A controversial hard fork of Bitcoin may be needed to resolve an impossible choice between freezing the BTC in addresses owned by Satoshi Nakamoto and the early miners, or seeing them stolen and dumped in a potential quantum attack.
That’s according to Bitcoin Core developer and Blockstream co-founder Matt Corallo, who said recently the outcome of such a fork is pre-ordained.
The Sophie’s Choice style dilemma is caused by the fact that around 1.72 million coins in these early pay-to-public-key (P2PK) mining addresses are quantum vulnerable and have been dormant for 15 years or more. Chainalysis estimates that a further 1.1 million-2.1 million Bitcoin has been permanently lost. A large percentage of that is in addresses with exposed public keys.
The only way to make Bitcoin post-quantum secure is for the owners of the private keys to move it to secure addresses themselves. So even after BIP-360 is activated and after a post-quantum signature scheme is eventually added, between 13% and 18% of the total Bitcoin supply will remain in vulnerable addresses. That would potentially leave a honeypot for quantum attackers worth up to $270 billion.
The theft and sale of even a fraction of that amount would destroy the price and strike a heavy blow to Bitcoin’s reputation as immutable hard money. For those who bought Bitcoin based on its hard cap supply and low inflation, 4 million coins is the equivalent of adding the past decade’s worth of Bitcoin mining block rewards to the circulating supply.
Some Bitcoiners argue it’ll never happen. Others say that when quantum computers are invented, it will be too expensive and take too long to crack all the affected addresses. But does the community want to take that risk?
Burn the lost Bitcoin to prevent quantum theft
The obvious solution is to make these coins non-transferable, so they can’t be stolen. Jameson Lopp co-authored QBIP, which would prevent coins from being sent to quantum-vulnerable addresses after a deadline of three years after BIP-360’s activation. Five years after that, funds in those addresses would no longer be able to be spent.
“If we don’t do anything, we’re kind of killing the hard-money, fixed-supply ethos of Bitcoin because we’re unlocking 20%-30% supply for hackers. That is going to kill trust,” says Charles Edwards, founder of Capriole.
However, zeroing out the value of millions of dormant coins, including those mined by Bitcoin’s creator, is vehemently opposed by a sizable contingent of Bitcoiners, who believe it undermines the immutable private property rights that Bitcoin offers.
Read also
Features
You Say You Want a Revolution: What Blockchain Can Learn from One Man’s Attempt to Save the World
Features
The Lizard People Invented Bitcoin: Crypto is a Hotbed for Conspiracy Theories
But Edwards says a carefully planned migration is the “lesser of two evils.” He believes 99.9% of active Bitcoin owners would migrate. Only the outliers, such as people stuck in prison, would be unable to move coins.
“We’re worrying about coins which are never going to be recovered because they’re in landfills and tips where people lost their keys five, 10 years ago. Satoshi is probably dead, et cetera. So, I don’t think we’re, we’d be impacting many people at all on that, if any, and the net benefit to everyone would be substantial.”
Despite this, he’s resigned to the status quo prevailing. “I think the most probable outcome is nothing will happen on that topic because it’s too hard to discuss and to get any agreement on. So, the probable outcome is to do nothing,” he says.
What would Satoshi do about the quantum issue?
A social media poll by Cointelegraph found that roughly two-thirds of respondents favor freezing these coins, while a third are opposed. (Social media polls aren’t scientific, and the poll wasn’t of Bitcoiners exclusively.)
On the “Pleb Underground” podcast, BIP-360 co-author Hunter Beast raised the intriguing possibility that Satoshi may have actually intended for the early coins to be returned to the supply. He noted that the original Bitcoin client in 2009 had two address types to receive payments and defaulted to one that exposed the public keys for mining rewards.
Satoshi would likely have been aware of Shor’s algorithm, which was invented 15 years earlier and can theoretically reverse engineer private keys from public keys via a quantum computer.
Beast called it an “interesting choice in hindsight” to default to that address type for “people who might have lost their keys early on and not have realized the value of what they were doing.”
“It could mean that maybe Satoshi intended for that supply to be returned to circulation. Maybe that was his intention in that design choice.”
Bitcoiner Pierre Rochard told the “Lumen Podcast” he was fine with the coins being stolen.
“Personally, my view is that they should just be up for grabs, so people will do quantum mining on old coins, and it is what it is. Will they sell those Bitcoin right away or not? That’s up to them. Right? That’s the freedom of Bitcoin.”
Bitcoin Core dev suggests a fork may be inevitable
Long-time Bitcoin Core dev Corallo recently told “Unchained” the issue may end up being decided by a hard fork — one fork of Bitcoin will freeze the coins, and the other will keep them.
