public inbox for bitcoindev@googlegroups.com
 help / color / mirror / Atom feed
From: Tim Ruffing <crypto@timruffing•de>
To: Bitcoin Protocol Discussion <bitcoin-dev@lists•linuxfoundation.org>
Subject: Re: [bitcoin-dev] PSA: Taproot loss of quantum protections
Date: Tue, 23 Mar 2021 11:50:20 +0100	[thread overview]
Message-ID: <f7a5d8436d112c01882c666f6a2077c48aee51f5.camel@timruffing.de> (raw)
In-Reply-To: <CAJowKgLuWOkD=_jDaLqG=FOG02qX7p4-EZ69yvw4UqcWpz+rRg@mail.gmail.com>

On Mon, 2021-03-22 at 10:24 -0400, Erik Aronesty via bitcoin-dev wrote:
> 
> Does anyone think it would it be useful to write up a more official,
> and even partly functional plan for Bitcoin to use zero-knowledge
> proofs to transition to quantum resistance?

Yes, for sure. This is certainly something that the community should
discuss. Looking into this problem is also on my (too long) list of
research problems.

I think IF we arrive at the conclusion that this is a good idea (which
is possible but not at all clear to me at this point), then one of the
questions is whether it's desirable to use something more efficient
than a zero-knowledge proof, at the potential cost of committing to a
real public key of a simple post-quantum signature scheme. This could
for example be a hash-based one-time signature scheme (but something
more efficient than the often mentioned Lamport signatures, e.g.,
Winternitz or W-OTS+ signatures).




  parent reply	other threads:[~2021-03-23 10:56 UTC|newest]

Thread overview: 29+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-03-15 21:48 Luke Dashjr
2021-03-15 22:05 ` Matt Corallo
2021-03-15 22:30   ` Robert Spigler
2021-03-15 22:40   ` Jeremy
2021-03-15 22:48     ` Matt Corallo
2021-03-15 23:01       ` Karl-Johan Alm
2021-03-15 23:19         ` Matt Corallo
2021-03-15 23:46         ` Lloyd Fournier
2021-03-16  0:50         ` Anthony Towns
2021-03-16  2:38           ` ZmnSCPxj
2021-03-16  3:44   ` Luke Dashjr
2021-03-16 13:28     ` Andrew Poelstra
2021-03-16 17:25     ` Matt Corallo
2021-03-17  1:23       ` Ryan Grant
2021-03-17 11:56         ` Eoin McQuinn
2021-03-15 23:12 ` Andrew Poelstra
2021-03-16 14:10   ` Andrea
2021-03-16 15:15     ` [bitcoin-dev] Provisions (was: PSA: Taproot loss of quantum protections) Andrew Poelstra
2021-03-17  4:24       ` ZmnSCPxj
2021-03-17  8:29         ` Andrea
2021-03-20 16:31           ` Andrea Barontini
2021-03-16  0:24 ` [bitcoin-dev] PSA: Taproot loss of quantum protections David A. Harding
2021-04-05  0:27   ` Lloyd Fournier
2021-04-16  3:47     ` ZmnSCPxj
2021-04-16  5:00       ` Lloyd Fournier
2021-03-22 14:24 ` Erik Aronesty
2021-03-23  9:36   ` Martin Schwarz
2021-03-23 10:50   ` Tim Ruffing [this message]
2021-08-12 22:08   ` Erik Aronesty

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=f7a5d8436d112c01882c666f6a2077c48aee51f5.camel@timruffing.de \
    --to=crypto@timruffing$(echo .)de \
    --cc=bitcoin-dev@lists$(echo .)linuxfoundation.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox