how many TXs would it take to move all quantum vulnerable addys

[vapourminer]

per title

how many TXs would be needed to move all quantum vulnerable addys to new quantum resistant addys. as in how many blocks might it fill just to move stuff (but not dust).

possibly easy to calculate (?) but im far too lazy

but i am curious as it could lead to chain congestion if a race to move coins suddenly happens.

[Mary319Horne]

Recent reports indicate roughly 25% of Bitcoin's supply, about 4 million BTC, is in quantum-vulnerable addresses. To move these funds to new quantum-resistant addresses would require an estimated 4 million transactions. Given an average transaction size of 225 bytes and realistic Bitcoin block sizes of 2 MB, this would fill approximately 450 blocks. This volume of transactions, if executed USPS LiteBlue rapidly, would cause severe chain congestion for over three days, leading to significantly increased fees and network slowdowns, which is why developers are proposing a phased migration.

[ABCbits]

possibly easy to calculate (?) but im far too lazy

The calculation itself isn't that difficult. But you need to,
1. Find total of UTXO with exposed public key.
2. Determine or assume how people move their vulnerable UTXO. This will affect estimation of TX will be created.
3. Know size of each UTXO types and size of new QC resistant address.


Here's my calculation with many naive assumption.

1. I assume it means 25% of total UTXO with exposed public key.

Roughly 25% of all bitcoin have revealed a public key on-chain; those UTXOs could be stolen with sufficient quantum power.

2. https://statoshi.info/d/000000009/unspent-transaction-output-set says currently there are about 167 million UTXO. So i assume there's 41.75 million vulnerable UTXO.
3. I assume each TX will contain 10 vulnerable UTXO and 1 QC resistant address.
4. For average size of each TX for migration purpose, i'll naively calculate average of 3 kinds of TX.

Code:

Average TX size = (1524 + 721.5 + 628.5) / 3 = 958 vbytes

Based on those, here's the calculation.

Code:

Total transaction = 41750000 UTXO / 10 UTXO (in single TX) = 4175000 TX (4.175 million TX)
Total transaction size = 4175000 TX * 958 vbytes = 3999650000 vbytes
Total blocks needed =  3999650000 vbytes / 1000000 vbytes (block size limit) = 3999.65 blocks (rounded to 4000 blocks)
Total time = 4000 blocks / 144 blocks (total blocks in one day) = 27.77... days

27.7 days is very long time, so you better hope majority people won't move their vulnerable UTXO at similar time.

Recent reports indicate roughly 25% of Bitcoin's supply, about 4 million BTC, is in quantum-vulnerable addresses. To move these funds to new quantum-resistant addresses would require an estimated 4 million transactions. Given an average transaction size of 225 bytes and realistic Bitcoin block sizes of 2 MB, this would fill approximately 450 blocks. This volume of transactions, if executed rapidly, would cause severe chain congestion for over three days, leading to significantly increased fees and network slowdowns, which is why developers are proposing a phased migration.

FWIW, there are times when Bitcoin network congested (as in block always full and people had to pay higher fee rate) far longer than 3 days.

[vapourminer]

Here's my calculation with many naive assumption.

[...]

Total time = 4000 blocks / 144 blocks (total blocks in one day) = 27.77... days


27.7 days is very long time, so you better hope majority people won't move their vulnerable UTXO at similar time.

yeah and i figure normal day to day TXs on top of that.. so all those need to be squeezed in too.

but can wallets and such be made so that, say, a TX from a quantum vulnerable addy to any other addy, quantum safe or not gets change back in a quantum safe addy? at least some day to day TXs would get rolled in for free that way, kinda.

edit: wording, as i suck at it

[Satofan44]

yeah and i figure normal day to day TXs on top of that.. so all those need to be squeezed in too.

but can wallets and such be made so that, say, a TX from a quantum vulnerable addy to any other addy, quantum safe or not gets change back in a quantum safe addy? at least some day to day TXs would get rolled in for free that way, kinda.

edit: wording, as i suck at it

What you refer to here specifically is not possible. Unless specified explicitly "change" goes to an address that you own. If you are sending from a quantum vulnerable address the change will go to another address in the same wallet which would again be vulnerable. There is an approach how this could be done but it is way too different to how Bitcoin works right now. The protocol could make it mandatory that coins only go to quantum safe addresses and never to any old address format. However, this would break all wallets currently in existence.

I think what we are more likely to see is a more gradual rollout as with SegWit and bech32. Some wallets were supporting both formats and some had the option to force the change to go to the same address format. That is, if you were using bech32 addresses the change would go to these addresses. The adoption of these addresses was a bit too slow for my taste, but I expect the adoption of quantum resistant addresses to happen much faster.
I don't think we will have a big problem with transitioning active users or entities especially those with large financial stakes. It is not that people would not want to do this or that many are not slowly getting aware of the slowly incoming quantum threat. It is more that as of today there is nothing that you can do about it. No proper solutions are even close to being implemented. I believe that once a solution is deployed, that there will be a prolonged period of an intense fee-market as people will compete to switch to these addresses even if the threat is not yet active.

[ABCbits]

27.7 days is very long time, so you better hope majority people won't move their vulnerable UTXO at similar time.

yeah and i figure normal day to day TXs on top of that.. so all those need to be squeezed in too.

It makes sense to consider daily/regular TX. But when mempool is congested (people must pay far higher fee rate to get their TX confirmed within reasonable time), some people would make less TX or even decide not to make TX. It add more variable, which makes the calculation become more difficult.

For reference, https://statoshi.info/d/000000002/blocks?orgId=1&from=now-3M&to=now&timezone=browser shows blocks in last 3 months is about 91.4% filled. It's based on 3658727 average block weight size.

but can wallets and such be made so that, say, a TX from a quantum vulnerable addy to any other addy, quantum safe or not gets change back in a quantum safe addy? at least some day to day TXs would get rolled in for free that way, kinda.

I agree with @Satofan44. They (the one who create TX) must use wallet that can generate QC-resistant address and use it as change address automatically.

[finnbentley]

The idea of mandating that coins only go to quantum-safe addresses is intriguing but would require a fundamental overhaul of the current Bitcoin protocol. Such a change could lead to compatibility issues with existing wallets, effectively breaking them and causing significant disruption in the ecosystem io games