Bitcoin has had significant protocol upgrades before, including the highly divisive segwit. IMO immutability is a non-issue, there's plenty of evidence that Satoshi generally agreed that consensus via the longest chain (most PoW) wins.

Thus, upgrading the protocol/code to change the encryption to something quantum-resistant should be no more controversial a change than segwit. The community has already answered the "is it still Bitcoin". Yes it is, protocol and code is free to change given longest-chain consensus.

The problem will be what to do with legacy addresses. Never before have issued coins been forcibly deleted by a BIP. It could turn out that legacy addresses (including Satoshi's) that fail to have their coins moved after a deadline must be considered compromised and burned/destroyed. That has no precedent with bitcoin, although it does with ETH.

Anyone know if there's a way out that doesn't require this? Obviously there's no way to ensure all legacy address coins are moved by the deadline.

▲

aeternum 8 hours ago | parent | next [-]

I looked into it and the currently leading proposal: Hourglass v2 is pretty clever. Once 'Hourglass' is enabled, the rate at which legacy (P2PK) coins can be spent is (proposed to be) capped at 1btc / block. Thus they will not be burned, but the rate at which they can be stolen/compromised will be limited such that the economic impact is at most about 1/3 the block reward.

This gives holders of those old addresses the maximum amount of time to move their coins to more modern addresses and still the ability to move some coins after the deadline. If legacy keys are compromised in bulk, IE access to sufficiently powerful quantum computing is rapid and widespread, then there will be high competition via the existing txn fee bidding process for that 1btc/block slot. Thus most of the value of the will be captured by the txn fee and go to the miners, effectively boosting the mining reward by ~1/3.

▲

dodobirdlord 8 hours ago | parent [-]

Doesn’t this effectively still destroy all legacy wallets? Once the throttling limit goes into effect, it will be impossible for holders of legacy wallets to transfer their bitcoin without paying ~1 bitcoin per bitcoin they want to move. Doesn’t this amount to the same thing as abolishing all legacy wallets plus increasing the mining reward with extra steps?

	▲	aeternum 5 hours ago \| parent [-]
		Not necessarily, we could reach a point where theoretically it is possible to crack elliptic curve but still prohibitively expensive except for nation states. At that point or near that point, miners would likely agree to engage the throttle. Presumably the vast majority who had their key would move the coins before the throttling takes effect so in the event of a 'slow takeoff' quantum scenario where quantum computing is expensive or nation states don't want to divulge the capability there could be no demand for the 1btc slot. If a lucky individual forgot about their coins (likely an early 50btc block), it only takes them ~8hrs to transfer at the normal txn fee. Only those with access to legacy coins can compete for that slot. The main advantage is it delays the transfer to the mining reward to the last possible moment, IE the trigger for the transfer to the mining reward likely only happens if there is sufficient contention for that 1btc slot because legacy wallets are getting cracked.

▲

weakened_malloc 8 hours ago | parent | prev [-]

> Anyone know if there's a way out that doesn't require this?

Honestly, I see this as a way for the powers that be to force explicit KYC. You want those coins? You prove they're yours, you stick your name on that wallet and all the liability that comes along with it. Otherwise the government (some government) holds onto them until you can definitively prove they're yours. I dont think this scenario is likely, but I can see it being something that is proposed or tried.