A fun exercise to be sure, but perhaps off topic for this list?
> On Aug 22, 2017, at 1:06 PM, Erik Aronesty via bitcoin-dev
> <bitcoin-dev@lists.linuxfoundation.org> wrote:
>
> > The initial message I replied to stated:
>
> Yes, 3 years is silly. But coin expiration and quantum resistance is
> something I've been thinking about for a while, so I tried to steer the
> conversation away from stealing old money for no reason ;). Plus I like the
> idea of making Bitcoin "2000 year proof".
>
> - I cannot imagine either SHA256 or any of our existing wallet formats
> surviving 200 years, if we expect both moores law and quantum computing to be
> a thing. I would expect the PoW to be rendered obsolete before the Bitcoin
> addresses.
>
> - A PoW change using Keccak and a flexible number of bits can be designed as
> a "future hard fork". That is: the existing POW can be automatically
> rendered obsolete... but only in the event that difficulty rises to the level
> of obsolescence. Then the code for a new algorithm with a flexible number
> of bits and a difficulty that can scale for thousands of years can then
> automatically kick in.
>
> - A new addresses format and signing protocols that use a flexible number of
> bits can be introduced. The maximum number of supported bits can be
> configurable, and trivially changed. These can be made immediately
> available but completely optional.
>
> - The POW difficulty can be used to inform the expiration of any addresses
> that can be compromised within 5 years assuming this power was somehow used
> to compromise them. Some mechanism for translating global hashpower to
> brute force attack power can be researched, and consesrvative estimates made.
> Right now, it's like "heat death of the universe" amount of time to crack
> with every machine on the planet. But hey... things change and 2000 years
> is a long time. This information can be used to inform the expiration and
> reclamation of old, compromised public addresses.
>
> - Planning a hard fork 100 to 1000 years out is a fun exercise
>
>
>
>
>> On Tue, Aug 22, 2017 at 2:55 PM, Chris Riley <cri...@gmail.com> wrote:
>> The initial message I replied to stated in part, "Okay so I quite like this
>> idea. If we start removing at height 630000 or 840000 (gives us 4-8 years to
>> develop this solution), it stays nice and neat with the halving interval...."
>>
>> That is less than 3 years or less than 7 years away. Much sooner than it is
>> believed QC or Moore's law could impact bitcoin. Changing bitcoin so as to
>> require that early coins start getting "scavenged" at that date seems
>> unneeded and irresponsible. Besides, your ECDSA is only revealed when you
>> spend the coins which does provide some quantum resistance. Hal was just an
>> example of people putting their coins away expecting them to be there at X
>> years in the future, whether it is for himself or for his kids and wife.
>>
>> :-)
>>
>>
>>
>>> On Tue, Aug 22, 2017 at 1:33 PM, Matthew Beton <matthew.be...@gmail.com>
>>> wrote:
>>> Very true, if Moore's law is still functional in 200 years, computers will
>>> be 2^100 times faster (possibly more if quantum computing becomes
>>> commonplace), and so old wallets may be easily cracked.
>>>
>>> We will need a way to force people to use newer, higher security wallets,
>>> and turning coins to mining rewards is better solution than them just being
>>> hacked.
>>>
>>>
>>>> On Tue, 22 Aug 2017, 7:24 pm Thomas Guyot-Sionnest <derm...@aei.ca> wrote:
>>>> In any case when Hal Finney do not wake up from his 200years
>>>> cryo-preservation (because unfortunately for him 200 years earlier they
>>>> did not know how to preserve a body well enough to resurrect it) he would
>>>> find that advance in computer technology made it trivial for anyone to
>>>> steal his coins using the long-obsolete secp256k1 ec curve (which was done
>>>> long before, as soon as it became profitable to crack down the huge stash
>>>> of coins stale in the early blocks)
>>>>
>>>> I just don't get that argument that you can't be "your own bank". The only
>>>> requirement coming from this would be to move your coins about once every
>>>> 10 years or so, which you should be able to do if you have your private
>>>> keys (you should!). You say it may be something to consider when computer
>>>> breakthroughs makes old outputs vulnerable, but I say it's not "if" but
>>>> "when" it happens, and by telling firsthand people that their coins
>>>> requires moving every once in a long while you ensure they won't do stupid
>>>> things or come back 50 years from now and complain their addresses have
>>>> been scavenged.
