Adam_xx (OP)
Jr. Member
Offline
Activity: 34
Merit: 35
|
If there was a vulnerability in ECDSA/Schnorr (maybe because of a quantum computer but it can be any other reason - lattice attacks, etc.) and there would be alternative - new safe locking scripts - and people would start moving their coins into them. What do you think would happen to those UTXOs that don't move at all (lost coins/Satoshi’s coins/etc.)? Do you think the consensus would be to let them be stolen OR to soft-fork them out (remove from circulation - e.g. “you have 10 years to move your UTXOs, otherwise they will become invalid”)? The first option is better in my opinion but flooding the market with so many coins could be massively disruptive. The second option would probably not be able to reach consensus but the effect on price would not be so disastrous. Some people touched this in the following thread but I didn't want to continue there as this was a little bit off topic: https://bitcointalk.org/index.php?topic=5400954.0
|
|
|
|
pooya87
Legendary
Offline
Activity: 3626
Merit: 11010
Crypto Swap Exchange
|
|
June 13, 2022, 02:12:04 PM |
|
It is not possible to predict what the consensus is going to be because there hasn't been any serious discussion about this possibility yet and the various smaller discussions that have taken place among users have never reached any consensus. There are two sides and some say they shouldn't be locked or anything and another side says they should be burnt.
In my opinion if some day in the far away future we come to the conclusion that ECC is obsolete we should define a migration period after which any coins left in the old algorithm becomes unspendable.
|
|
|
|
o_e_l_e_o
In memoriam
Legendary
Offline
Activity: 2268
Merit: 18746
|
|
June 13, 2022, 02:16:31 PM Last edit: July 24, 2023, 11:39:04 AM by o_e_l_e_o |
|
It will be very difficult to reach a consensus either way, as there are strongly held beliefs on both sides. I am very much of the opinion that it is better to let these coins be stolen than it is to do anything to lock them or make them otherwise unspendable. It is better to take the short term price hit from lost coins re-entering the market than it is to destroy a core principle of bitcoin and allow a small group of devs or a small subsection of the community start to decide what happens to coins which do not belong to them.
It is worth noting that not all vulnerable addresses will be hacked at once, but rather, it will happen gradually over months or even years. There are a multitude of reason in which coins which are not lost may not move for long periods of times. Perhaps the owner is in a different country to their wallet. Perhaps they are in prison. Perhaps the private keys are locked up in some kind of inheritance or trust. Perhaps there is a timelocked transaction waiting to be broadcast at a certain date. If we set a fixed date and lock all these coins, then we will absolutely be depriving some users of their coins against their will. At that point, bitcoin is no longer decentralized nor trustless.
If you are careless and fail to look after your private keys or move your coins in time, then they will be stolen. Far better that than the devs say "Since you are careless, we are going to take your coins away from you." You can't be your bank if someone else can unilaterally remove that privilege from you.
As I mentioned in another thread, I would only support locking coins if there was some way for the real owner to prove ownership and unlock them again, such as by providing a zero knowledge proof that they own the seed phrase which generated the relevant private keys. But this does not solve the problem of truly lost coins or early coins in P2PK addresses.
|
|
|
|
garlonicon
Copper Member
Legendary
Offline
Activity: 921
Merit: 2208
Pawns are the soul of chess
|
|
June 13, 2022, 03:47:39 PM |
|
What do you think would happen to those UTXOs that don't move at all (lost coins/Satoshi’s coins/etc.)? I think there are two options. First: they will never move, because even if some keys are vulnerable, other, fully random keys may be good enough to resist many attacks. Second: they will move somewhere by providing a valid signature. That second option could have many variants: they could move into OP_RETURN, they could move as a fee, and be burned in the coinbase transaction, they could be timelocked to the future, and taken later by miners, or they could be stolen once, and then the system will be safe again, after moving to the new address type. In case of the second option, if a lot of coins will be moved at once, then I think burning will reach consensus quicker than other ideas, so the chain where they will be burned, will be followed, and will stay the heaviest. The only unacceptable thing is moving coins without providing any valid signature. All other cases are good enough, and it is possible to reach consensus, when coins will be not moved, or moved by valid transactions (then, that second option depends on the destination). but flooding the market with so many coins could be massively disruptive That's why I think if someone will suddenly move a lot of coins, then the consensus will quickly form around burning all of them, by providing valid signatures. In economical sense, other forks could be just cheaper and lose Proof of Work support from miners. The second option would probably not be able to reach consensus Why not? I read many posts saying that "burning is acceptable" or "locking by soft-fork is acceptable". I think reaching consensus on burning someone else's coins would be easier, than forming any consensus on stealing them, even if only once.
|
|
|
|
Welsh
Staff
Legendary
Offline
Activity: 3304
Merit: 4115
|
|
June 13, 2022, 04:05:11 PM |
|
It is worth noting that not all vulnerable addresses will be hacked at once, but rather, it will happen gradually over months or even years. There are a multitude of reason in which coins which are not lost may not move for long periods of times.
Which should in theory mitigate the effect of the short term price hit, due to panic, and the fact there's new coins being reintroduced to the economy. However, it likely means you'll see a smaller effect, for a longer time since they'll be gradually taken, and reintroduce rather than all at once. Depending on your perspective, both scenarios have their pros, and cons. Ultimately, the very long term probably isn't effected.
|
|
|
|
kaggie
|
If you can burn or lock coins for arbitrary reasons, then you have proven that you can manipulate the ledger, after which it will never be long until censorship rears its regular head.
|
|
|
|
Adam_xx (OP)
Jr. Member
Offline
Activity: 34
Merit: 35
|
|
June 13, 2022, 04:43:23 PM Last edit: June 13, 2022, 05:05:25 PM by Adam_xx |
|
but flooding the market with so many coins could be massively disruptive That's why I think if someone will suddenly move a lot of coins, then the consensus will quickly form around burning all of them, by providing valid signatures. In economical sense, other forks could be just cheaper and lose Proof of Work support from miners. But how do you distinguish legitimate users from "thieves"? The legitimate/stealing transactions will both have a valid signature. If there is ever a consensus to lock the coins I guess the only way would be to block the UTXOs (to block all coins with vulnerable signatures, not just some chosen coins) after a long period of alert (e.g. a decade) before the attack itself, not after the coins have already moved. After some block height, only coins on new and safe addresses will be movable. But even for this scenario I can't imagine reaching a consensus for the reason below: If you can burn or lock coins for arbitrary reasons, then you have proven that you can manipulate the ledger, after which it will never be long until censorship rears its regular head.
No one knows if the key break will take minutes, hours, weeks, years but I suppose it won't be one entity takes it all with a single attack in a single day. And if the stealing lasts years or decades in small chunks nobody can prevent inflation pressure on Bitcoin, unfortunately. The second option would probably not be able to reach consensus Why not? I read many posts saying that "burning is acceptable" or "locking by soft-fork is acceptable". I think reaching consensus on burning someone else's coins would be easier, than forming any consensus on stealing them, even if only once. Reaching consensus on burning someone else's coins is hard but "sacrifice" the coins (let them be stolen) doesn't require forming a new consensus. It is what the current code says, basically.
|
|
|
|
BlackHatCoiner
Legendary
Offline
Activity: 1694
Merit: 8324
Bitcoin is a royal fork
|
|
June 13, 2022, 05:47:58 PM |
|
No one knows if the key break will take minutes, hours, weeks, years but I suppose it won't be one entity takes it all with a single attack in a single day. There's no realistic way an entity suddenly gains power to break ECDLP within a few minutes. And if the stealing lasts years or decades in small chunks nobody can prevent inflation pressure on Bitcoin, unfortunately. Inflation pressure? There's no inflation pressure, and will never be. Provably lost coins are lost, gone, removed from circulation. Period. Non-provably lost coins aren't removed, they're just trapped. No one should assume they won't return into circulation, and in fact, we, overtime, observe some decade-old, dusted, 50 BTC worth outputs being spent, which reveals that these coins are falsely assumed as lost. The system begun with the presumption that someday it'd reach a number less than 21 million coins, without any arbitrary monetary policy, and so it is.
|
|
|
|
Welsh
Staff
Legendary
Offline
Activity: 3304
Merit: 4115
|
|
June 13, 2022, 05:53:04 PM |
|
No one knows if the key break will take minutes, hours, weeks, years but I suppose it won't be one entity takes it all with a single attack in a single day.
