The quantum computer will pose a big dilemma. What to do with Satoshi Nakamoto's bitcoins and other millions of lost BTC?

Bitcoin developer Agustin Cruz proposes a hard fork that would force everyone to transfer their BTC to addresses resistant to quantum attacks.

The quantum computer will pose a big dilemma. What to do with Satoshi Nakamoto’s bitcoins and other millions of lost BTC?

Bitcoin and the quantum threat

Bitcoin developer Agustin Cruz proposes a hard fork that would force everyone to transfer their BTC to addresses resistant to quantum attacks.

His BIP suggests a mandatory migration period from current Bitcoin addresses (i.e., addresses secured by ECDSA) to addresses resistant to quantum computers. After a certain date, bitcoins that have not moved will become unrecoverable.

Before addressing the philosophical and technical questions raised by this BIP, let’s emphasize that the quantum threat is not a fantasy.

For Microsoft, the quantum computer will be a reality within several “years, not decades”. Google and IBM also predict that the major technological breakthrough is closer than many think.

Scott Aaronson, a researcher with 25 years of experience in quantum computing, recently sounded the alarm:

I had until now been used to saying that we might, eventually, consider the necessity to migrate from elliptic curve cryptography to cryptographic systems plausibly resistant to a quantum attack. I think today the message must be: yes, clearly, worry. Have a plan.

Pierre-Luc Dallaire-Demers, a researcher at the University of Calgary, estimates that “there are about five years left before a quantum computer can break the elliptic curve keys that secure bitcoins”.

It is therefore time to revive the debate.

The dilemma…

Should we prevent Google or Microsoft from taking control of bitcoins that have not migrated to resistant addresses? That is, the million bitcoins mined by Satoshi Nakamoto and the other two million BTC estimated to be lost?

Jameson Lopp published a long article on his blog discussing the pros and cons. The cypherpunk agrees with Agustin Cruz and recommends destroying BTC vulnerable to quantum computers. Here is his latest talk on the subject:

Pieter Wuille, the most experienced Bitcoin developer (25 BIPs), is on the same wavelength:

Of course bitcoins should be destroyed. If and when (and it’s a big if) the existence of a quantum computer capable of breaking cryptography becomes a credible threat, we will have no choice but to remove the ability to spend bitcoins secured by ECDSA cryptography. Otherwise, millions of BTC become vulnerable to theft. I don’t see how any currency can maintain any value in such a context. And this affects everyone, even those who have moved their bitcoins to resistant addresses [because this theft could lower the bitcoin price].

Others, like the CEO of Tether, do not seem overly worried:

Resistant addresses will be added to Bitcoin before the quantum threat becomes serious. Everyone alive (and with access to their wallets) will transfer their bitcoins to this new type of address. All lost bitcoins, including those of Satoshi (if he is no longer alive), will be hacked and put back into circulation.

Did Satoshi Nakamoto want Microsoft to get hold of his bitcoins? Unlikely.

Incentive

Some point out that destroying bitcoins would deny the network’s foundations. First: resistance to censorship. No one should be able to deprive others of their bitcoins. Not to mention the sacred tradition of evolving the code through backward-compatible soft forks.

On the other hand, we would prevent several million bitcoins from falling into the hands of multinationals. Knowing that Microsoft recently refused to add bitcoin to its treasury.

Satoshi’s BTC are worth about 100 billion dollars. Those suspected to be lost forever are worth 250 billion. That’s a significant pot that Microsoft could pour into the markets.

These 350 billion could easily represent more than 2,000 billion when the quantum computer is fully operational. That’s more than Google’s market capitalization.

This leads us to another cornerstone of the Bitcoin matrix: financial incentive. The 21M BTC limit exists because we are financially incentivized not to change it. [It is with this argument that Bitcoin Core refused to filter ordinals, which are a source of income for miners].

Similarly, we are all incentivized that lost bitcoins, including those of Satoshi, never come back into circulation. Letting Microsoft sell millions of BTC impoverishes all bitcoin holders. Conversely, preventing Microsoft from accessing lost funds would worsen no one’s situation.

“No one”, or almost no one. Some absent-minded people will lose out, but whether by a hard fork or by the quantum computer, the result will be the same.

At the heart of Bitcoin cryptography

Now let’s get into the heart of the cryptographic matter. Bitcoin relies on hashing functions (SHA-256), but also on asymmetric cryptography. In the second case, it is also called “public key” cryptography. It is at the heart of transaction mechanics and would be vulnerable to a quantum computer.

The private/public key pairs to which BTCs are linked are constructed using the secp256k1 elliptic curve (ECDSA). It is these