GM. Timelocks are cool.
Liana Wallet
npub1ejky...expu
Liana is a simple Bitcoin wallet with built-in loss protection and inheritance. Developed by Wizard Sardine.
How quantum computing affects Bitcoiners, Part II
The second part of our summary of Chaincode Labs' excellent paper on Bitcoin and quantum resistance.
Migration strategies and the burn vs steal debate.
Bitcoins that are locked in addresses with publicly-revealed public keys are most vulnerable to theft from future quantum computers:
- Satoshi's coins
- Other early coins that may be lost
- Reused addresses
Researchers estimate that there are 6 million such vulnerable bitcoin
It's not just Satoshi's coins and coins with lost keys that are vulnerable
Some prominent examples of addresses with exposed public keys are yellow highlighted in this image from @Jameson Lopp 's article on quantum resistance:
Ideally, we come up with a way to make all coins safe from quantum attack
All quantum resistance proposals currently require that users send their coins to new, quantum resistant addresses
There are ~190 million UTXOs
The good folks at Chaincode Labs pulled together research on how long it might take to migrate everyone's bitcoin to quantum resistant addresses
Estimates vary between 140 and 560 days
This is one very strong reason to start working on this problem long before it becomes a problem
There are a number of proposals for how this migration could work:
But all of them first require a soft fork or hard fork to introduce new quantum resistant address types
Commit-Delay-Reveal (CDR) has users create a quantum-resistant tx with an op-return that references the public key of their vulnerable coins
A soft fork then enforces a time delay before the coins can be moved by a 2nd tx that is signed by the original key and the op-return key
Quantum Resistant Address Migration Protocol (QRAMP) proposes a hard fork that enforces a flag day beyond which coins in quantum vulnerable addresses can no longer be spent
QRAMP could be used in combination with proposed BIP 360: pay to quantum resistant hash addresses
Hourglass strategy
A soft fork enforces a new rule that only a certain number of txs spending from quantum vulnerable addresses may be included in any one block
This slows the rate at which such coins could be stolen (or spent)
Might also generate a lot of fees for miners
In addition to the question of how Bitcoin achieves quantum resistance, there is also this:
What happens to the coins to which nobody has the keys?
Some proposals permanently freeze them while others leave them up for quantum theft.
Burn or steal?
The burn argument goes like this: Sure we don't want to prevent anyone from spending their coins, but this is a clear vulnerability: coins that the protocol guarantees as safe can be stolen.
Therefore, permanently freezing the lost coins best maintains Bitcoin's rules
The steal argument goes like this: Bitcoin is built on enforcing the sovereignty of key-owners. Changing the protocol to freeze some coins violates this important value.
Bitcoin should never change its rules such that we risk preventing a user from spending their coins.
Where does this leave us?
Making Bitcoin quantum resistant requires
1. A soft fork
2. Migrating all coins to new addresses
3. Tough decisions about what to do with coins that can't migrate
Bitcoin has so many stakeholders at this point that such an undertaking will clearly be slow
Even if you think that quantum computing is far overhyped, we really should start moving on it.
The best thing you can do is educate yourself. Read Chaincode Labs' paper here:
https://chaincode.com/bitcoin-post-quantum.pdf
Huge props to Clara Shik and @deadmanoz for their work!
Cypherpunk Cogitations
Against Allowing Quantum Recovery of Bitcoin
An argument in favor of burning bitcoin in vulnerable addresses to prevent funds from being taken by those who win the quantum computing race.
Ideally, we come up with a way to make all coins safe from quantum attack
All quantum resistance proposals currently require that users send their coins to new, quantum resistant addresses
There are ~190 million UTXOs
The good folks at Chaincode Labs pulled together research on how long it might take to migrate everyone's bitcoin to quantum resistant addresses
Estimates vary between 140 and 560 days
This is one very strong reason to start working on this problem long before it becomes a problem
There are a number of proposals for how this migration could work:
But all of them first require a soft fork or hard fork to introduce new quantum resistant address types
Commit-Delay-Reveal (CDR) has users create a quantum-resistant tx with an op-return that references the public key of their vulnerable coins
A soft fork then enforces a time delay before the coins can be moved by a 2nd tx that is signed by the original key and the op-return key
Quantum Resistant Address Migration Protocol (QRAMP) proposes a hard fork that enforces a flag day beyond which coins in quantum vulnerable addresses can no longer be spent
QRAMP could be used in combination with proposed BIP 360: pay to quantum resistant hash addresses
Hourglass strategy
A soft fork enforces a new rule that only a certain number of txs spending from quantum vulnerable addresses may be included in any one block
This slows the rate at which such coins could be stolen (or spent)
Might also generate a lot of fees for miners
In addition to the question of how Bitcoin achieves quantum resistance, there is also this:
What happens to the coins to which nobody has the keys?
Some proposals permanently freeze them while others leave them up for quantum theft.
Burn or steal?
The burn argument goes like this: Sure we don't want to prevent anyone from spending their coins, but this is a clear vulnerability: coins that the protocol guarantees as safe can be stolen.
Therefore, permanently freezing the lost coins best maintains Bitcoin's rules
The steal argument goes like this: Bitcoin is built on enforcing the sovereignty of key-owners. Changing the protocol to freeze some coins violates this important value.
Bitcoin should never change its rules such that we risk preventing a user from spending their coins.
Where does this leave us?
Making Bitcoin quantum resistant requires
1. A soft fork
2. Migrating all coins to new addresses
3. Tough decisions about what to do with coins that can't migrate
Bitcoin has so many stakeholders at this point that such an undertaking will clearly be slow
Even if you think that quantum computing is far overhyped, we really should start moving on it.
The best thing you can do is educate yourself. Read Chaincode Labs' paper here:
https://chaincode.com/bitcoin-post-quantum.pdf
Huge props to Clara Shik and @deadmanoz for their work!
GM. Ask somebody to pay you in Bitcoin today.
How quantum computing affects Bitcoiners π§΅
Summarizing Chaincode Labs' excellent recent paper on the topic
tl;dr
π
Quantum computers do not pose a threat to Bitcoin today
π° But many researchers agree they will in the next 5 - 10 years
π§οΈ Bitcoiners should start working on mitigations
Here's how quantum computers could threaten Bitcoin:
An everyday computer can derive a public key from a Bitcoin private key in a few microseconds
But the reverse is much more difficult:
Today's supercomputers would take ~100 quadrillion years to find the private key for a known public key
Quantum computers could theoretically derive a Bitcoin private key from a known public key in just a few hours
So the primary risk quantum computing poses to Bitcoiners is for situations where the public key to your coins has been exposed
How might that have happened?
Long-range quantum attacks:
Some address types expose their public key:
Pay to public key
Pay to multisig
Pay to Taproot
Since these public keys are exposed as soon as the address receives coins, quantum computers may be used to derive their private keys and steal the coins
Short-range quantum attacks:
When you spend bitcoin, you reveal the public key for the coins in your transaction
A quantum computer may be used to derive their private key and spend them in a new transaction with a higher fee before your transaction is included in a block
Address reuse:
Coins that reuse an address from which other coins have already been spent may also be vulnerable to theft because the previous spends revealed the address's public key
A quantum computer may be used to derive private keys to any coins still at a reused address
Exposed xpubs:
Many services request that Bitcoiners provide an extended public key (xpub) used to generate addresses
If such an xpub is leaked, all addresses generated by that xpub may become vulnerable to having their private keys derived by a quantum computer
Advances in quantum computing could also affect mining:
Quantum computers may slightly weaken the security of the SHA256 hash function used in mining, but it is unlikely they could break it
This means Proof of Work is probably still reliable in a quantum computing future
However, quantum miners may be subject to much stronger centralization pressures:
the best quantum hardware "would gain a disproportionate speedup, eliminating the incentive for less powerful quantum miners - as well as those who lack quantum computers - to participate"
Quantum resistance
Fortunately, there are a number of feasible proposals for how Bitcoin could become resistant to quantum attacks
Unfortunately, most of them involve using much larger signatures (read: quantum resistant spending might mean you pay a lot more in mining fees)
Tomorrow, we'll look at the second half of Chaincode's paper: Migration strategies and the big question facing Bitcoiners: burn or steal?
Read the full Chaincode report at: https://chaincode.com/bitcoin-post-quantum.pdf
And be sure to follow the report's authors: Clara Shik & ozdeadman
Liana v11 is out! Now with multiwallet, SD air gap support for Coldcard and Krux, and coin control during recovery flow.
Check it out: 
Wizardsardine - a team of bitcoiners with a passion for security
Liana 11.0: Multi-wallet, improved recovery flow with coin control, and SD card air gaps!
Liana v11 is out with some exciting new features! Users can have multiple wallets in a single Liana instance, recovery flow now includes coin contr...
Liana Wallet v11 is here adding some of our most user-requested features:
- Multiwallet support
- Coin control during recovery
- SD card air gap support for Coldcard and Krux
- Much more!
ποΈ Check out the release blog post:
ποΈ Or download Liana Wallet and start playing around (we support Signet and Testnet in case you just want to give it a test run): 
Wizardsardine - a team of bitcoiners with a passion for security
Liana 11.0: Multi-wallet, improved recovery flow with coin control, and SD card air gaps!
Liana v11 is out with some exciting new features! Users can have multiple wallets in a single Liana instance, recovery flow now includes coin contr...
Liana
Liana
Bitcoin Wallet with protection against loss
Seedless or not, sharing your keys with a provider always has privacy implications.
What would you get Satoshi for a birthday present?
Today is a good day for a reminder:
Not your keys, nacho bitcoin.
(reminder works better if you have your sound up)
Want to learn more about timelocked recovery keys and how they can change the security trade-offs for your backups?
We wrote an article about it. Check it out π
Wizardsardine - a team of bitcoiners with a passion for security
What is a Bitcoin recovery key?
Finding a durable and secure way to store your Bitcoin keys can be challenging. Using a wallet with a recovery key gives you an interesting new set...
GM. We're cooking away here: Liana v11 should be out soon!
Reasons to use Liana Wallet:
π±οΈ Free, open source
π±οΈ Easy multisig templates
π±οΈ Signet for testing
π±οΈ One-click node install
π±οΈ Coin control
π±οΈ Taproot addresses
π±οΈ Labels BIP 329
π±οΈ Dark mode only
...and it supports miniscript so you can do things like timelocks and expanding multisigs
Nacho Bitcoin - the music video
Feat. Blackrock, Coinbase & Friends
Sound up π
πΆοΈπ₯οΈ Check out our new #Bitcoin music video:
Nacho Bitcoin
Feat. Blackrock, Coinbase & Friends
Hey folks π
Our product manager is looking to chat with a few more Bitcoiners about self-custody and inheritance - what gives you peace of mind, what keeps you up at night, and what you wish existed.
You donβt need to be a Liana user - weβre just trying to learn from real setups and real concerns so we can build something truly useful.
If youβre up for a quick 30 min call with me, feel free to grab a time here:
π 
Appreciate it! π
Calendly
Bitcoin Custody for Organizations β Research Interview - Manuel Gatti
We're exploring new ways to improve Bitcoin key management for organizations. This short call is part of early product research to better understan...
GM. Tired of pizza? How about nachos...
Nacho Bitcoin (the music video) feat. Blackrock, Coinbase & Friends
GM. Pineapple and jalapenos is good pizza.
Use money that isn't headed for extinction. #Bitcoin
There's going to be a whole panel on our favorite topic at the @The Bitcoin Conference!
Check it out:
Gotta admit, we're getting pretty excited for the @Bitcoin FilmFest !
We've been working on something special for the PoWies!
See you there!
