New Bitcoin Proposal Would Freeze Coins to Counter Quantum Threat

A caller Bitcoin connection would signifier retired the network's existing signature schemes and frost coins that neglect to migrate to quantum-resistant addresses.

Dubbed the "Post Quantum Migration and Legacy Signature Sunset," the connection would halt users from sending Bitcoin to older code types susceptible to quantum attacks, and yet disable the cryptographic methods the web has relied connected to verify transactions since its creation.

Co-author Jameson Lopp and 5 different developers updated the connection successful Bitcoin's authoritative betterment repository, published arsenic BIP-361 connected Tuesday.

Quantum attacks are a theoretical method of utilizing precocious computers to deduce private keys from nationalist keys exposed connected a blockchain, giving an attacker power of a wallet without the owner's credentials. The infinitesimal erstwhile a quantum machine emerges with capable powerfulness to interruption the encryption utilized by Bitcoin is known arsenic "Q-Day."

BIP-361 lays retired a three-phase timeline: blocking inflows to susceptible addresses astir 3 years aft activation, freezing each bequest coins 2 years later, and leaving unfastened a aboriginal betterment way done zero-knowledge proofs for holders who miss the deadline.

Over 34% of each Bitcoin has exposed a public key on-chain, according to the proposal, leaving those funds susceptible to theft by a sufficiently almighty quantum computer. No anterior Bitcoin upgrade has rendered existing transactions invalid, making BIP-361 the archetypal to unit a prime betwixt corporate web defence and idiosyncratic entree to coins.

BIP-361 remains successful draught status with nary activation timeline and depends connected BIP-360, a abstracted quantum-resistant transaction model inactive nether review.

Security costs

Earlier successful March, Google published a ceremonial timeline to modulation its infrastructure to post-quantum cryptography by 2029, calling the quantum frontier "closer than whitethorn appear."

Bitcoin has historically treated a valid signature arsenic “sufficient impervious of control,” careless of however aged the coin oregon cardinal is, Leo Fan, laminitis of decentralized compute web Cysic, told Decrypt.

BIP-361 would alteration that by treating "timely migration arsenic portion of maintaining ownership.”

The caller connection “shifts quantum hazard from 'maybe I get robbed later' to 'if I miss the deadline, I whitethorn suffer entree by consensus,'" Fan said, adding that the connection amounts to "making Bitcoin much interventionist" successful bid to forestall susceptible coins from becoming "loot for the archetypal entity with a moving quantum computer."

But not everyone agrees the tradeoff is warranted.

Frederic Fosco, co-founder of Bitcoin metaprotocol OP_NET, told Decrypt the connection appears to crook Bitcoin's founding committedness connected its head.

A protocol-enforced frost "is confiscation, afloat stop," Fosco said, arguing the connection rewrites "not your keys, not your coins" into "your keys, but we froze your coins anyway."

"The 2nd you transverse that line, you've built a strategy that tin frost immoderate coins for immoderate crushed deemed important capable by whoever controls the adjacent brushed fork," helium said. "Today it's quantum. Tomorrow it's sanctions compliance."

If adopted, BIP-361 would efficaciously mean that immoderate coins inactive secured solely by ECDSA signatures, the default method Bitcoin uses to beryllium a transaction was authorized by the rightful owner, would beryllium "forfeited," Chris Peikert, halfway researcher astatine cryptography steadfast Fhenix Research, told Decrypt.

"For Bitcoin determination is nary enactment different than a protocol hard change/fork successful bid to halt funds from being withdrawn from accounts with exposed nationalist ECDSA keys," Peikert noted.

Still, a contested upgrade could besides fracture the network.

An unprotected chain's terms “collapses the infinitesimal idiosyncratic demonstrates a azygous quantum theft, due to the fact that it proves each exposed code is present just game," Enrico Rubboli, laminitis of layer-2 sidechain Mintlayer, told Decrypt.

Bitcoin's decentralized governance is “a spot successful mean times and a weakness erstwhile you're racing a clock," Rubboli said, adding that voluntary migration without a hard deadline "only works if you presume the menace arrives connected a schedule. It won't.”

In a tweet, Lopp conceded that, “I cognize folks don't like” BIP-361,” adding, “I don't similar it myself. I wrote it due to the fact that I similar the alternate adjacent less.”