Well, it's very unlikely its going to be quick, i.e a few minutes. Besides, you'll have a gradual build up to this. We aren't anywhere near the capability of doing it right now, and even when you factor in exponential growth there's going to be a long, long time before something is capable of doing it within minutes. Despite, the exponential growth, it'll still we somewhat gradual in the time that it takes to break it. By the time something is capable of breaking it within minutes, Bitcoin could have well have moved on so much, that the old chain is considered obsolete, or alternatives people themselves might have found an alternative to Bitcoin. What I'm saying is there's just too much unknown factors to even realistically talk about it. Hence, why the discussions around it have been what ifs, rather than anything substantial. We'll get there, when we get there.
|
|
|
|
Adam_xx (OP)
Jr. Member
Offline
Activity: 34
Merit: 35
|
|
June 13, 2022, 05:54:49 PM |
|
Inflation pressure? There's no inflation pressure, and will never be. Provably lost coins are lost, gone, removed from circulation. Period. Non-provably lost coins aren't removed, they're just trapped. No one should assume they won't return into circulation, and in fact, we, overtime, observe some decade-old, dusted, 50 BTC worth outputs being spent, which reveals that these coins are falsely assumed as lost.
The system begun with the presumption that someday it'd reach a number less than 21 million coins, without any arbitrary monetary policy, and so it is.
You are absolutely correct, inflation was not a right word at all. But let's say the market counts non-provably lost coins as provably lost-coins (and might be surprised one day).
|
|
|
|
Adam_xx (OP)
Jr. Member
Offline
Activity: 34
Merit: 35
|
|
June 13, 2022, 05:59:41 PM |
|
By the time something is capable of breaking it within minutes, Bitcoin could have well have moved on so much, that the old chain is considered obsolete, or alternatives people themselves might have found an alternative to Bitcoin.
Well, I suppose (and hope) that the UTXO set (or basically the "ownership database" in any future form) will be preserved even if there is a completely new technology and this new "system" moves the Bitcoin's UTXO set into it. But that is for another discussion
|
|
|
|
o_e_l_e_o
In memoriam
Legendary
Offline
Activity: 2268
Merit: 18746
|
|
June 13, 2022, 06:14:04 PM |
|
In case of the second option, if a lot of coins will be moved at once, then I think burning will reach consensus quicker than other ideas, so the chain where they will be burned, will be followed, and will stay the heaviest. It doesn't matter what the consensus is; we can't force whoever owns the private key to these coins to actually burn them, whether that's the real owner or an attacker. The only other option would be for a large entity such a mining pool to buy their own quantum computers to steal and burn these coins, although I would imagine most mining pools would take the coins as profit long before burning them. But let's say the market counts non-provably lost coins as provably lost-coins (and might be surprised one day). The surprise to the system would be similar to Satoshi or some other early miner returning and suddenly moving a few hundred thousand or even million bitcoin which have been dormant for 12+ years. And that could happen at literally any time, and there is nothing we can or should do to prevent it. Assuming that coins which have not moved in a long time are lost permanently is wrong, although I'll concede that many users in the market do assume just that.
|
|
|
|
Adam_xx (OP)
Jr. Member
Offline
Activity: 34
Merit: 35
|
|
June 13, 2022, 06:22:22 PM |
|
The surprise to the system would be similar to Satoshi or some other early miner returning and suddenly moving a few hundred thousand or even million bitcoin which have been dormant for 12+ years. And that could happen at literally any time, and there is nothing we can or should do to prevent it. Assuming that coins which have not moved in a long time are lost permanently is wrong, although I'll concede that many users in the market do assume just that.
Totally agree with that. And Satoshi selling all his coins would be destructive as well. But we assume it won’t happen (selling, not moving). But would it be the case for anybody else? Would this selling pressure be recoverable?
|
|
|
|
Welsh
Staff
Legendary
Offline
Activity: 3304
Merit: 4115
|
|
June 13, 2022, 06:54:53 PM |
|
Totally agree with that. And Satoshi selling all his coins would be destructive as well. But we assume it won’t happen (selling, not moving). But would it be the case for anybody else? Would this selling pressure be recoverable?
Naturally, being a Bitcoin supporter I would lean to yeah. However, these things can be unpredictable, and it really does depend on what's happening in the world, and everyone's view on Bitcoin. There's just so many possibilities that could happen to benefit or even undermine Bitcoin. What can be said, the idea behind Bitcoin works, and for me has the most appeal out of any other currency on the market. Will that change in the future, who knows. Well, I suppose (and hope) that the UTXO set (or basically the "ownership database" in any future form) will be preserved even if there is a completely new technology and this new "system" moves the Bitcoin's UTXO set into it. But that is for another discussion Yeah, although lets say that a hard fork did occur (either necessary or deemed the best choice) to escape this sort of scenario. Those on the old chain wouldn't be able to easily prove they owned the coins on the new chain. At least, I don't think there would be a easy way of doing it. Maybe, but probably beyond my understanding, at least at this stage. I thin we're still in the stage of thinking of thinking about solutions, since it's too far away right now that there's not a whole lot of urgency needed. Whatever the circumstances, there's going to be a lot of split opinions when it comes to the proper discussion definitely. I don't want to see old coins released back in, and I don't want to see the destroyed. I probably am of the same opinion of o_e_l_e_o, but I'd rather see them broken into, and stolen than forcibly from a Bitcoin perspective force remove them or redistribute. There's too many worms, and not enough cans.
|
|
|
|
pooya87
Legendary
Offline
Activity: 3626
Merit: 11010
Crypto Swap Exchange
|
|
June 14, 2022, 02:51:51 AM |
|
If you can burn or lock coins for arbitrary reasons, then you have proven that you can manipulate the ledger, after which it will never be long until censorship rears its regular head.
Irrelevant arguments here because we are not talking about some "arbitrary reasons" we are talking about a serious one that would make the very thing that made bitcoin secure becoming obsolete. It's not all about price either, in fact not preventing old UTXOs from being spent would be against the fundamentals of bitcoin where your coins are only yours to spend not everyone's.
|
|
|
|
BlackHatCoiner
Legendary
Offline
Activity: 1694
Merit: 8324
Bitcoin is a royal fork
|
|
June 14, 2022, 12:21:17 PM |
|
Irrelevant arguments here because we are not talking about some "arbitrary reasons" we are talking about a serious one that would make the very thing that made bitcoin secure becoming obsolete. Then move the coins to a quantum-safe algorithm by then. It's your money, your responsibility after all. Freezing P2PK outputs (for example) endangers the significance of self-custody. Nobody should touch any coin, but only inform about the weaknesses. The coins that aren't provably burned, exist, and can, therefore, enter the market at anytime. Don't forget Satoshi can't sell his coin without attract attention or potentially de-anonymize himself, so it's very unlikely it'll happen. Moving the coins, alone, doesn't de-anonymize, though.
|
|
|
|
o_e_l_e_o
In memoriam
Legendary
Offline
Activity: 2268
Merit: 18746
|
|
June 14, 2022, 12:34:44 PM |
|
Whatever the circumstances, there's going to be a lot of split opinions when it comes to the proper discussion definitely. Which is why I think what will probably happen is the scenario I've described above, where lost coins are gradually stolen and re-enter circulation. If we can't reach a consensus on some other solution, then this is the default position which will happen if we do nothing, as Adam_xx points out above. Irrelevant arguments here because we are not talking about some "arbitrary reasons" we are talking about a serious one that would make the very thing that made bitcoin secure becoming obsolete. It's not all about price either, in fact not preventing old UTXOs from being spent would be against the fundamentals of bitcoin where your coins are only yours to spend not everyone's. I disagree. If the community can decide that you cannot be trusted to look after your coins and move them to a quantum resistant address before they are stolen, then the community can also decide that you cannot be trusted when it comes to any other scenario, and can therefore censor you.
|
|
|
|
kaggie
|
|
June 14, 2022, 03:55:51 PM Last edit: June 14, 2022, 05:36:57 PM by kaggie |
|
If you can burn or lock coins for arbitrary reasons, then you have proven that you can manipulate the ledger, after which it will never be long until censorship rears its regular head.
Irrelevant arguments here because we are not talking about some "arbitrary reasons" we are talking about a serious one that would make the very thing that made bitcoin secure becoming obsolete. It's not all about price either, in fact not preventing old UTXOs from being spent would be against the fundamentals of bitcoin where your coins are only yours to spend not everyone's. It took me a bit to understand what you were saying, and I thought you might have meant the reverse initially - mostly because my view is the opposite. Such censorship, deleting, and blocking of addresses would make bitcoin obsolete. If the arguments about censoring old coin ever succeed, then bitcoin would have already failed because it would show that bitcoin is not a long term store of value, in which case, the idealogues should move on. It's not that any reasons for censorship are arbitrary reasons, but they are ones that I don't think will ever result in anything because the results are much more unpredictable than the scenarios in this thread. The product of old addresses being cracked is no different than them being re-engaged in by the original owners (or their inheritors), the latter of which could happen at any time. The very top thread assumes two scenarios which I think would happen in exactly the opposite fashion -- someone who has been holding onto coin for ages has little reason to sell them immediately or quickly because they have 'enough'. Their sale pressure is pretty low, so the scenario given above is unlikely. Even if such old coin are sold by crackers or original owners, then it results in a more distributed coin, which adds long term value to the network and is a necessary part for sustainability and growth.
|
|
|
|
Adam_xx (OP)
Jr. Member
Offline
Activity: 34
Merit: 35
|
|
June 14, 2022, 07:03:49 PM |
|
Whatever the circumstances, there's going to be a lot of split opinions when it comes to the proper discussion definitely. Which is why I think what will probably happen is the scenario I've described above, where lost coins are gradually stolen and re-enter circulation. If we can't reach a consensus on some other solution, then this is the default position which will happen if we do nothing, as Adam_xx points out above. I agree with that. Let's say there are even 2-3 mil. coins that are lost (nobody has private keys anymore). If the stealing lasts 10 years it's like mining with current block subsidy at that time (approx. 328.500 BTC is currently mined per year). And to be honest, I don't think that many coins are lost and thus would stay on vulnerable addresses. Of course, if the attacker manages to crack keys from dozens of thousands P2PK UTXOs within a couple of months it could be disastrous (pricewise). And there are also other UTXOs with revealed pubkeys (reused addresses, P2TR, etc.). FYI: there is currently 1.73 mil. BTC on 48.000 P2PK UTXOs.
|
|
|
|
BlackHatCoiner
Legendary
Offline
Activity: 1694
Merit: 8324
Bitcoin is a royal fork
|
|
June 14, 2022, 07:16:46 PM |
|
Let's say there are even 2-3 mil. coins that are lost (nobody has private keys anymore). That's a big assumption. There are millions of bitcoins to P2PK outputs, many of which get spent frequently throughout the years. Definitely people lost a fortune back in 2009 due to some accident, but it's no way millions. Perhaps few hundreds of thousands have been non-provably lost. Impossible to know exactly nor to approach it effectively. Note that there are addresses with revealed public keys that do have a balance and aren't P2PK outputs, such as 1P5ZEDWTKTFGxQjZphgWPQUpe554WKDfHQ. Those are in the same danger as well if their owners don't move them to a quantum-safe address.
|
|
|
|
|