SQIsign is blockchain friendly but also very new, I would recommend adding a hash-based backup key in case an attack on SQIsign is found in the future (recall that SIDH broke over the span of a weekend https://eprint.iacr.org/2022/975.pdf).<div>Backup keys can be added in the form of a Merkle tree where one branch would contain the SQIsign public key and the other the public key of the recovery hash-based scheme. For most transactions it would only add one bit to specify the SQIsign branch.</div><div>The hash-based method could be Sphincs+, which is standardized by NIST but requires adding extra code, or Lamport, which is not standardized but can be verified on-chain with OP-CAT.<br /><br /></div><div class="gmail_quote"><div dir="auto" class="gmail_attr">On Sunday, June 9, 2024 at 12:07:16 p.m. UTC-4 Hunter Beast wrote:<br/></div><blockquote class="gmail_quote" style="margin: 0 0 0 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;">The motivation for this BIP is to provide a concrete proposal for adding quantum resistance to Bitcoin. We will need to pick a signature algorithm, implement it, and have it ready in event of quantum emergency. There will be time to adopt it. Importantly, this first step is a more substantive answer to those with concerns beyond, &quot;quantum computers may pose a threat, but we likely don&#39;t have to worry about that for a long time&quot;. Bitcoin development and activation is slow, so it&#39;s important that those with low time preference start discussing this as a serious possibility sooner rather than later.<br><br>This is meant to be the first in a series of BIPs regarding a hypothetical &quot;QuBit&quot; soft fork. The BIP is intended to propose concrete solutions, even if they&#39;re early and incomplete, so that Bitcoin developers are aware of the existence of these solutions and their potential.<br><br>This is just a rough draft and not the finished BIP. I&#39;d like to validate the approach and hear if I should continue working on it, whether serious changes are needed, or if this truly isn&#39;t a worthwhile endeavor right now.<br><div><br></div><div>The BIP can be found here:</div><div><a href="https://github.com/cryptoquick/bips/blob/p2qrh/bip-p2qrh.mediawiki" target="_blank" rel="nofollow" data-saferedirecturl="https://www.google.com/url?hl=en-CA&amp;q=https://github.com/cryptoquick/bips/blob/p2qrh/bip-p2qrh.mediawiki&amp;source=gmail&amp;ust=1718459048701000&amp;usg=AOvVaw1VGhfaJXk9yhgoagfhKRz5">https://github.com/cryptoquick/bips/blob/p2qrh/bip-p2qrh.mediawiki</a><br></div><div><br></div><div>Thank you for your time.</div><div><br></div></blockquote></div>

<p></p>

-- <br />
You received this message because you are subscribed to the Google Groups &quot;Bitcoin Development Mailing List&quot; group.<br />
To unsubscribe from this group and stop receiving emails from it, send an email to <a href="mailto:bitcoindev+unsubscribe@googlegroups.com">bitcoindev+unsubscribe@googlegroups.com</a>.<br />
To view this discussion on the web visit <a href="https://groups.google.com/d/msgid/bitcoindev/b3561407-483e-46cd-b5e9-d6d48f8dca93n%40googlegroups.com?utm_medium=email&utm_source=footer">https://groups.google.com/d/msgid/bitcoindev/b3561407-483e-46cd-b5e9-d6d48f8dca93n%40googlegroups.com</a>.<br />