Bitcoiners propose freezing quantum-vulnerable coins in BIP-361

Cypherpunk Jameson Lopp and 5 co-authors from the Bitcoin quantum information abstraction person projected freezing quantum-vulnerable coins connected the Bitcoin network, including Satoshi’s $74 cardinal stash, to forestall them from being stolen erstwhile quantum computers go available.

The determination is the 2nd portion of a three-stage connection nether BIP-361 called the “Post Quantum Migration and Legacy Signature Sunset,” which was posted arsenic a draught to GitHub connected Tuesday.

It addresses a large risk to Bitcoin — the imaginable usage of quantum computers to bargain astir 1.7 cardinal BTC locked successful aboriginal P2PK addresses, including Satoshi’s stash, which are not quantum-proof. 

In the incorrect hands, these coins could importantly undermine the worth of the network. 

Three phases to quantum security 

BIP-361 builds connected BIP-360, released successful February, which projected a brushed fork for a new output type called pay-to-Merkle-root (P2MR). It works likewise to Bitcoin’s existing Taproot (P2TR) addresses but with the quantum-vulnerable cardinal way removed. 

While BIP-360 protects caller coins going forward, it does not code the astir 34% of the proviso that remains susceptible unless it is transferred to caller addresses. 

BIP-361 proposes that 3 years aft activation, signifier A of the connection would forestall immoderate caller BTC from being sent to old-style addresses, with each users connected quantum-resistant code types.

The 2nd signifier (B) would invalidate old-style signatures and immoderate Bitcoin inactive sitting successful susceptible addresses becomes effectively frozen 5 years aft activation. 

Related: Bitcoin tin beryllium made quantum-safe without protocol upgrade: Researcher

Phase C provides a imaginable rescue mechanics utilizing zero-knowledge proofs, allowing radical who missed the deadline but inactive person their effect operation to retrieve frozen funds.

Proposed three-phase solution to the quantum threat. Source: GitHub

The authors described it arsenic a “private inducement to upgrade” due to the fact that mislaid oregon frozen coins lone marque everyone else’s coins worthy somewhat more, whereas quantum-recovered coins marque everyone else’s worthy less.

“This is not an violative attack, rather, it is defensive: our thesis is that the Bitcoin ecosystem wishes to support itself and its interests against those who would similar to bash thing and let a malicious histrion to destruct some worth and trust.”

Bitcoin assemblage pushes back 

However, the connection would render immoderate existing UTXOs unspendable by their owners if they neglect to upgrade, which immoderate person seen arsenic a important philosophical departure from Bitcoin’s ethos. 

Bitcoin protocol developer and researcher Mark Erhardt, who shared BIP-361 connected X connected Tuesday, was met with assemblage pushback and comments specified arsenic “this quantum connection is highly authoritarian and confiscatory … determination is nary bully rationale for forcing the upgrade and rendering aged spends invalid.”

Bitcoin Magazine exertion Brian Trollz rejected the connection outright, TFTC laminitis Marty Bent called it “laughable,” and Phil Geiger, caput of concern improvement astatine Metaplanet, quipped, “We person to bargain people’s wealth to forestall their wealth from being stolen.” 

Cointelegraph reached retired to Lopp for comments, but did not get an contiguous response.

Magazine: Nobody knows if quantum-secure cryptography volition adjacent work