“Once someone proposes the fork, I think it’s very clear which one the market is going to prefer. There’s either the fork with insecure spend paths disabled, or there’s the fork with, as you note, several million additional coins on the market,” he says.
Also read: Bitcoin faces 6 massive challenges to become quantum secure
Corallo believes the fork with the lower supply will have a big advantage in becoming the dominant fork.
“The market is going to prefer the one that disables the coin. So, I don’t think, while there is some discussion of it in Bitcoin, it’s not really ambiguous as to what the outcome of that will be and what will happen there.”
A compromise proposal called Hourglass
However, there is a proposal that attempts to broker a compromise between the two sides.
Beast’s Hourglass V2 proposal attempts to mitigate the damage by allowing P2PK coins (the OG output type) to be stolen by a quantum attacker, but to reenter circulation in a steady and predictable manner of 1 BTC per block, which is roughly 144 Bitcoin per day.
The proposal states:
“Without a spending constraint, over 6,000 P2PK transactions could be executed in each block — potentially releasing more than 300,000 coins per block to the market. At this rate, all P2PK coins could be spent in just a few hours if no mitigations are activated.”
However, it would not apply to other output types with exposed public keys.
Can we freeze the coins but let the rightful owner reclaim them?
Another partial solution is to freeze the quantum vulnerable coins and then design a mechanism for the genuine owner to retrieve them.
Ethereum’s post-quantum team has been working on a solution that involves the owner of frozen coins proving ownership of the seed phrase using zero-knowledge proofs. They could then move the coins to a safe address.
Read also
Features
You Say You Want a Revolution: What Blockchain Can Learn from One Man’s Attempt to Save the World
Features
The Lizard People Invented Bitcoin: Crypto is a Hotbed for Conspiracy Theories
BitMEX Research has outlined a very similar method for Bitcoin using ZK proofs. While this could help for coins lost in the past 10 years, it won’t work for the considerable number of OG coins in addresses that predate seed phrases.
For those addresses, the owners would need to “pre-commit” prior to Q Day, which is a non-starter for lost coins.
BitMEX Research concluded that none of the available options was appealing:
“These possible post-quantum freeze recovery systems are not without their downsides. For example they may be complicated, involve significant softfork protocol upgrades and be burdensome on node operators, including new possible DoS vulnerabilities. However, if we are going to do a freeze, they may at least be something worth considering. At least it is an interesting thought experiment.”
The best solution for Satoshi’s coins is also the simplest. Satoshi should move them out of harm’s way.
“I’m really happy about it,” says Antonio Sanso from Ethereum’s post-quantum team.
“We’ll probably discover if Satoshi Nakamoto is either alive or gave the seed to someone!”
Also read: Bitcoin may take 7 years to upgrade to post-quantum: BIP-360 co-author
Subscribe
The most engaging reads in blockchain. Delivered once a
week.
Andrew Fenton
Andrew Fenton is a writer and editor at Cointelegraph with more than 25 years of experience in journalism and has been covering cryptocurrency since 2018. He spent a decade working for News Corp Australia, first as a film journalist with The Advertiser in Adelaide, then as deputy editor and entertainment writer in Melbourne for the nationally syndicated entertainment lift-outs Hit and Switched On, published in the Herald Sun, Daily Telegraph and Courier Mail. He interviewed stars including Leonardo DiCaprio, Cameron Diaz, Jackie Chan, Robin Williams, Gerard Butler, Metallica and Pearl Jam. Prior to that, he worked as a journalist with Melbourne Weekly Magazine and The Melbourne Times, where he won FCN Best Feature Story twice. His freelance work has been published by CNN International, Independent Reserve, Escape and Adventure.com, and he has worked for 3AW and Triple J. He holds a degree in Journalism from RMIT University and a Bachelor of Letters from the University of Melbourne. Andrew holds ETH, BTC, VET, SNX, LINK, AAVE, UNI, AUCTION, SKY, TRAC, RUNE, ATOM, OP, NEAR and FET above Cointelegraph’s disclosure threshold of $1,000.
Disclaimer
Cointelegraph Magazine publishes long-form journalism, analysis and narrative reporting produced by Cointelegraph’s in-house editorial team with subject-matter expertise.
All articles are edited and reviewed by Cointelegraph editors in line with our editorial standards.
Content published in Magazine does not constitute financial, legal or investment advice. Readers should conduct their own research and consult qualified professionals where appropriate. Cointelegraph maintains full editorial independence.
Read the full article here