A, do we do nothing, and do we just allow coins to be swept up if a cryptographically relevant quantum computer appears?
B, do we do something and try to throttle how these coins can be spent to try to flatten the curve, so to speak, of economic damage and volatility that could be incurred?
Or C, do we just stop allowing for the spending of quantum vulnerable coins?
And there's a lot of complexity and minutia that I think are going to go into debating these different concepts and sort of the game theory and what might result from that.
And one of the things that I think should be important to keep in mind is just the KISS principle.
Keep it simple, stupid, and even though it's certainly unpalatable, I mean, all of these options I think are unpalatable in different ways.
I think that the simple freezing of coins and then hopefully having a quantum safe recovery option in the future would be the simpler path, but we'll see.
So just to clarify, we're talking Jameson Stance is freezing the coins.
Do you want to define the set just to make sure we have the right context?
Or do you want to maybe give an example set of like, just to make sure we're clear?
Yeah, well, so for one, I think talking about quote-unquote Satoshi's coins is kind of a distraction.
While certainly a decent portion of these coins may or may not have been mined and owned by Satoshi, really what we're talking about is any coin that is encumbered by a locking script that is requiring elliptic curve cryptography to redeem those funds.
And so I'm not just talking about like long range versus short range.
I'm talking about anything, regardless of whether or not the key is currently exposed on the blockchain.
And one more clarifying question.
Is the recovery mechanism going to be needed for you to take this stance?
For me, no, but I suspect that in order to make it more palatable to gain consensus, that some sort of recovery mechanism that would hopefully only be usable by the quote-unquote true original owners of the coins to be able to spend them.
So a strongly nice to have, but not a requirement.
Is that fair?
Yes.
Okay.
Mike, or Hunter, since Mike passed it to you.
Go ahead.
Pass.
Yeah, if you don't mind, similar to what Jamison did, concisely give your – keep it concise.
What do you think we should do with these coins and, you know, et cetera?
Yeah, I mean, there's also a contingent of Bitcoiners.
I would like – I would basically consider myself to be included in that, which really just advocates for or has of the opinion of just doing nothing.
And letting the chips fall where they may, and, you know, one thing that has always been the case for Bitcoin has essentially been priced into Bitcoin, because people know about these – you know, like, there's some – there is awareness that, you know, there is – that maybe one day there's a threat.
But regardless of that, regardless of that – and also one evidence for that not being priced in is because gold is quantum resistant.
And look at the gold market cap.
And so maybe Bitcoin could be, you know, be higher if there wasn't this concern about quantum computing.
But – so really, people – people buying Bitcoin know about this, and they're – this is the contract that we've signed ever since we started using Bitcoin, in a way, because it's – everything over 21 million.
Not, like, everything over 20 million minus some subset of, you know, reused coins or whatever, or lost coins.
And it's kind of like buried treasure, right?
Like, if you have the technology to go out and – like, people who buried treasure long ago didn't, like, foresee that there was, like, technology like that.
Now we – now we do, but if people come up with, like, a better metal detector just for Bitcoin, you know, then that's – that's – that's essentially letting those people do what they want.
And also I would consider liquidation to be one of the more popular approaches, at least amongst the broader set of Bitcoiners, which, you know, may or may not be as informed.
Okay, so just to clarify, push comes to shove, better to let the funds get taken, act like it's buried treasure, rather than doing some sort of freeze scheme.
Yeah, and – Is that a fair summary?
Yeah, and ownership is nine-tenths of the law, right?
And, like, so, like, we have – we literally have laws on unclaimed property.
So, like, this – like, whether – like, I think a legal argument could be made that, you know, a lot of these coins, these lost coins are unclaimed property.
Okay.
Mike Casey, do you have – how does your opinion differ from Hunter or Jameson?
Well, it – it doesn't differ from either of them.
I kind of agree with both of them, both aspects of them.
That's why I sat in the middle intentionally, and I wanted both of them to explain it, because they're – they're not wrong, either side of them.
You know, I – I understand that a lot of people have the fact that Satoshi's coins will never move, which is never a certainty, or Satoshi's coins are one thing, but also reused address in a quantum attack.
They have that priced into their mental model that Bitcoin is supposed to be secure from any of that stuff, and it breaks the model of Bitcoin.
Quantum comes along and rips off the four million exposed coins right now that are out there.
So I get that, and that's bad.
But the other thing – I look at confiscation, and I say, okay, you know, Bitcoin was founded as a self-sovereign money that you control, and you and you alone control, and nobody can take it away from you.
