From: "David A. Harding" <dave@dtrt•org>
To: Matt Corallo <lf-lists@mattcorallo•com>
Cc: Bitcoin Development Mailing List <bitcoindev@googlegroups.com>
Subject: Re: [bitcoindev] Trivial QC signatures with clean upgrade path
Date: Tue, 31 Dec 2024 22:37:33 -1000 [thread overview]
Message-ID: <0cc71aac9218942a1674fa25990c37a1@dtrt.org> (raw)
In-Reply-To: <c2684826-6c93-419b-9a96-c0f0a791c9ac@mattcorallo.com>
On 2024-12-15 11:42, Matt Corallo wrote:
> wallets simply need to construct their taproot outputs to always
> contain a script-path alternative spending condition.
If wallets simply construct their regular or alternative spending
conditions with a QC-secure commitment to a secret preimage, they can
use the variation of Guy Fawkes signatures described by Tim Ruffing in
the original 2018 thread about taproot[1] and expanded by him about a
month later.[2] E.g., as a backup to your keypath spend, you include a
scriptpath that is: <key> OP_CHECKSIGVERIFY OP_HASH256 <digest>
OP_CHECKEQUAL.
This has the disadvantages of requiring a fork[3] in case QCs become a
reality and delaying the spend of any taproot output after the QC crisis
by 100 blocks or more---but the advantage of not requiring any
specification work or consensus changes now (saving lazy people like me
from having to learn anything about post-quantum cryptosystems).
-Dave
[1]
https://gnusha.org/pi/bitcoindev/1516786100.2567.18.camel@mmci.uni-saarland.de/
[2]
https://gnusha.org/pi/bitcoindev/1518710367.3550.111.camel@mmci.uni-saarland.de/
[3] Ruffing describes it as a hard fork, but it sounds to me like a soft
fork. It would break pruned nodes that upgraded after the soft fork
activated, though, requiring them to re-download and re-scan all blocks
since the activation.
--
You received this message because you are subscribed to the Google Groups "Bitcoin Development Mailing List" group.
To unsubscribe from this group and stop receiving emails from it, send an email to bitcoindev+unsubscribe@googlegroups•com.
To view this discussion visit https://groups.google.com/d/msgid/bitcoindev/0cc71aac9218942a1674fa25990c37a1%40dtrt.org.
prev parent reply other threads:[~2025-01-01 12:25 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-12-15 21:42 Matt Corallo
2024-12-15 23:54 ` Luke Dashjr
2024-12-16 1:30 ` Weikeng Chen
2024-12-16 1:40 ` Matt Corallo
2024-12-16 11:14 ` Anthony Towns
2024-12-16 15:57 ` Matt Corallo
2024-12-16 22:20 ` Tadge Dryja
2024-12-17 5:31 ` 'conduition' via Bitcoin Development Mailing List
2024-12-18 3:29 ` Antoine Riard
2025-01-01 8:38 ` David A. Harding
2025-01-02 0:43 ` Ian Quantum
2025-01-01 8:37 ` David A. Harding [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=0cc71aac9218942a1674fa25990c37a1@dtrt.org \
--to=dave@dtrt$(echo .)org \
--cc=bitcoindev@googlegroups.com \
--cc=lf-lists@mattcorallo$(echo .)com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox