Against Allowing Quantum Recovery of Bitcoin

In a detailed discussion about potential worst-case scenarios affecting Bitcoin security and stability, several key concerns and suggestions were raised. The first point of worry involves the possibility that a certain group might gain advanced access to critical functionality, allowing them to steal coins without immediate detection. This scenario is troubling not only because of the direct theft but also due to the sustained controversy it could create within the community regarding the reality of such thefts. Such a situation could lead to continuous debate and uncertainty, negatively impacting the overall trust in the system.

The second scenario presents an even graver concern where an attacker, without actual access to a breakthrough in elliptic curve cryptography, could induce panic by falsely claiming to have stolen coins. This type of psychological warfare is particularly feasible with taproot addresses, as the preparation for such an attack cannot be done in advance for coins created in the early days of Bitcoin (2009-10). The goal of the attacker would be to create sufficient doubt and controversy among Bitcoin users, potentially leading to a chain split over disagreements on how to address the perceived threat. This strategy underlines a crucial difference from past incidents like the DAO hack, where thefts were clearly visible, whereas in this proposed scenario, the ambiguity of the theft adds a layer of complexity and danger.

Additionally, the concept of "disabled NUMS" for taproot external keys was highlighted as a positive step toward preparing Bitcoin for post-quantum cryptography (PQC) in tapleaf scripts. This approach is seen as a form of censorship that would likely be uncontroversial due to its security benefits.

However, there's skepticism regarding the feasibility of achieving consensus on a soft fork for burning coins as a solution to potential threats. Such a proposal is deemed unlikely to gain widespread agreement within the community, suggesting that alternative cryptographic solutions should be explored. The conversation reflects upon ideas discussed by experts like Tim Ruffing and Adam Back, who have considered safe methods for spending currently hashed UTXOs. Despite the focus on technical solutions, it's acknowledged that these challenges might lie far in the future, indicating a mix of opinion and speculation regarding the best path forward for securing Bitcoin against sophisticated attacks or theoretical vulnerabilities.