Um… the miners choose what forks to accept. Devs do not have the say. Miners do. Decentralization is intact, insofar as mining is decentralized.
npoc•6mo ago
The miners do not have the say. The validating nodes do.
If my node says it's not bitcoin, it's not bitcoin.
rvz•6mo ago
And no-one cares (about how significant this is).
K0balt•6mo ago
It depends. If miners handle this in a manner true to the ethos, it’s a nothing burger, just things working as intended. If they opt to burn legacy coins, then the chain will split and we will see what fork is deemed more valuable, and a bunch of new value will be sucked out of fiat in the process.
K0balt•6mo ago
As long as a ZK recovery path is provided, this stays true to the ethos. The ethos was never“if it breaks we won’t fix it”. Responsible handling of this issue does not have to distort the ledger.
OTOH, if they freeze vulnerable wallets and don’t provide a recovery path, then Bitcoin becomes just another, less useful ethereum where intervention in the ledger is to be expected.
cmrx64•6mo ago
how do you secure this zk recovery path? can’t prove that only the hash of the pubkey was ever revealed (and thus that the secret key couldn’t be computed from the pubkey — as it was not available)
K0balt•6mo ago
Idk, it’s also confusing to me. “I have been told” by someone who knows a lot more about cryptography than most people (including me) that it should be possible to, but I can’t see how because I suppose if you could spend the coins it means you must have the private key? But maybe it is actually possible to spend the coins without reverse engineering the actual private key, but rather only by faking the signature?
IDK.
RandomBacon•6mo ago
This would be interesting to see. Hopefully everyone who is sitting on their coins hears about this and moves them, then we'll really see how many coins are dead.
greyface-•6mo ago
PQ signatures are significantly larger than regular ECDSA signatures used today. This proposal builds on BIP-360, which suggests a witness discount increase to mitigate this (not precisely specified, but external discussions by the author have suggested 16-64x). A discount would mean larger blocks, while no discount would mean higher transaction fees and even lower on-chain throughput. Are we entering a new blocksize war? A 64MB block size, in exchange for defense against a vulnerability that at this moment remains hypothetical, seems unlikely to pass without some controversy.
paulpauper•6mo ago
K0balt•6mo ago
npoc•6mo ago
If my node says it's not bitcoin, it's not bitcoin.