The chain of thought is quite straightforward. Functionally nobody wants an intermediary-free channel because there are adversarial entities on the other end.

Do you think that logic holds true for web search as well? Because this is happening there in a much stronger way too.

Panicking is fairly important for ergonomics and safety. If panicking wasn’t available and execution had to proceed in all situations, recovering from a situation like memory corruption where invariants have been violated would require a lot of error handling anywhere an invariant is checked. This is exactly the sort of large amounts of error handling for situations that will almost certainly never arise than you are concerned about.

This was more or less true until everyone and their dog started running agents in a 24/7 busyloop as a bit.

You’re not doing that on a $20/mo plan.

The signature scheme used by bitcoin is far from the best encryption we have today, and more resistant to being updated than most more important things. So it’s an interesting novelty.

If you don’t also drop wallets with compromised signatures at some point after introducing secure signatures (effectively editing the ledger) they will be up for grabs.

Absent a functional ledger rewrite I expect there would be some window where miners with access to CRQCs switch their focus over to exclusively mining blocks of transactions transferring coins from insecure wallets to secure wallets under their own control. Is there actually interest in living in the world where the first person with both a CRQC and a mining farm gets to claim all of the stranded bitcoins for themselves?

Doesn’t this effectively still destroy all legacy wallets? Once the throttling limit goes into effect, it will be impossible for holders of legacy wallets to transfer their bitcoin without paying ~1 bitcoin per bitcoin they want to move. Doesn’t this amount to the same thing as abolishing all legacy wallets plus increasing the mining reward with extra steps?

Not necessarily, we could reach a point where theoretically it is possible to crack elliptic curve but still prohibitively expensive except for nation states. At that point or near that point, miners would likely agree to engage the throttle.

Presumably the vast majority who had their key would move the coins before the throttling takes effect so in the event of a 'slow takeoff' quantum scenario where quantum computing is expensive or nation states don't want to divulge the capability there could be no demand for the 1btc slot. If a lucky individual forgot about their coins (likely an early 50btc block), it only takes them ~8hrs to transfer at the normal txn fee.

Only those with access to legacy coins can compete for that slot.

The main advantage is it delays the transfer to the mining reward to the last possible moment, IE the trigger for the transfer to the mining reward likely only happens if there is sufficient contention for that 1btc slot because legacy wallets are getting cracked.

In the absolute disaster scenario where the ecosystem is taken by surprise by an adversary with a CRQC, regulated custodians could form a consortium to reconstitute a new quantum-resistant version of bitcoin, pooling their ownership ledgers from before the disaster to reinitialize the blockchain and consigning to oblivion all coins not held in custody.

Which would ofc be hilarious given BTC’s raison d’être.

Does anyone happen to know if it is settled law in the United States that transferring bitcoins using a cracked key is a criminal act? It’s not immediately obvious to me that it would be covered by the CFAA.

I would be surprised if the U.S. legal system requires itself to list every possible mechanism by which someone might steal money.

"Darn it, he's right, there's nothing in the rules here saying a dog can't play basketball or fetch money out of a bank vault..."

Bitcoins aren't money.

18 U.S.C. § 2311 defines "money" in the context of stolen property as:

> the legal tender of the United States or of any foreign country, or any counterfeit thereof

Bitcoin has, at times, met this standard by being the legal tender of a foreign country.

Wait, does that mean that counterfeit money is legally money in the US?

For the purpose of charging someone with a crime under 18 U.S.C. Chapter 113, yes.

They're property which is also illegal to steal.

Good luck convincing the government that you aren’t guilty of money laundering because you used bitcoins.

It’d be money laundering because money went in on one end, and money came out at the other end. Bitcoin would’ve been the vehicle yes. Still not money though.

Something doesn’t have to be money to be involved in money laundering, obviously.

Your legal analysis is very much incorrect. The U.S. will prosecute you for money laundering if you e.g. provide an illegal service, receive payment for that illegal service in bitcoins, then use a bitcoin mixing service, and then finally exchange your post-mixed bitcoins for goods. This is money laundering, despite there being no other money (like dollars) involved any step along the way.

In fact, the U.S. has prosecuted and convicted people for money laundering simply for operating the bitcoin mixing service, which is clearly just bitcoins in and bitcoins out.

It's easy to argue that anyone can operate any wallet without restrictions but just pulling the right key to it.

Every participant knows and accepts it the moment they pull a random key and start operating the corresponding wallet.

What risk are you envisioning in #1?

Sorry I wasn't clear there. Because most of the short-depth is controlled by centralized exchanges, there's a risk you won't be able to actualize your short (withdraw, either in crypto or to a bank account), even if it's successful -- they could just block you from withdrawing and/or report you for fraud.

Prosecutors don't have to "prove" things, they have to convince a jury. If your defense seems implausible a jury probably won't buy it.