Theymos: “Bitcoins Belonging to Satoshi Should Be Destroyed”

[Pierre 2]

I don't really know what to say about this sentence. It has a good point.
But I still feel like it shouldn't be done still. It is too early. I feel like Satoshi will move them one day.

[jbreher]

But in the actual example, the only coins affected are those that have been for all practical purposes abandoned - and WILL be stolen.

Bull-fucking-shit. You ('you' being anyone or any group of people) have absolutely no way of knowing whether or not those coins are abandoned. You also have no way of knowing when or even if they will be stolen.

Again, in case you are still blind to the moral principle, the only person who has a legitimate claim on managing the risk is the owner of the coins themselves. Any lesser standard is simply theft.

If you have a mic, it needs to be dropped.

Thanks. I'm sure I've got an ancient, already-dented SM58 around here somewhere...

[finkelsteinMonster]

...
Thanks. I'm sure I've got an ancient, already-dented SM58 around here somewhere...

That stuff clogging the windscreen? Yeah, that's vomit

[ebliever]

But in the actual example, the only coins affected are those that have been for all practical purposes abandoned - and WILL be stolen.

Bull-fucking-shit. You ('you' being anyone or any group of people) have absolutely no way of knowing whether or not those coins are abandoned. You also have no way of knowing when or even if they will be stolen.

Again, in case you are still blind to the moral principle, the only person who has a legitimate claim on managing the risk is the owner of the coins themselves. Any lesser standard is simply theft.

If you have a mic, it needs to be dropped.

Nope.

As I understood it, in the scenario Theymos outlined, QC technology has reached a point where it is apparent the existing bitcoin protocol WILL be compromised. So a hard fork is developed that will be QC-resistant. Everyone is asked to take action (moving coins in some fashion) into the new QC-resistant haven. Those who do not are leaving their coins where they will become vulnerable to theft using the new QC technology.

So the claim that "You have absolutely no way of knowing whether or not those coins are abandoned" is not accurate. Clearly they _are_ abandoned at this point, by the failure to take action to keep or safeguard the coins. You can't dump cash on a busy street, drive away, and still claim ownership in any meaningful sense.

By rejecting Theymos' suggestion, all you will be achieving is leaving some fraction of all bitcoins available for the first people with the QC technology to sweep up all the loose coins at will. You won't be saving them from evil devs. You will just be losing them to thieves. And then everyone else with bitcoin suffers as the market collapses from the shock of such stupidity in allowing this to happen.

[jbreher]

...
Thanks. I'm sure I've got an ancient, already-dented SM58 around here somewhere...

That stuff clogging the windscreen? Yeah, that's vomit

Unless you've run a for-hire sound co, you have no idea how bad it can actually get.

[jbreher]

You will just be losing them to thieves.

Those coins belong to the owner. They do not belong to you and they do not belong to the collective. It is solely the owner's prerogative to manage the risk of theft. Your initiative to steal them is no more justified than the other thief you postulate.

Thank you for exposing yourself as totally bereft of any moral principles.

Incidentally, BurtW has already fully explained the real risk to overall network value, which is that people will not trust a network that has demonstrated the will to render private keys meaningless.

eta: apostrophe, spelling

[finkelsteinMonster]

...
Thanks. I'm sure I've got an ancient, already-dented SM58 around here somewhere...

That stuff clogging the windscreen? Yeah, that's vomit

Unless you've run a for-hire sound co, you have no idea how bad it can actually get.

Worse. I crewed

[ebliever]

Again, in case you are still blind to the moral principle, the only person who has a legitimate claim on managing the risk is the owner of the coins themselves. Any lesser standard is simply theft.

I'm sensitive to accusations of lacking moral principle, so let me take one more stab at this. Let's say I'm the Grand Overlord of Bitcoin, with unilateral power to act, and I'm faced with this situation.

If I do nothing, the abandoned coins are stolen. But abandoned coins have no worth to their owner anyway, so the owner is not losing anything. The thieves gain, and all law-abiding bitcoin owners suffer from dilution of the market with the stolen coins and the loss of confidence in bitcoin. Outcome: failure of moral principle, as law-abiding people suffer, while lawbreakers gain.

If I do act to destroy the abandoned coins after trying to get everyone to move coins to the QC-resistant haven, the original owners lose them. But they had no value to the owners anyway, or they would have acted to retain the coins. By destroying the coins I prevent thieves from gaining, and safeguard the value of the coins held by all law-abiding bitcoin owners. Outcome: Moral principle against theft is upheld, as thieves are thwarted and law-abiding people have the value of their bitcoin maintained.

Obviously, this all hinges on the degree to which efforts are made to reach everyone and get them to take the necessary action. It would be a failure of moral principle to do less than the utmost in reaching out to everyone and accommodating them as well as possible in assisting them with acting to safeguard their coins. For this, the elements of time, maximum communication/broadcasting through all available venues, and clarity of the warning would be critical.

[ebliever]

You will just be losing them to thieves.

Those coins belong to the owner. They do not belong to you and they do not belong to the collective. It is solely the owner's prerogative to manage the risk of theft. Your initiative to steal them is no more justified than the other thief you postulate.

Thank you for exposing yourself as totally bereft of any moral principles.

Incidentally, BurtW has already fully explained the real risk to overall network value, which is that people will not trust a network that has demonstrated the will to render private keys meaningless.

eta: apostrophe, spelling

In this scenario, the coins have been abandoned. I think this sums up our conflict. I agree perfectly well with you that if (legitimate) ownership can be established, the coins should be left alone and that ownership absolutely should be respected.

[sbtctalk]

If other people's property can be destroyed based on public consensus and fear-mongering, what is the purpose of having a de-centralised system?

Unless Theymos thinks there is a conspiracy behind Satoshi's cache of coins which is a potential Bitcoin kill switch ...

[jbreher]

Again, in case you are still blind to the moral principle, the only person who has a legitimate claim on managing the risk is the owner of the coins themselves. Any lesser standard is simply theft.

I'm sensitive to accusations of lacking moral principle, so let me take one more stab at this. Let's say I'm the Grand Overlord of Bitcoin, with unilateral power to act, and I'm faced with this situation.

If I do nothing, the abandoned coins are stolen.

That does not justify you stealing them before the other party can steal them.

But abandoned coins have no worth to their owner anyway, so the owner is not losing anything.

Up until the very instant they are stolen, the owner has potential value. The exact instant some other actor might steal them is literally un-knowable. Ergo, at the instant you (either a single Bitcoin Overlord or the collective) steal them, it was at a point in time that the coins had potential value to the rightful owner.

The thieves gain,

I'm with with you so far....

and all law-abiding bitcoin owners suffer from dilution of the market

...nope. Lost me. Wait - not 'lost me' - you are wrong. There is no dilution - those coins already existed. Their potential value may at any time up until the theft may be converted to actual value by the rightful owner.

with the stolen coins and the loss of confidence in bitcoin.

The loss of confidence due to the ability to crack an obsolete format key pales in significance to the loss of confidence in bitcoin due to the manifest will for the collective to change the rules to invalidate keys.

Outcome: failure of moral principle,

Bullshit. It is never moral to steal, even though the objective be to prevent some other from stealing.

as law-abiding people suffer, while lawbreakers gain.

The law abiding suffer no loss. That other thief may gain, sure. But what of the rightful owner? Again, you have no means of determining exactly when that other thief will act. The management of the risk of such theft is solely the prerogative of the rightful coin owner.

Obviously, this all hinges on the degree to which efforts are made to reach everyone and get them to take the necessary action. It would be a failure of moral principle to do less than the utmost in reaching out to everyone and accommodating them as well as possible in assisting them with acting to safeguard their coins. For this, the elements of time, maximum communication/broadcasting through all available venues, and clarity of the warning would be critical.

Necessary yet insufficient.

[finkelsteinMonster]

... Let's say I'm the Grand Overlord of Bitcoin, with unilateral power to act, and I'm faced with this situation.

Fails as a hypothetical right there. What you're describing is the job of central banks. Bitcoin's defining quality is *not* having such an entity.

If I do nothing, the abandoned coins are stolen. But abandoned coins have no worth to their owner anyway, so the owner is not losing anything.

Both assumptions are unreasonable, making this hypothetical irrelevant. If we could show, with 100% certainty, that "coins have no worth to their owner anyway," there'd be no point to any of this. Starting with faulty premises has a very high chance of resulting in false conclusions.

[ebliever]

I see your point, jbreher. But I cannot agree with it. It would make me the accomplice of thieves, their enabler, and an actor with malicious intent against all other bitcoin owners. That is where my moral principle leaves me. It is interesting that the same motives (concern for ownership rights) can lead to such opposite conclusions.

[finkelsteinMonster]

... I agree perfectly well with you that if (legitimate) ownership can be established, the coins should be left alone and that ownership absolutely should be respected.

No. Until it is conclusively shown that legitimate owner has zero interest in the coins, only he has the right to decide what's to be done with those coins.

[David Rabahy]

Point of information:  it is not the hashing algorithms that are QC vulnerable it is the ECCDSA that is vulnerable.  If/when QC becomes a reality we will have no trouble convincing a majority to move to a new DSA.  Deciding exactly which new DSA to move to may be an issue but after a lot of the standard drama that accompanies all decisions in Bitcoin, I believe a new DSA will be picked and we will move to it.  The hashing algorithms used can and will also be replaced/upgraded as needed (just not due to QC).

Oh.  Where is ECDSA https://en.wikipedia.org/wiki/Elliptic_Curve_Digital_Signature_Algorithm used in Bitcoin?  If that can be changed without me giving up my current private keys and Bitcoin addresses then this whole topic is noise.

Point of information:  it is not the hashing algorithms that are QC vulnerable it is the ECCDSA that is vulnerable.  If/when QC becomes a reality we will have no trouble convincing a majority to move to a new DSA.  Deciding exactly which new DSA to move to may be an issue but after a lot of the standard drama that accompanies all decisions in Bitcoin, I believe a new DSA will be picked and we will move to it.  The hashing algorithms used can and will also be replaced/upgraded as needed (just not due to QC).

Oh.  Where is ECDSA https://en.wikipedia.org/wiki/Elliptic_Curve_Digital_Signature_Algorithm used in Bitcoin?  If that can be changed without me giving up my current private keys and Bitcoin addresses then this whole topic is noise.

Found it; https://en.bitcoin.it/wiki/Elliptic_Curve_Digital_Signature_Algorithm.  So, yeah, this topic is useless; move on.

[The00Dustin]

Point of information:  it is not the hashing algorithms that are QC vulnerable it is the ECCDSA that is vulnerable.  If/when QC becomes a reality we will have no trouble convincing a majority to move to a new DSA.  Deciding exactly which new DSA to move to may be an issue but after a lot of the standard drama that accompanies all decisions in Bitcoin, I believe a new DSA will be picked and we will move to it.  The hashing algorithms used can and will also be replaced/upgraded as needed (just not due to QC).

Oh.  Where is ECDSA https://en.wikipedia.org/wiki/Elliptic_Curve_Digital_Signature_Algorithm used in Bitcoin?  If that can be changed without me giving up my current private keys and Bitcoin addresses then this whole topic is noise.

Found it; https://en.bitcoin.it/wiki/Elliptic_Curve_Digital_Signature_Algorithm.  So, yeah, this topic useless; move on.

Actually, this discussion is all about whether or not you should have to give up your current addresses.  Any new algorithm would require new addresses and new private keys.  Your existing private key and address could not be ported (for lack of a better word), and the discussion technically revolves around whether or not you have the right to keep using the pair even after it could be vulnerable to attack.

ETA: Since Theymos' suggestion technically has to do with the age of the input, one could argue that you could pay the coins forward to yourself in order to decrease the age and continue using the old keys and addresses, but that argument would be petty and stupid considering the fact that the subsequent exposure of a signature to move coins would most likely increase your vulnerability.  This is also a problem with arguments like "if someone proves they own them, they should be able to keep them" because said proof would likely increase vulnerability.

