Proposal: Per-Block Legacy Transition Budget as Quantum Mitigation (Soft Fork)

This worry stems from the possibility that quantum computers could efficiently crack these cryptographic methods, thereby endangering the integrity of legacy Unspent Transaction Outputs (UTXOs) that utilize these signatures. These UTXOs are particularly vulnerable due to their public keys being exposed or addresses being reused. In response to this threat, there has been a proposal for a strategy aimed at mitigating the risks associated with a possible quantum attack without resorting to the drastic measure of freezing legacy coins, which carries its own set of challenges including the risk of orphaning users who fail to migrate in time and potential political fallout from perceived censorship or loss of assets.

The proposed strategy introduces a concept termed the "Transition Budget," which essentially imposes a per-block limit on the amount of value that can transition out of the legacy cryptographic framework. This is quantified by measuring the net movement from legacy inputs (validated by ECDSA/Schnorr) towards post-quantum (PQ) outputs or other designated exits like OP_RETURN/burn addresses or transaction fees. To ensure compliance with this budget, each transaction involving legacy inputs would be required to include at least one output that is compatible with PQ cryptography, even if it's just a nominal amount of 1 satoshi. The inclusion of transaction fees within the budgetary limits effectively closes any loopholes that miners might exploit to circumvent the intended restrictions.

This approach is framed as a soft fork, introducing stricter rules without invalidating previous transactions, likening it to existing limitations on signature operations and block weight but applied to the migration from legacy to PQ cryptography. It aims to facilitate a gradual transition, ensuring that all legacy transactions contribute in some manner to the advancement towards quantum-resistant cryptographic practices. The proposal also raises several open questions for further discussion, such as the specific parameters for the transition budget, whether there should be a minimum transaction transition threshold, the selection of appropriate PQ cryptographic schemes for standardization, and strategies for coordinating the deployment of these new measures alongside other PQ-related Bitcoin Improvement Proposals (BIPs).

The overarching goal of this initiative is to explore the viability of a rate-limited migration pathway as a compromise between the extremes of completely freezing legacy assets and adopting a passive stance until quantum capabilities necessitate urgent action. The solicitation of feedback on the feasibility, potential risks, and compatibility of this proposal with the philosophical underpinnings of Bitcoin consensus seeks to foster a collaborative effort towards enhancing the protocol's resilience in the face of emerging quantum threats.