Received: by mail-oi1-f189.google.com with SMTP id 5614622812f47-45f0bfd68a3sf7321539b6e.3 for ; Sat, 14 Feb 2026 13:39:57 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com; s=20230601; t=1771105192; x=1771709992; darn=gnusha.org; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:x-original-sender:mime-version :subject:references:in-reply-to:message-id:to:from:date:sender:from :to:cc:subject:date:message-id:reply-to; bh=dG4EC1T7pRtXkpl/8XzmN5m/XNxjSC8eMI22YWJj1Lw=; b=ee6LdaMcW1b5854ZS1FZsNDDVJNtDmMuWEZmgQsrAiXMzLmdRmZUQw8Z+3eg+8vL9A 3UF8l8bZb7Wz5kKwo9g63+3mCJQTpzzvlMmPFoOi8t8giCfthzvqRV+aLL7+QcWKLD8f CJfWSOae3h22cs6F/HtZo2AXkWFePpJ8rDpyoN2Xec+WqD/V1xWlGiRwpfLUzPpQdiZA RjwZoMPEOHp2etiF4WQ2w2J6DNYeY6jAzKoOjTdmzS9835pb/JM5grDF/GFiR/L+v2f7 p4F+PKh4yid9aEu+XoZsPLW3LLXb4xMaFviqr7fUNZE1SwQKcGet2DtTGlpFLHdlv6Hk xh8A== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1771105192; x=1771709992; darn=gnusha.org; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:x-original-sender:mime-version :subject:references:in-reply-to:message-id:to:from:date:from:to:cc :subject:date:message-id:reply-to; bh=dG4EC1T7pRtXkpl/8XzmN5m/XNxjSC8eMI22YWJj1Lw=; b=kfPdDlno7BD3lMgeNpz5TERIrHhTB6xlJP3oVvvPzy2t681v0/21XfmGFblubLNpAz jjcGkdrLA8poVeMjVcYZf5O8LkdNTf8d6BiJcOsD5qgB79avDNtvI1nlAZjcChCbVAFb 3JJ+2gRvnGuK5eVAL7bI7cIuEEemBxuipwc98Ue+c5Nh/4hN4iGQ7W2dgHwQG4RwhNMr OZXsXbp4nhfyhQmkD/ziljrpOKIWnj/lUckMbvjEVj91kiA6txMWw2E8VE2UES/jM21x FEzzpFvR9kyg/SmKZqGO0jIK+1Mw1Pyot+IilD11grXwDpAZnL8Dfxw8sr+YcQ7cAMPW VBZQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1771105192; x=1771709992; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:x-original-sender:mime-version :subject:references:in-reply-to:message-id:to:from:date:x-beenthere :x-gm-message-state:sender:from:to:cc:subject:date:message-id :reply-to; bh=dG4EC1T7pRtXkpl/8XzmN5m/XNxjSC8eMI22YWJj1Lw=; b=CBPRhZRKtXMRGk0MW5th9aioxMnb+naCdJUmy+YHeEXa9bNpj2kf6SApbInDJ6RcO3 1I4H8Eb+r11rgz+WWtwnNZe+9w/M4Bvsn1xnNq5/0koV1DkrgngPPEVZqGV4lJnu3jim OnKqUV+FUjxCeCguVNPdCNCWQrKBsoV6x5ISjQ4H3svCbXkHz1vbIY2CCScTUsPqfiMs 3DtaObQ8rocYTJaIGy3qwzAIezYXNLyHLtIjKzoVQga7PXetzzhdeYSSozJ27r+k8CeY pUZxSsyBDbfBGG12nUn8oOWjc9HPJCv/wSukwtAHtKSJo5oQ8gHOTEViOzJP05yj/4SU PYPg== Sender: bitcoindev@googlegroups.com X-Forwarded-Encrypted: i=1; AJvYcCXjzyGbsd1Kqh+woB7PRylrM0ftHRns3bbxvk9Ukn8Mut91qbDBbwA/7YREYOBQYHsm/nlMlCw5wfrH@gnusha.org X-Gm-Message-State: AOJu0YwDEz4JYsoCM1WHnCgtloGM4decwcxrzF43Ef6Fj801t+xv1wFQ 6T4rBTjGa1Lt3b+YZo/qlC5BSs9wkqbAghdgPG6w7UeI7LNucAIDi7VR X-Received: by 2002:a05:6808:bc7:b0:463:8fba:5e00 with SMTP id 5614622812f47-463b3f19eb1mr1689451b6e.30.1771105192055; Sat, 14 Feb 2026 13:39:52 -0800 (PST) X-BeenThere: bitcoindev@googlegroups.com; h="AV1CL+FNGkdFvJ8zclZdEo41pNXSLygd6aYGFEgD+3R42rnpWA==" Received: by 2002:a05:6870:d28a:b0:40e:f455:16fb with SMTP id 586e51a60fabf-40ef4551d67ls1180756fac.0.-pod-prod-04-us; Sat, 14 Feb 2026 13:39:47 -0800 (PST) X-Received: by 2002:a05:6808:1305:b0:45e:d827:86dd with SMTP id 5614622812f47-463b4049106mr1687455b6e.41.1771105187189; Sat, 14 Feb 2026 13:39:47 -0800 (PST) Received: by 2002:a05:690c:8b02:b0:794:c577:7579 with SMTP id 00721157ae682-7979c76970bms7b3; Sat, 14 Feb 2026 04:39:46 -0800 (PST) X-Received: by 2002:a05:690c:1a:b0:796:3c5d:70bf with SMTP id 00721157ae682-797ac5570c3mr17496167b3.29.1771072785752; Sat, 14 Feb 2026 04:39:45 -0800 (PST) Date: Sat, 14 Feb 2026 04:39:45 -0800 (PST) From: waxwing/ AdamISZ To: Bitcoin Development Mailing List Message-Id: In-Reply-To: References: <22073a56-1cbf-4ba9-a2ea-46c621d4619c@mattcorallo.com> Subject: Re: [bitcoindev] Algorithm Agility for Bitcoin to maintain security in the face of quantum and classic breaks in the signature algorithms MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="----=_Part_51182_2075870117.1771072785314" X-Original-Sender: ekaggata@gmail.com Precedence: list Mailing-list: list bitcoindev@googlegroups.com; contact bitcoindev+owners@googlegroups.com List-ID: X-Google-Group-Id: 786775582512 List-Post: , List-Help: , List-Archive: , List-Unsubscribe: , X-Spam-Score: -0.5 (/) ------=_Part_51182_2075870117.1771072785314 Content-Type: multipart/alternative; boundary="----=_Part_51183_366059067.1771072785314" ------=_Part_51183_366059067.1771072785314 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Hi Matt, on this point: > Imagine we discover a breakthrough in refrigeration technology that we've= =20 missed for 200 years=20 tomorrow (or a room temperature superconductor, or...) plus a few other=20 major engineering=20 breakthroughs and we're now on track to have a CRQC in 2-3 years instead of= =20 15-20, and oh in 6=20 months we discover that they're not just gonna be buildable soon but pretty= =20 easy to build farms and=20 they'll be able to calculate a private key in seconds. Yes, we can stand on= =20 principle and watch as=20 the CRQCs steal all the bitcoin and sell them to recoup their investment,= =20 but the market is=20 obviously not going to value that because the thing that's left isn't=20 recognizable as Bitcoin - its=20 just some weird cryptographic scheme where tokens are shifting around all= =20 the time and everyone is=20 stealing from everyone else. For sure. It's unlikely but it's certainly *not* out of scope. Basically=20 the "it happens fast" scenario. I don't see how it changes anything about the general principles. It's just= =20 worse. People who are active are going to move their coins to new outputs. People who are dead or lost= =20 the keys are not. (People who have locked them in a way that they are 100% inaccessible for 5+ years are= =20 of course the most unfortunate case here, perhaps worth discussing=20 separately.) It's just a worse (in terms of turbulence) version of the (far, far more=20 likely) slow scenario. Look, I get the "yuck" reflex and the "this is ridiculous" reflex; if=20 something is patently obviously "open" and previously wasn't, then=20 "obviously" we should just lock it up - or do something, anyway. But the=20 real world, whether it's a 2 year time frame or the more likely 20-50++=20 year timeframe, doesn't have this clean epistemology: we won't *know for=20 sure* when the world shifts from "outputs are safe" to "this stuff is=20 claimable by anyone with the machine". Even *if* it isn't all developed in= =20 super-secret (it probably will be), we still won't know. That's why I said= =20 "perhaps worth discussing separately" for timelocks; there you have=20 objective, public-verifiable "this is frozen" status. The "secure" vs=20 "insecure" status simply will not be knowable in advance. That makes any=20 engineering decisions that even *might* violate private property rights=20 completely unworkable. > we can stand on principle and watch as=20 the CRQCs steal all the bitcoin and sell them to recoup their investment yes, this is precisely what you would have to do (except as per previous=20 paragraph, it will *not* be obvious, even if large movements occur - what= =20 if someone actually owns the coins and is trying to trick the market?).=20 Assuming the thesis is correct (that it's CRQCs doing it), then the coins= =20 at that point are held in completely insecure outputs. Who has the right to= =20 take them? Answer: anyone who's fast enough, just like a coin whose private= =20 key is "123" or similarly insecure, gets taken all the time. Should the=20 network freeze insecure private keys when it sees them? The problem is not the *reasoning* of safety. The problem is that, more=20 than safety, principles matter, and unlike Groucho Marx, we don't have any= =20 others :) On Friday, February 13, 2026 at 1:21:28=E2=80=AFPM UTC-3 Matt Corallo wrote= : > > > On 2/12/26 10:36 AM, waxwing/ AdamISZ wrote: > > > For what its worth I do not see a scenario where a decision ultimatel= y=20 > made by the market will=20 > pick > > the fork side with materially, say 5-10x higher, supply, over the side= =20 > with lower supply...supply > > and demand is king, especially with the "confiscatory" nature is=20 > basically nil as ~all wallets today > > use seedphrases, which could still be spent with a ZK=20 > proof-of-seedphrase :). > > > > This line of reasoning is wrong imo. > > > > If supply and demand is king, why not just delete supply as much as=20 > possible? No more mining? > > Arbitrary freezing of various actors' coins (but with warning! so it's= =20 > only confiscation in quotes, > > right?). > > > > Hypothetical: someone proposes a fork which freezes all coins residing= =20 > at utxos with addresses > > containing "234" (insert technical description as appropriate - you get= =20 > the idea). It'll be a bit > > like the rules about driving into town with various letters in your=20 > license plate, though, a bit > > more permanent :) The vast majority will benefit economically from the= =20 > lazy few who don't notice, > > since if they pay attention, they can hop out of the frozen addresses= =20 > with time to spare, so why > > doesn't it happen? > > > > Obviously, ridiculous examples, but .. point stands in general: > > > > It's a curious kind of self-referential. The "market" here is really th= e=20 > set of holders, their > > *short term* interest is to grab any they can, but their long term=20 > interest is to have their stash > > keep its value. There is *nothing* that will destroy bitcoin's value=20 > more effectively (certainly not > > technical issues like bugs, certainly not an unexpected unlock of a big= =20 > amount of coins to be moved > > in the market) than an event that questions the "private property=20 > promise": > > > > 1/ coin inflation schedule is set in stone; > > 2/ if you can cryptographically validate a transfer, bitcoin will let= =20 > you do it, i.e. you can always > > spend your own money; > > 3/ if you "locked" a utxo with a certain ruleset in the past, that=20 > ruleset will still be active and > > let you spend in future, i.e. you can't be locked out of your own money= . > > > > Bitcoin is the only digital asset in the world for which those=20 > assertions are credible; it has never > > yet violated them, and imo it's the thing that keeps it unique and=20 > important (PoW ties in; it's > > another aspect of the same rigid adherence to no controlling entities). > > > > That's why both this idea and Peter Todd's tail emission idea, both hig= h=20 > quality engineering-safety > > thinking, will not happen, in my opinion. > > I obviously agree with you at a high level - the value of Bitcoin derives= =20 > from its (attempt at)=20 > trustlessness and any attempts to break that will necessarily result in= =20 > the market rejecting them=20 > precisely because they break the exact thing that gives Bitcoin value. > > Its also hard to analyze this because it depends so much on the very exac= t=20 > scenario we're talking=20 > about. There are indeed certainly scenarios I can imagine where I think= =20 > the market would prefer to=20 > not disable insecure spend paths. But at the risk of using an equally=20 > absurd example as yours, > > Imagine we discover a breakthrough in refrigeration technology that we've= =20 > missed for 200 years=20 > tomorrow (or a room temperature superconductor, or...) plus a few other= =20 > major engineering=20 > breakthroughs and we're now on track to have a CRQC in 2-3 