[BIP Proposal] No burn, Quantum Migration Proposal, Quantum Secure Asset Verification & Escrow (QSAVE)

In a recent exchange on the Bitcoin Development Mailing List, participants debated cryptographic solutions that could potentially safeguard Bitcoin transactions against quantum computing threats, commonly referred to as Q-day. The discussion highlighted the viability of zero-knowledge proofs, specifically STARKs and SNARKs, alongside commit/reveal protocols as mechanisms for recovering at-risk coins without centralizing trust via KYC (Know Your Customer) systems. These methodologies primarily cater to wallets utilizing hardened BIP32 key derivation or those with unexposed public keys, suggesting a significant portion of users' assets could be shielded through these upgrades, which can be implemented via a soft fork.

However, concerns were raised regarding specific types of wallets, such as bare-P2PK addresses, paper wallets, or brain wallets, that either do not use hardened BIP32 or have previously exposed their public keys on-chain. Distinguishing between an honest witness and one compromised by a CRQC (quantum computing) attack remains a challenge for these wallets, underlining the limitations of the proposed solutions. The difficulty in identifying vulnerable addresses, given the absence of a rigorous mathematical test to determine their derivation method, further complicates efforts to protect all users' assets comprehensively.

The discourse also delved into the broader implications of proposed changes on the Bitcoin ecosystem, emphasizing the complex interplay between miners, users, and developers. It was argued that the ecosystem operates as a feedback loop, where no single group holds absolute power. For instance, miners can choose which chain to mine, but if node-runners refuse to follow their chain, the effort becomes futile. Similarly, controversial code updates by core developers could lead to forks, as seen in ongoing debates over mempool policy. The discussion underscored the potential risks of introducing KYC systems, highlighting the fragmentation it could cause within the community, akin to the division observed between Knots and Core over mempool policies.

Further, the conversation critiqued the idea of granting control over quantum-vulnerable UTXOs to a select group for redistribution, citing the precarious precedent it would set. Comparisons were made to Craig Wright's unsuccessful legal attempts to compel core developers into hard-forking Satoshi Nakamoto's coins. The notion of drafting an open letter to quantum computing companies was floated, suggesting a collective appeal from the Bitcoin community to ensure the technology is used in a manner that does not jeopardize the digital currency's integrity. This proposal indicates a recognition of the need for a collaborative approach to address the challenges posed by quantum computing to Bitcoin's security architecture.