Hi Peter, I think everyone here is well-aware of the possibility that CRQCs may not ever appear, but that doesn't change the fact we must have a plan ready to handle them. Lopp's proposal does exactly that, and in a way that can be rolled out incrementally as the risk increases. And even if CRQCs never break discrete log, we would do well to invest the time in designing this migration path anyway. We'd then have a playbook to handle other sources of cryptanalytic breakthroughs in the future.
I think you're worried the community may jump the gun and deploy a freezing upgrade like phases A or B too early. I share your concern but if anything I suspect the opposite will happen. Nobody is going to be willing to freeze anything unless imminent danger is readily apparent, and fear-based reactions kick in. Once it does, things will happen fast, and we need a plan ready for that day (if it comes). regards, conduition On Saturday, July 19th, 2025 at 8:13 AM, Peter Todd <[email protected]> wrote: > On Mon, Jul 14, 2025 at 02:52:17PM -0400, Jameson Lopp wrote: > > > Correct, this time is different in that we're not talking about vague > > unknown weaknesses. Rather, we're talking about a known algorithm that > > makes breaking cryptographic primitives orders of magnitude cheaper. > > > We already have known algorithms that would break cryptographic primitives if > sufficiently good analog computers actually existed. Or for that matter, > "split > the universe" brute forcing. No-one is worried about them because > "sufficiently > good" analog computers and multiverses are widely belived to not be physically > realizable. > > For all the claims of progress on quantum computing hardware, the fact still > remains that no-one is even close to demonstrating cryptographic-relevant > quantum computing capabilities and the actual cryptographic-relevant > capabilities of real hardware are laughable. It's still an unknown whether or > not they are physically possible, and outside of the part of the physics > community that would like to sell you a quantum computer - or research > developing one - they're widely belived to be not physical. > > Hence, these are still vague unknown weaknesses. Until progress is less vague, > actively freezing peoples' coins is not going to happen. > > -- > https://petertodd.org 'peter'[:-1]@petertodd.org > > -- > You received this message because you are subscribed to the Google Groups > "Bitcoin Development Mailing List" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion visit > https://groups.google.com/d/msgid/bitcoindev/aHuKIKqvCZl5rcEX%40petertodd.org. -- You received this message because you are subscribed to the Google Groups "Bitcoin Development Mailing List" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion visit https://groups.google.com/d/msgid/bitcoindev/CAgIQP8YXvI8FjDiv0v29pw0VHdrlY6go6QoGMj1qqMsLKfGxeMBWVdxxQ5ZWhzl3T1wxjqj7XsPiRpTlBevo9hiNL92OtIQmMdGBsZaDqg%3D%40proton.me.
publickey - [email protected] - 0x474891AD.asc
Description: application/pgp-keys
signature.asc
Description: OpenPGP digital signature
