The limitations of cryptographic agility in Bitcoin

The discussion opens with a critique of the argument that there is no incentive to store bitcoins in an inherently insecure manner, pointing out the real and significant risk posed by centralized custodians holding large amounts of Bitcoin. It is highlighted that approximately 2.5 million BTC are concentrated under the control of fewer than two dozen entities, presenting a substantial theft risk from both private and public actors. This scenario has historical precedence, with notable thefts from exchanges such as MtGox and Bitfinex, and even governmental actions like Executive Order 6102 posing threats to asset security. Despite these risks, there is no widespread call to freeze the coins held on exchanges, a stance that contrasts sharply with reactions to the potential for cryptographic vulnerabilities, which could affect around 6.5 million coins.

The conversation shifts towards the assumptions underlying Bitcoin's security, specifically challenging the notion that the collective trust in secp256k1's current security suffices against future threats, including those from quantum computing. It suggests that the community's reliance on secp256k1 should also accommodate the possibility of switching to alternative cryptographic methods if necessary, implying a dual-security model where either "secp256k1 OR another secure signature algorithm" could safeguard the network. This approach is argued to be more adaptable and safer in the long run, especially given the known vulnerabilities of secp256k1 to quantum computing risks.

Further, the email delves into the ethical considerations and the fundamental principles at play within Bitcoin's design philosophy. It raises concerns about proposals to freeze coins in addresses vulnerable to quantum attacks, arguing such moves would go against the intentions of users who might deliberately choose to use these addresses. The author suggests that leaving coins in CRQC-vulnerable addresses could be seen as a challenge or bounty for the development of countermeasures against quantum threats, emphasizing the importance of respecting user intentions.

Lastly, the core principle of Bitcoin as peer-to-peer electronic cash is defended, particularly the expectation that redeem scripts validating transactions today will continue to do so indefinitely. This foundational belief ensures that Bitcoin retains its value over time and remains operational as a decentralized currency. Any proposal undermining this principle, such as disabling features leading to the freezing of coins, is viewed as not only a threat to Bitcoin's integrity but potentially catastrophic, risking the entire system's collapse. The survival of Bitcoin, it is argued, hinges not on its ability to withstand temporary price fluctuations but on maintaining the validity of its transaction verification mechanisms over time.