It's an opt-in system.
And you're saying now, okay, well, we're just going to take all those people's money if they don't do something by some time.
They can't use it anymore, maybe forever, right?
To me, that seems unfair, too.
So I'm in the camp of restriction.
So, you know, choice A is complete lockdown, maybe get it back.
Choice B is do nothing and let the chips fall where they may.
But the third option is to restrict.
And what's really cool about this option, if you're doing a restriction, then you can always restrict further later, right?
So you can say, hey, we're going to restrict first and foremost, and then see what happens.
And the cool thing, especially with Hourglass V1, it's so simple to implement.
You could implement it.
It causes almost no harm.
And under the conditions, which are debatable, that that legitimizes the attempt to attack those particular coins, the P2PK coins, then that will give us an actual early warning system that, hey, quantum might be becoming an issue.
And we can use that information to enact maybe harsher measures if we decide as a community to do so.
All right.
So the word that's been put into the lexicon recently, confiscatory, this made up word that I just heard in the last few months when we've been talking about this, I feel like.
We're using this word to define, for instance, like a freeze or a burn or whatever.
And I'm curious, Jameson, do you consider that?
Confiscatory?
Confiscatory.
I'm not going to be able to say it.
Do you consider it confiscation if we freeze the coins?
I'm interested to hear your take on this.
It's actually kind of a quantum state of confiscation.
Because from one perspective, you are not allowing people to access their funds.
That is from the sort of top-down imposition perspective.
However, there is a completely opposing perspective from those who wish to secure the economic value of their holdings against massive devaluation and economic volatility.
which is I want to do what I can to try to secure the value of these funds by preventing mass liquidation events.
And so I'm going to reject the spending of anything that I believe is vulnerable.
So there's both an offensive perspective that I think upsets a lot of people, and there's a defensive perspective that I think is interesting to many holders.
And then, you know, there's a lot of game theory here as well, right?
So you could also argue that, you know, whale holders or people who have the vast majority of their net worth in this may be more prone to lean towards the defensive perspective.
Whereas people who are still accumulating Bitcoin and would love to buy the dip or just are hardcore one BTC equals one BTC unit of account folks will be more prone to take the offensive perspective.
So we got our timer up now. So let me just get right to it. Why do you hate hourglass, Jameson?
So, well, V1 I think was easier to reason about, but I had some issues with it. V2 creates more complexity and with more complexity comes more things to argue about.
It's creating new sets of game theory, and I think will require more time for us to think through all of the possible scenarios of how this could play out.
You know, for example, so I believe Hourglass V2 essentially puts us on like a 50 plus year timeframe for all of those funds to eventually be able to be liquidated.
At a minimum.
Yeah. And, you know, over that timeframe, if we're assuming cryptographically relevant quantum computers continue to get cheaper and cheaper cheaper, then how does that actually change game theory over the decades?
Perhaps to the point where the miners themselves have cryptographically relevant quantum computers and can essentially, you know, be mining a lot of the outputs directly to themselves.
Quick question. If we just pause on V2, because it's sort of being worked out, are you against version one idea proposed with the idea of Hourglass?
And for those who don't know, Hourglass is just, you can only use one UTXO per block.
If I recall correctly, my main problem with V1 is that actually it didn't do enough.
I think it was only looking at the pay to public key funds, right?
And meanwhile, really, if there's a cryptographically relevant quantum computer, it's going to be affecting a lot more funds than that.
But it's something that can be implemented before we, you know, have to worry about coming to consensus on, you know, maybe doing a possible confiscation of all unspendable coins.
It's a lot easier to get hit that bar of, hey, let's just, you know, freeze these P2PK at least, right?
But, you know, because then we have to worry about if we're talking about, it's a little bit controversial to say the least that we're just going to lock everybody's coins and then we have to develop a timetable for that.
So I don't know how quickly we'll be able to come to consensus on just that.
I mean, if you think V2 is bad, just imagine how that, and then, you know, add anything on top of that for block size with the quantum stuff, but yeah.
Yeah, and like one thing people, like V2 essentially restricts the throughput, V1 also restricts the throughput just at a lower and simpler mechanism.
And with a subset of the coins, that's the other big difference here, because V2 is amongst all vulnerable coin types.
Yeah, and so the reason for that is because we want to minimize the impact on essentially the price.
And because that, you know, results in minor capitulation, there could be a scenario where enough drop, miners drop off the network wouldn't even reach the next difficulty adjustment.
So, like, just halting Bitcoin in its tracks.
And so, like, there's that consideration, right? The market consideration, the price, whatever.
But, like, you know, famously, inflation is transitory, right?
It's like the supply will, you know, I mean, I don't think it'll be as serious, for one, because a lot of these institutions or whatever will probably be adding the Bitcoin to the balance sheet.
Like, what are they going to do? Sell them for dollars, right?
And so, like, it might not be as serious as we think.
And also, if it does get serious, then that's just a good opportunity to pick up cheap Bitcoin.
So, Hunter made a V2 comment, so I'm going to make a liquidation comment, too.
So, the other point about it is Bitcoin is not fungible.
So, if massive amounts of coins are stolen from people that they can prove, no, this was mine, I got it off this exchange, I had it in this address, you know, here's my XPUB key.
Well, then it becomes a legal matter if they try to put them on an exchange to sell them in mass, right?
So, it's going to be really hard for those coins to find liquidity.
I mean, if you just take a look at Rosalcon, what was it, Bitfinex?
Yeah, yeah.
I forget which one.
They hid that money for like eight, you know, seven years.
Yeah, yeah.
And then they spent just a wee little bit of it and were immediately busted.
So, as a result, we don't necessarily need to change the protocol at a consensus level.
It's, like, in a way, it's also part of, like, human behavior and, like, our reaction to the event and, you know, maybe restricting Bitcoin's fungibility
at a social level but not necessarily at a consensus level.
I think the human behavior thing is an important aspect to actually talk about.
So, one of the biggest takeaways that I've had from our conversations yesterday, and I hate to speak for anyone other than myself,
I had a feeling that a rough consensus amongst a lot of the people here is actually that you could argue the bigger threat than quantum computing
is the fear of quantum computing.
And so, you know, we can go down all of these rabbit holes of doing threat modeling and talking about what different actors may or may not do if they have a cryptographically relevant quantum computer.
But I would posit that if there's even a general whiff that someone has a cryptographically relevant quantum computer, that will cause massive panic, and that's what we're trying to avoid.
Well, let me posit a scenario for you then.
Okay, let's say we have a flag day confiscation, and Satoshi, who hasn't had to move his coins or even think about it, is still around and does still have all of his keys.
Satoshi is now forced into a position where he has to move his Bitcoin or lose them forever, and he decides to move all of his Bitcoin.
We don't know if it's Satoshi or a quantum attacker.
What happens then?
So we could set up the very crisis we're trying to avoid, right?
Got him.
I mean, we have to give Satoshi an opportunity to secure their coins.
Well, yes.
But you give an opportunity, but here's with Hourglass, right?
Here's the cool thing about Hourglass.
If it worked out that way, he could hide.
He could hide in the outflow of quantum coins.
He could actually redeem his coins, and nobody would know it was him.
So let me ask a question for Jameson.
Based on what Mike's saying, this is pretty much just like it's going to blast radius how fast these coins.
I mean, you put this into play.
The amount of P2, PK UTXOs that are moving are so small right now that unlikely to negatively affect any real use case or user experience right now.
Is there a downside to just implementing Hourglass V1 as a stopgap safety measure way ahead of time?
And do you see any problem with that?
I actually, I mean, I do think that sort of setting aside all of the other implementation of post-quantum cryptography,
focusing on a BIP that only talks about how to handle pay to public key outputs could be interesting and non-controversial,
or at least like non-damaging to any current holders, right?
So for example, I think I said yesterday, I don't understand why we even allow people to still create pay to public key outputs.
Like, why don't we put the kibosh on that right now?
That would be part of it, is disabling them.
Which I think is totally non-controversial.
I think maybe a handful of those get created every year.
And then if we want to then take the next step and say, okay, we're also going to implement some sort of throughput restriction on redeeming those outputs,
perhaps that will incentivize any remaining actors that are still around that want to be able to move those funds.
And then I was thinking, you know, Taj brought up commit reveal, you know, during this period, if you did have, you know, this hourglass idea, you implement it.
And then as soon as these pay to public keys start moving every block, you're like, well, maybe a quantum computer exists.
And then you have the opportunity for another stopgap commit reveal scheme.
Right.
You know, you can always tighten, you can't loosen, but you can always tighten.
I have another sort of tangential question.
Does any, is there any motivation with hourglass or with the non-freezing route?
Sorry.
Just in general with any sort of like Peter Todd Taylor mission sort of initiative, like where it's like, hey, this would also maybe be good for Bitcoin,
because it would introduce some sort of idea of a tail mission.
Is there any motivation with any of this for that aspect?
Or is that just a side effect that might be good or bad and you have no opinion on it?
I'm kind of curious if Hunter can talk about this and then we can go to you, Mike.
Yeah.
Like in some ways confiscating the coins or restricting the coins just to like, you know, serve the purpose of tail mission.
And some might consider that to be a confiscatory and also like disingenuous.
Right.
Just cause like it could be working to the miners favor.
And so we can't trust these damn greedy miners with our God earned sats, you know, but you know, that's, that's, that's, that's one perspective.
You know, so burning or freezing, that's, that's actually not really confiscatory.
It's really, you're, you're denying them access to theirs.
But if you do a redistribution, uh, that is actually confiscatory because you're taking from them and giving them to somebody else.
Right.
That they now have possession of these things versus just outright destroying them.
Um, so I guess that would be considered more if you did a redistribution, it would be potentially more confiscatory than even just burning the coins.
That being said, there's a massive security budget problem.
That's only going to get worse, you know, and I'm, I just looking at all the data I see, I think we got about eight years to figure out fees and a security budget.
Otherwise we're going to have to start making some hard decisions about a tail emission.
And I don't want to have that conversation.
So that's okay.
I already figured that out.
Uh, well, yeah, there, there are options, but, uh, you know, enacting them probably a little, little harder than it looks.
Yeah.
I'd be curious to hear any, any thoughts from this.
Uh, uh, well, I mean, what did you figure out for, for us who don't know how you figured out how to fix Bitcoin?
Yeah. Well, so, uh, yeah, I, I think some of the, the game theory around like Hourglass V2 and how that may be helpfully offsetting some of the subsidy issues is interesting.
And even though it's like a 50, 60 plus year long proposal, um, it's not a permanent fix, right?
It's kicking the can down the road.
We just need to make sure it outlives us.
Oh yeah.
That's all we need to worry about.
What about the future generations?
Come on.
They'll figure it out.
That's what, that's how the world works.
Right.
Uh, I, I started thinking about this issue, uh, in terms of just sort of economic demand and supply of block space, uh, a while back.
And I have a rough proposal.
It hasn't been written up or formally submitted or anything, but I talked about it recently, which is this GoldieBlox idea, uh, essentially coming up with a, uh, dynamic block space adjustment algorithm that is somewhat analogous to the difficulty adjustment.
And that you would essentially want to try to adjust the supply of block space in a manner, uh, a manner that is commensurate with what appears to be the demand for block space.
For block space.
So short version is like, if fees are sky high through the roof, it looks like demand is really high for block space.
Then within some other subset of safety parameters, bump up the supply of block space a little bit.
And then vice versa.
If for example, right now, I would, I would say block space should be a lot lower.
Uh, you should actually shrink, uh, the supply of block space when there is essentially no demand for it and no fees that are being paid.
The point of point is that it would make block space elastic right now.
It is inelastic.
It does not change at all.
Regardless of demand.
We got to aggregate all those inscription UTXOs first though, Jameson.
Um, gotta pay for it.
All right.
We have a couple of minutes left Hunter.
Why does Jameson have a bad take?
Well, uh, in the words of a prominent and well known Bitcoin core developer here, uh, changing Bitcoin just because people are scared is stupid and dumb.
I think I know.
I think I know who said that.
Okay.
Chatham house rules, right?
Um, I mean, I was looking for a fierce debate, but it sounds like we kind of agree or disagree.
Everyone kind of understands each other.
Is there any sort of, we have like a minute left, two minutes left.
Is there any sort of things that need to be fleshed out that you have questions to each other about?
Uh, we got questions from the audience.
Oh, uh, sure.
I didn't know we were taking questions from the audience.
Yeah, yeah.
Could I add?
I don't know if I need a mic or not.
Yeah, yeah, you do.
Do you want me to pass mine?
Oh, okay.
Um, okay.
Yeah.
Um, so, also if you, if you want to direct it at someone, be explicit.
I mean, it's the whole panel.
Really to anyone in the room, please don't shoot me for asking this, but I think it's like.
It's an inevitable question that I think will come up.
And Vitalik years ago wrote an article about this.
Um, oftentimes in cryptography, we don't strive for perfect solutions.
We relax our security assumptions in order to achieve something optimal.
And so a question might come up from industry and some of the more like traditional legacy institutions.
Would anyone in this room, and I personally would not, but would anyone in this room be comfortable?
Would anyone in this room be comfortable with some degree of centralization when we talk about P2PK, uh, and potentially forming some kind of structures where people come together and go through some sort of process to prove ownership of these coins instead of relying on purely decentralized.
So the problem is there's no way to prove ownership.
You cannot, you literally, they're randomly generated.
And there, you know, an attacker would look just like an honest old miner.
Uh, there's no way to differentiate.
Well, he's talking about screenshots from old, you know.
Oh, that's totally legit.
That's good.
You know, social, social proof.
I mean, there's no way to.
There's no way to.
One potential avenue of quote unquote centralization and safety that might be somewhat palatable in like an emergency situation is if we basically restricted the nodes from like relaying any quantum vulnerable spins and you had to, you know, privately send them to mining pools and hopefully protect yourself a little bit.
There's, there's, there's another possibility, which is just that you commit to a stark proof of your BIP 38 or BIP 39 secrets.
Right.
So like BIP 38, uh, uh, wallets are encrypted.
And so you can, uh, take the pre encrypted.
I see John shaking his head to that.
No, really?
No, BIP 38.
It's not applicable for BIP 38.
Those are just hosed.
They're just as hosed as P2PK.
They're random.
Well, so I guess basically if you, you've got your funds in a paper wallet, there may be a concern that.
Uh, those will, those kind of individually created keys might be disabled in favor of, uh, something that would need mnemonic seed like your, your wallet.
I mean, this is concerning though, because, you know, those of us that had paper wallets, the whole idea was you could bury that thing and never look at it again and dig it up 20 years later and be rich.
And you're saying, oh no, that's all gone now.
Sorry.
You know, Hey Austin, how are we doing on time?
One more question.
Uh, I know we have a mic right here ready to run, but maybe two more.
Okay.
Two more questions.
I got to cut it.
And then we'll keep the answers concise and quick.
Okay.
Do your opinions differ between vulnerable addresses and address reuse?
Well, that's the main difference between V1 and V2 is V2, it tries to address reused addresses in a manner that makes them still usable, but, you know, limits them, you know, rather strictly and also, you know, more fees.
We've had a lot of conversations about address reuse yesterday.
And I think most, once again, try not to speak for everyone, but rough consensus, at least at the protocol developer level, seem to be that requiring implementation of address indexes is a non-starter.
But once again, we can bike shed about that.
Okay.
Well, from what I understand about 90% of reused addresses are like coins and reused addresses are there recently.
Like, so like, uh, these coins are moving constantly.
They'll, they're managed.
They have custodians or people who are using them actively.
So, uh, that there's another like argument that like, maybe we shouldn't necessarily restrict or affect, uh, reused addresses.
Well, and there's one other thing, but we, should we, should we take the last question?
Sure.
I just want to make sure.
Uh, sorry to pause you here.
Let's just take the last question so we can wrap up there.
Yeah.
So what makes me really uncomfortable about confiscation and throttling is it, it feels like a very fiat mentality to infringe property rights.
So we can kind of prop up the market.
Like when we think about the context in which Bitcoin was birthed, like 2008, 2009, um, bailouts chancellor on the brink, like this kind of has the specter of like a plunge protection team or like, isn't this sort of introducing a dangerous mentality that if we think there's going to be a market panic, maybe for some other reason, we're going to artificially constrict supply.
Just to kind of keep the price propped up.
Yeah.
You want to handle that?
Oh, I'm just saying a hundred percent.
Yeah.
Like that's, that's not, uh, that, that would be like violating Bitcoin's core principles and, and it's founding and, and like we tell a lot of stories about Bitcoin.
That's definitely one of them.
Uh, so yeah, I think that's stupid.
Like doing that stupid.
Uh, yes.
And well, it is inevitable that inviolable properties are going to be violated and people are going to be upset.
So like I said, some people will say, this is, this is quote, a top down centralized imposition upon holders.
And then there is the alternative perspective that no, there's a large set of holders who actually consider this to be a security problem.
And we want to incentivize people to secure their coins because it's not just about me securing my coins.
It's about the entire ecosystem being secured.
And I'll just say both of them are true.
What you said, and that is true, but they're also Satoshi himself originally said lost coins can be considered a donation to the entirety of Bitcoin.
And if you allow people to reclaim lost coins, it, it violates that.
So it's just pick your poison.
All right.
Well, we're out of time.
Can we get a round of applause for the panelists?
Thank you.
I'm pretty sure I won.
Good job, everybody.