Topic: Could a new type of Bitcoin encryption be put over the old one if necessary? (Read 164 times)

No hard fork is needed at all.

Single soft fork is all that is needed. The way of fixing the situation depends on how serious it would be. If it happens gradually, then we could switch carefully and give everyone few months or years to upgrade. If it happens instantly, then there will be one or more blocks cleaning up the mess and later the network will operate normally.

The only disputable thing is how things would be handled in this "cleaning up the mess" period. Burning all affected coins instantly is one option, but I wonder if miners would accept that. Another thing is if users would accept that or how much time they would have to move their coins (and how they can prove that they really own these old coins).

That was also a soft fork. You could use old software and you would finally end up with the same chain as the rest of the network. Just transactions generating coins out of thin air were made invalid. You could say it was a hard fork if it would be built on top of existing chain and there would be some kind of "dirty fix" like in Ethereum DAO, for example if you would have a transaction taking that coins without needed signatures and burning them. But in Bitcoin there were no such things.

Almost all changes could be made in a soft fork way. Making old addresses deprecated definitely can be done in a soft fork way, because rejecting them at mempool level is possible. Moving coins from old to new address would look like moving coins from legacy to Segwit addresses, just some old inputs, some new outputs, nothing special.

I don't think we can give a general answer to this question. It really depends on the scenario. In other words what are we trying to solve? Take the following 2 historical examples:
* Malleability was an issue in bitcoin but not a big one so it didn't even need a fork, almost all of it is solved using standard rules (without needing any forks). Then some of those rules turned into consensus rules with a soft fork when SegWit activated.
* Inflation bug was a serious issue and it could not have been solved without using a hard fork. So that's what we did.

So we have to first figure out which category the change falls into and what its severity is, then we can discuss whether a soft-fork is needed or a hard-fork and with what urgency.

I disagree, and I think many others will as well.  So, I don't think you have the consensus that you think you do.  And without consensus, a hardfork will just become yet another Bitcoin forked altcoin.

So the consensus here is that a soft fork should be done to introduce new address types with a new signature format, and then a hard fork that rejects all the old types.

The question now is which activation method should be used for each of them? Using BIP9 with the normal activation threshold could fail to get enough support and would block the second fork from happening. On the flipside a BIP8 with LOT=true and a short activation window sounds like a great idea for the hard fork, which should be done in an emergency situation only like someone starts manufacturing commercial quantum computers.

That could be done as a soft-fork. All that is needed is just making transactions with old addresses non-standard. Today you can also send some of your coins to some unsafe output (that requires for example proving that 2+2=4) or spend some of such inputs.

Because if they aren't locked/burnt then someone with enough dedication could suddenly abuse that hypothetical broken algorithm to acquire a large amount of bitcoin and cause a lot of disruption, mostly in bitcoin market but it will be reflected elsewhere too.

Why bother?

It won't be enough just to send coins to a new address, the old addresses (with all the underlying cryptography that became weak in this scenario) have to become obsolete. That requires a hardfork since it no longer would be backward compatible as it would be removing a part of the consensus rules.

A new rule has to be added to bitcoin to add 2 phases, phase one is when both algorithms (old and new) exist but people have to move their funds to new addresses using the new algorithm while sending to old ones is rejected, phase 2 any coins remaining in an old address is lost and locked as the algorithm would be obsolete.

First of all, Bitcoin uses a digital signature algorithm and hashing, not "encryption".  They are cryptographic functions and the signature algorithm is similar to encryption, but neither of them are what is commonly referred to as "encryption".

Next, yes, if the current signature algorithm or one of the hashing algorithms were to become weak due to advancements in cryptography (quantum or otherwise), then new algorithms that are still considered to be "unbroken" could be swapped in to take their place.

Note that you would need to create a transaction and send your bitcoins to the new address to have the protection of the new algorithms. There is no way to just apply the new algorithms to your current addresses.



I'm sure someone will come correct me if I'm wrong, but I'm pretty confident that it would not require a "hard fork".  Just like SegWit was introduced without forking the blockchain, similar techniques could be used to introduce other new algorithms.


That sounds like a soft fork.  I'm pretty sure a soft fork requires a SIGNIFICANT majority of miners (and/or mining pools), and a hard fork requires an OVERWHELMING majority of all users (miners, pools, nodes, merchants, consumers, HODLERs, investors, speculators, etc).

yes
just like how segwit and multisig transaction formats were entered into the blockchain accepted formats over the years.
new tx formats involve needing to move coins from old legacy tx formats to new formats to then be secured by the new format

but dont worry too much about quantum. although it can solve good 3d vectors and give 3d answers.. something binary finds hard.
having a system which requires a binary solution limits how much quantum can do. as its cant use all its abilities on the 2dimension math of binary.
most you can expect is a QC being 2x efficient compared to a binary computer

It can change but it has to be done in a hardfork since older versions will then have a completely different way of creating signatures and pasting them into transactions, so not exactly encryption but regardless, private keys were used to make them and these could be "extracted" one day.

And the fact that it's a hard fork means that it's also dependent on the majority of miners supporting it (and abandoning the original one) by directing its hashrate towards it. Which should be easy to convince them to do if there's a threat that everyone's money will become worthless.

Well, yes that can happen some day, but far in the future, maybe in some 100 or 200 years

If that happen the bitcoin will need a new fork to keep working. And yes maybe work with another Curve Size or a new kind of quantum computation-resistant cryptography.

  Hi guys, I'm a technical layman and I'm wondering if you could do the following:

 just suppose that through quantum computing or whatever, Bitcoin encryption becomes insecure. Couldn't you then just use the latest encryption methods to update the old Bitcoin encryption method so to speak? So by making the old private Bitcoin key secure again with a new method and combining it somehow.

  Of course I don't know if this really works, but there should be a possibility to upgrade the Bitcoin encryption somehow? Or will the encryption remain unchangeable forever?