years instead= =20 > of 15-20, and oh in 6=20 > months we discover that they're not just gonna be buildable soon but=20 > pretty easy to build farms and=20 > they'll be able to calculate a private key in seconds. Yes, we can stand= =20 > on principle and watch as=20 > the CRQCs steal all the bitcoin and sell them to recoup their investment,= =20 > but the market is=20 > obviously not going to value that because the thing that's left isn't=20 > recognizable as Bitcoin - its=20 > just some weird cryptographic scheme where tokens are shifting around all= =20 > the time and everyone is=20 > stealing from everyone else. > > There would certainly be market participants (like you, I guess :p) that= =20 > try to hold on to the=20 > original Bitcoin and might even invest some money in buying more (from th= e=20 > CRQC-operators). And the=20 > insecure-spend-paths-disabled fork would probably have somewhat less valu= e=20 > than the original as a=20 > result. But the original chain would without question have nearly zero=20 > value, and the fork might=20 > have some. > > Now, this scenario maybe seems exaggerated, but actually I think its=20 > equivalent to the most likely=20 > outcome. Not that I think we'll see multiple major 100-year physics=20 > breakthroughs soon, but rather=20 > if we see a CRQC in the next 10-20 years, that the state of Bitcoin walle= t=20 > adoption of PQ spend=20 > paths will be only marginally better than it is today. Sure, maybe 50% of= =20 > wallets have upgraded, but=20 > that's not enough to have any outcome materially different from the above= . > > Finally, more philosophically, I disagree that these are somehow=20 > equivalent. Yes, in stated=20 > black-and-white principles it violates the "ethics of Bitcoin", but that= =20 > the *alternative does too*.=20 > Leaving the coins to be stolen by a CRQC almost equally violates the=20 > "ethics of Bitcoin" - the=20 > rightful owner of the coins, the one that created the private key and did= =20 > not leak that private key=20 > to anyone else no longer has the coins! but... > > > > ZK proof-of-seedphrase :). > > > > Oh cool, that's a good point. Ethan's counterpoint is good too, that we= =20 > would need a consensus rule > > and that's v. hard, but: my spidey sense is tingling a bit about whethe= r=20 > people might find tricks to > > avoid it: if you consider the very clever tricks recently discovered=20 > around Glock, ArgoMAC and so > > on, they enable gating txs behind ZKP schemes w/o new consensus but wha= t=20 > we're talking about here is > > way more narrowly defined than the larger problem they're trying to=20 > solve, which might support being > > optimistic ...). > > I think this makes the philosophical point more stark! Now the options in= =20 > front of the future=20 > Bitcoin community aren't "burn the coins or let the CRQC-operator steal= =20 > them" then options in front=20 > of the future Bitcoin community are "burn some of the coins and let a=20 > probably-majority of the=20 > rightful owners claim them, or let the CRQC-operator steal all of them". = I=20 > cannot justify why the=20 > second option is somehow more ethical or more in line with building the= =20 > best, most trustless money=20 > on the planet. > > Matt > --=20 You received this message because you are subscribed to the Google Groups "= Bitcoin Development Mailing List" group. To unsubscribe from this group and stop receiving emails from it, send an e= mail to bitcoindev+unsubscribe@googlegroups.com. To view this discussion visit https://groups.google.com/d/msgid/bitcoindev/= f9d2dd92-7fda-4d4c-a91d-02bc79460b69n%40googlegroups.com. ------=_Part_51183_366059067.1771072785314 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
Hi Matt, on this point:

>=C2=A0Imagine w= e discover a breakthrough in refrigeration technology that we've missed for= 200 years=20
tomorrow (or a room temperature superconductor, or...) plus a few oth= er major engineering=20
breakthroughs and we're now on track to have a CRQC in 2-3 years inst= ead of 15-20, and oh in 6=20
months we discover that they're not just gonna be buildable soon but = pretty easy to build farms and=20
they'll be able to calculate a private key in seconds. Yes, we can st= and on principle and watch as=20
the CRQCs steal all the bitcoin and sell them to recoup their investm= ent, but the market is=20
obviously not going to value that because the thing that's left isn't= recognizable as Bitcoin - its=20
just some weird cryptographic scheme where tokens are shifting around= all the time and everyone is=20
stealing from everyone else.

For sure. It'= s unlikely but it's certainly *not* out of scope. Basically the "it happens= fast" scenario.

I don't see how it changes anyt= hing about the general principles. It's just worse. People who are active
are going to move their coins to new outputs. People who are dead = or lost the keys are not. (People who
have locked them in a way t= hat they are 100% inaccessible for 5+ years are of course the most unfortun= ate case here, perhaps worth discussing separately.)

=
It's just a worse (in terms of turbulence) version of the (far, far mo= re likely) slow scenario.

Look, I get the "yuck"= reflex and the "this is ridiculous" reflex; if something is patently obvio= usly "open" and previously wasn't, then "obviously" we should just lock it = up - or do something, anyway. But the real world, whether it's a 2 year tim= e frame or the more likely 20-50++ year timeframe, doesn't have this clean = epistemology: we won't *know for sure* when the world shifts from "outputs = are safe" to "this stuff is claimable by anyone with the machine". Even *if= * it isn't all developed in super-secret (it probably will be), we still wo= n't know. That's why I said "perhaps worth discussing separately" for timel= ocks; there you have objective, public-verifiable "this is frozen" status. = The "secure" vs "insecure" status simply will not be knowable in advance. T= hat makes any engineering decisions that even *might* violate private prope= rty rights completely unworkable.

>=C2=A0we c= an stand on principle and watch as=20
the CRQCs steal all the bitcoin and sell them to recoup their investm= ent

yes, this is precisely what you would have t= o do (except as per previous paragraph, it will *not* be obvious, even if l= arge movements occur - what if someone actually owns the coins and is tryin= g to trick the market?). Assuming the thesis is correct (that it's CRQCs do= ing it), then the coins at that point are held in completely insecure outpu= ts. Who has the right to take them? Answer: anyone who's fast enough, just = like a coin whose private key is "123" or similarly insecure, gets taken al= l the time. Should the network freeze insecure private keys when it sees th= em?

The problem is not the *reasoning* of safety= . The problem is that, more than safety, principles matter, and unlike Grou= cho Marx, we don't have any others :)



O= n Friday, February 13, 2026 at 1:21:28=E2=80=AFPM UTC-3 Matt Corallo wrote:=


On 2/12/26 10:36 AM, waxwing/ AdamISZ wrote:
> > For what its worth I do not see a scenario where a decision= ultimately made by the market will=20
pick
> the fork side with materially, say 5-10x higher, supply, over the= side with lower supply...supply
> and demand is king, especially with the "confiscatory" = nature is basically nil as ~all wallets today
> use seedphrases, which could still be spent with a ZK proof-of-se= edphrase :).
>
> This line of reasoning is wrong imo.
>
> If supply and demand is king, why not just delete supply as much = as possible? No more mining?
> Arbitrary freezing of various actors' coins (but with warning= ! so it's only confiscation in quotes,
> right?).
>
> Hypothetical: someone proposes a fork which freezes all coins res= iding at utxos with addresses
> containing "234" (insert technical description as appr= opriate - you get the idea). It'll be a bit
> like the rules about driving into town with various letters in yo= ur license plate, though, a bit
> more permanent :) The vast majority will benefit economically fro= m the lazy few who don't notice,
> since if they pay attention, they can hop out of the frozen addre= sses with time to spare, so why
> doesn't it happen?
>
> Obviously, ridiculous examples, but .. point stands in general:
>
> It's a curious kind of self-referential. The "market&quo= t; here is really the set of holders, their
> *short term* interest is to grab any they can, but their long ter= m interest is to have their stash
> keep its value. There is *nothing* that will destroy bitcoin'= s value more effectively (certainly not
> technical issues like bugs, certainly not an unexpected unlock of= a big amount of coins to be moved
> in the market) than an event that questions the "private pro= perty promise":
>
> 1/ coin inflation schedule is set in stone;
> 2/ if you can cryptographically validate a transfer, bitcoin will= let you do it, i.e. you can always
> spend your own money;
> 3/ if you "locked" a utxo with a certain ruleset in the= past, that ruleset will still be active and
> let you spend in future, i.e. you can't be locked out of your= own money.
>
> Bitcoin is the only digital asset in the world for which those as= sertions are credible; it has never
> yet violated them, and imo it's the thing that keeps it uniqu= e and important (PoW ties in; it's
> another aspect of the same rigid adherence to no controlling enti= ties).
>
> That's why both this idea and Peter Todd's tail emission = idea, both high quality engineering-safety
> thinking, will not happen, in my opinion.

