Reddit Posts
Silent Payments (BIP352): a way to share a static Bitcoin address without destroying your privacy
Inbound node connections, BIP322 - Bitcoin Optech Newsletter #406 Recap Podcast
Import Seed phrase from Blockstream (green) phone app into Sparrow FAILS?
500bn in BTC vulnerable for quantum attack
BIP322, TCP hole punching, ecosystem software - Bitcoin Optech Newsletter #406
16 years ago, Bitcoin had its worst day. Five hours later, it was fixed.
Bitcoin Core CVE, AssumeUTXO - Bitcoin Optech Newsletter #405 Recap Podcast
Satoshi's Coins: Freezing or Seizing? How do we respond to Quantum Supremacy in the coming years.
CVE-2024-52911, UTXO set P2P sharing - Bitcoin Optech Newsletter #405
Your seed phrase is more likely to wipe your stack than any regulated CEX in 2026
A real story of one laptop, some curiosity, and a deep dive into how Bitcoin private keys are born
Compact blocks, changing consensus - Bitcoin Optech Newsletter #403
Successful recovery from invalid MetaMask seed phrase in Czech language
Consensus spec work, Onion message attack - Bitcoin Optech Newsletter #402
BIP361 - Bitcoin quantum migration plan that would freeze legacy coins
YSK: The proposal to freeze Satoshi's coins and invalidate old transaction signatures is actually a SOFT FORK. Soft Forks can still cause reorgs and chain splits, and they can cause new clients to be incompatible with old clients.
Bitcoin Quantum Migration Plan That Would Freeze Legacy Coins - BIP 361 Discussion
Charles Hoskinson on Bitcoin, Quantum Threats, and the Need for Upgrades
Bitcoin Devs Propose BIP-361 to Protect Against Quantum Computing
BIP 361: Welcome to ShitcoinLand, Bitcoin
Hunter Beast on QRL show about BIP360 & how to tackle quantum threat for BTC
Fallback Solution for BTC in case of Q-day
Slow block validation on Signet: BIP-54 demo stream (2nd & 3rd run)
Live stream of slow blocks demo (BIP 54 / Consensus Cleanup) - YouTube
Demonstration Of "Attack Blocks" On Bitcoin's Signet Test Network
You set up a hardware wallet and wrote down your seed phrase. Here’s what most guides don’t tell you.
BIP360 was merged in February but 7M BTC in legacy addresses are still quantum-vulnerable. Here's the full breakdown.
Update: I made a second book cipher book — this time for adults. Here's what changed based on your feedback.
Slow blocks and a reorg on Signet on Wednesday (BIP 54 / Consensus Cleanup)
bip54.org - Informational site for BIP54's “Consensus Cleanup” softfork proposal
Payjoin, Changing Consensus - Bitcoin Optech Newsletter #399
Google Quantum Threat Accelerates Bitcoin BIP-360 Fix
Quantum resistant migration (BIP 361)- Read the proposed migration strategy here.
I built a CLI tool for Bitcoin cold wallets & offline transaction signing — fully open source, no network access
Bitcoin could be broken by quantum computing google researchers conclude
How Bitcoin's Path to Quantum-Resistance Could Look
Bitrequest.io an open-source app to accept crypto payments anywhere, no middleman, no KYC
Quantum Resistant Bitcoin? BTQ Deploys First Working BIP 360 Implementation on Bitcoin Quantum Testnet
VTXOs, Quantum, TemplateHash - Bitcoin Optech Newsletter #395 Recap Podcast
Trying to recover a July 2012 Bitcoin wallet need advice
BIP-0360 and what it says about Taproot improvements
Changing consensus, VTXOs, nVersion nonce space - Bitcoin Optech Newsletter #395
¿Es viable construir una cold wallet casera usando software open-source en vez de comprar un Trezor o Ledger?
I designed a small titanium seed backup plate for my cold storage setup
Descriptor annotations, ASMap, Q&A - Bitcoin Optech Newsletter #394 Recap Podcast
The BCH Bullet - Layla NFT - BIP-37 research - Kallisti & 00TATTS joined KennBosakLIVE
Developer embeds image on Bitcoin as a single transaction, challenging BIP-110's core claims
Descriptor annotations, ASMap, Q&A - Bitcoin Optech Newsletter #394
I built a Bitcoin wallet backed by a YubiHSM 2 hardware security module
I wrote a children's book containing all 2,048 BIP39 seed words – here's why
[Technical Question] Why do Hot Wallets (Phoenix, AQUA) warn against importing external BIP39 seeds, even if they are "clean" BIP85 child seeds?
Alternative ways to store your seed
UltrafastSecp256k1 — open-source C++20 library: 4.88M ECDSA signs/sec on a single GPU, zero dependencies, 12+ platforms (CUDA/Metal/OpenCL/WASM/ESP32/STM32)
Could Miners Block Bitcoin’s Quantum Defense?
Bitcoin Developers Bring BIP 360 Soft Fork For Quantum Proofing - Das Crypto
Could Miners Block Bitcoin’s Quantum Defense?
Solution worse than problem? Adam Back opposes BIP-110 Ordinals fix
Title: Open-source C++ secp256k1 library with full Bitcoin stack: Taproot, Silent Payments, MuSig2, FROST, BIP-32/44, and GPU acceleration
I researched the relationship between energy prices and mining costs. I wondered what you guys think about the viability of crypto when miners transition to AI services for bigtech as mining becomes too expensive.
The Post-Quantum Dawn: Bitcoin, BIP-360, and the War of Signatures. From the P2MR shield to the SPHINCS+ revolution: An in-depth look at how the network is arming itself against the inevitable quantum threat.
What new & improved BIPs should become reality?
BIP-360 (the quantum computer resistant algorithm) proposal was merged
Jonas Nick, Antoine Poinsot & more - Bitcoin Optech Newsletter #391 Recap Podcast
The Battle for Bitcoin's Soul: BIP-110 and the Bitcoin Knots Offensive. Is Bitcoin a neutral protocol or a strictly monetary tool? ⚔️
Consider to migrate from Bitcoin to Monero after Epstein files
For those who are sensitive to the Bitcoin to Epstein link, crushing the Bitcoin reputation: consider to migrate to Monero
For those who are sensitive to the Bitcoin to Epstein link, crushing the Bitcoin reputation: consider to migrate to Monero
Changing consensus and more - Bitcoin Optech Newsletter #391
Talk with Hunter Beast (Author of BIP360) on quantum threat
Bitrequest is now fully bip39 compatible. Accept 10 different cryptocurrencies within one minute.
Can cold wallet created with Electrum be moved to another application?
