An_OG 🔑⚡🇺🇸

@w_s_bitcoin @kusan_btc right, non dev node runners have no problem: Adjusting assumevalid parameters Disabling certain checks Or using command-line flags to bypass version-based expirations or supermajority requirements in ancient activation mechanisms

@An__OG @kusan_btc Pretty sure you can with a couple of configuration tweaks.

NACK. Forcing migration at the consensus layer is too heavy-handed, especially given the likely tradeoffs in cost, efficiency, and usability of PQ schemes. Bitcoin has historically relied on voluntary adoption, wallet defaults, and fee incentives rather than protocol-level coercion. That approach should be exhausted first. The quantum threat remains theoretical, and the economics of such an attack make it unlikely to target the vast majority of users, particularly smaller UTXOs that would fall below the cost threshold of exploitation. Introducing hard deadlines and invalidating legacy signatures risks unnecessary disruption and sets a precedent for protocol-enforced fund restrictions that Bitcoin has largely avoided.

@w_s_bitcoin @kusan_btc the promise ALSO was you could run the original node implementations forever

@An__OG @kusan_btc Apples to oranges. We're talking about forcing people to move their coins right now. And plenty of older clients are still running on the network right now because users didn't feel the need to upgrade.

@nicksortor correction: the Democrats trusted him. or just propped him up cuz he had TDS.

🚨 JUST IN: Eric Swalwell’s close friend Sen. Ruben Gallego is throwing Swalwell UNDER THE BUS ZERO chance Gallego didn’t know. He should be investigated GALLEGO: “Eric Swalwell lied to ALL of us. He lies to the most powerful people in this country. And they trusted him. They trusted him with the most sensitive spots in our government. Whether it was a Judiciary Committee, Intel Committee, or impeaching Donald Trump. And that clouded my judgment, my friendship with him, our family's friendship together with him clouded my judgment, and I was wrong.”

@w_s_bitcoin @kusan_btc how many full node versions have we deprecated to date; too many to list

@kusan_btc I don't believe Bitcoin at a protocol level should ever force users to update or add friction to those who don't.

@coinbureau lol, Andy is a joke

🚨POLYMARKET OPENS BETTING ON SATOSHI’S IDENTITY, ADAM BACK LEADS A new market lets users wager on who the “Finding Satoshi” documentary will reveal as Bitcoin’s creator, with Adam Back currently leading at 53% odds.

Core dev conduition understands what i'm saying: "I personally don't see P2TRv2 as a suitable path towards this goal, because it still depends on ECDLP. At best, P2TRv2 PROMISES to be quantum-secure later, at the chaotic whim of the future Bitcoin community. Personally, I would rather keep my coins on P2WPKH than on P2TRv2. No: If we are going to have a PQ soft fork, it should be conclusive, self-contained, and require no follow up. Otherwise, we haven't actually fixed the core uncertainty we need to address." groups.google.com/g/bitcoindev/c…

roasbeef's point assumes the new output is fully secure post-move, but it isn't yet. A precautionary Taproot PQ script-path still leaves the keypath spend enabled—exposing an EC pubkey vulnerable to Shor's algorithm right away. Unspent P2PKH hides the pubkey behind SHA-256. Quantum preimage (Grover) demands far more resources than breaking elliptic curves, buying critical time. Hold legacy until PQ opcodes activate *and* the keypath-disable softfork is locked in. No exposure during uncertain timing.

@murchandamus @dallairedemers I agree with this

BIP 361: "Post Quantum Migration and Legacy Signature Sunset" has been published. You can read it here: github.com/bitcoin/bips/b…

@getrichordietri @CollinRugg You're an idiot

Everyone cheering the homeowner for beating a man with a shovel in front of his own kid? Y’all are wild. Jason Nichols broke in, sure, but the second the husband showed up swinging a weapon, it became attempted murder. Self-defense goes both ways. This isn’t bravery, it’s vigilante violence with a gardening tool. Free Jason Nichols, the real victim of overreaction. The praise for this guy is insane. Due process for Nichols

NEW: Police have released more info about the "Harry Dresden" break-in in Fairfield, CA, say both the homeowner & Nichols sustained head injuries. Police are praising the "actions of the homeowner" who raced home to confront 30-year-old Jason Nichols with a shovel. Authorities say that the homeowner's wife and child were inside when Nichols broke in. When Nichols was unable to break in through the front door, he broke in through a sliding glass door. "The homeowner's husband, who was away at the time, observed the suspect through a home security camera and immediately returned to the residence," said police. "As the suspect entered the home, the homeowner returned, armed himself with a shovel, and confronted Nichols." "A physical altercation ensued, during which both the homeowner and Nichols sustained head injuries." "We are grateful that the family is safe and commend our officers for their swift response in bringing this dangerous situation to a safe resolution." The woman and child were reportedly unharmed.

@isabelfoxenduke Then you don't know anything about building a bitcoin consensus.

Good news: it’s easier to make Bitcoin quantum-resistant than it is to build a quantum computer.

now it makes sense. i was able to get the watching wallet setup. but you're saying an updated Trezor will not allow access to private keys due to firmware incompatibility correct? thus the need to somehow get old Trezor firmware with v 1.316 and send bsv to wallet that can allows sweeping of privkeys to SVP?

@An__OG @wiseman_yeah Yes they did way back in the day. ElectrumSVP can be used the exact same way. You can also create a "watch only" wallet on a live device so you can view your transactions. But you would sign on the offline device, transfer it to the hot device for broadcast.

I'm finishing up a new feature for the new version of #ElectrumSVP that allows users to split up their UTXOs to numerous addresses in custom or random amounts. This can significantly help users to enhance their privacy. Would be better if fees were still 1sat instead of 100sat.

@cryptorebel_SV @wiseman_yeah iirc, didn't Armory have an offline version of its software that held private keys so you could sign on an offline laptop or something? is this the setup design you're talking about?

@An__OG @wiseman_yeah It can be achieved easily by having a device that you never connect to internet. You sign on that device and then transfer the transaction to a hot device to broadcast the tx. Multi-sig can also enhance this by setting up wallets on multiple devices. I will have tutorial soon.

@cryptorebel_SV @wiseman_yeah so there is really no cold storage version of SVP?

@wiseman_yeah Unfortunately hardware support will be deprecated in ElectrumSVP, there were just too many bugs and its unstable, and it always was a hack to get ledger/trezor to work because those companies hate BitcoinSV. I don't want to allow users to fall into the trap of an unstable system.

@cryptorebel_SV congrats bro! esp for all your hard work!

#ElectrumSVP beta phase is over and version 0.1.0 has now been officially released. This is the best #Bitcoin #BSV wallet that has ever existed. Read the release notes, download and enjoy new features and security here: electrumsv.io/articles/2026/… github.com/TruthMachine/E…

@Fundamentals21m Your discussion is incomplete without acknowledging that pruning can be done in Core easily; just by removing all blocks after download beyond a certain point in time.

12 Full deep-dive with the actual Bitcoin Core source code, annotated line by line: txbook.magicinternetmath.com/tools/pruning-… From "Every Byte Tells a Story" — a free interactive guide to Bitcoin transaction anatomy.

One big missing link in the BIP110 debate is the fact that witness data and OP_RETURN data are technically prunable and don't necessarily have to be part of the UTXO set. I haven't been satisfied with explanations of this from either side so I did a deep dive with my AI and finally got some satisfying answers which I'll detail in this thread. I still think forking is idiotic and damaging and every arguement I've heard for it is childish. However - to be fair to the debate - it's currently not possible to selectively prune unwanted with Bitcoin Core. Here's why — with the actual source code. 🧵

@MoonCoinRising @TheBTCTherapist @CsTominaga This is wrong too

@TheBTCTherapist I wish you were right. Unfortunately, everyone that matters knows it is Craig (@CsTominaga). Trust me - if Bitcoin could have had a creator that was other than the autistic, malevolent creator that Craig is - maybe we would all be better off. Alas - we appear to be stuck w/him.

Truth is we don’t care who Satoshi is and we don’t want to know, the less humanity knows the better.

@JohnCarreyrou Yes if you're a narcissist like adam back

If you’re not Satoshi and you know The New York Times is going to publish a big story identifying you as Satoshi, do you agree to participate in a photo shoot for that story?

@BTCTranslator @DesheShai @avihu28 @StarkWareLtd It's not meant to have PQ sigs at this point. It's a framework /container into which you can insert PQ tapleaves that will contain the PQ sigs the devs are currently developing.

@DesheShai @avihu28 @StarkWareLtd 360 doesn't have any pq sig. It's just taproot that doesn't reveal the pubkey. The main topics in bitcoin pq sigs are SHRINCS and SHRIMPS.

Finally had the time to carefully read the details of the QSB method by @avihu28 from @StarkWareLtd. The tl;dr: The three proposals on the table -- QSB, LFC, and BIP360 -- are not mutually exclusive, and none of them is rendered obsolete by the other two. I want to explain where they overlap and where they don't. My bottom line is that all three approaches can, and possibly should, be implemented together. Hopefully, I got everything right. [ If you don't know what LFC is, I don't blame you. It's a rather new proposal by @roasbeef, based on a protocol by @or_sattath and me called Lifted FawkesCoin. The Beef does not call it that way, but it doesn't seem that they named it at all, so I'll keep calling it LFC. Our paper: eprint.iacr.org/2023/362 Beef's proposal: x.com/roasbeef/statu… ] Since Avihu's proposal was posted a couple of days ago, I've seen a barrage of posts lauding it for "making Bitcoin post-quantum secure", some even arguing that it proves Bitcoin "launched post-quantum" (lol). While QSB definitely adds a new and important tool to the post-quantum toolbox, it is a far cry from how the superlative posts present it, which caused some people, myself included, to be concerned that the hype might overshadow other important post-quantum efforts. Ever since OP, I've seen Avihu and @EliBenSasson doing their best to dispel this misconception and put this work in the right scope. But after the horses have left the stable, this is often as futile as plugging a dike with your thumb while trying not to mix metaphors. One way I can help is to bring forward an important existing problem that QSB does not address and describe a specific effort to address it. I'm hopeful that this helps frame QSB correctly, and makes the discussion more constructive. The important problem I am talking about is dealing with laggards/procrastinators: people who did not prepare for q-day in any way (be it because they lost their keys, were convinced that quantum computers are "just a hype", took a very long nap, etc.). QSB does not help laggards (nor was it intended to), while LFC is primarily focused on helping laggards. On the other hand, the key drawback of QSB is that generating the required auxiliary data is very expensive. Estimated at $100s of dollars per txn. These costs cannot be reduced as they don't arise from a challenging and complicated computation, but from an important proof-of-work puzzle. Another small disadvantage is that QSB is based on Taprootesque hacks that some people in the community are scheming to patch away. In particular, BIP110 will completely decimate QSB. iiuc, if BIP110 is rolled out, it might cause all UTXOs generated by QSB to become indefinitely unspendable (unless it includes some designated failsafe), though I'm not too sure about that. Advantages of LFC over QSB: - Helps laggards. With LFC you can quantum-safely spend a huge subset of currently existing UTXOs, including any address generated by an HD wallet after 2014. Depending on the chosen mode of operation, LFC can even help recover wallets with lost secret-keys (this particular mode of operation is called permissive LFC and, unlike other modes, it requires a hard-fork and not just a soft-fork). - Applies to all the cases QSB applies to, but much cheaper to use, and does not require any pre-q-day preparations. - Transactions are cheaper and quicker to generate by magnitudes. Disadvantages of LFC over QSB: - requires a fork. Moreover, the fork is beyond a simple OP_CODE implementation and adds complexity to the protocol on both the user and miner sides. - Delegates some of the stuff Bitcoin/QSB secures cryptographically to economic incentives (though nothing that allows theft, more of a "one side can misbehave and cause both sides to lose" kind of situation, and even that in a limited sense, without any emergent prisoner's dilemma). - Has a bit of a complicated UX. Each spend is a two-phase process. - Confirmation time is quite high, ranging from hours to days, as the security relies on sufficient temporal separation between the two phases All in all, there are three important proposals for quantum-proofing: 1. BIP360 (h/t @cryptoquick): fork for adding support for pq-sigs. Cost of use: marginal. 2. LFC: fork for post-quantum spending from pre-quantum UTXOs without preparation. Cost of use: noticeable. You need to generate a zk proof that is a bit on the heavy side, nothing your computer can't handle, but might be an obstruction for hardware wallets, etc. 3. QSB: requires no fork but is highly expensive to use, $100s of computation per transaction. Does not help laggards. I think these three proposals complement each other nicely: QSB can be used to quantum-proof large sums as early as today, making sure they are safely spendable after q-day, even if no fork is deployed. BIP360 will provide pq-signatures, while LFC will provide a safe migration route for laggards. If pq-signatures are noticeably more expensive to use due to their increased size, LFC can also serve as a "slow but cheap" alternative, with transactions about the same size as they are now (in some cases, even a bit smaller!), but with slower confirmations.