I obviously agree with you at a high level - the value of Bitcoin deriv= es from its (attempt at)=20
trustlessness and any attempts to break that will necessarily result in= the market rejecting them=20
precisely because they break the exact thing that gives Bitcoin value.

Its also hard to analyze this because it depends so much on the very ex= act scenario we're talking=20
about. There are indeed certainly scenarios I can imagine where I think= the market would prefer to=20
not disable insecure spend paths. But at the risk of using an equally a= bsurd example as yours,

Imagine we discover a breakthrough in refrigeration technology that we&= #39;ve missed for 200 years=20
tomorrow (or a room temperature superconductor, or...) plus a few other= major engineering=20
breakthroughs and we're now on track to have a CRQC in 2-3 years in= stead of 15-20, and oh in 6=20
months we discover that they're not just gonna be buildable soon bu= t pretty easy to build farms and=20
they'll be able to calculate a private key in seconds. Yes, we can = stand on principle and watch as=20
the CRQCs steal all the bitcoin and sell them to recoup their investmen= t, but the market is=20
obviously not going to value that because the thing that's left isn= 't recognizable as Bitcoin - its=20
just some weird cryptographic scheme where tokens are shifting around a= ll the time and everyone is=20
stealing from everyone else.

There would certainly be market participants (like you, I guess :p) tha= t try to hold on to the=20
original Bitcoin and might even invest some money in buying more (from = the CRQC-operators). And the=20
insecure-spend-paths-disabled fork would probably have somewhat less va= lue than the original as a=20
result. But the original chain would without question have nearly zero = value, and the fork might=20
have some.

Now, this scenario maybe seems exaggerated, but actually I think its eq= uivalent to the most likely=20
outcome. Not that I think we'll see multiple major 100-year physics= breakthroughs soon, but rather=20
if we see a CRQC in the next 10-20 years, that the state of Bitcoin wal= let adoption of PQ spend=20
paths will be only marginally better than it is today. Sure, maybe 50% = of wallets have upgraded, but=20
that's not enough to have any outcome materially different from the= above.

Finally, more philosophically, I disagree that these are somehow equiva= lent. Yes, in stated=20
black-and-white principles it violates the "ethics of Bitcoin"= ;, but that the *alternative does too*.=20
Leaving the coins to be stolen by a CRQC almost equally violates the &q= uot;ethics of Bitcoin" - the=20
rightful owner of the coins, the one that created the private key and d= id not leak that private key=20
to anyone else no longer has the coins! but...

> > ZK proof-of-seedphrase :).
>
> Oh cool, that's a good point. Ethan's counterpoint is goo= d too, that we would need a consensus rule
> and that's v. hard, but: my spidey sense is tingling a bit ab= out whether people might find tricks to
> avoid it: if you consider the very clever tricks recently discove= red around Glock, ArgoMAC and so
> on, they enable gating txs behind ZKP schemes w/o new consensus b= ut what we're talking about here is
> way more narrowly defined than the larger problem they're try= ing to solve, which might support being
> optimistic ...).

I think this makes the philosophical point more stark! Now the options = in front of the future=20
Bitcoin community aren't "burn the coins or let the CRQC-opera= tor steal them" then options in front=20
of the future Bitcoin community are "burn some of the coins and le= t a probably-majority of the=20
rightful owners claim them, or let the CRQC-operator steal all of them&= quot;. I cannot justify why the=20
second option is somehow more ethical or more in line with building the= best, most trustless money=20
on the planet.

Matt

--
You received this message because you are subscribed to the Google Groups &= quot;Bitcoin Development Mailing List" group.
To unsubscribe from this group and stop receiving emails from it, send an e= mail to bitcoind= ev+unsubscribe@googlegroups.com.
To view this discussion visit https://groups.google.com/d/msgid/bitcoind= ev/f9d2dd92-7fda-4d4c-a91d-02bc79460b69n%40googlegroups.com.
------=_Part_51183_366059067.1771072785314-- ------=_Part_51182_2075870117.1771072785314--