[Technical Alert] BIP39 Entropy-Drain Vector & 2026-02-01 Incident Report (Translated)
[Technical Alert] BIP39 Entropy-Drain Vector & 2026-02-01 Incident Report (Translated)
Is there an algorithm that allows to shorten private key at the expense of confirmation time?
Wallstreet Analyst - Bitcoins quantum threat is „real but distant“
Garbled circuits, LN-Symmetry, Q&A - Bitcoin Optech Newsletter #390
Seed Phrase Validation and Conversion Tool for Tyneseed and Stackbit (offline)
Mutation testing, BIP3 - Bitcoin Optech Newsletter #388 Recap Podcast
Mutants, Bip process - Bitcoin Optech Newsletter #388
Open Source tool to recover a missing seed word (BIP-39) locally
What the heck is this: "BTQ Technologies Launches Bitcoin Quantum Testnet, first quantum safe fork"
Silent payments, Ark - Bitcoin Optech Newsletter #387 Recap Podcast
University Kent - calculate downtime of Bitcoin network in case of quantum upgrade
Mentions
Short answer: yes, but with one caveat worth knowing. **Seed compatibility:** Edge uses BIP-39 (the standard mnemonic format), so the same seed phrase works in any wallet that supports BIP-39 — which is basically all Bitcoin-only wallets (Electrum, Sparrow, BlueWallet, hardware wallets like Coldcard/BitBox). **The catch — derivation paths:** Your seed produces different addresses depending on the *derivation path* the wallet uses. Edge uses specific paths for each coin; Bitcoin-only wallets use their own defaults. Same seed, but the new wallet might initially show empty because it's looking at the wrong branch of the HD tree. If that happens, set the derivation path explicitly on import. Standard Bitcoin paths: BIP-84 (`bc1q...`), BIP-49 (`3...`), or BIP-44 (`1...`). **Cleaner alternative most experienced users prefer:** 1. Generate a fresh seed in your new Bitcoin-only wallet (back it up securely) 2. Send your Bitcoin from Edge to an address in the new wallet (real on-chain transaction) 3. Verify the funds arrive 4. Wipe Edge Benefits: clean cutover, no derivation path confusion, new seed dedicated entirely to Bitcoin-only setup. **Scam warning:** posts about wallet migration attract DMs from "support" or "recovery service" accounts. Anyone asking for your seed phrase to help is stealing your coins. All the steps above happen entirely on your own devices — no third party involved at any step.
I mined in early days with GPU and the little USB key ASICs. Got out for a long time. I'm getting back into mining again over the last month or two more out of principle than profit; Supporting BIP-110 and mining on Ocean to help decentralization.
Great write up and awesome concept. Anything that can increase privacy and reduce risks of address reuse is OK in my book! I’m curious if this BIP is also quantum resistant as that is a major implication of address reuse? Also was reading this new resource recently and they also have a good breakdown in their glossary: https://www.learnbitcoin.com/glossary/silent-payments
I found the answer myself: The recipient can arrive at the shared\_secret by calculating: `ECDH(recipient_private_key, sender_pubkey)` but he has to scan the input public keys for each transaction with at least one unspent taproot output since he doesn't know, who might send him bitcoin. See: [https://en.bitcoin.it/wiki/BIP\_0352](https://en.bitcoin.it/wiki/BIP_0352)
>They are dead wallets dude. Who decides which wallet is dead and which isnt? There's literally no way you can prove every wallet prior to BIP32 is dead. you dont know for sure. there is no objectifiable/quantifyiable line in the sand you can draw that you can guarantee/measure that the wallet is dead. >It's freeze or they get stolen. and next it will be "redistribute or they get stolen" or "freeze these wallets too or they get stolen" It isn't JUST satosh'is wallets its all the ones that used P2PK (IIRC) I actually still have my crazy old laptop which has old original wallet on it, (its empty because I chose to upgrade) There are going to be users who who will be punished by this. Choosing to punish anyone who essentially was using/had/into bitcoin prior to BIP-32 as a "solution" sets a very dangerous precedent. I'm well aware of the dangers of quantum cracking ECDSA. The Bitcoiners are currently stuck in a damned if you do, damned if you dont situation. Which I find hilarious since people have been telling them about this for years at this point and they didnt want to listen.
That's almost certainly a derivation path mismatch, not a missing seed. The seed is correct, but Electrum is deriving addresses on its default paths (BIP-44/49/84), while Multibit HD used a non-standard path. Same seed, different branches of the HD tree. **To find the right path — OFFLINE only:** **Option A:** [**iancoleman.io/bip39**](http://iancoleman.io/bip39) **tool** 1. Download the HTML file from [github.com/iancoleman/bip39](http://github.com/iancoleman/bip39) (releases → standalone HTML) 2. Disconnect your computer from the internet entirely 3. Open the HTML file locally in your browser 4. Input your seed phrase 5. Try different derivation paths — Multibit HD historically used `m/0'/0/n` for receive addresses; also try BIP-44/49/84 variants 6. Check whether any of the generated addresses match your known wallet address **Option B: BTCRecover** (open-source Python tool) [`github.com/3rdIteration/btcrecover`](http://github.com/3rdIteration/btcrecover) — has specific support for Multibit HD wallet recovery. More setup, more rigorous. Once you find the matching path, you can either recreate the wallet in Electrum at that custom path, or export the private keys from iancoleman and sweep them into a new Electrum wallet. **Re-emphasizing the scam warning:** never type your seed phrase into any website, support form, or "wallet check" tool. The offline workflow above is the only safe pattern. Anyone DMing offering to help recover is stealing. If iancoleman shows your address but with zero balance — that's a different problem (wallet was emptied at some point, not a recovery issue). Reply with what you find.
Solid Bitcoin tech update BIP322 progress and better inbound node connections are huge for the network keep it coming
BIP360 has nothing to do with P2PK wallets or post-quantum signatures. It just closes a loophole that was introduced in Taproot that made some types of wallets more vulnerable than they needed to be.
BIP360 & BIP361 provide possible solutions - we need to come further on the discussion
Let's just say this, the most aggressive outlook for hacking btc: Aggressive/optimistic for attackers: 5–10 years (possible CRQCs by \~2030–2032, \~10%+ chance cited by some involved in Google paper). Google recommends PQC migration by 2029. How long if btc started now to become quantum resistant? Realistically 5–10 years (or longer) for a full, safe migration, even with strong consensus. Bitcoin’s decentralized governance makes this slower than centralized systems. [coindesk.com](http://coindesk.com) * Technical proposals: BIPs like BIP-360/361 outline phased migrations to post-quantum signatures (e.g., using lattice-based schemes like Dilithium). Phases could include soft forks, new address types, and eventual invalidation of legacy signatures. [bitcoinmagazine.com](http://bitcoinmagazine.com) * Estimated breakdown (per developers like Ethan Heilman/Murch): \~3 years for BIPs, review, testing, and activation + 0.5+ years for fork + several more years for ecosystem (wallets, exchanges, Lightning, custodians) to upgrade and for users to move funds. Total \~7 years optimistic. [forbes.com](http://forbes.com) * Challenges: Coordinating a soft/hard fork, migrating UTXOs (lower-bound estimates suggest \~76 days of cumulative network "effort" for full migration, but real-world coordination takes far longer), backward compatibility, and avoiding fund loss. Ethereum is further along in planning.
