Matt Corallo's avatar
Matt Corallo matt@bitcoin.ninja 3 weeks ago
It’s *way* more than 5%! A CRQC operated by a private entity will almost certainly not be interested in stealing 5% of the supply and sitting on it, they’ll likely want to sell a decent chunk of their stolen coins to pay back investors for the immense R&D cost they spent. The total quantity of coins available on markets is not anywhere close to 20M, it’s a tiny fraction. Having something even like 1-2% of total Bitcoin supply flood the market at once is going to have a very large impact on price. As for your claim that this is somehow changing a fundamental property of Bitcoin, i think you’re losing the Bitcoin philosophy for the way it happened to be written down. Yes, it’s critical for Bitcoin to have a hard line in the sand against coin theft. But you don’t get to pick here - the coins are going to be stolen or frozen no matter what you do. Getting myopic about *who* is doing it isn’t a part of Bitcoin’s value proposition, you’re just reading too much into the way the rules happened to be written down, not the reason for them.
↑ Parent

Replies (3)

Matt Corallo's avatar
Matt Corallo matt@bitcoin.ninja 3 weeks ago
Oh also I forgot to respond to your second point - if we allow for claims via a seedphrase-based recovery scheme, we will not know which coins are frozen and which are not, so it remains 21M Bitcoin :)
JOHN ARNOLD's avatar
JOHN ARNOLD john@primal.net 3 weeks ago
Think there are a couple things getting lost in translation here: 1) Re the 5%, I was going off your closing comment about “an extra million coins,” which I took to be your approximation of total coins immediately vulnerable to a CRQC at rest (very old P2PK addresses etc). I’m not sure where the latest estimate stands on that, but that delta (which you cited in your post) is what I’m responding to. But even at a 10, 20, 50% etc difference between forks, the credibility point still seems more relevant to me in the long run than the absolute number. 2) I absolutely grant that suddenly reawakening a large amount of supply at once would impact the price in the short run. I think there are reasons to be skeptical that that’s actually how it would play out, but even granting that that happened, I don’t think it’s ideal to optimize critical design questions around short-term price dynamics (Bitcoin is not a company, but any company that makes material changes to strategy to avoid temporary declines in its stock price is one you want to avoid). The future I’m imagining is one where PQC signatures / quantum-safe options exist (obviously TBD but that’s it’s own question, and pointless to worry about freezing old coins if we can’t figure that out), so “stolen” coins could only be stolen once (presumably they would quickly end up in quantum-safe addresses, even if their thieves immediately dumped them on the open market), and the price of original bitcoin therefore wouldn’t be permanently impaired. That we should look into developing quantum-safe options to make that possible is a different conversation than what we should do or not do with vulnerable coins. 3) I’m not making any philosophical claims here about Bitcoin’s nature, though I have some objections to the way you frame your comments. My point was simply about how “the market” (as you framed it) would evaluate the two hypothetical chains, and I’m saying a) that evaluation would focus more on supply credibility than just absolute number of circulating bitcoin and b) it seems there’s good reason to believe it would find the original chain more credible in its supply schedule guarantees than the other.