From: Ian Quantum <ianquantum2027@gmail•com>
To: Bitcoin Development Mailing List <bitcoindev@googlegroups.com>
Subject: Re: [bitcoindev] Trivial QC signatures with clean upgrade path
Date: Wed, 1 Jan 2025 16:43:46 -0800 (PST) [thread overview]
Message-ID: <eaca24fe-b1ee-4309-ae88-ae8e4c82c003n@googlegroups.com> (raw)
In-Reply-To: <56e0005eb75e4f1720a5aabbcdb0535c@dtrt.org>
[-- Attachment #1.1: Type: text/plain, Size: 3774 bytes --]
FALCON failed the NIST vetting. Since 2022 they have said they will fix it
next year. Same answer in 2024 when they formalized CRYSTALS-Dilithium,
CRYSTALS-KYBER and SPHINCS+. At the end they again say, " NIST is also
developing a FIPS that specifies a digital signature algorithm derived from
FALCON as an additional alternative to these standards."
https://csrc.nist.gov/News/2024/postquantum-cryptography-fips-approved
If it takes 1.5-3 years to get the entire ecosystem of software updated,
tested, implemented and then allow users to migrate to quantum safety, then
Bitcoin code is future proofed. It will still require months (if BTC blocks
normal transactions) to years (as a supported address type but not
required) in order to migrate the wallets to safety. The longer the quantum
resistant upgrade is delayed, the harsher the migration will need to
become.
Alice and Bob recently announced a new algorithm that breaks ECC-256 in 9
hours with 127k qubits.
https://alice-bob.com/blog/computing-256-bit-elliptic-curve-logarithm-in-9-hours-with-126133-cat-qubits/ The
algorithms will continue to improve and the costs will continue to go down.
While some people are very confident what the quantum hardware will look
like in 3 years, can they be so confident about the algorithms? We have
switched from supercomputer to network node method of growing quantum
calculations. Parallel instead of Serial. Fault tolerant algorithms that
prefetch results. Can we really be as confident about the algorithms as
people seem to be about the hardware not being ready? Most people in
quantum computing aren't aware of how much their competition has
progressed, how can devs who don't read 10 or 50 new quantum computing
papers per week be more confident than the people who do?
On Wednesday, January 1, 2025 at 1:25:24 PM UTC+1 David A. Harding wrote:
> On 2024-12-16 12:20, Tadge Dryja wrote:
> > An on-chain proof of quantum computer (PoQC I guess :) ) would be a
> > way to reduce the damage of activation forks. One way to build it:
> > Create a NUMS point pubkey - something like described in BIP341. Send
> > some coins to that address, then watch if it gets spent. [...]
> > Nodes can then have code which
> > watches for such a proof and changes consensus rules based on it.
>
> I think this could be even more useful if combined with a previous idea
> far creating a NUMS[1][3] (or trust minimized[2]) pubkey compatible with
> Bitcoin but with a security strength less than 128 bits. That way
> someone might claim the bounty of the key with (say) 96 bits security
> potentially months or years before QC advances made regular keys
> insecure and tempted operators of QCs into stealing from regular user
> addresses.
>
> -Dave
>
> [1]
>
> https://gnusha.org/pi/bitcoindev/CAH5Bsr20n2T7KRTYqycSUx0i...@mail.gmail.com/
> <https://gnusha.org/pi/bitcoindev/CAH5Bsr20n2T7KRTYqycSUx0iEuEApC8NGtPCfN8rYhRyHLE4gA@mail.gmail.com/>
> [2]
>
> https://gnusha.org/pi/bitcoindev/aRiFFJKz5wyHFDi2dXcGbNEHZD2nIwDRk7gaXIte-N1BoOEOQ-ySYRnk0P70S5igANSr2iqF2ZKV1dWvipaQHK4fJSv9A61-uH7w4pzxKRE=@protonmail.com/
> [3]
>
> https://gnusha.org/pi/bitcoindev/CAH5Bsr39kw08ki76aezJ1EM9...@mail.gmail.com/
> <https://gnusha.org/pi/bitcoindev/CAH5Bsr39kw08ki76aezJ1EM9e7mdLFLUmtKwJJNYcyuMpR_Cuw@mail.gmail.com/>
>
--
You received this message because you are subscribed to the Google Groups "Bitcoin Development Mailing List" group.
To unsubscribe from this group and stop receiving emails from it, send an email to bitcoindev+unsubscribe@googlegroups•com.
To view this discussion visit https://groups.google.com/d/msgid/bitcoindev/eaca24fe-b1ee-4309-ae88-ae8e4c82c003n%40googlegroups.com.
[-- Attachment #1.2: Type: text/html, Size: 6353 bytes --]
next prev parent reply other threads:[~2025-01-02 0:47 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-12-15 21:42 Matt Corallo
2024-12-15 23:54 ` Luke Dashjr
2024-12-16 1:30 ` Weikeng Chen
2024-12-16 1:40 ` Matt Corallo
2024-12-16 11:14 ` Anthony Towns
2024-12-16 15:57 ` Matt Corallo
2024-12-16 22:20 ` Tadge Dryja
2024-12-17 5:31 ` 'conduition' via Bitcoin Development Mailing List
2024-12-18 3:29 ` Antoine Riard
2025-01-01 8:38 ` David A. Harding
2025-01-02 0:43 ` Ian Quantum [this message]
2025-01-01 8:37 ` David A. Harding
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=eaca24fe-b1ee-4309-ae88-ae8e4c82c003n@googlegroups.com \
--to=ianquantum2027@gmail$(echo .)com \
--cc=bitcoindev@googlegroups.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox