[bitcoin-dev] PSA: Taproot loss of quantum protections

author: Luke Dashjr <luke@dashjr.org> 2021-03-15 21:48:15 +0000
committer: bitcoindev <bitcoindev@gnusha.org> 2021-03-15 21:48:30 +0000
commit: 1c03c4d24bf3fe5e50f604be6f302e33e3010ca5 (patch)
tree: fa10bf29272c528596e5ac6b01d8dddcfd597b54
parent: 29df3884a2581f99de6374bb01d7f049df3eeb4c (diff)
download: pi-bitcoindev-1c03c4d24bf3fe5e50f604be6f302e33e3010ca5.tar.gz
pi-bitcoindev-1c03c4d24bf3fe5e50f604be6f302e33e3010ca5.zip
1 files changed, 119 insertions, 0 deletions
diff --git a/6d/aaa614c75f97fc8ab048fc119188897982b347 b/6d/aaa614c75f97fc8ab048fc119188897982b347
new file mode 100644
index 000000000..2ef88c124
--- /dev/null
+++ b/6d/aaa614c75f97fc8ab048fc119188897982b347
@@ -0,0 +1,119 @@
+Return-Path: <luke@dashjr.org>
+Received: from smtp2.osuosl.org (smtp2.osuosl.org [140.211.166.133])
+ by lists.linuxfoundation.org (Postfix) with ESMTP id 9C28EC0001
+ for <bitcoin-dev@lists.linuxfoundation.org>;
+ Mon, 15 Mar 2021 21:48:30 +0000 (UTC)
+Received: from localhost (localhost [127.0.0.1])
+ by smtp2.osuosl.org (Postfix) with ESMTP id 895AB43144
+ for <bitcoin-dev@lists.linuxfoundation.org>;
+ Mon, 15 Mar 2021 21:48:30 +0000 (UTC)
+X-Virus-Scanned: amavisd-new at osuosl.org
+X-Spam-Flag: NO
+X-Spam-Score: -0.202
+X-Spam-Level: 
+X-Spam-Status: No, score=-0.202 tagged_above=-999 required=5
+ tests=[BAYES_40=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1,
+ DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001,
+ SPF_PASS=-0.001] autolearn=ham autolearn_force=no
+Authentication-Results: smtp2.osuosl.org (amavisd-new);
+ dkim=pass (1024-bit key) header.d=dashjr.org
+Received: from smtp2.osuosl.org ([127.0.0.1])
+ by localhost (smtp2.osuosl.org [127.0.0.1]) (amavisd-new, port 10024)
+ with ESMTP id j7ry9kdkY4U5
+ for <bitcoin-dev@lists.linuxfoundation.org>;
+ Mon, 15 Mar 2021 21:48:29 +0000 (UTC)
+X-Greylist: from auto-whitelisted by SQLgrey-1.8.0
+Received: from zinan.dashjr.org (zinan.dashjr.org [192.3.11.21])
+ by smtp2.osuosl.org (Postfix) with ESMTP id 4E3DC4000B
+ for <bitcoin-dev@lists.linuxfoundation.org>;
+ Mon, 15 Mar 2021 21:48:29 +0000 (UTC)
+Received: from ishibashi.lan (unknown [12.190.236.209])
+ (Authenticated sender: luke-jr)
+ by zinan.dashjr.org (Postfix) with ESMTPSA id 6965238A009E
+ for <bitcoin-dev@lists.linuxfoundation.org>;
+ Mon, 15 Mar 2021 21:48:16 +0000 (UTC)
+DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=dashjr.org; s=zinan;
+ t=1615844908; bh=YerwjjIZG6WUFg8EYDHdazr9qu9MyXzzihWQyozSz3E=;
+ h=From:To:Subject:Date;
+ b=LwaxAJMXX0WfHLZ+Pk+n1/n70BH/1DIiPjySjvf6y5+cuWrptmVE1NruwKZmaLhy5
+ DTBrVoR8YeGNEEPylRBr74hcQ+gG70gxSbXtBvoXnMSOKF3E1iqMlbbVDolJPdnpWY
+ 0hAkE4mh7BOd5fpq54JPHMbClFzsJEpQbJGyAAfQ=
+X-Hashcash: 1:25:210315:bitcoin-dev@lists.linuxfoundation.org::=hqcgzBkQV2Nt/++:a5EzX
+From: Luke Dashjr <luke@dashjr.org>
+To: Bitcoin Protocol Discussion <bitcoin-dev@lists.linuxfoundation.org>
+Date: Mon, 15 Mar 2021 21:48:15 +0000
+User-Agent: KMail/1.9.10
+MIME-Version: 1.0
+Content-Type: text/plain;
+  charset="us-ascii"
+Content-Transfer-Encoding: 7bit
+Content-Disposition: inline
+Message-Id: <202103152148.15477.luke@dashjr.org>
+Subject: [bitcoin-dev] PSA: Taproot loss of quantum protections
+X-BeenThere: bitcoin-dev@lists.linuxfoundation.org
+X-Mailman-Version: 2.1.15
+Precedence: list
+List-Id: Bitcoin Protocol Discussion <bitcoin-dev.lists.linuxfoundation.org>
+List-Unsubscribe: <https://lists.linuxfoundation.org/mailman/options/bitcoin-dev>, 
+ <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=unsubscribe>
+List-Archive: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/>
+List-Post: <mailto:bitcoin-dev@lists.linuxfoundation.org>
+List-Help: <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=help>
+List-Subscribe: <https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev>, 
+ <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=subscribe>
+X-List-Received-Date: Mon, 15 Mar 2021 21:48:30 -0000
+
+I do not personally see this as a reason to NACK Taproot, but it has become 
+clear to me over the past week or so that many others are unaware of this 
+tradeoff, so I am sharing it here to ensure the wider community is aware of 
+it and can make their own judgements.
+
+Mark Friedenbach explains on his blog:
+    https://freicoin.substack.com/p/why-im-against-taproot
+
+In short, Taproot loses an important safety protection against quantum.
+Note that in all circumstances, Bitcoin is endangered when QC becomes a 
+reality, but pre-Taproot, it is possible for the network to "pause" while a 
+full quantum-safe fix is developed, and then resume transacting. With Taproot 
+as-is, it could very well become an unrecoverable situation if QC go online 
+prior to having a full quantum-safe solution.
+
+Also, what I didn't know myself until today, is that we do not actually gain 
+anything from this: the features proposed to make use of the raw keys being 
+public prior to spending can be implemented with hashed keys as well.
+It would use significantly more CPU time and bandwidth (between private 
+parties, not on-chain), but there should be no shortage of that for anyone 
+running a full node (indeed, CPU time is freed up by Taproot!); at worst, it 
+would create an incentive for more people to use their own full node, which 
+is a good thing!
+
+Despite this, I still don't think it's a reason to NACK Taproot: it should be 
+fairly trivial to add a hash on top in an additional softfork and fix this.
+
+In addition to the points made by Mark, I also want to add two more, in 
+response to Pieter's "you can't claim much security if 37% of the supply is 
+at risk" argument. This argument is based in part on the fact that many 
+people reuse Bitcoin invoice addresses.
+
+First, so long as we have hash-based addresses as a best practice, we can 
+continue to shrink the percentage of bitcoins affected through social efforts 
+discouraging address use. If the standard loses the hash, the situation 
+cannot be improved, and will indeed only get worse.
+
+Second, when/if quantum does compromise these coins, so long as they are 
+neglected or abandoned/lost coins (inherent in the current model), it can be 
+seen as equivalent to Bitcoin mining. At the end of the day, 37% of supply 
+minable by QCs is really no different than 37% minable by ASICs. (We've seen 
+far higher %s available for mining obviously.)
+
+To conclude, I recommend anyone using Bitcoin to read Mark's article, my 
+thoughts, and any other arguments on the topic; decide if this is a concern 
+to you, and make your own post(s) accordingly. Mark has conceded the argument 
+(AFAIK he doesn't have an interest in bitcoins anyway), and I do not consider 
+it a showstopper - so if anyone else out there does, please make yourself 
+known ASAP since Taproot has already moved on to the activation phase and it 
+is likely software will be released within the next month or two as things 
+stand.
+
+Luke
+
author	Luke Dashjr <luke@dashjr.org>	2021-03-15 21:48:15 +0000
committer	bitcoindev <bitcoindev@gnusha.org>	2021-03-15 21:48:30 +0000
commit	1c03c4d24bf3fe5e50f604be6f302e33e3010ca5 (patch)
tree	fa10bf29272c528596e5ac6b01d8dddcfd597b54
parent	29df3884a2581f99de6374bb01d7f049df3eeb4c (diff)
download	pi-bitcoindev-1c03c4d24bf3fe5e50f604be6f302e33e3010ca5.tar.gz pi-bitcoindev-1c03c4d24bf3fe5e50f604be6f302e33e3010ca5.zip