1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
|
Delivery-date: Wed, 20 Aug 2025 17:03:36 -0700
Received: from mail-qv1-f56.google.com ([209.85.219.56])
by mail.fairlystable.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
(Exim 4.94.2)
(envelope-from <bitcoindev+bncBCBOPKOL54MRBTOETHCQMGQEKBX34JI@googlegroups.com>)
id 1uosmG-0007Lc-8e
for bitcoindev@gnusha.org; Wed, 20 Aug 2025 17:03:36 -0700
Received: by mail-qv1-f56.google.com with SMTP id 6a1803df08f44-70a92827a70sf11035296d6.1
for <bitcoindev@gnusha.org>; Wed, 20 Aug 2025 17:03:35 -0700 (PDT)
ARC-Seal: i=2; a=rsa-sha256; t=1755734610; cv=pass;
d=google.com; s=arc-20240605;
b=ilqW+hnApIx6qpxuz/9wKph1/linQaPKLr4RcYZOoAHyTbgDMAg7i0d7D/A1w5fLuo
T61FExTZP1tMH7re95oxg0NcY0wRAak1S1nVrjQK+IvfFHCJAvopNBjo2PdcTQp9pakO
G5Gub+hZYTI1Lob02umkdg8l2GD1HuRU/N9g0Tcp6oKCvnoR7lYx7r6LsgtxjIr3Q2Rn
BWn/uFWLo+asQpQJs704ZoeqhT3oxCB9+WHTgpLU+sXFBp1MTqOKAfY3SyDbaULiAF1j
+JjnIdJ71Qs4SWC4bx9revHUKcZrQoW66ydS5pczRHlO6DOwtrHcbAnm/iNHMl4WLp3x
j+Fw==
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605;
h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post
:list-id:mailing-list:precedence:content-transfer-encoding
:in-reply-to:from:content-language:references:to:subject:user-agent
:mime-version:date:message-id:sender:dkim-signature;
bh=canLBZPxcmA/HkzW18mdhMMOnJWyXx9hPQ2JFpZoUTg=;
fh=5lIYA5+6zrP9KxASB2GrER+X/oyImKgE17yNWi0oF/A=;
b=T1nQCCIGrThq/DDMrz5jYhTi1bHC8mb6Ohdf84Tam/xxIxUr00CG+It0gmcildosEp
HgQZXKW468FBcxgQQ2jmkt+a7cFp3mcHD07y6niWAaCgDmyoc5bysYNz5CrW/E8iqiat
n/UzIhy2tpr11GJJPQtAI08IFUFqfQMTTHTj3CVAJswRJNfdg6G251ntdSgXCsrcgpzP
D2wOGm27iFxuB+pxc3qLxJGc+c0jm82Rgi37LLG8QxSsdhBSbymXz703AHvF2u9hOopU
GiqaBF2dUZSKZZrsviGb1LDCnmgMLKUgVsUhbUxKjidHWUMkzbAljhKksq1lHZy4XX2y
p4uA==;
darn=gnusha.org
ARC-Authentication-Results: i=2; gmr-mx.google.com;
dkim=pass header.i=@murch.one header.s=uberspace header.b=bxx9uLzr;
spf=pass (google.com: domain of murch@murch.one designates 185.26.156.114 as permitted sender) smtp.mailfrom=murch@murch.one
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=googlegroups.com; s=20230601; t=1755734610; x=1756339410; darn=gnusha.org;
h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post
:list-id:mailing-list:precedence:x-original-authentication-results
:x-original-sender:content-transfer-encoding:in-reply-to:from
:content-language:references:to:subject:user-agent:mime-version:date
:message-id:sender:from:to:cc:subject:date:message-id:reply-to;
bh=canLBZPxcmA/HkzW18mdhMMOnJWyXx9hPQ2JFpZoUTg=;
b=At5Q7/wRWIAqHpBGKLC9nriuNdCp//kV66BIDbRlIJU+RFr/jhLPAsKe8vW25o/8uT
CBAiyXbKf8h7pEKUIVhqvb9fIw9oYI/x7J3PqNvkIwApUImiTh2pR0JFNZg9c9ppojrz
8FD6Ysz8xIvYVhfDhbWcyUkq2kdsuOLbLKs56zDSJaBdVegE7tjRJ2X598uCNXdiHMIQ
GRn3ZaVlMUXxX5r5urymtwkUkOHeVfxItA1AIPhzPNz0D9Gjc2mMJ5TkYKed6ZhWt2fy
CVWUVhD7N+2EcpoG9GTMjXoPEQ2AwVN0MmMpFSCPmwkIpu8MVW6uWkSznVra0J/NdFPI
Yjzg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20230601; t=1755734610; x=1756339410;
h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post
:list-id:mailing-list:precedence:x-original-authentication-results
:x-original-sender:content-transfer-encoding:in-reply-to:from
:content-language:references:to:subject:user-agent:mime-version:date
:message-id:x-beenthere:x-gm-message-state:sender:from:to:cc:subject
:date:message-id:reply-to;
bh=canLBZPxcmA/HkzW18mdhMMOnJWyXx9hPQ2JFpZoUTg=;
b=FTNIFE3t8h7DMds13fgVaj2HFfuvQKmUnTWbWy/4+AS2Nke0u6RybcgKmXqyZxEiYg
dLNgXnYQ+aFVjt2Pwu/0JWAspPbqCkCc/h7QRjgiW+jiYPeaqVpKRJ3y5GvGpr3hK5+U
Xc44pMalLnQdI/O3YOOY454lUSR3c3YaFhOdd1Q3KBDTB9phO+yk9Kcu/jEwSuMv+Q2b
UsP3xc7RHkYEVO2aucG3JZxUHgh/DgcTS3ahVVsNAz9ahXkfXOjHbP/mZszy5jwUWOpP
pROYW0ku4YtRaMaGJ7j76RhSFKP9eUPB8y243gJSB9KHO62SvNrf1m3poPlfHX7Sv+Gn
PBSA==
Sender: bitcoindev@googlegroups.com
X-Forwarded-Encrypted: i=2; AJvYcCUIuHhvlCQf5gEWn7U0sRrGLNfm3gtUYC8zKaZXQJYkXo41wqsu2m9NlBLvrCDcUScvtYTmIicp9tUl@gnusha.org
X-Gm-Message-State: AOJu0YwNvy3kEDpJGwXBURV/XH1CTFaT0xPSLYNDluhIMvbUcM7bTlOz
tcaM+WQZl+3hakvkQONEqBgJJgZGOQf57YiF4f0IGg0qrihDXGQArG2z
X-Google-Smtp-Source: AGHT+IFUJqFPb6AAYzwDG6CmHi+uC+gD6J+4YWNZ12qs9HwQn0FDvx4uLrmKg4LPZqInQUSYUE/w3g==
X-Received: by 2002:ad4:5ba1:0:b0:709:e4a2:bf54 with SMTP id 6a1803df08f44-70d88fdec28mr5954316d6.31.1755734609298;
Wed, 20 Aug 2025 17:03:29 -0700 (PDT)
X-BeenThere: bitcoindev@googlegroups.com; h=AZMbMZc8yskU3RkB0cZ/O/BhqcSE47xp8m9RVZ1YjEdtKLpLlQ==
Received: by 2002:a0c:f097:0:10b0:707:56ac:be5f with SMTP id
6a1803df08f44-70d8593b6cels3991226d6.0.-pod-prod-05-us; Wed, 20 Aug 2025
17:03:24 -0700 (PDT)
X-Received: by 2002:a05:620a:31a9:b0:7e8:4aad:d304 with SMTP id af79cd13be357-7ea08c7bfd5mr59681785a.2.1755734604800;
Wed, 20 Aug 2025 17:03:24 -0700 (PDT)
Received: by 2002:a05:6504:6047:b0:2c0:aeab:e1f7 with SMTP id a1c4a302cd1d6-2c0bf99d6d2msc7a;
Wed, 20 Aug 2025 10:14:55 -0700 (PDT)