>>>>
>>>> --
>>>> Thomas
>>>>
>>>>
>>>>> On 22/08/17 10:29 AM, Erik Aronesty via bitcoin-dev wrote:
>>>>> I agree, it is only a good idea in the event of a quantum computing
>>>>> threat to the security of Bitcoin.
>>>>>
>>>>>> On Tue, Aug 22, 2017 at 9:45 AM, Chris Riley via bitcoin-dev
>>>>>> <bitcoin-dev@lists.linuxfoundation.org> wrote:
>>>>>> This seems to be drifting off into alt-coin discussion. The idea that
>>>>>> we can change the rules and steal coins at a later date because they are
>>>>>> "stale" or someone is "hoarding" is antithetical to one of the points of
>>>>>> bitcoin in that you can no longer control your own money ("be your own
>>>>>> bank") because someone can at a later date take your coins for some
>>>>>> reason that is outside your control and solely based on some
>>>>>> rationalization by a third party. Once the rule is established that
>>>>>> there are valid reasons why someone should not have control of their own
>>>>>> bitcoins, what other reasons will then be determined to be valid?
>>>>>>
>>>>>> I can imagine Hal Finney being revived (he was cryo-preserved at Alcor
>>>>>> if you aren't aware) after 100 or 200 years expecting his coins to be
>>>>>> there only to find out that his coins were deemed "stale" so were
>>>>>> "reclaimed" (in the current doublespeak - e.g. stolen or confiscated).
>>>>>> Or perhaps he locked some for his children and they are found to be
>>>>>> "stale" before they are available. He said in March 2013, "I think
>>>>>> they're safe enough" stored in a paper wallet. Perhaps any remaining
>>>>>> coins are no longer "safe enough."
>>>>>>
>>>>>> Again, this seems (a) more about an alt-coin/bitcoin fork or (b) better
>>>>>> in bitcoin-discuss at best vs bitcoin-dev. I've seen it discussed many
>>>>>> times since 2010 and still do not agree with the rational that embracing
>>>>>> allowing someone to steal someone else's coins for any reason is a
>>>>>> useful change to bitcoin.
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> On Tue, Aug 22, 2017 at 4:19 AM, Matthew Beton via bitcoin-dev
>>>>>> <bitcoin-dev@lists.linuxfoundation.org> wrote:
>>>>>>> Okay so I quite like this idea. If we start removing at height 630000
>>>>>>> or 840000 (gives us 4-8 years to develop this solution), it stays nice
>>>>>>> and neat with the halving interval. We can look at this like so:
>>>>>>>
>>>>>>> B - the current block number
>>>>>>> P - how many blocks behind current the coin burning block is. (630000,
>>>>>>> 840000, or otherwise.)
>>>>>>>
>>>>>>> Every time we mine a new block, we go to block (B-P), and check for
>>>>>>> stale coins. These coins get burnt up and pooled into block B's miner
>>>>>>> fees. This keeps the mining rewards up in the long term, people are
>>>>>>> less likely to stop mining due to too low fees.
>>>>>>> It also encourages people to keep moving their money around the
>>>>>>> enconomy instead of just hording and leaving it.
>>>>
>>
>
> _______________________________________________
> bitcoin-dev mailing list
> bitcoin-dev@lists.linuxfoundation.org
> https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
_______________________________________________
bitcoin-dev mailing list
bitcoin-dev@lists.linuxfoundation.org
https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev
