1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
|
Delivery-date: Sun, 23 Mar 2025 18:28:49 -0700
Received: from mail-oi1-f191.google.com ([209.85.167.191])
by mail.fairlystable.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
(Exim 4.94.2)
(envelope-from <bitcoindev+bncBDLIXVE5ZYCBBRXKQK7QMGQEB5XR7EI@googlegroups.com>)
id 1twWcS-00031U-FS
for bitcoindev@gnusha.org; Sun, 23 Mar 2025 18:28:49 -0700
Received: by mail-oi1-f191.google.com with SMTP id 5614622812f47-3f95cf64b6fsf3164663b6e.2
for <bitcoindev@gnusha.org>; Sun, 23 Mar 2025 18:28:48 -0700 (PDT)
ARC-Seal: i=2; a=rsa-sha256; t=1742779722; cv=pass;
d=google.com; s=arc-20240605;
b=QyPUU3IcW/l+RCDsKHetIcAmJb8SCooYM31Yc6R4EwWlaXpE/BJxXeEw9UEOLlJWU7
+QqMUHMCEkOKvM8+MoLCFAnHQVm5rtglakUXi8Ay6RUGkgtepIBSHYHowvnDf2dJ4OPu
gnouzTv8CvfhzZnTU8DZyH0QCPqPn+10Y88PkcKqZkJaz5XmVnd57Zojq1MQZ0dm4gNQ
uWbLvJkxLdq+aclhs61JdP9MxDJM31+FGDEO1JXBxslD5IJ0/p9snjZjnTQT/NOZHhMU
+wn3xTtUL3MV7dc99EFsOUorVUAtWGYwbvp9qF+CcXw7/H4WAv+SPto3PykfCFrCW3ph
NowQ==
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605;
h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post
:list-id:mailing-list:precedence:cc:to:subject:message-id:date:from
:in-reply-to:references:mime-version:sender:dkim-signature
:dkim-signature;
bh=L9dn+DVgoAyWn5s82GnCD0bvogElEwDwsga9yKa6FZQ=;
fh=wguOpO8mWvdFUpMIJXAHnR2XjrgZGnQ9RHl4V/ac2Zs=;
b=X21zR0kyJLYQoL6Sr05NCfEzAq24dlEB4IYHmQXH4Xe6oQ6ozUE5ZYhiK8kNzLJ1nw
84AanSP6+Zed2Hcp1efmCK7fyFgq66xrmoNTau4xXduYmexV1lTvcjcHlQsz1JFwjy03
WDxroKvsXEwfV7J0PiXqfE7/91Rnqn62K4e7HniNaYaqJpVnpwyWjSjN9pIhXh9rCA9P
wVVsn5muM4njnITXsgTcMy9wc24+Luap3GCsvsJC5HuVYVO5xH7zDgxeQrlOWy9iGW9u
I3MdHMeyBtdfOCi/5nOhdD2/B+M+hA1IpY6xVPmxjrMytdrJ4xABrpw3HntvkKjvcMRo
FFAg==;
darn=gnusha.org
ARC-Authentication-Results: i=2; gmr-mx.google.com;
dkim=pass header.i=@gmail.com header.s=20230601 header.b=alfkKTzf;
spf=pass (google.com: domain of lloyd.fourn@gmail.com designates 2607:f8b0:4864:20::82b as permitted sender) smtp.mailfrom=lloyd.fourn@gmail.com;
dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com;
dara=pass header.i=@googlegroups.com
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=googlegroups.com; s=20230601; t=1742779722; x=1743384522; darn=gnusha.org;
h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post
:list-id:mailing-list:precedence:x-original-authentication-results
:x-original-sender:cc:to:subject:message-id:date:from:in-reply-to
:references:mime-version:sender:from:to:cc:subject:date:message-id
:reply-to;
bh=L9dn+DVgoAyWn5s82GnCD0bvogElEwDwsga9yKa6FZQ=;
b=xemQMMpFNFsoZM68VkPh5nCXIRqYvLDguXGyxH6LOTrF9bApBpUgIQGfMjss4Zjctx
8AOhdCrHQ12MKHWR3oVyk0K8GhilGnxOQtsQhHwLuDatWkx75ZTJczWH4Za3v0O7dSYj
jpeBEH7cYXrjGlrHrrkv6d9FnVL61Dw8Hpxmfig+WCNkJs0ziz90kh3Puxtghw5SUwo8
afEyLDhdYSOnIrS/OVejaqS2/KI/wc1/ViErU7IWGgQz1Pp7WxxF8wIVzZ3/xRAqKe0I
OBgXBLTg5rebQU9rtxbSujIVw9h8qaXM3S+wSmEkGsA00SmeaPhcN0O+v6yaW+R1UvGR
ZqCQ==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=gmail.com; s=20230601; t=1742779722; x=1743384522; darn=gnusha.org;
h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post
:list-id:mailing-list:precedence:x-original-authentication-results
:x-original-sender:cc:to:subject:message-id:date:from:in-reply-to
:references:mime-version:from:to:cc:subject:date:message-id:reply-to;
bh=L9dn+DVgoAyWn5s82GnCD0bvogElEwDwsga9yKa6FZQ=;
b=dIBy3eA08WDold6RIH3Tqx0f3KkQhpa3cb+mfqQG8IzVNKneGDM0bqeLVd/7W623cH
STSNKLuHQ9K1z4Zy5JC6Crhc+3RgBQuJojuvSiBdZNL/0oQ1aLh+wb5rWjr3ttYKWPLG
y9X0fqcyKYG4lmEg6lRQ6e97IfVma4DcLD4OmZaQoHQi11yW4VtZhL9bZDM/J+H9KwDe
ElS3Q1ftEJszmXvZjm2rc+O+EDmEFo3Vw2QaicrxVw6QjtQ9ermzlhUz661jQK/aqBg6
/No5VUxCN1hsqGxDqjj6FtwGOn3uzqhhPJEXYNfbeNazBtmI37u3uZ4TRcMIGsZColuJ
5wvQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20230601; t=1742779722; x=1743384522;
h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post
:list-id:mailing-list:precedence:x-original-authentication-results
:x-original-sender:cc:to:subject:message-id:date:from:in-reply-to
:references:mime-version:x-beenthere:x-gm-message-state:sender:from
:to:cc:subject:date:message-id:reply-to;
bh=L9dn+DVgoAyWn5s82GnCD0bvogElEwDwsga9yKa6FZQ=;
b=UI92w+CavT0hNu+4v8uC1Pd39Kd2/uvL2aR/XFUavRvua+nd0NtmC23RIfi5vjqpku
OPFxQI0hWvQAH3jsz6Ly9FAuG9QyZ9SkUPqEKMI6jsa2r7xc0VUwd+/CXH+4KjyEFRHr
W7jEIQ6etGDHSyeG9aD3U48YDNAEmVBTcWq2LeDN5yLpvhzedZ+p0QRgDNYNtZGSJLPi
XlTdG40fF+XlQtvcVoksaPUlTFhCcBU8VOo91qlP+S16/ok8BXErlEixnjYxP8cbbOnr
V+mPzNoHPy1//e2e694rMedt5AqXZVTk+srfbKW9jWiTu9EjsLa+3aUPWDUWSq2sJhuG
3JrA==
Sender: bitcoindev@googlegroups.com
X-Forwarded-Encrypted: i=2; AJvYcCVSsLXCYFxRLYaisnqkl/leEZMdxSrehCL+nCIQ9Hk5Tb5I5bezcngH9VHLytp4F3MYA3qDXuZRSgeP@gnusha.org
X-Gm-Message-State: AOJu0YyTM8BwNVuNkxG+yFl6VkPvcfb33EfFfGt4P3zDPCLZAYfkf6qC
qwtinUQW2UDklC4cRlYqfzeGkjyB99Y/WEwzwjrRLvbLazenTpZj
X-Google-Smtp-Source: AGHT+IGOc2sAlQFcJPqrBwrUUWgYo+0Ct2qfiSrZkQefNijWg/sKS306NdHsGYpUvo5d3sssABeZww==
X-Received: by 2002:a05:6808:6a8e:b0:3f6:abec:2b9a with SMTP id 5614622812f47-3febf724b57mr7495210b6e.10.1742779722236;
Sun, 23 Mar 2025 18:28:42 -0700 (PDT)
X-BeenThere: bitcoindev@googlegroups.com; h=ARLLPAKlezgdN0H0hD+toT+Zm8Le+5HuFzieUH+ifjp8wf9VAw==
Received: by 2002:a4a:d24d:0:b0:602:af0:7fc2 with SMTP id 006d021491bc7-602327b0224ls991703eaf.0.-pod-prod-08-us;
Sun, 23 Mar 2025 18:28:38 -0700 (PDT)
X-Forwarded-Encrypted: i=2; AJvYcCVa8GivcX7ATadM5xLu1jHzOb8vK/vXx1epcgKJ9/WgebMFicSb7Sp5IITbLmcjkMATDelXGcKNspnJ@googlegroups.com
X-Received: by 2002:a05:6808:6c85:b0:3f7:c2f9:43f4 with SMTP id 5614622812f47-3febf74ba32mr7120792b6e.18.1742779718454;
Sun, 23 Mar 2025 18:28:38 -0700 (PDT)
Received: by 2002:a05:6808:2d37:b0:3f9:f009:458e with SMTP id 5614622812f47-3febee4f79fmsb6e;
Sun, 23 Mar 2025 17:25:07 -0700 (PDT)
X-Forwarded-Encrypted: i=2; AJvYcCWf7pXVpVQHYwNfldpIGx1Wf3yjyD6j7WJMB6EbteJ2hv+SHzN9k5IRQ8lX7ByBCUZMsnJ480qNaZVS@googlegroups.com
X-Received: by 2002:a05:6a21:99a7:b0:1fe:4225:f84b with SMTP id adf61e73a8af0-1fe43451976mr19225631637.38.1742775906584;
Sun, 23 Mar 2025 17:25:06 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1742775906; cv=none;
d=google.com; s=arc-20240605;
b=Zn8ITEtXmvMRIQm86t/jzBiVQeIaVhK7wtG7SHCZvM40TecMJaD0lGaYvZsV6dBvgg
1I2F/9Xofz8lSFi7ib1BvdpChdNTHlN5Wseg4Y32OqzRenXUYD6+0YVkPFuC13M7kuuT
ldX4K0W8mv2FICUe/a9YG/O88b3m833Nc7Sz9OwlbIeeEqN+JW0mvjp6Zw5LS6KzJsYh
fBojWM4VT1NJXOhJfHpcqFP/6A+v6+mbCuYlwrb9OW8D6jqufDjiQwV/0KRgVdg1xnbw
qYj/Q0VAjHEMSNv5Jx7ChHiNi/rKTNlhekk4jdFhoQb29GeNH7a5HeNTN12nEORNqnKx
I6KA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605;
h=cc:to:subject:message-id:date:from:in-reply-to:references
:mime-version:dkim-signature;
bh=osTKQbtBWQjpKE5h1g89dXh0c9FkEXmra9IKuTWvWOY=;
fh=oz55UmGl1/A8o3izfyHAVIMnZzps+37+2y5HEbeR3Sw=;
b=Ddgiamj27bM9nvjF40i8zjeIEnIqQfz9ZzvWDRWE8Fp9IMoE17KqrGUkJ1GEaHxmW0
ExML6FfUR0wiZbTduCrE2oR+dgiNK0CnyhOxZIKshQ0c+lDYY/T7zAlsEeC5mSbvHH3m
Cpffh2wWavEm4A/S0yhIrssC2Obe3iCVAd4+ZfyP9VBcseXwcu0/rRVwIssFsoG8NiLO
QmhktUsR/nPX7DIxpdY2sIEasikmMkZqzGHFHIAOUAsAIkne8qKtxl+TLRnnUbCDeoXv
xbLO8bHwB1fvMwCnrPrKd75oLTjbgUS3EFqsIFX4YjEhMDKCrHvhPGG6pzq/pC/EyGJD
JsmQ==;
dara=google.com
ARC-Authentication-Results: i=1; gmr-mx.google.com;
dkim=pass header.i=@gmail.com header.s=20230601 header.b=alfkKTzf;
spf=pass (google.com: domain of lloyd.fourn@gmail.com designates 2607:f8b0:4864:20::82b as permitted sender) smtp.mailfrom=lloyd.fourn@gmail.com;
dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com;
dara=pass header.i=@googlegroups.com
Received: from mail-qt1-x82b.google.com (mail-qt1-x82b.google.com. [2607:f8b0:4864:20::82b])
by gmr-mx.google.com with ESMTPS id d2e1a72fcca58-739060b76fasi278981b3a.3.2025.03.23.17.25.06
for <bitcoindev@googlegroups.com>
(version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128);
Sun, 23 Mar 2025 17:25:06 -0700 (PDT)
Received-SPF: pass (google.com: domain of lloyd.fourn@gmail.com designates 2607:f8b0:4864:20::82b as permitted sender) client-ip=2607:f8b0:4864:20::82b;
Received: by mail-qt1-x82b.google.com with SMTP id d75a77b69052e-4769a9055e6so2435891cf.0
for <bitcoindev@googlegroups.com>; Sun, 23 Mar 2025 17:25:06 -0700 (PDT)
X-Forwarded-Encrypted: i=1; AJvYcCUHmaGuI34s1nHhwzI7pd/EXSB7Qjg7S04zM3sDe0ngAWCLKDxYO/jEqfP9xXFdXIpVPW4GoRDI2Ro7@googlegroups.com
X-Gm-Gg: ASbGncvGD3CA3QoarbVjZn/+ZpI5dkEe5haYUfULaWNlk+M7bOsXptNFh6+jqckBbSV
Hs5gycp4FeM+6TCj+uASQBdCKJkkHXyGj9VxanhclOjGWgmCFLKOlx0aG20AsBFQAeBcd765TW7
3U8g8JQWCtMgTHNl5ygcBXSu2NpWvasvuVe5o8
X-Received: by 2002:a05:622a:1993:b0:474:f9a1:ffb8 with SMTP id
d75a77b69052e-4771ddeca92mr69696321cf.10.1742775905414; Sun, 23 Mar 2025
17:25:05 -0700 (PDT)
MIME-Version: 1.0
References: <CALkkCJY=dv6cZ_HoUNQybF4-byGOjME3Jt2DRr20yZqMmdJUnQ@mail.gmail.com>
<XHIL8Z4i4hji8LhbJ0AiKQ4eago2evXwjTGUOqqyAye_2nM3QicDpHo6KkcznBAHPUrIWSLj_GuiTQ_97KPjxcOrG8pE0rgcXucK2-4txKE=@protonmail.com>
In-Reply-To: <XHIL8Z4i4hji8LhbJ0AiKQ4eago2evXwjTGUOqqyAye_2nM3QicDpHo6KkcznBAHPUrIWSLj_GuiTQ_97KPjxcOrG8pE0rgcXucK2-4txKE=@protonmail.com>
From: Lloyd Fournier <lloyd.fourn@gmail.com>
Date: Mon, 24 Mar 2025 11:24:38 +1100
X-Gm-Features: AQ5f1JpIrBYKJhMv70g1nUP9k0b_GaiK11AfRXeTFXl122NeuQD8mfB703xompQ
Message-ID: <CAH5Bsr0muoF27besnoQh32vL-keujeR+d-_JurE0+yXY5gPKQg@mail.gmail.com>
Subject: Re: [bitcoindev] Hashed keys are actually fully quantum secure
To: Antoine Poinsot <darosior@protonmail.com>
Cc: =?UTF-8?Q?Martin_Habov=C5=A1tiak?= <martin.habovstiak@gmail.com>,
Bitcoin Development Mailing List <bitcoindev@googlegroups.com>
Content-Type: multipart/alternative; boundary="000000000000c3f5db06310ba235"
X-Original-Sender: lloyd.fourn@gmail.com
X-Original-Authentication-Results: gmr-mx.google.com; dkim=pass
header.i=@gmail.com header.s=20230601 header.b=alfkKTzf; spf=pass
(google.com: domain of lloyd.fourn@gmail.com designates 2607:f8b0:4864:20::82b
as permitted sender) smtp.mailfrom=lloyd.fourn@gmail.com; dmarc=pass
(p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com; dara=pass header.i=@googlegroups.com
Precedence: list
Mailing-list: list bitcoindev@googlegroups.com; contact bitcoindev+owners@googlegroups.com
List-ID: <bitcoindev.googlegroups.com>
X-Google-Group-Id: 786775582512
List-Post: <https://groups.google.com/group/bitcoindev/post>, <mailto:bitcoindev@googlegroups.com>
List-Help: <https://groups.google.com/support/>, <mailto:bitcoindev+help@googlegroups.com>
List-Archive: <https://groups.google.com/group/bitcoindev
List-Subscribe: <https://groups.google.com/group/bitcoindev/subscribe>, <mailto:bitcoindev+subscribe@googlegroups.com>
List-Unsubscribe: <mailto:googlegroups-manage+786775582512+unsubscribe@googlegroups.com>,
<https://groups.google.com/group/bitcoindev/subscribe>
X-Spam-Score: -0.5 (/)
--000000000000c3f5db06310ba235
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
On Tue, 18 Mar 2025 at 00:48, 'Antoine Poinsot' via Bitcoin Development
Mailing List <bitcoindev@googlegroups.com> wrote:
I suppose you could in theory have, in addition to making spending old
> outputs invalid on their own, a rule which dictates they may only be spen=
t
> along with a QR output at least X blocks old. This would give the honest
> user a headstart in this race, but meh.
>
Yes this is how I read the OP "after sufficient number of blocks". I think
this is a really nice idea. The head start can be arbitrarily large so that
the attacker simply cannot compete. It's probably not too difficult to
design some honest RBF mechanism either such that you can bump the fee with
a new QR signature if it's taking too long.
LL
> On Sunday, March 16th, 2025 at 2:25 PM, Martin Habov=C5=A1tiak <
> martin.habovstiak@gmail.com> wrote:
>
> Hello list,
>
> this is somewhat related to Jameson's recent post but different enough to
> warrant a separate topic.
>
> As you have probably heard many times and even think yourself, "hashed
> keys are not actually secure, because a quantum attacker can just snatch
> them from mempool". However this is not strictly true.
>
> It is possible to implement fully secure recovery if we forbid spending o=
f
> hashed keys unless done through the following scheme:
> 0. we assume we have *some* QR signing deployed, it can be done even afte=
r
> QC becomes viable (though not without economic cost)
> 1. the user obtains a small amount of bitcoin sufficient to pay for fees
> via external means, held on a QR script
> 2. the user creates a transaction that, aside from having a usual
> spendable output also commits to a signature of QR public key. This prove=
s
> that the user knew the private key even though the public key wasn't
> revealed yet.
> 3. after sufficient number of blocks, the user spends both the old and QR
> output in a single transaction. Spending requires revealing the
> previously-committed sigature. Spending the old output alone is invalid.
>
> This way, the attacker would have to revert the chain to steal which is
> assumed impossible.
>
> The only weakness I see is that (x)pubs would effectively become private
> keys. However they already kinda are - one needs to protect xpubs for
> privacy and to avoid the risk of getting marked as "dirty" by some
> agencies, which can theoretically render them unspendable. And non-x-pubs
> generally do not leak alone (no reason to reveal them without spending).
>
> I think that the mere possibility of this scheme has two important
> implications:
> * the need to have "a QR scheme" ready now in case of a QC coming tomorro=
w
> is much smaller than previously thought. Yes, doing it too late has the
> effect of temporarily freezing coins which is costly and we don't want th=
at
> but it's not nearly as bad as theft
> * freezing of *these* coins would be both immoral and extremely dangerous
> for reputation of Bitcoin (no comments on freezing coins with revealed
> pubkeys, I haven't made my mind yet)
>
> If the time comes I'd be happy to run a soft fork that implements this
> sanely.
>
> Cheers
>
> Martin
>
> --
> You received this message because you are subscribed to the Google Groups
> "Bitcoin Development Mailing List" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to bitcoindev+unsubscribe@googlegroups.com.
> To view this discussion visit
> https://groups.google.com/d/msgid/bitcoindev/CALkkCJY%3Ddv6cZ_HoUNQybF4-b=
yGOjME3Jt2DRr20yZqMmdJUnQ%40mail.gmail.com
> .
>
>
> --
> You received this message because you are subscribed to the Google Groups
> "Bitcoin Development Mailing List" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to bitcoindev+unsubscribe@googlegroups.com.
> To view this discussion visit
> https://groups.google.com/d/msgid/bitcoindev/XHIL8Z4i4hji8LhbJ0AiKQ4eago2=
evXwjTGUOqqyAye_2nM3QicDpHo6KkcznBAHPUrIWSLj_GuiTQ_97KPjxcOrG8pE0rgcXucK2-4=
txKE%3D%40protonmail.com
> <https://groups.google.com/d/msgid/bitcoindev/XHIL8Z4i4hji8LhbJ0AiKQ4eago=
2evXwjTGUOqqyAye_2nM3QicDpHo6KkcznBAHPUrIWSLj_GuiTQ_97KPjxcOrG8pE0rgcXucK2-=
4txKE%3D%40protonmail.com?utm_medium=3Demail&utm_source=3Dfooter>
> .
>
--=20
You received this message because you are subscribed to the Google Groups "=
Bitcoin Development Mailing List" group.
To unsubscribe from this group and stop receiving emails from it, send an e=
mail to bitcoindev+unsubscribe@googlegroups.com.
To view this discussion visit https://groups.google.com/d/msgid/bitcoindev/=
CAH5Bsr0muoF27besnoQh32vL-keujeR%2Bd-_JurE0%2ByXY5gPKQg%40mail.gmail.com.
--000000000000c3f5db06310ba235
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
<div dir=3D"ltr"><div dir=3D"ltr"><br></div><br><div class=3D"gmail_quote g=
mail_quote_container"><div dir=3D"ltr" class=3D"gmail_attr">On Tue, 18 Mar =
2025 at 00:48, 'Antoine Poinsot' via Bitcoin Development Mailing Li=
st <<a href=3D"mailto:bitcoindev@googlegroups.com">bitcoindev@googlegrou=
ps.com</a>> wrote:</div><div dir=3D"ltr" class=3D"gmail_attr"><br></div>=
<blockquote class=3D"gmail_quote" style=3D"margin:0px 0px 0px 0.8ex;border-=
left:1px solid rgb(204,204,204);padding-left:1ex"><div style=3D"font-family=
:Arial,sans-serif;font-size:14px">I suppose you could in theory have, in ad=
dition to making spending old outputs invalid on their own, a rule which di=
ctates they may only be spent along with a QR output at least X blocks old.=
This would give the honest user a headstart in this race, but meh.<br></di=
v></blockquote><div><br></div><div>Yes this is how I read the OP "afte=
r sufficient number of blocks". I think this is a really nice idea. Th=
e head start can be arbitrarily large so that the attacker simply cannot co=
mpete. It's probably not too difficult to design some honest RBF mechan=
ism either such that you can bump the fee with a new QR signature if it'=
;s taking too long.</div><div><br></div><div>LL</div><div><br></div><div>=
=C2=A0</div><blockquote class=3D"gmail_quote" style=3D"margin:0px 0px 0px 0=
.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div style=3D=
"font-family:Arial,sans-serif;font-size:14px"></div><div>
On Sunday, March 16th, 2025 at 2:25 PM, Martin Habov=C5=A1tiak <=
<a href=3D"mailto:martin.habovstiak@gmail.com" target=3D"_blank">martin.hab=
ovstiak@gmail.com</a>> wrote:<br>
<blockquote type=3D"cite">
<div dir=3D"auto">Hello list,<div dir=3D"auto"><br></div><div d=
ir=3D"auto">this is somewhat related to Jameson's recent post but diffe=
rent enough to warrant a separate topic.</div><div dir=3D"auto"><br></div><=
div dir=3D"auto">As you have probably heard many times and even think yours=
elf, "hashed keys are not actually secure, because a quantum attacker =
can just snatch them from mempool". However this is not strictly true.=
</div><div dir=3D"auto"><br></div><div dir=3D"auto">It is possible to imple=
ment fully secure recovery if we forbid spending of hashed keys unless done=
through the following scheme:</div><div dir=3D"auto">0. we assume we have =
*some* QR signing deployed, it can be done even after QC becomes viable (th=
ough not without economic cost)</div><div dir=3D"auto">1. the user obtains =
a small amount of bitcoin sufficient to pay for fees via external means, he=
ld on a QR script</div><div dir=3D"auto">2. the user creates a transaction =
that, aside from having a usual spendable output also commits to a signatur=
e of QR public key. This proves that the user knew the private key even tho=
ugh the public key wasn't revealed yet.</div><div dir=3D"auto">3. after=
sufficient number of blocks, the user spends both the old and QR output in=
a single transaction. Spending requires revealing the previously-committed=
sigature. Spending the old output alone is invalid.</div><div dir=3D"auto"=
><br></div><div dir=3D"auto">This way, the attacker would have to revert th=
e chain to steal which is assumed impossible.</div><div dir=3D"auto"><br></=
div><div dir=3D"auto">The only weakness I see is that (x)pubs would effecti=
vely become private keys. However they already kinda are - one needs to pro=
tect xpubs for privacy and to avoid the risk of getting marked as "dir=
ty" by some agencies, which can theoretically render them unspendable.=
And non-x-pubs generally do not leak alone (no reason to reveal them witho=
ut spending).</div><div dir=3D"auto"><br></div><div dir=3D"auto">I think th=
at the mere possibility of this scheme has two important implications:</div=
><div dir=3D"auto">* the need to have "a QR scheme" ready now in =
case of a QC coming tomorrow is much smaller than previously thought. Yes, =
doing it too late has the effect of temporarily freezing coins which is cos=
tly and we don't want that but it's not nearly as bad as theft</div=
><div dir=3D"auto">* freezing of *these* coins would be both immoral and ex=
tremely dangerous for reputation of Bitcoin (no comments on freezing coins =
with revealed pubkeys, I haven't made my mind yet)</div><div dir=3D"aut=
o"><br></div><div dir=3D"auto">If the time comes I'd be happy to run a =
soft fork that implements this sanely.</div><div dir=3D"auto"><br></div><di=
v dir=3D"auto">Cheers</div><div dir=3D"auto"><br></div><div dir=3D"auto">Ma=
rtin</div></div>
<p></p>
-- <br>
You received this message because you are subscribed to the Google Groups &=
quot;Bitcoin Development Mailing List" group.<br>
To unsubscribe from this group and stop receiving emails from it, send an e=
mail to <a href=3D"mailto:bitcoindev+unsubscribe@googlegroups.com" rel=3D"n=
oreferrer nofollow noopener" target=3D"_blank">bitcoindev+unsubscribe@googl=
egroups.com</a>.<br>
To view this discussion visit <a href=3D"https://groups.google.com/d/msgid/=
bitcoindev/CALkkCJY%3Ddv6cZ_HoUNQybF4-byGOjME3Jt2DRr20yZqMmdJUnQ%40mail.gma=
il.com" rel=3D"noreferrer nofollow noopener" target=3D"_blank">https://grou=
ps.google.com/d/msgid/bitcoindev/CALkkCJY%3Ddv6cZ_HoUNQybF4-byGOjME3Jt2DRr2=
0yZqMmdJUnQ%40mail.gmail.com</a>.<br>
</blockquote><br>
</div>
<p></p>
-- <br>
You received this message because you are subscribed to the Google Groups &=
quot;Bitcoin Development Mailing List" group.<br>
To unsubscribe from this group and stop receiving emails from it, send an e=
mail to <a href=3D"mailto:bitcoindev+unsubscribe@googlegroups.com" target=
=3D"_blank">bitcoindev+unsubscribe@googlegroups.com</a>.<br>
To view this discussion visit <a href=3D"https://groups.google.com/d/msgid/=
bitcoindev/XHIL8Z4i4hji8LhbJ0AiKQ4eago2evXwjTGUOqqyAye_2nM3QicDpHo6KkcznBAH=
PUrIWSLj_GuiTQ_97KPjxcOrG8pE0rgcXucK2-4txKE%3D%40protonmail.com?utm_medium=
=3Demail&utm_source=3Dfooter" target=3D"_blank">https://groups.google.c=
om/d/msgid/bitcoindev/XHIL8Z4i4hji8LhbJ0AiKQ4eago2evXwjTGUOqqyAye_2nM3QicDp=
Ho6KkcznBAHPUrIWSLj_GuiTQ_97KPjxcOrG8pE0rgcXucK2-4txKE%3D%40protonmail.com<=
/a>.<br>
</blockquote></div></div>
<p></p>
-- <br />
You received this message because you are subscribed to the Google Groups &=
quot;Bitcoin Development Mailing List" group.<br />
To unsubscribe from this group and stop receiving emails from it, send an e=
mail to <a href=3D"mailto:bitcoindev+unsubscribe@googlegroups.com">bitcoind=
ev+unsubscribe@googlegroups.com</a>.<br />
To view this discussion visit <a href=3D"https://groups.google.com/d/msgid/=
bitcoindev/CAH5Bsr0muoF27besnoQh32vL-keujeR%2Bd-_JurE0%2ByXY5gPKQg%40mail.g=
mail.com?utm_medium=3Demail&utm_source=3Dfooter">https://groups.google.com/=
d/msgid/bitcoindev/CAH5Bsr0muoF27besnoQh32vL-keujeR%2Bd-_JurE0%2ByXY5gPKQg%=
40mail.gmail.com</a>.<br />
--000000000000c3f5db06310ba235--
|
