Ninjastic
PostEdited versionsQuotes to this post
Post was edited
 4 days ago (view)
Post
Topic
Board Wallet software
Re: Should wallets warn if you re-use addresses due to quantum computers?
by
d5000
on 21/07/2025, 19:26:49 UTC
Quote from: pooya87 on Today at 04:39:53 AM
[...] the security of Bitcoin as a whole doesn't rely on how many addresses are vulnerable. It is based on whether any of them are. In other words if one address were vulnerable then the whole system would have been considered vulnerable.[...]This is why I've always said the move to a new algorithm should be done through a hard fork with a deadline and any coins that don't move before that deadline should be considered unspendable.
Thanks for your explanation. I can understand the logic now even if I don't really agree. For example, we have already some vulnerable addresses now such as these created with low entropy. That's a small percentage (hopefully) but they exist, but I wouldn't consider them a security threat.

My stance against Jameson Lopp's approach is based on simply trying to evaluate the "catastrophe potential" of the following threats:

- market disruptions and feelings of unsafety due to massive sales of quantum hacked vulnerable coins
- disruptions and inefficiencies due to the (much) higher data consumption of post-quantum signatures like FALCON-512
- the possibility that one of the "post quantum" schemes discussed today isn't as secure as thought (which was one of the main points in the early BIP360 discussion)

And I think Lopp underestimates the problems of the second and third threat. That's why I'm favouring an optional approach. A stricter "no reuse" policy in wallets including warnings would fit with this approach.

Quote from: Satofan44 on Today at 11:56:20 AM
Quote from: d5000 on July 20, 2025, 03:07:55 PM
I think it would be worthwhile to do a deeper analysis of this situation,
I had (last year or so) seen a better analysis, but unfortunately I lost the link and haven't found it. I agree that a more detailed view would be desirable to really assess the magnitude of the problem.

Quote from: Satofan44 on Today at 11:56:20 AM
Do you have an idea what an exchange could do instead of their current setups? I don't think not reusing cold storage wallets is feasible for them right now.
I'm no expert at that matter. From my knowledge it should be possible to create a setup where a cold wallet only receives coins (this doesn't add the vulnerability of course) and regularly, when coins are needed for the hot wallet, is "renewed" (i.e. all coins sent to another address, dividing the coins between "hot wallet" and "continue in cold wallet". But of course this could create higher fee costs than a single, re-used cold wallet where utxos could be directed individually to the hot wallet.

Multisig wallet looks like a good idea to improve security.

@Forsynth Jones: Thanks for the mention of Sparrow. It's a wallet I always wanted to test but never did (because at the end it didn't deliver the features I would consider important in comparison to Electrum). I may take the opportunity to do that finally Wink and check out their warning policy.