ETA2:  To be clear, I would agree with BurtW and jbreher here, but the primary purpose of this post was to clarify what the argument is actually about in terms more familiar to your concerns.

ETA3:  Also, there is no reason the new outputs can't continue to accept old inputs, the misguided suggestion is that they shouldn't after a certain point in time.

[David Rabahy]

Point of information:  it is not the hashing algorithms that are QC vulnerable it is the ECCDSA that is vulnerable.  If/when QC becomes a reality we will have no trouble convincing a majority to move to a new DSA.  Deciding exactly which new DSA to move to may be an issue but after a lot of the standard drama that accompanies all decisions in Bitcoin, I believe a new DSA will be picked and we will move to it.  The hashing algorithms used can and will also be replaced/upgraded as needed (just not due to QC).

Oh.  Where is ECDSA https://en.wikipedia.org/wiki/Elliptic_Curve_Digital_Signature_Algorithm used in Bitcoin?  If that can be changed without me giving up my current private keys and Bitcoin addresses then this whole topic is noise.

Found it; https://en.bitcoin.it/wiki/Elliptic_Curve_Digital_Signature_Algorithm.  So, yeah, this topic useless; move on.

Actually, this discussion is all about whether or not you should have to give up your current addresses.  Any new algorithm would require new addresses and new private keys.  Your existing private key and address could not be ported (for lack of a better word), and the discussion technically revolves around whether or not you have the right to keep using the pair even after it could be vulnerable to attack.

No.  The private key and corresponding public key (a.k.a. your Bitcoin address) do not have to change at all.  Rather, if/when we change the DSA from ECDSA (which is QC vulnerable) to another DSA which is QC resistant then your wallet software will have to be changed to use the new DSA; that's all; nothing else.

If we don't change the DSA to one that is QC resistant then bad actors (with enough moxie) will be able to sign messages moving bitcoins they have no right to move.

[27QVUTZj8rgZP1]

Worst idea ever.

Agreed.

If any coin is simply destroyed or vanish. I would simply sell all my coins as soon as possible, as they are not safe after all.

[David Rabahy]

https://en.wikipedia.org/wiki/Post-quantum_cryptography

[ebliever]

... I agree perfectly well with you that if (legitimate) ownership can be established, the coins should be left alone and that ownership absolutely should be respected.

No. Until it is conclusively shown that legitimate owner has zero interest in the coins, only he has the right to decide what's to be done with those coins.

Failing to expend trivial effort to safeguard coins would, it seems to me, "conclusively show" that the legitimate owner had zero interest in the coins.

I was originally on the other side of the fence on this topic (as you can see from my first post in this thread!), and I've been second-guessing myself more than you might guess from my recent series of posts. So let me switch sides again (!) with this line of thought:

Those disagreeing with me recently have emphasized the paramount rights of an owner of bitcoins against any infringement, even if it means that other bitcoin owners might be harmed by their inaction. (In this case, coins being stolen and dumped.) Whereas I've played the role of a neutral arbiter who is trying to minimize loss across the board, across all owners.

This latter view is surely the dominant view regarding government today (socialist/nanny state), but it conflicts with the more individualistic libertarian (or even anarchist) viewpoint that my opponents set forth. In this latter view, you are choosing to take risks when you invest in bitcoin - and the risk of coins being hacked and dumped, harming your own investment, is demonstrably part of the cryptocurrency landscape today.

So from this perspective, which I agree with, the risk of losses from other people's insecure coins is part of the risk I assume when I buy into bitcoin. If this is the consensus of the bitcoin community (and I think it is), then I am much more agreeable that no action should be taken to destroy coins that could be lost due to a QC-event or similar loss of security.

It becomes more problematic if bitcoin goes mainstream and is adopted by large numbers of people lacking the ethos that you carry your own risks when using bitcoin and don't expect anyone to bail you out. In the context of broader society I could respect someone who holds on to the idea that the coins should be destroyed 'for the public good.' But it does fit more with my own libertarian philosophy to switch back to saying caveat emptor and agreeing to let the coins lie.

I just hope we don't have to put this to the test.