Against Allowing Quantum Recovery of Bitcoin

The discussion highlights significant security considerations related to Bitcoin address types, specifically comparing P2SH (Pay to Script Hash) and P2WSH (Pay to Witness Script Hash). P2SH encounters potential collision risks when utilized by multiple users due to the combined use of SHA-256 and RIPEMD-160 hashing algorithms. In contrast, P2WSH employs only the SHA-256 algorithm, omitting the RIPEMD-160 hash step, which is comprehensively justified in Bitcoin Improvement Proposal 141 as a measure to enhance security against collision attacks. This information can be further explored in the BIP documentation found on GitHub.

Moreover, the increased size in P2WSH addresses contributes to heightened security by making it computationally impractical to achieve collisions given the current chainwork in Bitcoin's network, which has dramatically increased since its inception. By 2026, the chainwork expected to reach approximately 2^96, potentially elevating the risk of practical collision attacks on the older RIPEMD-160 based systems.

Despite these advancements, RIPEMD-160, used in 160-bit Bitcoin addresses, remains sufficiently secure for individual users under current conditions. However, should a collision occur and become public, it would likely incite fear, uncertainty, and doubt (FUD) within the community. Consequently, those affected might find it prudent to transfer their holdings to different address types that do not share the same vulnerability, thereby safeguarding against the possibility of undisclosed spending methods emerging for newly created 160-bit addresses.