Delivery-date: Wed, 04 Jun 2025 00:57:00 -0700
Sender: bitcoindev@googlegroups.com
Date: Mon, 2 Jun 2025 11:54:08 -0700 (PDT)
From: Jonathan Voss <k98kurz@gmail.com>
To: Bitcoin Development Mailing List <bitcoindev@googlegroups.com>
Message-Id: <16f0f405-3f39-498e-9399-a6050773c4c7n@googlegroups.com>
In-Reply-To: <aD2J9HNJUqaod0n2@petertodd.org>
References: <cc2f8908-f6fa-45aa-93d7-6f926f9ba627n@googlegroups.com>
 <CAFC_Vt6gqV-8aoTKt2it1p9LAnvaADueHnC1cM6LQojZf6fjCw@mail.gmail.com>
 <c8bbcbbb-036b-4e72-9bb5-4490e43dda21n@googlegroups.com>
 <aD2J9HNJUqaod0n2@petertodd.org>
Subject: Re: [bitcoindev] Post-Quantum commit / reveal Fawkescoin variant as a
 soft fork
MIME-Version: 1.0
Content-Type: multipart/mixed; 
	boundary="----=_Part_190950_1585333022.1748890448370"
Precedence: list
Mailing-list: list bitcoindev@googlegroups.com; contact bitcoindev+owners@googlegroups.com

------=_Part_190950_1585333022.1748890448370
Content-Type: multipart/alternative; 
	boundary="----=_Part_190951_868540719.1748890448370"

------=_Part_190951_868540719.1748890448370
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

If using a monetary network requires out-of-band payments, then that=20
severely limits the actual utility of the monetary network as a medium of=
=20
exchange. Imagine if the only way to make a bank transfer was to first go=
=20
in-person to the bank of the recipient of the transfer to give them=20
something that then allowed your bank to make the transfer -- it would be=
=20
an unworkable monetary system. Similarly, if future Bitcoin transactions=20
require making out-of-band payments, then it has failed as a monetary=20
network with an endogenous unit of account. The whole system has to work=20
without reliance upon exogenous monetary media or mechanisms. As such, the=
=20
commit-and-reveal scheme fails to maintain the monetary properties of the=
=20
network as a whole unless we assert reliance upon altruism to get the=20
commitments into the blockchain, which instead breaks the incentive-based=
=20
game theoretic design. Maybe it would work as a stop-gap solution in the=20
event of the advent of a relevant quantum computer, but it is certainly not=
=20
a good long-term plan as currently formulated.

Recall the original premise: "Bitcoin: A Peer-to-Peer Electronic Cash=20
System". If you can't transact with it as cash, i.e. as the ultimate=20
endogenous settlement mechanism, then it is no longer Bitcoin. Requiring an=
=20
exogenous system fundamentally breaks the model.

-- Jonathan

On Monday, June 2, 2025 at 9:53:55=E2=80=AFAM UTC-4 Peter Todd wrote:

> On Fri, May 30, 2025 at 03:00:41PM -0700, Jonathan Voss wrote:
> > As far as I can tell, the main flaw in commit/reveal protocols is in th=
e=20
> > commit phase: if revealing a commitment with N confirmations is require=
d=20
> to=20
> > spend bitcoins, then, without spending any bitcoins, how do you get the=
=20
> > commitment into the blockchain in the first place? Maybe I am just=20
> > misunderstanding this. If so, then a commit/reveal scheme may be a=20
> workable=20
> > solution.
>
> You can always purchase new BTC to perform the commitment.
>
> Indeed, this problem is often seen in alt-coins where fees must be paid i=
n=20
> a
> native asset, while users are trying to send some kind of tokenized asset=
=20
> like
> a USD token. You can have funds that you can't move because you don't hav=
e=20
> the
> correct asset. While annoying, this isn't a fatal problem.
>
> --=20
> https://petertodd.org 'peter'[:-1]@petertodd.org
>

--=20
You received this message because you are subscribed to the Google Groups "=
Bitcoin Development Mailing List" group.
To unsubscribe from this group and stop receiving emails from it, send an e=
mail to bitcoindev+unsubscribe@googlegroups.com.
To view this discussion visit https://groups.google.com/d/msgid/bitcoindev/=
16f0f405-3f39-498e-9399-a6050773c4c7n%40googlegroups.com.

------=_Part_190951_868540719.1748890448370
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

If using a monetary network requires out-of-band payments, then that severe=
ly limits the actual utility of the monetary network as a medium of exchang=
e. Imagine if the only way to make a bank transfer was to first go in-perso=
n to the bank of the recipient of the transfer to give them something that =
then allowed your bank to make the transfer -- it would be an unworkable mo=
netary system. Similarly, if future Bitcoin transactions require making out=
-of-band payments, then it has failed as a monetary network with an endogen=
ous unit of account. The whole system has to work without reliance upon exo=
genous monetary media or mechanisms. As such, the commit-and-reveal scheme =
fails to maintain the monetary properties of the network as a whole unless =
we assert reliance upon altruism to get the commitments into the blockchain=
, which instead breaks the incentive-based game theoretic design. Maybe it =
would work as a stop-gap solution in the event of the advent of a relevant =
quantum computer, but it is certainly not a good long-term plan as currentl=
y formulated.<div><br /></div><div>Recall the original premise: "Bitcoin: A=
 Peer-to-Peer Electronic Cash System". If you can't transact with it as cas=
h, i.e. as the ultimate endogenous settlement mechanism, then it is no long=
er Bitcoin. Requiring an exogenous system fundamentally breaks the model.<b=
r /><div><br /></div><div>-- Jonathan<br /><br /></div></div><div class=3D"=
gmail_quote"><div dir=3D"auto" class=3D"gmail_attr">On Monday, June 2, 2025=
 at 9:53:55=E2=80=AFAM UTC-4 Peter Todd wrote:<br/></div><blockquote class=
=3D"gmail_quote" style=3D"margin: 0 0 0 0.8ex; border-left: 1px solid rgb(2=
04, 204, 204); padding-left: 1ex;">On Fri, May 30, 2025 at 03:00:41PM -0700=
, Jonathan Voss wrote:
<br>&gt; As far as I can tell, the main flaw in commit/reveal protocols is =
in the=20
<br>&gt; commit phase: if revealing a commitment with N confirmations is re=
quired to=20
<br>&gt; spend bitcoins, then, without spending any bitcoins, how do you ge=
t the=20
<br>&gt; commitment into the blockchain in the first place? Maybe I am just=
=20
<br>&gt; misunderstanding this. If so, then a commit/reveal scheme may be a=
 workable=20
<br>&gt; solution.
<br>
<br>You can always purchase new BTC to perform the commitment.
<br>
<br>Indeed, this problem is often seen in alt-coins where fees must be paid=
 in a
<br>native asset, while users are trying to send some kind of tokenized ass=
et like
<br>a USD token. You can have funds that you can&#39;t move because you don=
&#39;t have the
<br>correct asset. While annoying, this isn&#39;t a fatal problem.
<br>
<br>--=20
<br><a href=3D"https://petertodd.org" target=3D"_blank" rel=3D"nofollow" da=
ta-saferedirecturl=3D"https://www.google.com/url?hl=3Den-US&amp;q=3Dhttps:/=
/petertodd.org&amp;source=3Dgmail&amp;ust=3D1748976183939000&amp;usg=3DAOvV=
aw30SLWTOVWLLHXu9ctm9oTe">https://petertodd.org</a> &#39;peter&#39;[:-1]@<a=
 href=3D"http://petertodd.org" target=3D"_blank" rel=3D"nofollow" data-safe=
redirecturl=3D"https://www.google.com/url?hl=3Den-US&amp;q=3Dhttp://peterto=
dd.org&amp;source=3Dgmail&amp;ust=3D1748976183939000&amp;usg=3DAOvVaw0s2nrC=
zbnyp4yNmieblefT">petertodd.org</a>
<br></blockquote></div>

<p></p>

-- <br />
You received this message because you are subscribed to the Google Groups &=
quot;Bitcoin Development Mailing List&quot; group.<br />
To unsubscribe from this group and stop receiving emails from it, send an e=
mail to <a href=3D"mailto:bitcoindev+unsubscribe@googlegroups.com">bitcoind=
ev+unsubscribe@googlegroups.com</a>.<br />
To view this discussion visit <a href=3D"https://groups.google.com/d/msgid/=
bitcoindev/16f0f405-3f39-498e-9399-a6050773c4c7n%40googlegroups.com?utm_med=
ium=3Demail&utm_source=3Dfooter">https://groups.google.com/d/msgid/bitcoind=
ev/16f0f405-3f39-498e-9399-a6050773c4c7n%40googlegroups.com</a>.<br />

------=_Part_190951_868540719.1748890448370--

------=_Part_190950_1585333022.1748890448370--