Ah, my recollection was that only a fixed (large) set of parties could challenge the withdraw with the fraud proof, so it was also a security assumption, but maybe that was BitVM v1? The nice thing about the BitVM machinery even in that model is you get 1-of-N liveness *and* 1-of-N security which isn’t possible with a multisig.

My understanding is that you were still limited to a 1-of-N for the fraud proofs anyway.

IIRC the version of BitVM they shipped already had a 1-of-N assumption with relatively small N so it’s not a change in trust model. Even latest BitVM has that but N can be bigger.

IOW, personally, I came to the conclusion ECC should be disabled (in conjunction with a commit-reveal scheme to allow pre-BIP-32 wallets to retain ownership without revealing they still have the keys) precisely because it is *less property-rights-violating than the alternative*.

Yes, it’s “us” violating some property rights instead of “them” violating all property rights, but I think the distinction is really weird? Like, it feels like shoving our heads in the sand to pretend reality doesn’t exist (once a CRQC is undeniable) instead of facing a tough decision.

People are going to say what they say. They might also reasonably say that cause Mark Karpeles was proposing a fork to reclaim the mtgox funds. But as much as you try to argue these are similar situations, they’re just really not?

Fundamentally, in a world where a CRQC exists and more will later, your fundamentally cannot have a concept of property rights for coins secured by ECC. “If you have the key” is nonsense when everyone has the key!

More generally, I posted this yesterday:

I think its actually an interesting question as to whether allowing a BIP 32+seedphrase-based recovery scheme that also necessarily freezes some coins as a result is more or less property-rights violating than doing nothing.

My view of Bitcoin's property rights has always been that someone who bought bitcoin, took self custody and wrote down the seedphrase 10 years ago then promptly forgot about bitcoin and went and lived their life should be able to retain access to their coins no matter what.

For that user specifically, a recovery path actually *retains* more property rights than it loses. But for patoshi its a different question. Obviously you can do a commit-before-Q-day-reveal-later scheme for patoshi to retain ownership without revealing whether they still have the private keys, but they do have to do something.

Its tricky but ultimately I don't think the "freezing coins is violating property rights so its bad" view is fully thought out - freezing some coins actually allows owners of other coins to retain the coins! Its far from black-and-white.

Oh of course, it definitely requires second-order analysis, but concluding that *obviously* means the market will prefer a no-burn fork I think is equally reductionist. Obviously seizing 1% of coins in a cartel isn’t the same as preventing a quantum computer from stealing N% of coins and enabling recovery paths for the coins where that’s possible. I see why you think it’s still over some philosophical line but you can’t say that it’s equivalent to some other scenario that we’ve ever faced.

There does seem to still be a lot of people talking past each other. There’s a big difference between “this is bad and I don’t support it” and “I don’t think the market will support this”. I’ve seen a lot of arguments to the first but relatively few of the second. Ultimately, the view of quite a few people I’ve spoken to (and myself) is “this is bad but it’s not clear that it’s worse than the alternatives and the market will very likely support this”. Of course “this” is not some premature seizure but rather only freezing coins when it’s very obvious to all involved that anything else will result in theft.

To be fair, there would likely be a futures market into which people could sell pre-fork.

Yes and I can also get a rotating line of credit.