[CyberDildonics]

My main point though was that these keys will probably be found in the future.

That's not at all what you said at first. You didn't say the keys would probably be found, you said with quantum computing someone will break the encryption, which is based on nothing. Here it is verbatim:

Eventually with quantum computing or other advancements, someone will break the encryption and potentially swipe the part of Satoshi's coin.

You are basing this on modern tech. Making the same mistakes of people of the past.

You aren't getting this. This isn't a "what if computers are faster in the future" scenario. You aren't going to brute force a search space of this size with all the energy from all the stars in the universe.

You are making the same mistakes of time, you don't know what is to come and the past has shown previous algorithms actually last LESS time than they expected. It does play into it.

No, I actually understand the search space of large key lengths instead of hallucinating a fantasy future. Even when DES was created people debated it being too weak.

You can go back a generation and read articles about cars so big they have their own wood shop, future cities full of flying cars and robot servants. That stuff was all more practical than what you are talking about.

This would not be a conversation if you understood what you are saying.

Let's simplify this because you are lost in the weeds and resorting to ad hominems.

Pointing out that you have huge misunderstandings is not 'ad hominem'.

Do you think it is a good idea that a currency has keys out there, that can be found either directly or with time, that have heavy concentration?

Is concentrated unknown wealth of a currency, the root of all financial systems and power, a good idea?

This has nothing to do with what I'm trying to tell you.

You originally said that "quantum computers will be able to break satoshi's keys" and I'm trying to explain to you why that is naive and uninformed.

[Veserv]

If you assume powerful quantum computers then Bitcoin is dead, that is a straightforward result.

The digital signatures that prevent others from spending your bitcoins are based on elliptic curve cryptography (ECC). The security of elliptic curve cryptography is based on the hardness of the discrete logarithm problem (DLP). A sufficiently powerful quantum computer can use a variant of Shor’s algorithm to solve the DLP in runtime polynomial in the key size (my research indicates O(n^3) in key size more or less), giving you the private key behind a bitcoin wallet in a very tractable amount of time.

Though everything else they are saying about backdoors or design issues are wild speculation, a powerful quantum computer absolutely would allow you to spend anybody’s, including Satoshi Nakamoto’s, bitcoins.

[greyface-]

Single-use P2PKH addresses are quantum safe, since the public key is not revealed publicly until spending, just its hash. QC breaks ECDSA but not SHA256.

[tromp]

Even those are at risk if the key can be cracked in a matter of minutes, since it takes 10 mins on average from publishing your spending transaction to it getting mined, and the attacker can doublespend it with a much larger fee.

[greyface-]

This is true. Leaving coins at rest is safe, but moving them before the threat is understood might be risky. Widespread opt-in RBF enforcement could mitigate the risk to some degree, if miners cooperate and shun full RBF after a quantum attack. In the worst case, one might need to submit their "exit" transactions directly to a non-evil miner in order to avoid revealing the pubkey before confirmation. Ideally, this will all be figured out ahead of time, and most non-"lost" coins will be moved over to post-quantum UTXOs before the risk is serious.

[Veserv]

Having just read up on it, sure. But that is a very restricted use case as you could only use your wallet for a single send transaction and that has already happened for the specific case of Satoshi's wallet.

I believe you could scaffold up a system even with a 1-send limit that transparently functions the same as what currently exists since you can issue transactions to multiple parties within a single send, but that largely kills Bitcoin as normally used. All but the most sophisticated users would be required to hand over control of their wallet to actually manage the massive proliferation of addresses needed to act as if you have more than a 1-send limit. But sure, you are technically correct that there exists a very narrow use case which you can probably hijack aggressively enough to salvage the system if you tried hard enough.

[greyface-]

You're right that Satoshi's coins are at risk (but because they're using the older P2PK, not due to key reuse), and I agree that this would lead to some amount of chaos and transformative disruption.

> users would be required to hand over control of their wallet to actually manage the massive proliferation of addresses needed

BIP32 solved this in 2012, and is used by basically all self-custodial wallets these days. https://github.com/bitcoin/bips/blob/master/bip-0032.mediawi...

[Veserv]

Ah, I did not previously know that there were a plural number of Satoshi wallets. I previously read that Hal Finney was the first recipient of a Bitcoin and which came from Satoshi Nakamoto and assumed that there was just a single Satoshi wallet which would mean there is key reuse.

[drawkbox]

> You originally said that "quantum computers will be able to break satoshi's keys"

I said "Eventually with quantum computing or other advancements, someone will break the encryption and potentially swipe the part of Satoshi's coin."

As one part of my message. Now read the second, longer part.

Summary: "Whoever has control of the early issued coins, holds a leverage that is dangerous and has extortion properties." Not just for Bitcoin either.

What I was getting as we the concentration part and because of the amount, the desire to find Satoshi's (and other early crypto) keys will be immense whether that comes from technology or physically located.

Those keys are locked in earlier encryption algorithms and will be easier over time, maybe a long time, but still.

The longer the time actually the more concentration it may have depending on many factors but still.

The other concentration problems have also been seen in other areas like hosted wallets and shared mining sites/services. Situations for control of large amounts would be some hosted wallet sites being compromised and collecting keys or even using exploits/holes without the keys then issuing a broad push of many accounts at once, or even slowly.

Concentration in wealth, currently and banking is always a problem. In newer financial markets with less regulation there are always more gaps from many facets to technology to processes and tools.

[CyberDildonics]

I said "Eventually with quantum computing or other advancements, someone will break the encryption and potentially swipe the part of Satoshi's coin."

Then what are those "other advancements"?

[drawkbox]

Exactly... we don't know yet.

[CyberDildonics]

Most of the time when someone says 'we don't know' they really are talking about themselves.

People do know. There has been 100 years of cryptography and there are billions at stake. Hand waving and saying 'anything can happen in the future' with no plan, no details, no facts and no evidence is basically tech astrology.

Here's a challenge - find a cryptography expert that agrees with you.

[drawkbox]

> find a cryptography expert that agrees with you

Do you think they'd be biased to answer in a certain way?

Additionally every cryptography expert know the system is only as good as the keys not being found, and that can come from other means not just breaking the algorithm or brute force... it can be how the key was created and what tool was used.

With time all encryption will be broken, we may be gone by then but maybe something comes along that changes the game. History is filled with leaps that were not expected. The early keys will get weaker and weaker over time, that is fact.

In any case, you are focusing on the wrong thing. I was talking about this concerned about the contentration in currency as the problem, not necessarily the encryption/key.

[CyberDildonics]

Do you think they'd be biased to answer in a certain way?

What are you even talking about? You are already accusing a theoretical cryptography expert of being "biased" against you? Do you think that might mean what you're saying isn't rooted in reality?

Additionally every cryptography expert know the system is only as good as the keys not being found,

That isn't what is being talked about here, isn't what I replied to and isn't what your claims were. Now you keep trying to shift the goal posts to something else instead of confronting that what you said before was absurd.

With time all encryption will be broken,

Prove it. Actual experts do not say this. Why do you keep repeating this with zero evidence? Repeating your claims over and over doesn't make them any less ridiculous.

In any case, you are focusing on the wrong thing

No, I'm responding to things you said and you keep trying to distract from them instead of admitting there is no evidence for what you said.

More than anything, I'm fascinated when someone makes an outrageous claim, someone gives them evidence that it is completely false, they give zero evidence that backs it up, yet they dig in, repeat their claim, distract from it and try everything to not just admit they don't actually know what they're saying.