[ExI] Sell your Bitcoins!

[Jason Resch]

On Mon, May 18, 2026 at 8:55 AM John Clark <johnkclark at gmail.com> wrote:

> On Sun, May 17, 2026 at 10:19 AM Jason Resch via extropy-chat <
> extropy-chat at lists.extropy.org> wrote:
>
> *> Being and remaining a secure cryptocurrency is something everyone
>> agrees with, and choosing the best algorithm to migrate to has an obvious
>> technical answer.*
>>
>
> *An obvious technical answer?! There are many algorithms that claim to be
> quantum resistant but nobody knows which one is the best.*
>

You mean know one knows which, if any are secure. That same uncertainty
exists for all algorithms. Bitcoin developers aren't the ones who will be
evaluating security. They only need to weigh the merits in terms of
computational and memory efficiency, which are easy to characterize and
compare. I think the best long term solution (which I give in detail below)
is for Bitcoin and other cryptocurrencies to be algorithm agnostic, and let
the end-users decide which algorithms (or combination of algorithms)
deserve their trust. Should any falter, then users can at their own
discretion, switch to other algorithms, without having to wait for a new
bitcoin software/protocol to be rolled out.


> * And they are so new that nobody is even confident that there isn't a way
> for a small conventional computer to break them. That's why in all the
> transition strategies to quantum that I've heard of they intend to retain
> the existing conventional encryption and stick the quantum resistant
> encryption on top of it. *
>
> *In the early days there were something called "knapsack encryption" which
> was a competitor to both RSA and Elliptic Curve Encryption, and at first it
> seemed like it would be superior to the other two because knapsack
> encryption had been proven to be NP Complete, but to this day that has not
> been proven to be the case with the other two. However it turned out that
> despite being NP Complete there was a way for even a small conventional
> computer to quickly break it; the problem was that although some knapsack
> problems were NP Complete the vast majority of them were not, and there was
> no easy way to pick out just the NP Complete ones to use. By contrast most
> very large numbers are easy to factor BUT there is an easy way to pick out
> the few that are not easy to factor, and those are the ones that RSA uses. *
>
> *>> Which algorithm?* Post-quantum cryptography is still maturing. NIST
>>> only finalized its first PQC standards in 2024. Candidates like
>>> CRYSTALS-Dilithium (lattice-based) look promising but have larger signature
>>> sizes, which would affect Bitcoin's block space economics. Picking the
>>> wrong one and having to migrate *again* would be catastrophic.
>>>
>>
>> *>The one with the smallest (signature+public key) size is best for
>> minimizing the size of the chain.*
>>
>
> *Needing only a small key is one important consideration but certainly not
> the only one, or the most important one. Being confident that your
> algorithm doesn't contain a huge flaw is also rather important, and it's
> easy to figure out how big a signature is but it's much much more difficult
> to figure out how secure your algorithm is.  *
>

And that remains true for all asymmetric cryptography. We have no proof
that factoring numbers is hard. We have no proof that efficient solutions
to the discrete logarithm problem do not exist. All of our cryptography is
built on a wish and a prayer. But when a lot of smart people try to solve a
hard problem, and no progress is made, that's when we start to think it
might actually be hard. But for all that is known, P could = NP, and then
all cryptography would be illusory.


>
> * > Lattice based cryptography has a long history and it's security is
>> fairly well vetted.*
>>
>
> *Long history? Lattice encryption was only discovered in 1996 and until
> just a few years ago nobody paid much attention to it or tried very hard to
> break it because nobody paid much attention to quantum computers; and
> because RSA and Elliptic Curve still seemed quite secure from attacks by
> conventional computers, so nobody saw an urgent need to switch to something
> like lattice that was far more cumbersome to use. *
>

Consider how little comparative time went by between when RSA was invented
(in 1977) and when it first went into commercial use in 1982, just 5 years.
Also consider also how much smaller of a field computer science and
cryptography were back then compared to today. We have had much more eyes
looking at lattice based cryptography, and for much more time, than we had
time and analysis for RSA. Today we can even use AI to search for
weaknesses for more thoroughly than was possible in the past. We've had 30
years looking at lattice based cryptogtaphy and no one has found a weakness
yet. That's not as much time as we've been studying RSA, but it is 6 times
more time than RSA got before it went into use.