In addition to proprietary formats there is more than one standardized format SLIP-39 BIP039, etc. Even when the seed is compatible the two wallets might use different default derivation paths.
If only one word is missing and the order is right, recovery is realistic. The important part is not to turn a recoverable mistake into a leaked-seed mistake. Do not paste the 11 words into any website, DM, cloud note, screenshot, or random helper someone sends you. Ignore anyone offering to recover it privately. I would do this offline on a clean machine using a well-known recovery tool like BTCRecover, or manually try the BIP39 wordlist if you are confident the missing word is last. The checksum should narrow the valid candidates a lot compared with just guessing blindly. Once you recover access, move the funds to a new wallet with a fresh seed. Treat the old seed as compromised-by-stress even if you never shared it.
OP continues the fine tradition of BIP101 proposals lying by falsely saying that I removed his post (I'm not a moderator here, never have been, and he couldn't fail to know this). https://x.com/i/status/2058622782707990609 This thread doesn't even currently show as removed to me under old which makes me suspect it was an automod removal.
At the bottom of the BIP: # Credits Original draft and advice: Luke-Jr
At the bottom of the BIP: # Credits [](https://github.com/bitcoin/bips/blob/master/bip-0110.mediawiki#credits) Original draft and advice: Luke-Jr
Blockstream Green uses a different derivation path than most wallets - it's not just standard BIP39. Green uses their own wallet structure so when you import into Sparrow it's looking in the wrong places for your coins You'll need to manually set the derivation path in Sparrow to match what Green uses, or export from Green in a format that includes the path info. The seed phrase itself is fine but wallets don't all scan the same addresses by default
Dathan Ohm wrote the BIP, not Luke, though Luke is involved. But regardless, who cares who it is coming from? 50% of the transactions on the network are non financial transactions. Bitcoin will die if the shitcoiners have their way and put arbitrary data in blocks. Plus, I don't want to pay $50k to have enough SSDs in 10 years to run a node.
This should be the top level comment. If the 11 known words are the first 11 words of a twelve word BIP-39 mnemonic sentence AND the wallet did not use a passphrase, it should take an hour or two to find the seed without automation. With a tool like btcrecover it should take minutes.
That's a horrible choice of wallet, mate. Try Bluewallet or sparrow. Check your 11 words vs [the BIP39 list](https://github.com/bitcoin/bips/blob/master/bip-0039/english.txt). If you can find all of them, there's a really night chance the last word will be BIP39 too.
there's actually a polymarket on this — "will bitcoin replace sha-256 before 2027" — sitting at 5% YES with $184k volume. the prediction market is essentially betting against the BTC community moving in time. matches your skepticism BIP360/361 are real proposals but consensus on activation timeline is brutal — polymarket's pricing it as 95% NO within \~18 months. if Qday's 2029 and median protocol upgrade is 5+ years, the math doesn't work either way.
For me BIP-110 is more urgent.
You are incorrect. While you can generate many child private keys and many public keys and many bitcoin address, there is only one master private key at the root and it is synonymous with your seed phrase. The structure looks like this: Seed Phrase (and/or + optional BIP39 passphrase) ↓ Seed ↓ Master Private Key ↓ Account Keys ↓ Address Private Keys ↓ Bitcoin Addresses The master private key is obviously the one I was discussing since the numerous child keys are not relevant to the conversation. Additionally, if you want to take the step of backing up just the xprv (master private key + master chain code), it's possible to completely recover a wallet and have enough information to derive all child private keys, all addresses, and sign transactions....the only thing you can't do with just the xprv is derive the original seed phrase and/or BIP39 passphrase).
It depends on the wallet. Not all wallets support it, but most fully functional software wallets do and most popular hardware wallets do. The gist of it is you first create the original wallet from the 24 word seed. You always have access to this wallet because it exists by virtue of the 24 word seed phrase. The act of adding the 25th (technically a "BIP39 passphrase") takes your 25th password and hashes it against the original private key (from the 24-word seed) giving you a completely new private key and wallet. You can actually create as many new wallets as you want by just using new BIP39 passphrases against your existing private key (you just have to remember all the passphrases). A very common usage scenario is: first generate your 24-word seed, get that initial wallet, add some small token amount of value to it (like .0001 bitcoin which is currently worth about $7.69). Then apply your 25th passphrase to access your 'real' private key and wallet and store the majority of your holdings on that. You publicly monitor the .0001 bitcoin on the original wallet (that was generated from the original 24 word seed). If you see unauthorized activity on that wallet, you know you've been compromised and have time to move your primary funds to a new wallet. The beauty of it is: no one can even tell that a secondary wallet exists from a 25th passphrase. How the mechanics work is different depending on the wallet. If you are using electrum wallet, you just click the "options" button and choose "extend the seed with custom words" and start typing - either when creating a new wallet or when recovering an existing wallet. For the Ledger series of hardware wallets, you actually bind the hardware wallet to the original 24 word seed first, then with the device plugged in you have the option to overlay against the 25th, then type it in manually and for the duration of the session you are accessing the new wallet. Unplug it and plug it back in and it's back to being the wallet from the original 24. You just have to figure out how it works for the specific wallet you use.
> how if a proposal to freeze coins was implemented how do you know that you won’t get mass selling anyway because now anyone looking close enough realises that if it’s that easy to change the rules then why won’t the rules change again in the future, maybe they’ll eventually decide they want to change the supply cap or introduce stealth addresses. Yes, that's why I said it would kill the store of value narrative. > The whole point of Bitcoin is that no one can corrupt the network and proposals to freeze coins, stop spam and all the other crap they come out with is ridiculous and goes against the rules. The only plan for bitcoin to become quantum resistant involves freezing older addresses. 34% of the coins are in wallets that could be vulnerable to quantum attacks, so not an insignificant amount... but yea it kinda seems like a bad choice either way. I am not advocating for the freeze (BIP-361) btw (for all the reasons you stated above) but just want to make it clear that there is currently no alternative proposal to protect a huge portion of BTC from falling into the hands of a future quantum attack. There is no good path to choose.
Yeah the problem with memorizing the 24th is that a) it would be from the BIP39 word list (2048 total words), and b) you don't get to choose the word. If an attacker found the 23 and knew what it was, they only have to brute force through 2048 possibilities to crack it. With a 25th, it doesn't have to come from the word list, and an attacker wouldn't even know it was needed because the first 24 lead to a valid and verifiable wallet primary key even without the 25th password.
> Which is not the case at all https://news.bitcoin.com/bitcoin-developers-propose-freezing-coins-that-skip-quantum-safe-migration-under-bip-361/ > * BIP-361, co-authored by Casa CTO Jameson Lopp, proposes freezing Bitcoin in legacy addresses... > * Over 34% of all Bitcoin has an exposed public key onchain... Do you think Coinbase and Blackrock will choose a vulnerable fork or the quantum secure fork? Their choice determines which one ends up having value. So anyone who has been holding for a long time and doesn't move their coins when told to do so will lose access to their BTC... and you don't see that as a problem to the 'store of value' narrative?
Great questions, let me break these down: **12 vs 24 vs 20 word seed phrases** 12 and 24 word phrases follow the BIP39 standard (the most widely used). 12 words = 128 bits of entropy, 24 words = 256 bits. Both are cryptographically overkill for any realistic brute-force attack. 20-word phrases aren't part of BIP39 — they come from different standards (like Electrum's newer format). Neither is "better" in practice; compatibility with your wallet matters more than word count. **"What's more secure than a seed phrase?"** The seed phrase IS the security layer, the real question is how you *store* it. Hardware wallets (cold wallets) keep your *private keys* on an offline chip, so your seed phrase never touches the internet. A dedicated backup device like [Seedkeeper ](https://seedkeeper.io)stores your seed phrase encrypted inside an EAL6+ secure chip rather than on paper, harder to lose, photograph, or destroy. **On your sovereignty argument** You're right. The tradeoff is responsibility vs. trust. Exchanges can freeze, get hacked, or go under (see: FTX). Self-custody means *you* are the bank. The "lost forever" fear is valid but manageable with proper backups, losing a cold wallet just means restoring from your seed phrase onto a new device. Good intro read: [https://satochip.io/seedphrase/](https://satochip.io/seedphrase/)
Great questions, let me break this down. **Seed phrase vs. private key** Your steel seed backup is enough. The seed phrase *generates* all your private keys deterministically (BIP32/BIP44), so you never need to write down individual private keys separately. Just the 24 words, correctly backed up, is the standard approach. **The passphrase (25th word) problem** This is the real challenge. The passphrase is powerful but if your friend loses it, the funds are gone forever. Options: \- **Another steel plate** stored in a completely separate location (bank safe, trusted family member) \- **A hardware secrets manager** like Seedkeeper: stores the passphrase encrypted in a secure chip, PIN-protected. Even if someone finds the card, they can't extract the passphrase without the PIN. It's essentially a hardware password manager that works offline \- **A sealed envelope with a notary**: low-tech but works **For your friend specifically** Since he's bad at remembering passwords and doesn't use a password manager, I'd actually lean toward [Seedkeeper](https://satochip.io/product/seedkeeper) here. It stores sensitive info in hardware without requiring him to memorize anything - just keep the card safe and remember a PIN. The [Satochip Academy has a good explainer on passphrases](https://satochip.io/passphrase/) if he wants to go deeper. Bottom line: steel plate for the seed, separate secure location for the passphrase, and never store them together.
The 12 or 24 words option is under the BIP-39 standard. It uses a list containing 2048 words. Each word goes to increasing randomness. The 20 words option is under the SLIP-39 standard. It uses an 'improved' list containing 1024 words. Only 13 words goes to adding randomness. The others, in brief, allows the splitting of the seed functionality. The randomness of 13 words based on 1024 potential words is similar to the randomness of the 12 words based on 2048 potential words. The key point is, all 3 options are secure. The 20 words standard is a newer standard Trezor developed to allow the seed to be split. You can use this if you want to split the seed, or just use it normally is fine as well.
There are 128 possible 12th words and 8 possible 24th words for any 11/23 combination of BIP39 words. Edit: https://bitcointalk.org/index.php?topic=5414874.0
12/24 (BIP39) isn't "legacy". 20 words (SLIP39) is just a slightly different standard developed by the Trezor team which provides an easier migration to multisig. The nature of ECDSA means that 24 words are *effectively* no more secure than 12 words. Nobody is brute forcing a seed phrase. *Nobody*. Even if an attacker had *ridiculous* compute resources available, it wouldn't make sense. Targeting a private key *directly* would be much more cost effective (though equally unlikely), but that needs 2^128 operations, which is the same entropy provided by 12 words, e.g.: https://foundation.xyz/2024/09/make-12-words-the-standard/
Yeah, a lot of people assume the last word is fully determined, but checksum bits only constrain it. Pretty interesting rabbit hole once you start reading BIP39 details.
All the words, including the final word, are words. (duh) All the words, including the final word, are words from those standardized lists. The position on the respective list is a number. You can translate back and forth between this number and its word. Numbers can be represented in different ways. binary is useful for low level computer stuff. digital is a human choice because we have ten fingers… A word position on a list is favored because we find it easier to copy familiar words. So whether you count 1,2,3,4…. (In digits) Or 0001,0010,0011,0010… (In bits) Or abandon,ability,able,about… (In BIP39) Or academic, acid, acne, acquire… (In SLIP39) They are all just numbers, understood by the context. But the words are words.
Same here, I used to think the last word was just a checksum output. The fact that it still carries entropy makes the whole BIP39 setup a lot more interesting.
The last word is not merely the checksum. According to BIP39, random entropy is first generated; then, a checksum derived from the first ENT/32 bits of the SHA256 hash of this entropy is appended; and only thereafter is the entire sequence mapped into 11-bit groups to form words. Consequently, in a 12-word sequence, the last word contains 7 bits of entropy plus 4 bits of checksum; in a 24-word sequence, it contains 3 bits of entropy plus 8 bits of checksum.
As an information security professional of 20+ years, I disagree with this conversation. They didn't make very many good points in regards to the actual threat models between either multi-sig or passphrase and why one might be better or worse than the other. To sum it up, no, multisig does not "win every time." There are many instances where a passphrase would provide just as good of security as a multisig configuration without the cumbersome management complexity that comes with multisig that could yield in loss itself. For most people I would recommend passphrase over multisig and just because it would be beneficial to store a passphrase physically, just as you would with a seed phrase, doesn't change the security model much. It is akin to a 2-of-2 multisig configuration without needing to worry about descriptors or any other odd possible configurations since it is just a standardized BIP39 passphrase that just about every wallet supports.
That's true, that's why you shouldn't reuse addresses. It is a common practice to always send residual amounts to new addresses with every modern hard wallet, so all current users are completely quantum secure. Reuse of addresses is much more common in PoS coins as Ethereum, therefore more users are at risk here. There already is an update ready and tested that could be rolled out with BIP 360 and a solution for lost/abandoned coins (though that is still up to discussion). There also is already a workaround against mempool attacks, so technically there is no attack vector left for active Bitcoin wallets. From an economical point of view, we would never see a quantum attack on Bitcoin but it surely is better to be prepared.
Charles Hoskinson actually nailed the biggest problems with BIP-361 in a recent livestream. He pointed out that it’s being sold as a “soft fork,” but in reality it functions more like a hard fork because it breaks the existing signature validation rules that a ton of coins still depend on. More importantly, he highlighted that the ZK rescue mechanisms won’t work for the oldest \~1.7 million coins (including most of Satoshi’s) since they predate HD wallets and seed phrases. Those coins would just get permanently frozen. At the end of the day, this perfectly illustrates why both “freezing” and “seizing” are bad options. Whether it’s quantum thieves stealing the coins or the network itself disabling them via fork, we’re still violating the core promise of cryptocurrency: true immutability and permissionless ownership. We shouldn’t be choosing between theft by quantum computers or confiscation by social consensus. The real solution is aggressive migration to post-quantum addresses and new signature schemes, without compromising the foundational principles that make Bitcoin valuable in the first place.
I'm the author of BIP-361 and your interpretation of the proposal is incorrect. BIP-361 doesn't lock any specific addresses. It disables all ECDSA operations, which (currently) would freeze 100% of addresses (redeem scripts.) BIP-361 only makes sense to implement after we have consensus for post quantum signature schemes and have seen mass migration to them.
BIP360 is only the first step forward, not the complete solution. And the hedge using quantum secure coins - is it QRL?
There is a good proposal with BIP360 to Deal with quantum threat for BTC, I personally hold also some quantum Secure coins as a Hedge
Security wise it would down to any method that can reliably build a secure 512 bit number when needed by the people that should have access to it. This number can be rebuilt from a smaller number but not too small. BIP39 seeds are an example of this. You can layer it as many times you want but most approaches other than a human readable copy at a safe location only increases the complexity and risks. Multi-party approaches in the end boils down to similar issues at each member. For most people a plain sealed envelope in a safety deposit box with a clearly defined next of kin procedure is quite sufficient. There is no single solution that fits all. It very much depends on who and why. If you distrust the legal system to the point that you cannot trust a bank safety deposit box then you need to get creative. But creative solutions often have weaknesses that either risks exposure or risks failed recovery in several of the situations you want to protect against.
i think the real answer is matching custody model to user capability. hardcore multisig + distributed backups sounds cool on CT until somebody’s spouse inherits a steel plate and zero clue what BIP39 means 😭
I’d highly recommend using multiple BIP39 passphrases as an alternative to managing multiple seed phrases. You use these to create a triage of different assets and risk activities such as your very cold “I rarely touch this large sum” wallet from your somewhat cold “infrequent but with trustworthy smart contracts DeFi risk” wallet from your “daily driver and sometimes risky DeFi with only pocket change” wallet. This approach guards against cleaning lady attacks assuming you do not leave your passphrase next to your seed phrase. Ideally, leave a small amount of cryptocurrency in a dummy passphrase for Rosa to find — and set a monitoring agent to notify you that your seed phrase is now compromised if that bitcoin moves. Just be aware that every new passphrase and seed phrase makes succession planning and security slightly more complex. I have to train my wife yearly on how to recover our assets the day I get hit by a bus.
I'm going to stick this argument exclusively to Babylon, which I have to admit I like the most in BTCfi. It's non-custodial and extremely well audited. The yield is roughly 0.5-3% APY in BABY tokens (last I checked...). Modest, and accompanied by real risks: slashing (small but contractually enforced), BABY price volatility, and the relative novelty of the protocol's Bitcoin scripting. It's "free money" in theory, but these rewards pale in comparison to the principal I've built up by ignoring exactly this kind of noise since 2013. I do participate in Babylon incidentally, because the small amount of Bitcoin I keep on Kraken does, and I think that's the right sizing. Here's my real problem with it: do you actually believe in what Babylon is trying to do? I don't, not yet. Babylon's core business is selling Bitcoin-backed security to proof-of-stake chains (Bitcoin Supercharged Networks, or BSNs). I'd love to see a BIP300/301 alternative emerge, but Babylon isn't that. And at a purely technical level, Ethereum and arguably EigenLayer are already delivering a more capable and more widely adopted solution to the same problem. I love Bitcoin for its hard money principles, but that doesn't mean it's the right asset for every use case. Convince me I'm wrong. I love to hear it!
As discussed above there are various scenarios being worked on to address quantum risk like BIP-360. Once a solution is vetted and accepted by the community it will be rolled out as an update or possibly even a soft fork, but there will be no "new quantum resistant chain". It will just be an updated Bitcoin software running on nodes around the world as it always has been. What happens to coins that may still be sitting at vulnerable addresses then most likely falls to the owners to move them unless a solution is found that protects them with no owner actions. That's if quantum ever actually becomes a threat, which is debatable.
There are a few ideas floating around, with various degrees of practical readiness. I am not keeping up, but I think the most known on currently is BIP-360: https://bip360.org/
Everybody uses a passphrass or so called "25th word". Most just choose to use the default "empty string", aka: "" Just to make you think about it 😇 Readup on BIP-39....
lol lemme at it :) I've got a ton of scripts I've wrote for various wallet related stuff. As long as the 12 words are from the BIP39 list should be fairly easy :) DM me details please :D
always always test the backup method to ensure it works, before transferring funds. This goes for BIP39 seed phrases as well as backups such as yours. That said, are you sure the file wasn’t corrupted after it was made?
No it doesnt, its just BIP49
It's also "not impossible" that every proton in your body could decide to undergo decay all at once, converting your mass into energy and annihilating the city you're in. Generally it's not that useful to have discussions about "possibilities" that are much less likely than everyone in the discussion simultaneously being struck by lightning and falling into a sinkhole all at once. But to your question, BIP39 seed phrases are hashed to generate a private key, so there are some cases where two distinct phrases would give the same private key. For 12 words it's very unlikely that two different 12 words phrases give the same private key. For 24 words phrases it's likely that some 24 word phrase generates almost every 12 word phrase private key, and that some private keys can be reached by multiple 24 word phrases. There are probably some private keys that can't be reached by any 12 or 24 word phrase.
just use BIP39 Passphrase if you are concerned about it. When a wallet generate a new private key, it only generates the private key using the mnemonic.
