← Back to context

Comment by sunshine-o

3 hours ago

Yep, I was looking into it and from what I understand:

- There is a dark outlook on Bitcoin as the community and devs can't seem to coordinate. Especially on what to do with the "Satoshi coins"

- Ethereum has a hard but clear path (pretty much full rewrite) with a roadmap [0]

- The highly optimized "fast chains" (Solana & co) are in a lot of trouble too.

It would be funny if Bitcoin the asset end up migrating to Ethereum as another erc20 token

- [0] https://pq.ethereum.org/

3 comments

sunshine-o

Reply
PretzelPirate  2 hours ago

> pretty much full rewrite

This is far from my understanding. Changing out this signature scheme is hard work, but doesn't require a rewrite of the VM.

  • sunshine-o  1 hour ago

    Ethereum is way more complex than let's say Bitcoin and all parts are affected. This is not just the "signature scheme".

    The fact that the signature size is multiplied by ~10 will greatly affect things like blockspace (what I guess is even more a problem with Bitcoin !)

    Also they are the only blockchain I believe that put an emphasis on allowing large number of validators to run on very modest hardware (in the ballpark of a RPI, N100 or phone).

    My understanding is they will need to pack it with a larger upgrade to solve all those problems, the so called zkVM/leanVM roadmap.

    And then there are the L2 that are an integral part of the ecosystem.

    So this is the greatest upgrade ever made on Ethereum, pretty much full rewrite, larger than the transition to proof of stake. I remember before the Proof of Stake migration they were planning to redo the EVM too (with something WASM based at the time) but they had to abandon their plan. Now it seems there is no choice but to do it.

nullc  2 hours ago

Adding new signature schemes to bitcoin is relatively trivial and has been done previously (today Bitcoin supports both schnorr and ecdsa signatures).

Existing PQ standards have signatures with the wrong efficiency tradeoffs for usage in Bitcoin-- large signatures that are durable against a lot of use and supports fast signing, while for Bitcoin signature+key size is critical, keys should be close to single use, and signing time is irrelevant.

To the extent that I've seen any opposition related to this isn't only been in related to schemes that were to inefficient or related to proposals to confiscate the assets of people not adopting the proponent's scheme (which immediately raises concerns about backdoors and consent).

There is active development for PQ signature standards tailored to Bitcoin's needs, e.g. https://delvingbitcoin.org/t/shrimps-2-5-kb-post-quantum-sig... and I think progress looks pretty reasonable.

Claims that there is no development are as far as I can tell are just backscatter from a massive fraud scheme that is ongoing (actually, at least two distinct cons with an almost identical script). There are criminal fraudsters out seeking investments in a scheme to raise money to build a quantum computer and steal Bitcoins. One of them reportedly has raised funds approaching a substantial fraction of a billion dollars from victims. For every one sucker they convince to give them money, they probably create 99 others people panicked about it (since believing it'll work is a pre-req to handing over your money).