>
> *This is what Claude has to say about that:*
> ==
>
> *Claude:* "Elliptic curve crypto (specifically secp256k1, what Bitcoin
> uses) is extraordinarily efficient — it was chosen partly *because* of
> its performance characteristics. Lattice-based schemes like
> CRYSTALS-Dilithium (now standardized as ML-DSA by NIST) are more expensive,
> but not devastatingly so on the computation side. The bigger problem is
> actually *size*, not computation.
> Property ECDSA (Bitcoin today) ML-DSA (Dilithium)
> Public key size 64 bytes 1,312 bytes
> Signature size ~72 bytes 2,420 bytes
> Signing speed Very fast Moderately fast
> Verification speed Fast Roughly comparable
>
> So signatures would be *~33x larger* and public keys *~20x larger*. For
> Bitcoin, that's actually the more serious problem."
>
> ==
> *And remember, lattice encryption is not going to replace elliptic
> encryption, it's going to be added in addition to it. *
>


I think you helped me identify the perfect solution for Bitcoin and all
other cryptocurrencies to navigate this problem. There is no reason any of
this needs to be enforced top-down, nor should users be forced to wait for
the Bitcoin software developers to re-write anything before users are able
to migrate to a new algorithm. To support this flexibility, the Bitcoin
software can be upgraded to support a wide number of various and distinct
cryptographic algorihms from different family types, and even different key
sizes. End-users are then free to decide to use any algorithm they are
comfortable with, and even any combination of multiple algorithms, should
they desire. The wallets that require the most security, and havethe least
frequent transactions, can use larger and more keys to secure them. This
will result in larger transaction costs should coins secured with such a
wallet ever move, but this would provided the highest security guarantee.
Furthermore, should any new information come out in the future that leads
users to question the security of the algorithm they happen to rely on,
they can *immediately* move their Bitcoins to a new wallet secure by a
different algorithm or combination of algorithms. I think I will write up a
paper on this, I think it is the ideal solution. Software can be flexible,
but no one knows the future, or what security breaks might be invented.
Users need redundancy for security, and the ability to quickly respond by
transitioning to new algorithms.


>
> *Bitcoin was originally supposed to replace dollars and pounds and euros
> for everyday use, but in that it has proven itself to be a huge FLOP
> because it is an energy hog of immense proportions, and the addition of
> lattice encryption will make things even worse.*
>

You don't seem to understand what I have been saying. The energy use is
unrelated to the algorithms, or the transactions. It's purely from the
minting. What makes this confusing is that within the Bitcoin protocol,
transaction blocks are bundled with the minting process, both happen at the
same time. But they are independent from one another. The number of
bitcoins produced in a bit block can change (and it is reduced every 4
years) likewise, the size and number of transactions in a block can be
increased (as it has been in the past). It is therefore an error to try to
tie electricity use to the number of transactions, the proper connection is
energy use per minted bitcoin. As the block reward decreases by half every
4 years, so too does the amount of energy miners will be willing to invest
to get those block rewards. You could say that bitcoin doubles in
efficiency every 4 years.


> * Bitcoin currently consumes about 150 TWh/year of electrical energy, and
> there are about 100 million transactions per year. So each transaction
> consumes about 1,500 kWh,  the average US household uses about 900 kWh per
> MONTH! That is just nuts. *
>

Again this is entirely wrong way to calculate it. One Laptop could run the
entire Bitcoin network and it would draw only 50 watts to do so. That
includes processing all the 100 million transactions.
Don't think of it in terms of Watts per transaction, think of it in terms
of Watts per bitcoin minted. Then you will understand the system much
better. We don't consider the energy cost of mining Gold when two people
exchange a gold coin, do we? That is essentially what you are doing,
looking at the cumulative historical cost of mining all gold (which is
billions or trillions of inflation adjusted dollars worth of time/energy)
then counting the few million gold transactions done each year today, and
saying: look how wasteful gold transactions are! You should instead focus
your attention on the mining if you are concerned with the
evnrionmnet/energy, not the cost of transacting with the gold once mined.


>
>
>
>> *>> The simplest and surest way for someone to preserve the value of
>>> their bitcoins would be to sell them before the quantum shit hits the fan,
>>> that is to say convert the bitcoins into Dollars or Euros or Pounds, or
>>> maybe the Chinese Renminbi.*
>>>
>>
>> *> You've been telling people to sell their bitcoins since 2017.*
>>
>
> *I think you must be confusing me with somebody else, in 2017 I still
> foolishly believed bitcoin might be a net positive force in the world. I
> was dead wrong. In 2017 I never predicted the price of bitcoin would
> collapse, and certainly not  collapse because of quantum computers. In 2017
> I wasn't certain that building a fault tolerant quantum computer would even
> be possible, much less practical. But things have changed radically since
> 2017. *
>
>
>

On September 13th, 2017 on this very e-mail list
<https://lists.extropy.org/pipermail/extropy-chat/2017-September/093311.html>,
you wrote "If you ever hear that Microsoft has built a topological quantum
computer that can factor the number 15 then sell your Bitcoins, hold onto
your hat, and get ready for a wild ride."
Note that IBM had factored the number 15
<https://www.ibm.com/quantum/blog/factor-15-shors-algorithm> in 2001, so in
effect, you were telling people then that it was too late and to sell their
bitcoins. (Unless you think it important that it be Microsoft, rather than
IBM, for some reason).


> * > If someone had followed your advice then, the definitely would not
>> have been the best way to preserve the value of their bitcoins. In fact,
>> this advice would have cost them 95% of their value.*
>>
>
> *I never gave anybody that advice, but it's interesting that the official
> Trump-branded memecoin ($TRUMP) has lost 96% of its value. *
>

See above. According to AI:
"On September 13, 2017, the price of Bitcoin closed at approximately
\(\$3,931\), reaching a daily low of \(\$3,845\) and a high of \(\$4,094\)."


>
> *> Bitcoin doesn't waste energy, it freezes the economic value of energy
>> into an equivalent value of the coins that are mined.*
>>
>
> *What the hell?!  *
>

Perhaps you would understand if you hadn't deleted parts of my explanation.


>
> *This sounds strange and alien*
>>
>
> *It sounds ridiculous  *
>

No, it is identical to existing monetary systems. It can't be free to make
money, or else money would be worthless. The easiest analogy is gold. It
costs time and energy to produce it. But once produced, it can be traded
back and forth endlessly. The same is true of Bitcoin. It costs practically
no energy to transfer bitcoin that have already been made. The energy cost
is in the production, where the production cost in energy is very tightly
related to the value of the bitcoin produced. If a bitcoin is worth
$80,000, then the market of miners will be willing to spend up to $80,000
worth of electricity to produce it. When the value of bitcoin falls, then
they will spend less energy to produce one.


>
>
>> *> The value of gold is set in large part by the economic cost of mining
>> gold, which primarily comes down to the energy that must be spent to mine
>> it.*
>>
>
> *It might take a lot of energy and be difficult to make artificial dog
> shit, and if you have the gift of gab you might be able to convince enough
> people that artificial dog shit is valuable and everybody should own some
> and create a fad, but no fad lasts forever. As for gold, I maintain that
> our civilization would be just as prosperous if there was no gold at all in
> the earth's crust; well OK nearly as prosperous,*
>

Not at all. Gold was unique because it was easy to recognize, transport,
divide, and weigh, but hard to forge. This enabled lower-risk transactions
between individuals who had no shared history. In other words, it made
economic transactions cheaper and easier while making fraud harder. This
economic efficiency likely provided enormous benefits to human civilization
across the thousands of years it was used.


> * gold does have a few industrial uses, bitcoin has none.  *
>

Bitcoin has all the monetary properties and benefits of gold, but it is
even harder to forge (impossible without quantum computers), plus it
divides more easily, can be perfectly measured, it is even easier to
recognize, and can be transmitted instantaneously at the speed of light to
any location on Earth. Transmitting $1B of Gold from one location on Earth
to another requires a massive expenditure of energy, security, etc. But
Bitcoin could facilitate such a transaction for pennies to dollars. On this
basis it is superior to Gold as a monetary technology, and this explains
why it has a total present value around the same order of magnitude of all
the Gold on Earth. The value of Bitcoin stemps purely from its monetary
benefits; it makes economic transactions more efficient, some transactions,
vastly so. If Gold were used only for industrial purposes, its value would
be much lower than it is today, its value derives primarily from its
monetary properties.

Jason

>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.extropy.org/pipermail/extropy-chat/attachments/20260518/762504b8/attachment.htm>