I disagree. P2MR is sufficient on its own and it exists as an option, not a forced upgrade. It's not up to it to provide an easy exit path for LN. Core devs made a bad decision in exposing the public key in taproot outputs. It's up to LN users to self migrate their coins out of schnoor sigs to the QR option, namely P2MR. PQ sigs are larger and more costly no matter which scheme the network adopts.

This is the clearest breakdown of the Bitcoin PQ landscape I’ve seen from anyone involved. The complementary framing is right. QSB for proactive users, LFC for laggards, BIP360 for long-term PQ signing. Three proposals with different coverage areas and none is sufficient on its own. What stands out: even with all three deployed together, Bitcoin still requires at least one softfork (permissive LFC + BIP360), broad user coordination for QSB migration before Q-day, and none of the three address consensus-layer or Lightning channel exposure. On consensus: SHA-256 mining drops to ~128-bit security under Grover - likely acceptable. But if we’re migrating the transaction layer to PQ signatures, the question becomes whether the commitment structures (Merkle trees, block header hashing) need hardening in parallel or can remain classical. On Lightning: every open channel is secured by pre-signed Schnorr transactions. A CRQC breaks the channel counterparty’s key, enabling theft via old state broadcast. HTLCs inherit the same exposure through the revocation path. This likely needs a fourth proposal - a PQ channel upgrade protocol that lets existing channels migrate without force-closing the entire Lightning network. The remaining elephant in the room is coordination. Deploying these three and likely more overlapping PQ schemes on a network where Taproot took 4 years from proposal to activation - what’s a realistic combined timeline?

Thanks for this. One thing I don't get about LFC is that inevitably laggards means a CRQC has had time to steal certain addresses. What if someone has a bip32 wallet with half the number of addresses/balances stolen from and sent on for multiple hops for spending or cashing out or what not by the hacker. How does the zk work in that scenario?

@grok @roasbeef Oh BTW @grok, make sure you let @TheBlueMatt know your feelings on this too.

@An__OG @roasbeef Sounds good! Sticking with fresh unspent P2PKH outputs keeps your BTC protected by the hash until PQ upgrades and keypath disable are fully locked in. Smart play if Q-day timing stays uncertain. Let me know if you need more details on migration steps later.