1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
|
Delivery-date: Wed, 01 Jan 2025 16:47:13 -0800
Received: from mail-yb1-f186.google.com ([209.85.219.186])
by mail.fairlystable.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
(Exim 4.94.2)
(envelope-from <bitcoindev+bncBCQNPUMG2ADBBBWE265QMGQEXHCAWWA@googlegroups.com>)
id 1tT9Mm-00065t-Ff
for bitcoindev@gnusha.org; Wed, 01 Jan 2025 16:47:13 -0800
Received: by mail-yb1-f186.google.com with SMTP id 3f1490d57ef6-e35e0e88973sf24226346276.0
for <bitcoindev@gnusha.org>; Wed, 01 Jan 2025 16:47:11 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=googlegroups.com; s=20230601; t=1735778826; x=1736383626; darn=gnusha.org;
h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post
:list-id:mailing-list:precedence:x-original-sender:mime-version
:subject:references:in-reply-to:message-id:to:from:date:sender:from
:to:cc:subject:date:message-id:reply-to;
bh=FbNcYbSaOmjzvnPqXkdDzR/kF4Eagt+rWQTrcHHuqtE=;
b=V3kWTur8OO+sJ4reHUVuEtGIUTR3QZUM9zQCN4dzdzs/PDS5k38MAqVIZ/AAI7e5UJ
LVzXdPVxFtQKJdaUGk9ZJRGibFUshJWj9v0HsNWUsP5tHsfXDOtgqZdICERW5O/k83M1
FcTjwmYDRGnYGqLPP1quElVkQul+xFn8vfUVi2idr3DLBf18EAJ9kTK+/cuwiDwRIU5F
wmAqGlwROLBp5Q4lyi1KQ4yZaNjqC/JTJoPKxl/AIqz+vGw+EMUirvParqwj5R0LThPh
jNpEUhexT+Holz92WqlMPkwraCM195yybNBbA05dVhR16f0JzXqQ3ufX5RsKs+t5ziGn
//sw==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=gmail.com; s=20230601; t=1735778826; x=1736383626; darn=gnusha.org;
h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post
:list-id:mailing-list:precedence:x-original-sender:mime-version
:subject:references:in-reply-to:message-id:to:from:date:from:to:cc
:subject:date:message-id:reply-to;
bh=FbNcYbSaOmjzvnPqXkdDzR/kF4Eagt+rWQTrcHHuqtE=;
b=dJBVkKraHmWd8BqEJLrrolQ9lw6wZ26kZ6rhR9v53SK1Od1L5T/FpodyMCNYYRHyKZ
Tw5SQxbr4LFBNjeNcLVOeuod/rlhfCEVeFJg9BpHVOuchzNiMij6M7tWTdmIXh8+cT9R
AStYNQcn9iJ/fKl3uGq7/hpAYNWDSXFBjRHjzilebF1nMb4Twg9hnOKe2vU5+/fyRhqm
Y0QNWkd38y/GrVijvtAtAm55m2GLI++sqv8cokwMps+j+k2jM+4cUNgnEoHWoKM5G2Vk
CIJECyzklhEuaSWn8GgS9B7DONkjXit51dMeTwIMw1/AbVPBvGTusJa3I0AJg2om1boc
BeXQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20230601; t=1735778826; x=1736383626;
h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post
:list-id:mailing-list:precedence:x-original-sender:mime-version
:subject:references:in-reply-to:message-id:to:from:date:x-beenthere
:x-gm-message-state:sender:from:to:cc:subject:date:message-id
:reply-to;
bh=FbNcYbSaOmjzvnPqXkdDzR/kF4Eagt+rWQTrcHHuqtE=;
b=dHfsmKEHoiFiPeatd0rnTC1WCT0NKJJNC3Dv8wGkgoyA3Dr+NoZfEMraCJWW20qEJV
dOzm78dGE9N/WqClXRVTR93h93Nb9KwnjDWKBbk3WrbUhqH02r/Xh1PsrkV08Nwu/R9C
P8xjVs8IT874eLG0ygXwruaVGPaV3/nZEXtYz0M4VDmqH/JDG7/y452ooM4JqWOddnLh
tRpJl0Js8Vj7iRGp1JWgg5/kUKhPiz2eYVaGCYUzeyxHg9TMFr16TJYaO+2j8D1k09Nc
EqXeyHQABxoCc4bCDx9/lb+xhhkRzydvvWhgsSYpd9vnWuT5teGewIf4EHfCoyQtehoD
Ebxw==
Sender: bitcoindev@googlegroups.com
X-Forwarded-Encrypted: i=1; AJvYcCXLbJhkD6MSnl9HzWKYu4NIPapgj9/3KgmVelOK7WK0RhHS1S2dttCekxlocxQmxoc8F2KPMxMhVYpz@gnusha.org
X-Gm-Message-State: AOJu0YyP60MymMmTGL8KXBKkVI4hrnn5KcUInshuexCF5hEnzPGPwRP4
+Yba5Cj76DLIncEw7p3343K8ckQ/b3KQFjqw1iR8kFVKEbT867kV
X-Google-Smtp-Source: AGHT+IHsisIMOakw0Cek490I77kGBEml2+QnhCaGOfOdkxTDpU+Lv8jyAPhidQ4gmtgpzhlJnAGqdw==
X-Received: by 2002:a25:744f:0:b0:e53:7c95:2894 with SMTP id 3f1490d57ef6-e537c952ae1mr33079548276.24.1735778825703;
Wed, 01 Jan 2025 16:47:05 -0800 (PST)
X-BeenThere: bitcoindev@googlegroups.com
Received: by 2002:a25:2d1f:0:b0:e48:8566:cded with SMTP id 3f1490d57ef6-e537603154els2269610276.1.-pod-prod-04-us;
Wed, 01 Jan 2025 16:47:02 -0800 (PST)
X-Received: by 2002:a05:690c:6187:b0:6ea:7c35:e2ab with SMTP id 00721157ae682-6f3f8115849mr336411987b3.15.1735778821992;
Wed, 01 Jan 2025 16:47:01 -0800 (PST)
Received: by 2002:a05:690c:951:b0:6ef:b1a3:15f0 with SMTP id 00721157ae682-6f3f552f45fms7b3;
Wed, 1 Jan 2025 16:43:48 -0800 (PST)
X-Received: by 2002:a05:690c:6ac3:b0:6ee:6a2a:a517 with SMTP id 00721157ae682-6f3e2b86036mr310037087b3.18.1735778627434;
Wed, 01 Jan 2025 16:43:47 -0800 (PST)
Date: Wed, 1 Jan 2025 16:43:46 -0800 (PST)
From: Ian Quantum <ianquantum2027@gmail.com>
To: Bitcoin Development Mailing List <bitcoindev@googlegroups.com>
Message-Id: <eaca24fe-b1ee-4309-ae88-ae8e4c82c003n@googlegroups.com>
In-Reply-To: <56e0005eb75e4f1720a5aabbcdb0535c@dtrt.org>
References: <c2684826-6c93-419b-9a96-c0f0a791c9ac@mattcorallo.com>
<Z2ALlBGIyZLVbfVG@erisian.com.au>
<374d6201-fb43-48df-abbc-f01ef1944a7dn@googlegroups.com>
<56e0005eb75e4f1720a5aabbcdb0535c@dtrt.org>
Subject: Re: [bitcoindev] Trivial QC signatures with clean upgrade path
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="----=_Part_756820_498320882.1735778626974"
X-Original-Sender: ianquantum2027@gmail.com
Precedence: list
Mailing-list: list bitcoindev@googlegroups.com; contact bitcoindev+owners@googlegroups.com
List-ID: <bitcoindev.googlegroups.com>
X-Google-Group-Id: 786775582512
List-Post: <https://groups.google.com/group/bitcoindev/post>, <mailto:bitcoindev@googlegroups.com>
List-Help: <https://groups.google.com/support/>, <mailto:bitcoindev+help@googlegroups.com>
List-Archive: <https://groups.google.com/group/bitcoindev
List-Subscribe: <https://groups.google.com/group/bitcoindev/subscribe>, <mailto:bitcoindev+subscribe@googlegroups.com>
List-Unsubscribe: <mailto:googlegroups-manage+786775582512+unsubscribe@googlegroups.com>,
<https://groups.google.com/group/bitcoindev/subscribe>
X-Spam-Score: -0.5 (/)
------=_Part_756820_498320882.1735778626974
Content-Type: multipart/alternative;
boundary="----=_Part_756821_1219968086.1735778626974"
------=_Part_756821_1219968086.1735778626974
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
FALCON failed the NIST vetting. Since 2022 they have said they will fix it=
=20
next year. Same answer in 2024 when they formalized CRYSTALS-Dilithium,=20
CRYSTALS-KYBER and SPHINCS+. At the end they again say, " NIST is also=20
developing a FIPS that specifies a digital signature algorithm derived from=
=20
FALCON as an additional alternative to these standards."=20
https://csrc.nist.gov/News/2024/postquantum-cryptography-fips-approved
If it takes 1.5-3 years to get the entire ecosystem of software updated,=20
tested, implemented and then allow users to migrate to quantum safety, then=
=20
Bitcoin code is future proofed. It will still require months (if BTC blocks=
=20
normal transactions) to years (as a supported address type but not=20
required) in order to migrate the wallets to safety. The longer the quantum=
=20
resistant upgrade is delayed, the harsher the migration will need to=20
become.=20
Alice and Bob recently announced a new algorithm that breaks ECC-256 in 9=
=20
hours with 127k qubits.=20
https://alice-bob.com/blog/computing-256-bit-elliptic-curve-logarithm-in-9-=
hours-with-126133-cat-qubits/ The=20
algorithms will continue to improve and the costs will continue to go down.=
=20
While some people are very confident what the quantum hardware will look=20
like in 3 years, can they be so confident about the algorithms? We have=20
switched from supercomputer to network node method of growing quantum=20
calculations. Parallel instead of Serial. Fault tolerant algorithms that=20
prefetch results. Can we really be as confident about the algorithms as=20
people seem to be about the hardware not being ready? Most people in=20
quantum computing aren't aware of how much their competition has=20
progressed, how can devs who don't read 10 or 50 new quantum computing=20
papers per week be more confident than the people who do?
On Wednesday, January 1, 2025 at 1:25:24=E2=80=AFPM UTC+1 David A. Harding =
wrote:
> On 2024-12-16 12:20, Tadge Dryja wrote:
> > An on-chain proof of quantum computer (PoQC I guess :) ) would be a
> > way to reduce the damage of activation forks. One way to build it:
> > Create a NUMS point pubkey - something like described in BIP341. Send
> > some coins to that address, then watch if it gets spent. [...]
> > Nodes can then have code which
> > watches for such a proof and changes consensus rules based on it.
>
> I think this could be even more useful if combined with a previous idea=
=20
> far creating a NUMS[1][3] (or trust minimized[2]) pubkey compatible with=
=20
> Bitcoin but with a security strength less than 128 bits. That way=20
> someone might claim the bounty of the key with (say) 96 bits security=20
> potentially months or years before QC advances made regular keys=20
> insecure and tempted operators of QCs into stealing from regular user=20
> addresses.
>
> -Dave
>
> [1]=20
>
> https://gnusha.org/pi/bitcoindev/CAH5Bsr20n2T7KRTYqycSUx0i...@mail.gmail.=
com/=20
> <https://gnusha.org/pi/bitcoindev/CAH5Bsr20n2T7KRTYqycSUx0iEuEApC8NGtPCfN=
8rYhRyHLE4gA@mail.gmail.com/>
> [2]=20
>
> https://gnusha.org/pi/bitcoindev/aRiFFJKz5wyHFDi2dXcGbNEHZD2nIwDRk7gaXIte=
-N1BoOEOQ-ySYRnk0P70S5igANSr2iqF2ZKV1dWvipaQHK4fJSv9A61-uH7w4pzxKRE=3D@prot=
onmail.com/
> [3]=20
>
> https://gnusha.org/pi/bitcoindev/CAH5Bsr39kw08ki76aezJ1EM9...@mail.gmail.=
com/=20
> <https://gnusha.org/pi/bitcoindev/CAH5Bsr39kw08ki76aezJ1EM9e7mdLFLUmtKwJJ=
NYcyuMpR_Cuw@mail.gmail.com/>
>
--=20
You received this message because you are subscribed to the Google Groups "=
Bitcoin Development Mailing List" group.
To unsubscribe from this group and stop receiving emails from it, send an e=
mail to bitcoindev+unsubscribe@googlegroups.com.
To view this discussion visit https://groups.google.com/d/msgid/bitcoindev/=
eaca24fe-b1ee-4309-ae88-ae8e4c82c003n%40googlegroups.com.
------=_Part_756821_1219968086.1735778626974
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
<span style=3D"color: rgb(34, 34, 34); font-family: Arial, Helvetica, sans-=
serif; font-size: small;">FALCON failed the NIST vetting. Since 2022 they h=
ave said they will fix it next year. Same answer in 2024 when they formaliz=
ed CRYSTALS-Dilithium, CRYSTALS-KYBER=C2=A0and SPHINCS+. At the end they ag=
ain say, "=C2=A0</span><span style=3D"color: rgb(27, 27, 27); font-family: =
"Source Sans Pro", Helvetica, Arial, sans-serif; font-size: 16px;=
">NIST is also developing a FIPS that specifies a digital signature algorit=
hm derived from FALCON as an additional alternative to these standards."=C2=
=A0</span><a href=3D"https://csrc.nist.gov/News/2024/postquantum-cryptograp=
hy-fips-approved" target=3D"_blank" style=3D"color: rgb(17, 85, 204); font-=
family: Arial, Helvetica, sans-serif; font-size: small;">https://csrc.nist.=
gov/News/2024/postquantum-cryptography-fips-approved</a><div style=3D"color=
: rgb(34, 34, 34); font-family: Arial, Helvetica, sans-serif; font-size: sm=
all;"><br /></div><div style=3D"color: rgb(34, 34, 34); font-family: Arial,=
Helvetica, sans-serif; font-size: small;">If it takes 1.5-3 years to get t=
he entire ecosystem of software updated, tested, implemented and then allow=
users to migrate to quantum safety, then Bitcoin code is future proofed. I=
t will still require months (if BTC blocks normal transactions) to years (a=
s a supported address type but not required) in order to migrate the wallet=
s to safety. The longer the quantum resistant upgrade is delayed, the harsh=
er the migration will need to become.=C2=A0</div><div style=3D"color: rgb(3=
4, 34, 34); font-family: Arial, Helvetica, sans-serif; font-size: small;"><=
br /></div><div style=3D"color: rgb(34, 34, 34); font-family: Arial, Helvet=
ica, sans-serif; font-size: small;">Alice and Bob recently announced a new =
algorithm that breaks ECC-256 in 9 hours with 127k qubits.=C2=A0<a href=3D"=
https://alice-bob.com/blog/computing-256-bit-elliptic-curve-logarithm-in-9-=
hours-with-126133-cat-qubits/" target=3D"_blank" style=3D"color: rgb(17, 85=
, 204);">https://alice-bob.com/blog/computing-256-bit-elliptic-curve-logari=
thm-in-9-hours-with-126133-cat-qubits/</a>=C2=A0The algorithms will continu=
e to improve and the costs will continue to go down. While some people are =
very confident what the quantum hardware will look like in 3 years, can the=
y be so confident about the algorithms? We have switched from supercomputer=
to network node method of growing quantum calculations. Parallel instead o=
f Serial. Fault tolerant algorithms that prefetch results. Can we really be=
as confident about the algorithms as people seem to be about the hardware =
not being ready? Most people in quantum computing aren't aware of how much =
their competition has progressed, how can devs who don't read 10 or 50 new =
quantum computing papers per week be more confident than the people who do?=
</div><br /><div class=3D"gmail_quote"><div dir=3D"auto" class=3D"gmail_att=
r">On Wednesday, January 1, 2025 at 1:25:24=E2=80=AFPM UTC+1 David A. Hardi=
ng wrote:<br/></div><blockquote class=3D"gmail_quote" style=3D"margin: 0 0 =
0 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;">On =
2024-12-16 12:20, Tadge Dryja wrote:
<br>> An on-chain proof of quantum computer (PoQC I guess :) ) would be =
a
<br>> way to reduce the damage of activation forks. One way to build it=
:
<br>> Create a NUMS point pubkey - something like described in BIP341. =
Send
<br>> some coins to that address, then watch if it gets spent. [...]
<br>> Nodes can then have code which
<br>> watches for such a proof and changes consensus rules based on it.
<br>
<br>I think this could be even more useful if combined with a previous idea=
=20
<br>far creating a NUMS[1][3] (or trust minimized[2]) pubkey compatible wit=
h=20
<br>Bitcoin but with a security strength less than 128 bits. That way=20
<br>someone might claim the bounty of the key with (say) 96 bits security=
=20
<br>potentially months or years before QC advances made regular keys=20
<br>insecure and tempted operators of QCs into stealing from regular user=
=20
<br>addresses.
