5 years is actually a long time for someone who's watching his own bitcoins; however that would be a bummer if you get knocked out into a coma and wake up 6 years later to find your stash destroyed.
Ideally, the coins would be destroyed just moments before they would be stolen so that no one would lose coins who wouldn't lose them due to theft anyway. Since we can't exactly predict the future, there may be some cases like that, but it should be extremely rare.
If no one loses any coins, then that'd be a massive success. The
goal of the policy would not be to destroy coins, but to prevent lost and insecure coins from being stolen.
Theymos,
My understanding of your thinking here, is this correct:
Pretty much.
I'm talking about the hypothetical situation of advancements in quantum computing making ECDSA insecure. I am
not proposing that any code be written or changes be made today, and probably not for several years. When the deletion policy
is put in place, the grace period should be as long as possible -- I mentioned 5 years from the initiation of the policy as an arbitrary example.
After we have already forked to replace the QC vulnerable algorithms in Bitcoin with QC safe algorithms
Agreed, though as a minor technical nitpick, note that you can actually roll out both changes at once (with the expiration change set to only take effect after a several-year grace period), and both the crypto upgrade and the expiration are softforks.
as a way to encourage (force) people to move their coins to the new algorithms.
From my perspective, the motivation for doing this would be to prevent thieves from stealing a ton of almost-certainly-lost bitcoins. It would be very bad for the overall Bitcoin economy if the ~5% of bitcoins that are "permanently lost" come back into circulation, especially when the new owners would be unethical thieves.
At the rate QC is progressing those of us alive right now really don't have to worry about this. Perhaps our grandchildren or maybe our children.
I think that QC could get to a worrying state for Bitcoin in as soon as 10 years, though perhaps it will take much longer. According to several standards bodies, Bitcoin's 256-bit elliptic curve is only considered secure up to 2030, in part due to QC.