Re: [bitcoin-dev] PSA: Taproot loss of quantum protections

author: Karl-Johan Alm <karljohan-alm@garage.co.jp> 2021-03-16 08:01:47 +0900
committer: bitcoindev <bitcoindev@gnusha.org> 2021-03-15 23:11:05 +0000
commit: fb7a6cb21da984e7c214c17a7eb74966ecd02d97 (patch)
tree: 6d2327e8ed44930d328dfabab8fbf00191c82567
parent: 13fe8ff59a2ea28a742cc3eca6fe9c4407982331 (diff)
download: pi-bitcoindev-fb7a6cb21da984e7c214c17a7eb74966ecd02d97.tar.gz
pi-bitcoindev-fb7a6cb21da984e7c214c17a7eb74966ecd02d97.zip
1 files changed, 115 insertions, 0 deletions
diff --git a/d1/4663ed69720ab2ec01a41c4c4a4cb690506452 b/d1/4663ed69720ab2ec01a41c4c4a4cb690506452
new file mode 100644
index 000000000..6c7194db2
--- /dev/null
+++ b/d1/4663ed69720ab2ec01a41c4c4a4cb690506452
@@ -0,0 +1,115 @@
+Return-Path: <karljohan-alm@garage.co.jp>
+Received: from smtp4.osuosl.org (smtp4.osuosl.org [140.211.166.137])
+ by lists.linuxfoundation.org (Postfix) with ESMTP id 5F343C0001
+ for <bitcoin-dev@lists.linuxfoundation.org>;
+ Mon, 15 Mar 2021 23:11:05 +0000 (UTC)
+Received: from localhost (localhost [127.0.0.1])
+ by smtp4.osuosl.org (Postfix) with ESMTP id 563964EC11
+ for <bitcoin-dev@lists.linuxfoundation.org>;
+ Mon, 15 Mar 2021 23:11:05 +0000 (UTC)
+X-Virus-Scanned: amavisd-new at osuosl.org
+X-Spam-Flag: NO
+X-Spam-Score: -2.101
+X-Spam-Level: 
+X-Spam-Status: No, score=-2.101 tagged_above=-999 required=5
+ tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1,
+ DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001,
+ SPF_PASS=-0.001] autolearn=ham autolearn_force=no
+Authentication-Results: smtp4.osuosl.org (amavisd-new);
+ dkim=pass (1024-bit key) header.d=garage.co.jp
+Received: from smtp4.osuosl.org ([127.0.0.1])
+ by localhost (smtp4.osuosl.org [127.0.0.1]) (amavisd-new, port 10024)
+ with ESMTP id y7mQblCZLDM7
+ for <bitcoin-dev@lists.linuxfoundation.org>;
+ Mon, 15 Mar 2021 23:11:04 +0000 (UTC)
+X-Greylist: delayed 00:08:51 by SQLgrey-1.8.0
+Received: from mta09.mta.hdems.com (mta09.mta.hdems.com [52.199.63.168])
+ by smtp4.osuosl.org (Postfix) with ESMTPS id 20AB54EC01
+ for <bitcoin-dev@lists.linuxfoundation.org>;
+ Mon, 15 Mar 2021 23:11:04 +0000 (UTC)
+Received: from mo.hdems.com (unknown [10.5.84.10])
+ by mta09.mta.hdems.com ('HDEMS') with ESMTPSA id 4DzsPZ2DX3z2K1r9B
+ for <bitcoin-dev@lists.linuxfoundation.org>;
+ Mon, 15 Mar 2021 23:02:10 +0000 (UTC)
+X-HDEMS-MO-TENANT: garage.co.jp
+Received: from mail-lf1-f69.google.com (mail-lf1-f69.google.com.
+ [209.85.167.69]) by gwsmtp.prod.mo.hdems.com with ESMTPS id
+ gwsmtpd-trans-d566ba58-e99a-416e-a7b1-417b4eee33b6
+ for <bitcoin-dev@lists.linuxfoundation.org>;
+ Mon, 15 Mar 2021 23:02:04 +0000
+Received: by mail-lf1-f69.google.com with SMTP id k14so10705555lfg.16
+ for <bitcoin-dev@lists.linuxfoundation.org>;
+ Mon, 15 Mar 2021 16:02:03 -0700 (PDT)
+DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=garage.co.jp; s=google;
+ h=mime-version:references:in-reply-to:from:date:message-id:subject:to;
+ bh=DyLy+9vS6Jp01S/B5/2OD/61sC1xSHbomQVOVY3kXts=;
+ b=oPEPxllfLjV+YVbjGxhGLHFPYA1IUgjfCqEPfZG0RnTawd4hyXYZ2zb0uTpS+Xqq8r
+ p0Hkjna99Br9eDQcLtPoC9YKItBW8mssWnYIXA1zFlx9keveUc24uq8mX2gokDsJxxVv
+ 6+FONEQGifmOiHKwmI11caPo3phhXtrmRaw5A=
+X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
+ d=1e100.net; s=20161025;
+ h=x-gm-message-state:mime-version:references:in-reply-to:from:date
+ :message-id:subject:to;
+ bh=DyLy+9vS6Jp01S/B5/2OD/61sC1xSHbomQVOVY3kXts=;
+ b=E2CagIZiXKbEMW/jZlOwxPtFICIPcksOcI56geC1Z3CVZgjkLTMwmlDji/aySa37V9
+ KgblZPwmoXyzHc09ld5/tuUV66K4xNJZHlZ33ZEysqD5elKT5vcgDPwpVW3zcrqeXmSF
+ Md5/qMTsaDk+MQLTouKV6nIX2IlXJjorxUQDv55m0scswpeCVBXYbDfCpEZ+EI/SGUR9
+ k1LFrHcwSETuW2uKAJakmQku/13oud8uPv6PpCyglKcWa2hSG+N7j3pHt4DyBrMXaxfQ
+ 5DEITt9tBX7TGMiGgRS75cQaGXwTWAwQGgdE1yv9KireEURwg/BZx9s0pwT6j47dWWZs
+ v+bA==
+X-Gm-Message-State: AOAM533oz2OOeU400wzzNKpG4c3Se9dkDAEH2G1qbqGIfL0+HJOkzwhW
+ 8fm6jYhuF0U1/+5kLak59Bu/Qe5Jrbl9xgHk62O/JESYfHZrTVB1B936I2LTfKSR8Uc2kb0suRz
+ J+/PbFAmyjwwrZd1x/PmLzzPBPNMAkJbJPNUA0JRcv1ardOsXMECXk18vQ1WFCiMrkIaWY4p1AX
+ 3SszGFsmHjbhc2imqSeJZx4nkNdzTD0d3WrlGjKJOm0GDWGlsfvNOGIK3071yvBrCxH4LStiCvA
+ YlsBq7pfEss917wdGhy6wjx4oo86zubP1Z0ZGfIQhtd4tSsuU5X2gBF2YguXAmGtj5fc7W8P5e2
+ 2FStTm6b5lCi7/BC6NyH/Eutc2jI
+X-Received: by 2002:a19:404f:: with SMTP id n76mr9500139lfa.184.1615849323395; 
+ Mon, 15 Mar 2021 16:02:03 -0700 (PDT)
+X-Google-Smtp-Source: ABdhPJw3py9Wd8Iz10uhwzQMto2ev5diMjiofyGLVjotYvvSMRXVQ/C0n85oIQpuzHeV2VPIrSrdUnzOiRdrg9zkKtw=
+X-Received: by 2002:a19:404f:: with SMTP id n76mr9500122lfa.184.1615849323064; 
+ Mon, 15 Mar 2021 16:02:03 -0700 (PDT)
+MIME-Version: 1.0
+References: <202103152148.15477.luke@dashjr.org>
+ <a88cd471-fdc9-de35-86cd-595b387249c8@mattcorallo.com>
+ <CAD5xwhi82fjRB4Ceb6Gnp+LvTweWjwFRmWU5zD-3o6s_GoEvPw@mail.gmail.com>
+ <a4b9df55-b95b-9c95-62ea-7bf6eeec113d@mattcorallo.com>
+In-Reply-To: <a4b9df55-b95b-9c95-62ea-7bf6eeec113d@mattcorallo.com>
+From: Karl-Johan Alm <karljohan-alm@garage.co.jp>
+Date: Tue, 16 Mar 2021 08:01:47 +0900
+Message-ID: <CALJw2w4hBk1pZrV7E6FNDPDCWH=T_S6qAHGKvRC6JsT9iZevfg@mail.gmail.com>
+To: Bitcoin Protocol Discussion <bitcoin-dev@lists.linuxfoundation.org>
+Content-Type: text/plain; charset="UTF-8"
+Subject: Re: [bitcoin-dev] PSA: Taproot loss of quantum protections
+X-BeenThere: bitcoin-dev@lists.linuxfoundation.org
+X-Mailman-Version: 2.1.15
+Precedence: list
+List-Id: Bitcoin Protocol Discussion <bitcoin-dev.lists.linuxfoundation.org>
+List-Unsubscribe: <https://lists.linuxfoundation.org/mailman/options/bitcoin-dev>, 
+ <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=unsubscribe>
+List-Archive: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/>
+List-Post: <mailto:bitcoin-dev@lists.linuxfoundation.org>
+List-Help: <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=help>
+List-Subscribe: <https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev>, 
+ <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=subscribe>
+X-List-Received-Date: Mon, 15 Mar 2021 23:11:05 -0000
+
+On Tue, 16 Mar 2021 at 07:48, Matt Corallo via bitcoin-dev
+<bitcoin-dev@lists.linuxfoundation.org> wrote:
+>
+> Overall, the tradeoffs here seem ludicrous, given that any QC issues in Bitcoin need to be solved in another way, and
+> can't practically be solved by just relying on the existing hash indirection.
+
+The important distinction here is that, with hashes, an attacker has
+to race against the spending transaction confirming, whereas with
+naked pubkeys, the attacker doesn't have to wait for a spend to occur,
+drastically increasing the available time to attack.
+
+It may initially take months to break a single key. In such a
+scenario, anyone with a hashed pubkey would be completely safe* (even
+at spend time), until that speeds up significantly, while Super Secure
+Exchange X with an ultra-cold 38-of-38 multisig setup using Taproot
+would have a timer ticking, since the attacker need only find a single
+privkey like with any old P2PK output.
+
+(* assuming no address reuse)
+
author	Karl-Johan Alm <karljohan-alm@garage.co.jp>	2021-03-16 08:01:47 +0900
committer	bitcoindev <bitcoindev@gnusha.org>	2021-03-15 23:11:05 +0000
commit	fb7a6cb21da984e7c214c17a7eb74966ecd02d97 (patch)
tree	6d2327e8ed44930d328dfabab8fbf00191c82567
parent	13fe8ff59a2ea28a742cc3eca6fe9c4407982331 (diff)
download	pi-bitcoindev-fb7a6cb21da984e7c214c17a7eb74966ecd02d97.tar.gz pi-bitcoindev-fb7a6cb21da984e7c214c17a7eb74966ecd02d97.zip