<br>
<br>-Dave
<br>
<br>[1]=20
<br><a href=3D"https://gnusha.org/pi/bitcoindev/CAH5Bsr20n2T7KRTYqycSUx0iEu=
EApC8NGtPCfN8rYhRyHLE4gA@mail.gmail.com/" target=3D"_blank" rel=3D"nofollow=
" data-saferedirecturl=3D"https://www.google.com/url?hl=3Den&q=3Dhttps:=
//gnusha.org/pi/bitcoindev/CAH5Bsr20n2T7KRTYqycSUx0iEuEApC8NGtPCfN8rYhRyHLE=
4gA@mail.gmail.com/&source=3Dgmail&ust=3D1735865014280000&usg=
=3DAOvVaw3lUTUkdbNGVzSzH6Ava-er">https://gnusha.org/pi/bitcoindev/CAH5Bsr20=
n2T7KRTYqycSUx0i...@mail.gmail.com/</a>
<br>[2]=20
<br><a href=3D"https://gnusha.org/pi/bitcoindev/aRiFFJKz5wyHFDi2dXcGbNEHZD2=
nIwDRk7gaXIte-N1BoOEOQ-ySYRnk0P70S5igANSr2iqF2ZKV1dWvipaQHK4fJSv9A61-uH7w4p=
zxKRE=3D@protonmail.com/" target=3D"_blank" rel=3D"nofollow" data-saferedir=
ecturl=3D"https://www.google.com/url?hl=3Den&q=3Dhttps://gnusha.org/pi/=
bitcoindev/aRiFFJKz5wyHFDi2dXcGbNEHZD2nIwDRk7gaXIte-N1BoOEOQ-ySYRnk0P70S5ig=
ANSr2iqF2ZKV1dWvipaQHK4fJSv9A61-uH7w4pzxKRE%3D@protonmail.com/&source=
=3Dgmail&ust=3D1735865014280000&usg=3DAOvVaw0TlZ-yp4dmEtVZbnfdRjoZ"=
>https://gnusha.org/pi/bitcoindev/aRiFFJKz5wyHFDi2dXcGbNEHZD2nIwDRk7gaXIte-=
N1BoOEOQ-ySYRnk0P70S5igANSr2iqF2ZKV1dWvipaQHK4fJSv9A61-uH7w4pzxKRE=3D@proto=
nmail.com/</a>
<br>[3]=20
<br><a href=3D"https://gnusha.org/pi/bitcoindev/CAH5Bsr39kw08ki76aezJ1EM9e7=
mdLFLUmtKwJJNYcyuMpR_Cuw@mail.gmail.com/" target=3D"_blank" rel=3D"nofollow=
" data-saferedirecturl=3D"https://www.google.com/url?hl=3Den&q=3Dhttps:=
//gnusha.org/pi/bitcoindev/CAH5Bsr39kw08ki76aezJ1EM9e7mdLFLUmtKwJJNYcyuMpR_=
Cuw@mail.gmail.com/&source=3Dgmail&ust=3D1735865014280000&usg=
=3DAOvVaw154MNsjPCe2TFgMIoa5aGV">https://gnusha.org/pi/bitcoindev/CAH5Bsr39=
kw08ki76aezJ1EM9...@mail.gmail.com/</a>
<br></blockquote></div>
<p></p>
-- <br />
You received this message because you are subscribed to the Google Groups &=
quot;Bitcoin Development Mailing List" group.<br />
To unsubscribe from this group and stop receiving emails from it, send an e=
mail to <a href=3D"mailto:bitcoindev+unsubscribe@googlegroups.com">bitcoind=
ev+unsubscribe@googlegroups.com</a>.<br />
To view this discussion visit <a href=3D"https://groups.google.com/d/msgid/=
bitcoindev/eaca24fe-b1ee-4309-ae88-ae8e4c82c003n%40googlegroups.com?utm_med=
ium=3Demail&utm_source=3Dfooter">https://groups.google.com/d/msgid/bitcoind=
ev/eaca24fe-b1ee-4309-ae88-ae8e4c82c003n%40googlegroups.com</a>.<br />
------=_Part_756821_1219968086.1735778626974--
------=_Part_756820_498320882.1735778626974--
|