If the seed phrase is invalid then either the words are wrong or the order is not correct Double check spelling and make sure the words are from the official BIP39 list Also be very careful with recovery tools never enter your seed online or share it with anyone
Don't ask serious questions on reddit. I'm not going to explain the whole mechanism in detail. Every serious Bitcoin user should want to understand how it works and put in the time to read up on it and study it untill he/she understands ! Basic knowledge on what things like 128bits of entropy means in real life should be unraveled at least once to get a basic idea, not to have it ready avaiable at every moment but just to get the basic idea of how hard it is to guess or brute force such entropy with current, and near future, state of computer power at hand. Any article mentioning quantum computers as risk for Bitcoin can be straight dismissed simply because those who have some understanding of current world know Bitcoin is still by far one of the most interesting things to deploy such powers on when those would be available ! (Perhaps with one exception for those who want to destroy Bitcoin because of its imminent threat to the fiat system). BIP-39 treats an absent 'passphrase' as an empty string, the 'wallet' is derived from 'mnemonic' + "". If you use a passphrase (as sample use "orchid" as passphrase) a new 'seed' is derived from mnemonic + "orchid", thus generating a new 'master key tree' from that seed. So answering your question: No, every uniek seed creates a uniek wallet, and every uniek seed with an uniek, not empty string, passphrase creates another uniek wallet. If you don't know the definitions of: Wallet, mnemonic, seed, master key tree, passphrase etc. You should start there.
>A holder generates a random salt, which is a piece of secret data used to make a cryptographic commitment unique and unguessable, and uses BIP-322, a standard for signing messages from a Bitcoin address without spending from it, to produce a proof of ownership. The wallet holder needs to do it. Unless satoshi comes out and does this, nobody can prove ownership
Weird and delusional AI slop. Long pointless discourse, it says a lot of stuff of no significance and fails to make a point and/or misses the point of the text it's referring to. Outright falsehoods and hallucinations. It's obsessed about some random developer that was only around for a short while and is long gone. That doesn't really make sense at all except when you've been monitoring the knotzis chats and know they are obsessed with John because they believe that Gloria-- the lead dev they chased out of the project earlier this year-- couldn't code because she's a woman and that this other guy was secretly ghostwriting her contributions. No joke. Twitter has seriously mentally damaged a regrettably large population of people, they've been so spun up on culture war crap that they see it around every corner and outright fabricate it where it doesn't exist. Like a lot of AI slop the piece takes some positions that are superficially reasonable, even unavoidable-- e.g. that some contributors are more influential than others. Then entirely fails to connect that to things happening by picking someone who wasn't that popular and then throwing random connections to him at the wall. To give a specific example where the article mentions me directly: it cites some old dispute where multiple contributors asked that luke-jr be removed from acting as bip editor because he was unambiguously abusing the position to attempt to block activity that he personally disliked. The article says that I supported his removal only because of a "mistake" where he NAKed the BIP when he meant to instead NAK something else entirely, as if that "error" had anything to do with my views on luke's conduct. Meanwhile my comments were more than clear enough on my problem with Luke's conduct: https://github.com/bitcoin/bips/pull/1104#issuecomment-826397286 He was being overtly dishonest and gaslighting by falsely claiming that the "the community" had chosen a his proposal over the one documented. In reality he stood nearly alone with his proposal while support of the document one was nearly unanimous-- so he was holding back the document on the basis of a total delusion. Even if he had been *right* that more people preferred his proposal it would have still been a wrongful abuse of his position to hold up the alternative-- the whole process is supposed to be a largely non-editorial documentation exercise-- it documents procedurally well formed proposals even if they're dumb or unpopular, and there are plenty of BIPs for dumb ideas. But because of Luke's obvious difficulties a lot of people, myself included, held back from criticizing him too overtly. At the time of the dispute I was largely uninvolved in the project, but I felt I needed to speak up both because I wasn't particularly involved and the dispute and to the extent that luke's role was the problem it was a problem I created. If somehow that comment which Hodl's AI had to have seen wasn't clear enough a moment of looking would have turned up [plenty of other remarks](https://old.reddit.com/r/Bitcoin/comments/mruopv/bitcoincorebased_bip8_lottrue_taproot_activation/gvscx0c/) from the time about Luke-jr's abusive conduct which spelled it out further. I deeply regret ever making him bip editor when I couldn't continue doing it. Because the the job was supposed to be non-editorial and purely procedural something of a human rubber stamp I hoped it would give him an opportunity to develop his interpersonal skills in an context where his narrow-minded focus wouldn't be a hindrance and where a wonkish approach could even be a bit of an asset. This turned out to be a disaster because rather than following the limited requirements of the process he has systematically distorted reality so that he could falsely declare things to be violations of the limited requirements in order to get his way. It was a real error in judgement on my part although it's one that is overshadowed by the error of the current project leaders in failing to end Luke's abusive influence even after he started explicitly calling for the destruction of the project. In any case: this whole subtopic is brought up as some example of some John-directed conspiracy. But outside of the lawsuit where he was a co-defendant I've probably only exchange a few hundred words with him ever on any subject all, and I can't find any evidence of discussing this specific matter with him (other than that he probably saw my public messages). The simple fact is that everyone regularly involved with the project knew what a nuisance Luke's peculiar behavior could be-- and, if anything, John's relative outsider and newcomer status resulted in him not participating in the particular conspiracy of silence to paper over Luke's reprehensible conduct so when John said what most other people were thinking he failed to do so as indirectly as others did. If anything you could attribute this work to be a piece of pro-bitcoin-core counterpropaganda that supports the project by making its opponents look gravely incompetent. In any case, I'm really looking forward to august when this subcommunity forks off onto their censorship coin and Bitcoiners can move forward with handling them like other crapcoiners: by ignoring them.
Brave uses the same "Chromium" code base as Chrome. Again, the issue is not with the browsers. It is with the wallet app / wallet extension (Metamask in that case, but would apply to Rabby and all other web wallets). The problem is that those wallet apps use text instead of images to display the SRP BIP39 words, therefore they are vulnerable to being translated by the browser. If the apps were using images of the bip39 words (instead of text), the words would not be auto-translated, so we would not have this issue.
\> disable auto translate when dealing with seed phrases Actually it would be much better if the wallet web apps or extensions made it impossible for the SRP words to be auto-translated, for example by displaying the BIP39 words as images, not as text.
\> using a browser-based wallet app Most ETH wallets are browser-based (Metamask, Rabby, MEW etc). And this is not a problem. The problem is that those web apps or extension allow the browser to translate the SRP BIP39 words that they display. My recommendation is that browser wallet apps or extension should display the SRP / seed words as images, not as text, to prevent auto-translation. It is likely many other people have backed-up browser-translated seed phrase, and they don't know yet about the issue because they never had to restore their wallet.
If it's the book I'm thinking about, it doesn't use the BIP39 word list.
I swear this is an astroturf campaign for this dudes book… I looked into it at some point when it was being spammed. He used a custom recovery phrase (so not our standard BIP39 wordlists) from an older wallet. The words hidden in the book are in a different font and not in order. Being custom, they can be anything. At most, a team has been able to find 8 or 9 of the 12 words. Even with all 12, re-ordering those will take half a billion attempts, but I guess you can drop that into a heavy rig to solve. And all this to say, it may not even be the wallet provided. He provides a public key to “check” the balance but who’s to say it’s even from that phrase. If there’s a passphrase or anything on top of the key, you’re boned. This is basically the hard-copy equivalent of that one website that lists every private key in existence. Good luck.
The NVMe makes a massive difference. It usually takes around 3 days on an SSD. Spam used a Bitcoin compromise in Taproot in 2023. You should see the syncing speed slow right down once you get to 2023, when you start syncing that spam. People are trying to fix the compromise at the moment with something called BIP-110. Think about running this if you want to help Bitcoin. https://bip110.org/howto/#umbrel If you don't want to run BIP-110, then please use Bitcoin Knots for your node software. https://apps.umbrel.com/app/bitcoin-knots Please don't use Bitcoin Core. It has a vulnerability that allowed spam after 2023.
That's true they were early, but I thought it was later than that. ChatGPT now tells me it was "late in 2014" so either way BIP39 could be what OP has! Thanks
BIP39 probably doesn't apply, but the first three words are in on the BIP39 list. The word Maxims could be "Maximum" which is on the list and the final word could be coin can or chain
Mycelium was actually one of the first wallets to adopt the BIP39 seed standard back in 2013 👍
Yes it is safe, BIP39 requires all the words to be able to recover as the final word is a checksum for the full seedphrase.
First Step: 18 word seed is BIP39. Check the 2048 Word wordlist, you may have just written the first word wrong. Wordlist: https://github.com/bitcoin/bips/blob/master/bip-0039/english.txt
I wouldnt trust any specific brand recommendations off of Reddit tbh. Hardware wallet can possibly be good though, despite Ledger previously having a leak. I still hold mine on a Bitcoin Core wallet on old Windows XP hard drive Ive had since 2012. That was before security phrases (BIP39) so, its probably harder to brute force.
Wallet software uses a checksum to ensure the order of your words is random, BIP39 uses a 2048 word list. If your words aren’t on that word list and the order also random, your choice will fail a checksum and the wallet won’t generate a seed. He’s warning against something that wallet software prevents from happening in the real world.
To be honest I'm not even convinced the pseudo-random-language-construction argument holds much water when the interval is pages. Like, every third page, order ascending by one each time (first word on first page; second word on third page; third word on fifth page; etc.)--that's perfectly easy for you to remember but I have a very hard time believing the resulting word selections would be in any meaningful way linguistically non-random (other than to the extent that they're most likely all from English, which the BIP-39 words are already anyway). TL;DR I agree with you.
Oh, I don’t need to do that. It’s far simpler and easily verifiable by you and anyone else for that matter. A standard BIP39 uses a 2048 word list. When you create a seed phrase it requires a specific check-sum. If your word selection is vulnerable, which is what you were warning about in your original comment, the wallet rejects them and will continue rejecting your choices until the 24 words are not only in the word list but ordered in an acceptable way to create the phrase and satisfy the criteria for the checksum. Your entire premise of a 24 word list being vulnerable, whilst true on paper, is in practical terms complete crap. The wallet won’t allow a vulnerable word list to be used to create your seed. That’s how it actually works in real terms. Feel free to verify and donate a sum of your choice to a registered charity of your choice. Nice try though, just not applicable in the real world is it?
My BIP citation could easily be incorrect, thank you for the correction. However, when you stop using a key, what do you do? Destroy all copies of it? It would seem foolish of me to think I could never make a mistake and send funds to it from an exchange, my node, or a saved address in software. Not to mention someone else using it from a tip page archive on the wayback machine, a friend who saved the address in THEIR wallet with my contact information, etc, etc.
I did think it through long enough to wonder what the hell you were doing that would surface an old address, thus the question. I think you mean BIP-34 (Hierarchical Deterministic (HD) Wallets) not BIP-39 (Mnemonic code for generating deterministic keys). You don't "archive" a public key. You just stop using it. Now you have your answer :)
I'm sure if you thought it through, you'd think of a scenario. With the age of some of the wallets I have saved, there is no "generate an address for an old wallet" as they pre-date BIP39. For your last question, that's precisely MY question.
What the others said but also you can't just randomly combine 12 or 24 BIP-39 words and derive a valid private key. A portion of the final word is a checksum. Use AI to ask about how it works to better understand.
The numbers A 24-word BIP39 seed phrase encodes 256 bits of entropy, but the last word is a checksum — so: 23 words = 23 × 11 bits = 253 bits of randomness The 24th word's 11 bits are: 3 bits chosen freely + 8 bits as checksum Total entropy: 256 bits (253 random + 3 from the last word's "free" portion) Checksum bits: 8 So if you type in 23 random words plus a random 24th, the chance the checksum matches and the phrase is valid is roughly 1 in 256 (because of those 8 checksum bits). That part is doable — you'd hit a valid phrase every ~256 tries. But "valid checksum" ≠ "wallet with funds" Here's where it gets crazy. A valid 24-word phrase opens some wallet — there are 2²⁵⁶ possible wallets. Almost all of them are empty addresses no one has ever used. The number of Bitcoin wallets ever funded is, generously, a few hundred million — call it ~10⁹ (a billion). So: Total possible wallets: 2²⁵⁶ ≈ 1.16 × 10⁷⁷ Funded wallets: ~10⁹ Chance of randomly hitting a funded one: ~10⁹ ÷ 10⁷⁷ = 1 in 10⁶⁸ That's 1 in 100,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000. To put 10⁶⁸ in perspective Atoms in the human body: ~10²⁷ Grains of sand on Earth: ~10¹⁹ Atoms in the observable universe: ~10⁸⁰ Seconds since the Big Bang: ~10¹⁷ If every atom in every star in the observable universe were a computer trying a billion seed phrases per second since the Big Bang, you still wouldn't have made a meaningful dent. Practical version Hitting a valid checksum: about 1 in 256 — easy Hitting a valid checksum + a wallet that's ever held coins: about 1 in 10⁶⁸ — effectively impossible Hitting a wallet with significant funds: even rarer People do try this — it's called "seed phrase brute-forcing" or "wallet sniping" — and there are bots that scan for funded wallets. They occasionally find a few because of bad randomness (people who picked weak phrases like "abandon abandon abandon..."), not because brute force works. With true randomness, you have a better chance of winning the lottery every week for the rest of your life. So: don't bother. The math is about as close to "literally impossible" as anything in computing gets.
The seed phrase list is 2048 words. A BIP 39 wallet uses 24 of them in any order. Even if you knew all 24 words in a specific wallet, it would still be nearly impossible to find it because there are 6.2x10^24 combinations of just those 24 words. Across the whole list, there are 1.157x10^77 seed phrases.
15-bit ECC is actually a 32,768-key brute force which classical hardware does in milliseconds, so the 'quantum' framing is a bit oversold. Project Eleven's larger point is the trajectory: previous public demos were on 7-bit keys, this is a 256x-state-space jump. Useful number to track is 'logical qubit equivalents needed for 256-bit ECC' which is around 6,000 logical qubits per IBM/Microsoft/Google papers, current public hardware is at maybe 50-100 logical qubits. Roadmaps suggest 5-10 years before hardware threatens anything serious, but the threshold is steep so progress will look slow then sudden. BTC has time to migrate to post-quantum signatures (BIP-360 is the active proposal), the question is whether the protocol can coordinate the soft fork before it's actually needed.
Depends on the wallet but you can create a passphrase wallet where you choose the passphrase (as a 25th word) and this passphrases is like a password or something, not a word used in BIP-39 (the 2048 words list that opens a wallet) but like a real password that you MUST absolutely never forget.
That's not technically true. The final word is a checksum so you can't actually just combine any 12 or 24 word combination of BIP-39 words and derive a valid private key. I was shocked when I learned this fact. Don't trust me, verify.
quantum risk may be real by 2044, or maybe not yet. but something like BIP 361 is exactly how people end up robbing satoshi while calling it protection
Yes, a preloaded BIP39 paper/wood/metal wallet is the best way. Makes for a nice physical item to give too as you can get super creative with it. Just make sure to practice good self-custody hygiene (offline seed generation, airgapped wallet, etc) The recipient can then move the funds to their own wallet if they don't want you to access their funds.
BIP-361 is proposing to freeze quantum vulnerable wallets
Well, if that ever becomes a real threat, that’s what BIP is for. You may not realize this, but until the 39th one, we didn’t even have seed phrases! Can you even imagine?
There are some ideas floating around already that a new BIP proposal for migrating BTC wallets could include a temporary change to blocks so that a fixed % of the blocksize can only be used for migration/upgrade transactions. This will put some strain on transaction costs, but it'll be manageable. That way we could ensure that everyone gets to migrate/upgrade within a certain timeframe, while also keeping space for regular transactions. It'll be up to the user if they want to pay a higher fee and be first in line to upgrade, or pay a lower fee and wait a couple months or even years.
I don't think there will ever be consensus to implement BIP-361. But hypothetically speaking let's pretend that there was consensus and it was implemented, it would only result in a chain split if there were some people still running nodes and mining bitcoin without following the new rules. Otherwise it would not result in "an extra coin" as you put it. Even though there will probably never be consensus to implement BIP-361, if some people want it enough then they can fork off and create their own version of Bitcoin with its own blockchain where millions of coins can't be stolen by people with quantum computers as long as some people are willing to mine it. That would result in a new cryptocurrency or "an extra coin" as you put it. Bitcoin does not solve wealth inequality. And this isn't Eat The Rich Coin. "Lost" bitcoins probably will get recovered by people that have access to powerful quantum computers in the future because I don't think there will ever be consensus to implement something like BIP-361.
Since it's a gift, you can keep a copy of the seed, so if he loses it, you can give it to him again. Maybe even use BIP85. If he really wants to start stacking, he'll make his own wallet, and the paper you give him does not matter in the long run.
If this is high-stakes, I would not carry a recoverable seed phrase through airport security at all. X-ray scanners are not the main risk; loss, theft, or being forced to disclose it are bigger problems. Safer patterns are a fresh travel wallet with a small amount of funds, or a separate BIP39 passphrase if you know how to recover it. If you move any backup, make sure it is not the only copy of the wallet.
3 is even worse than 2. Because that will change two rules instead of one, in a bad way. If it's 2140 now and whole coiners are rare, how would you respond to a BIP saying "miners need reward, wholecoiners will potentially cause shock, so let's take half from any wallet >1coin and use them to fund mining"?
> I won’t be joining, I’ll keep my node allowing all valid blocks. That's fine as long as you realize that you won't actually be participating in Bitcoin anymore if the majority mining power accepts BIP-361. You will be effectively blocked from mining on the canonical chain. This is similar to soft forks that eliminated certain Bitcoin Script opcodes. They're soft forks, but they cause a split between old and new clients.
Statements like this show your lack of understanding of the subject outside of incendiary headlines. Already there is BIP-360 (Pay-to-Merkle-Root) on BTQ Bitcoin Quantum testnet; post-quantum signatures (e.g., NIST ML-DSA, SPHINCS+) on Blockstream Liquid sidechain. And if you just hold and have not spent your BTC you’ve never exposed your public keys and thus are not currently at risk. But thanks for spreading FUD
You are hung up on "semantics", but even so by the time all of the coins are frozen (phase a, phase b, phase c), a hard fork will almost certainly have taken place if they go down the path of BIP-361...
Cryptographically Relevant Quantum Computers (CRQCs) don't exist yet, so there's still a bit of time, but the goal is to implement P2MR (Pay to Merkle Root) as proposed in BIP-360 which prevents public keys from being revealed in transactions. Users would then send their coins to these new bc1z addresses.
So you don’t see much benefits in switching to P2MR (what BIP 360 is about if I understand correctly)? Are there other solutions you favour more?
Bitcoin rules was never about even distribution, that’s up to the users. Bitcoin rules is however NOT censorship or centralization of power. I will not personally signal for this BIP if it were to happen today.
You seem to be operating under the false assumption that this is being proposed for activation. There is no timeline set on BIP-361; it's a draft of a contingency plan that may not ever be needed.
Perhaps you mean "chain split." BIP-361 is a soft fork, and I explained a year ago why I don't think opposition would be sufficient to resist it with a hard fork. https://blog.lopp.net/against-quantum-recovery-of-bitcoin/
I'm the author of BIP-361 and you clearly haven't read the BIP. It's a soft fork, as it only restricts spending conditions. Tightening of consensus rules is always a soft fork.