X-Received: by 2002:a2e:a484:0:b0:32b:5eb3:280 with SMTP id 38308e7fff4ca-3353bdd3281mr8001011fa.29.1755710092147;
Wed, 20 Aug 2025 10:14:52 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1755710092; cv=none;
d=google.com; s=arc-20240605;
b=Xvm2sOK/gcY2RJCnXr7MjGN8zDphzjB2KWCpnL5d+AMWfhCQOlHoXXs6zoKmXYI7I0
c3bCejOOsnvW68chePu5iEXL7FjG0cP8CMDvrGXaeatF3D8V3KfYQLvHtFu9LoR4I6/d
verr4XOZdXbjPFhOPty5xmrKuALp+irap+lk5bJVlB6uEn9xbr3EK+d+ZMfKw40KHR1X
ngUhS+qUZI4VrXaX4tUHLEXUVmhcnf7CkXY5V2+OQh5lZHr6mCCQr4Nr+B76TPWTEcD7
ulMb4E9fLzu796dwEPnWrfjWGgqZ33M+J2BbD9LYdjWlcQHNz5MNbNLM835PwBYidm4Z
BYcA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605;
h=dkim-signature:content-transfer-encoding:in-reply-to:from
:content-language:references:to:subject:user-agent:mime-version:date
:message-id;
bh=tPKaIeLn+Y200L5BLe0u5Kkydjb3zPzJdsmB39o2eck=;
fh=VcGcg+Zjs9gw1uDcHbxsAILhBAcecnbJzZRdxgKVDIc=;
b=h+yjWHg54c4SW4g6lpNfIE4u4XQqsPbEkp2Ct85XdMIrkOYaPxkFzBVT+a3o37PoJj
wfwxK9XT1aVCvZloLE5A36q5ViQ+YpIbBq76BniupWslH9S6QPnmkmvJGOs98wJtKamq
f98S1jE79SK8Z2VRMwBtiuyF90a8NltKNQ4ld8FZvCfWJvwdlkmmk6mRsFZ1iJA/RNnr
AVH8OO7WxsLcLTm6BenaSBDOQgTw3cdFtbteY+bVFgJM8uUvGzQsqCaV75gmsxFsMrTk
/dzRbNx9V0oMBgw+SvE6Q4DOXgjuj0XYeDj1F9kIP/b3bv/Ydr0qdFJyqTEPacwdGE2t
1znA==;
dara=google.com
ARC-Authentication-Results: i=1; gmr-mx.google.com;
dkim=pass header.i=@murch.one header.s=uberspace header.b=bxx9uLzr;
spf=pass (google.com: domain of murch@murch.one designates 185.26.156.114 as permitted sender) smtp.mailfrom=murch@murch.one
Received: from mailgate02.uberspace.is (mailgate02.uberspace.is. [185.26.156.114])
by gmr-mx.google.com with ESMTPS id 38308e7fff4ca-3340a48f80esi3022711fa.3.2025.08.20.10.14.51
for <bitcoindev@googlegroups.com>
(version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
Wed, 20 Aug 2025 10:14:51 -0700 (PDT)
Received-SPF: pass (google.com: domain of murch@murch.one designates 185.26.156.114 as permitted sender) client-ip=185.26.156.114;
Received: from farbauti.uberspace.de (farbauti.uberspace.de [185.26.156.235])
by mailgate02.uberspace.is (Postfix) with ESMTPS id 5BCFD180191
for <bitcoindev@googlegroups.com>; Wed, 20 Aug 2025 19:14:51 +0200 (CEST)
Received: (qmail 20488 invoked by uid 989); 20 Aug 2025 17:14:51 -0000
Received: from unknown (HELO unkown) (::1)
by farbauti.uberspace.de (Haraka/3.0.1) with ESMTPSA; Wed, 20 Aug 2025 19:14:51 +0200
Message-ID: <284507c2-b5d1-45a5-849f-408d3bf364a6@murch.one>
Date: Wed, 20 Aug 2025 10:14:47 -0700
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
Subject: Re: [bitcoindev] [Draft BIP] Quantum-Resistant Transition Framework
for Bitcoin
To: bitcoindev@googlegroups.com
References: <4d6ecde7-e959-4e6c-a0aa-867af8577151n@googlegroups.com>
Content-Language: en-US
From: Murch <murch@murch.one>
In-Reply-To: <4d6ecde7-e959-4e6c-a0aa-867af8577151n@googlegroups.com>
Content-Type: text/plain; charset="UTF-8"; format=flowed
Content-Transfer-Encoding: quoted-printable
X-Rspamd-Bar: ---
X-Rspamd-Report: BAYES_HAM(-3) XM_UA_NO_VERSION(0.01) MIME_GOOD(-0.1)
X-Rspamd-Score: -3.09
X-Original-Sender: murch@murch.one
X-Original-Authentication-Results: gmr-mx.google.com; dkim=pass
header.i=@murch.one header.s=uberspace header.b=bxx9uLzr; spf=pass
(google.com: domain of murch@murch.one designates 185.26.156.114 as permitted
sender) smtp.mailfrom=murch@murch.one
Precedence: list
Mailing-list: list bitcoindev@googlegroups.com; contact bitcoindev+owners@googlegroups.com
List-ID: <bitcoindev.googlegroups.com>
X-Google-Group-Id: 786775582512
List-Post: <https://groups.google.com/group/bitcoindev/post>, <mailto:bitcoindev@googlegroups.com>
List-Help: <https://groups.google.com/support/>, <mailto:bitcoindev+help@googlegroups.com>
List-Archive: <https://groups.google.com/group/bitcoindev
List-Subscribe: <https://groups.google.com/group/bitcoindev/subscribe>, <mailto:bitcoindev+subscribe@googlegroups.com>
List-Unsubscribe: <mailto:googlegroups-manage+786775582512+unsubscribe@googlegroups.com>,
<https://groups.google.com/group/bitcoindev/subscribe>
X-Spam-Score: -0.8 (/)
This proposal is highly reminiscent of Lopp et al=E2=80=99s "A Post Quantum=
=20
Migration Proposal"=C2=B9 previously discussed on this list=C2=B2.
If this document is explicitly intended as a competing proposal to Lopp=20
et al=E2=80=99s, this proposal would need to explicitly discuss shortcoming=
s of=20
Lopp et al=E2=80=99s proposal in a Related Work section and clearly explain=
=C2=A0in=20
the Motivation and Rationale sections how this new proposal is an=20
improvement to substantiate that the publication of a second proposal is=20
meaningful. As it is currently presented, I don=E2=80=99t consider this pro=
posal=20
a significant value-add due to duplicating work.
Regards,
=C2=A0 Murch
=C2=B9 https://github.com/bitcoin/bips/pull/1895
=C2=B2=20
https://gnusha.org/pi/bitcoindev/CADL_X_fpv-aXBxX+eJ_EVTirkAJGyPRUNqOCYdz5u=
m8zu6ma5Q@mail.gmail.com/.
On 2025-08-07 11:18, 'Bitcoin Foundation' via Bitcoin Development=20
Mailing List wrote:
> BIP: TBD
> Layer: Consensus (soft fork)
> Title: Quantum-Resistant Transition Framework for Bitcoin
> Author: Bitcoin Post-Quantum Working Group=20
> <pq-research@bitcoin.foundation>
> Status: Draft
> Type: Standards Track
> Created: 2025-08-07
> License: MIT
> Requires: BIP-340, BIP-341
>
> =3D=3D ABSTRACT =3D=3D
> This proposal defines a backward-compatible, time-bound migration path=20
> to quantum-resistant (QR) cryptography for Bitcoin. Through phased=20
> deprecation of ECDSA/Schnorr signatures and mandatory adoption of=20
> NIST-standardized post-quantum algorithms, it ensures Bitcoin's=20
> survival against quantum attacks while minimizing disruption to=20
> existing infrastructure.
>
> =3D=3D MOTIVATION =3D=3D
> *Quantum Threat Assessment*
> - PUBLIC KEY EXPOSURE: 25% of Bitcoin's UTXO set (~$150B as of 2025)=20
> is vulnerable to Shor's algorithm due to exposed public keys (P2PK,=20
> reused addresses)
> - ALGORITHMIC ACCELERATION: Google's 2024 trapped-ion breakthrough=20
> demonstrated 99.99% gate fidelity with 50 logical qubits - sufficient=20
> to break 256-bit ECDSA in <8 hours
> - STEALTH ATTACK VECTORS: Quantum adversaries could precompute keys=20
> and execute timed thefts during mempool propagation
>
> *Fundamental ECDSA Vulnerability*
> ECDSA security relies on the Elliptic Curve Discrete Logarithm Problem=20
> (ECDLP). Shor's quantum algorithm solves it in O((log n)=C2=B3) time:
> 1. For secp256k1: n =E2=89=88 2=C2=B2=E2=81=B5=E2=81=B6
> 2. Classical security: 128-bit
> 3. Quantum security: 0-bit (broken by Shor)
> 4. Critical exposure: Any public key revealed becomes immediately=20
> vulnerable
>
> *Consequences of Inaction*
> - WEALTH DESTRUCTION: Single theft event could permanently erode trust
> - COORDINATION TRAP: Delayed action risks chaotic emergency hard forks
> - SYSTEMIC COLLAPSE: Quantum break would invalidate Bitcoin's security=20
> model
>
> =3D=3D SPECIFICATION =3D=3D
> *Phase 1: QR Adoption (0-2 years)*
> - Soft-fork activation of QR witness programs (SegWit v3+)
> - New outputs must use OP_CHECKSIG_PQ
> - Classical scripts marked as deprecated
>
> *Phase 2: Legacy Deprecation (5 years)*
> - Creating new classical UTXOs becomes non-standard
> - Wallets default to QR outputs with warnings for classical sends
> - Economic incentive: QR transactions get priority mempool treatment
>
> *Phase 3: Classical Sunset (Block 1,327,121 ~8 years)*
> - Consensus-enforced rejection of classical script spends
> - Frozen UTXOs permanently unspendable (supply reduction)
> - Emergency override: 95% miner vote can delay by 52-week increments
>
> *Phase 4: Recovery Mechanism (Optional)*
> - ZK-proof system for reclaiming frozen funds via:
> =C2=A0 =E2=80=A2 Proof of BIP-39 seed knowledge
> =C2=A0 =E2=80=A2 Time-locked quantum-resistant scripts
> - Requires separate BIP after 3+ years cryptanalysis
>
> =3D=3D RATIONALE =3D=3D
> *Why Phased Approach?*
> - MARKET CERTAINTY: Fixed timeline eliminates "wait-and-see" stagnation
> - PROGRESSIVE PRESSURE: Gradual restrictions avoid shock transitions
> - SUNK COST PRINCIPLE: Users ignoring 3+ years of warnings assume=20
> responsibility
>
> *Why Freeze Legacy UTXOs?*
> - Prevents quantum arms race for exposed coins
> - Preserves Bitcoin's "lost coins" scarcity principle
> - Avoids centralized redistribution committees
> - Eliminates moral hazard of rewarding late migrators
> - Reduces quantum attack surface
>
> *Algorithm Choice: SPHINCS+-SHAKE256f (SLH-DSA-SHAKE-256f)*
> SECURITY PARAMETERS:
> =C2=A0 n: 256
> =C2=A0 Hash: SHAKE256
> =C2=A0 Classical Security: 2=C2=B2=E2=81=B5=E2=81=B6
> =C2=A0 Quantum Security: 2=C2=B9=C2=B2=E2=81=B8
> =C2=A0 Private Key: 128 bytes
> =C2=A0 Public Key: 64 bytes
> =C2=A0 Signature: 49,856 bytes
>
> QUANTUM ATTACK RESISTANCE:
> | Attack Type =C2=A0 =C2=A0 =C2=A0 =C2=A0 | Standard Bitcoin | This Syste=
m =C2=A0 | Security=20
> Factor |
> |---------------------|------------------|---------------|---------------=
--|
> | Shor's Algorithm =C2=A0 =C2=A0| Broken =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=
=A0 | Not applicable| =E2=88=9E =C2=A0 =C2=A0 =C2=A0 =C2=A0 |
> | Grover's Algorithm =C2=A0| O(2=C2=B9=C2=B2=E2=81=B8) =C2=A0 =C2=A0 =C2=
=A0 =C2=A0 | O(2=E2=81=B5=C2=B9=C2=B2) =C2=A0 =C2=A0 =C2=A0| 2=C2=B3=E2=81=
=B8=E2=81=B4 advantage =C2=A0|
> | Collision Search =C2=A0 =C2=A0| O(2=E2=81=B8=E2=81=B5) =C2=A0 =C2=A0 =
=C2=A0 =C2=A0 =C2=A0| O(2=E2=81=B8=E2=81=B5) =C2=A0 =C2=A0 =C2=A0 | Equival=
ent =C2=A0 =C2=A0 =C2=A0|
>
> KEY SECURITY (SK 128 bytes):
> - Private key entropy: 1024 bits (2=C2=B9=E2=81=B0=C2=B2=E2=81=B4 possibi=
lities)
> - Quantum brute-force: =E2=88=9A(2=C2=B9=E2=81=B0=C2=B2=E2=81=B4) =3D 2=
=E2=81=B5=C2=B9=C2=B2 =E2=89=88 10=C2=B9=E2=81=B5=E2=81=B4 operations
> - Time required at 1 quintillion ops/sec (10=C2=B9=E2=81=B8): 10=C2=B9=C2=
=B3=E2=81=B6 seconds =E2=89=88 3 =C3=97=20
> 10=C2=B9=C2=B2=E2=81=B8 years
>
> SEED SECURITY (SEED 96 bytes):
> - Possible seeds: 2=E2=81=B7=E2=81=B6=E2=81=B8 =E2=89=88 10=C2=B2=C2=B3=
=C2=B9
> - Quantum brute-force: =E2=88=9A(2=E2=81=B7=E2=81=B6=E2=81=B8) =3D 2=C2=
=B3=E2=81=B8=E2=81=B4 =E2=89=88 10=C2=B9=C2=B9=E2=81=B5 operations
> - Time required at 1 billion ops/sec: 10=C2=B9=E2=81=B0=E2=81=B6 seconds =
=E2=89=88 3 =C3=97 10=E2=81=B9=E2=81=B8 years
>
> INFORMATION THEORETIC ADVANTAGES:
> - Each signature reveals 4 bits of private key material
> - After 20 signatures:
> =C2=A0 =E2=80=A2 ECDSA: Private key fully compromised
> =C2=A0 =E2=80=A2 SPHINCS+: 80 bits revealed (7.81% of key)
> =C2=A0 =E2=80=A2 Security margin remains: 944 bits (92.19%)
>
> =3D=3D BACKWARD COMPATIBILITY =3D=3D
> Phase | Legacy Wallets =C2=A0 =C2=A0 =C2=A0 | QR Wallets
> ------|---------------------|------------------------
> 1 =C2=A0 =C2=A0 | Full functionality =C2=A0| Can receive/send both types
> 2 =C2=A0 =C2=A0 | Can only send to QR | Full functionality
> 3+ =C2=A0 =C2=A0| Frozen funds =C2=A0 =C2=A0 =C2=A0 =C2=A0| Only QR trans=
actions valid
>
> =3D=3D DEPLOYMENT =3D=3D
> Activation Mechanism:
> - Speedy Trial (BIP-8) with 18-month timeout
> - 90% miner signaling threshold
>
> Monitoring:
> - QR adoption metrics published quarterly
> - Sunset delay requires proof of:
> =C2=A0 =E2=80=A2 <70% exchange/wallet adoption
> =C2=A0 =E2=80=A2 Fundamental flaws in NIST PQC standards
>
> =3D=3D STAKEHOLDER IMPACT =3D=3D
> Group =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 | Action Required =C2=A0 =C2=A0 =
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 | Timeline
> ----------------|-------------------------------|-------------------
> Miners =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0| Upgrade nodes for QR rules =C2=
=A0 =C2=A0| Phase 1 activation
> Exchanges =C2=A0 =C2=A0 =C2=A0 | Implement QR withdrawals =C2=A0 =C2=A0 |=
Within 18 months of=20
> Phase 1
> Hardware Wallets| Firmware updates for QR sigs | Before Phase 2
> Light Clients =C2=A0 | SPV proofs for QR scripts =C2=A0 =C2=A0| Phase 3 r=
eadiness
>
> =3D=3D REFERENCES =3D=3D
> - SPHINCS+ Implementation:=20
> https://github.com/bitcoin-foundation/Quantum-Resistant-Bitcoin
> - (FIPS 205)=C2=A0SLH-DSA:=20
> https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.205.pdf
> - Schnorr Signatures: BIP-0340
>
> =3D=3D COPYRIGHT =3D=3D
> MIT License
>
> ---
>
>
> This BIP presents an alternative quantum-resistant migration approach,=20
> primarily distinguished by its extended transition timeline to=20
> facilitate more comprehensive ecosystem adaptation.
>
> Key features:
> - Includes reference implementation of SPHINCS+-SHAKE256f=20
> (SLH-DSA-SHAKE-256f)
> - Provides comparative analysis against Bitcoin's current ECDSA scheme
> - Detailed technical specifications:
> https://github.com/bitcoin-foundation/Quantum-Resistant-Bitcoin
>
> Formatting note: This BIP draft prioritizes technical accuracy over=20
> visual polish.=C2=A0After incorporating feedback from this discussion, th=
e=20
> final version will be published to GitHub with proper Markdown formatting=
.
>
> Feedback welcome from wallet developers, exchanges, miners, and=20
> security researchers.
> --=20
> You received this message because you are subscribed to the Google=20
> Groups "Bitcoin Development Mailing List" group.
> To unsubscribe from this group and stop receiving emails from it, send=20
> an email to bitcoindev+unsubscribe@googlegroups.com.
> To view this discussion visit=20
> https://groups.google.com/d/msgid/bitcoindev/4d6ecde7-e959-4e6c-a0aa-867a=
f8577151n%40googlegroups.com=20
> <https://groups.google.com/d/msgid/bitcoindev/4d6ecde7-e959-4e6c-a0aa-867=
af8577151n%40googlegroups.com?utm_medium=3Demail&utm_source=3Dfooter>.
--=20
You received this message because you are subscribed to the Google Groups "=
Bitcoin Development Mailing List" group.
To unsubscribe from this group and stop receiving emails from it, send an e=
mail to bitcoindev+unsubscribe@googlegroups.com.
To view this discussion visit https://groups.google.com/d/msgid/bitcoindev/=
284507c2-b5d1-45a5-849f-408d3bf364a6%40murch.one.
|
