Changes to BIP-360 - Pay to Quantum Resistant Hash (P2QRH)

The discussion centers around a proposal related to enhancing the security of Bitcoin transactions against potential long-range attacks, specifically those that might be enabled by quantum computing advancements. The critique raised questions the effectiveness of the proposal under consideration, particularly questioning the utility of enabling users to transition their Bitcoin holdings to outputs not susceptible to such attacks. This skepticism is rooted in the reality that a vast number of Bitcoins already reside in outputs with exposed public keys, vulnerable to these hypothetical future threats. The argument posits that without disabling Discrete Logarithm (DL) based opcodes, which facilitate spending from these vulnerable outputs, the proposed changes do little to mitigate the overarching threat of quantum-enabled attacks. The concern is that even if individuals secure their assets in quantum-safe outputs, the broader ecosystem remains at risk due to the significant portion of assets likely to remain in insecure states.

Furthermore, the critique acknowledges the theoretical benefit of introducing a new output type that inherently disables existing checksig opcodes within scripts. Such a move could pave the way for enforcing a protocol rule that mandates transactions only to quantum-safe outputs, thereby fostering a migration towards more secure transaction methods. However, this potential advantage is undercut by the current proposal's failure to prohibit DL spending outright, rendering the envisioned quantum protection unattainable under its guidelines.

In essence, the critique underscores a fundamental misalignment between the proposal’s objectives and its mechanisms for achieving quantum resilience in the Bitcoin network. It suggests a more radical approach might be necessary—such as a consensus change to disable DL spending—to genuinely safeguard the network against the speculated quantum computing threat. The communication also hints at a lack of support for complicating protocols without offering tangible security enhancements, indicating a preference for strategies that do not merely shift costs without clear benefits. The discussion refrains from taking a definitive stance on the immediate necessity of such quantum protective measures, acknowledging instead a conditional perspective based on future technological developments and their implications for Bitcoin's security landscape.