summaryrefslogtreecommitdiff
path: root/7b/b9581a2cb99fd690fd6e5ecc4fd7c4ab7e1c6e
blob: b0eadcdeff38df99ff03b7806d77d039c87e1099 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
Delivery-date: Fri, 14 Jun 2024 07:15:36 -0700
Received: from mail-yw1-f190.google.com ([209.85.128.190])
	by mail.fairlystable.org with esmtps  (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
	(Exim 4.94.2)
	(envelope-from <bitcoindev+bncBC747DER7EGRB75AWGZQMGQEJS7ZYGI@googlegroups.com>)
	id 1sI7iJ-0007tN-Fa
	for bitcoindev@gnusha.org; Fri, 14 Jun 2024 07:15:35 -0700
Received: by mail-yw1-f190.google.com with SMTP id 00721157ae682-62fb4a1f7bfsf46849827b3.3
        for <bitcoindev@gnusha.org>; Fri, 14 Jun 2024 07:15:35 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=googlegroups.com; s=20230601; t=1718374529; x=1718979329; darn=gnusha.org;
        h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post
         :list-id:mailing-list:precedence:x-original-sender:mime-version
         :subject:references:in-reply-to:message-id:to:from:date:sender:from
         :to:cc:subject:date:message-id:reply-to;
        bh=jJC+Xw3aFjWlzjeJgicl5C+goMksSH+mL3lghvUM4zA=;
        b=dA5c+0mCdtCYV3hNGnAtnuPpJf0rLsvatPYL4SYXWwc4/lWAeUYikyjW/AIx071O5p
         rxJ960vT9HGI4FPXT8DumrlwdvtqFYHhoAeOt4NbbY9WIoNwDwROfL9EhFPaQw6VwLlg
         ys/saieiJ/zRUU4TIO+HSw+WMarVDzFKorr4RUEM7bqMIOCvmH7jcOdBEOUG/1O64vSN
         4yXXqPnQwT00tzFMuB5wkcGCpIQpqlVVMI0FFQT/g0AsfHevcYePntCi1X/Q5dAfXNaP
         e+Co2IV/dTShmRTa9WxMGD4qS97LBXSr9KUyPfJPzUr09yxUb1GNlU+LkBrzv48VE8Ad
         17dQ==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20230601; t=1718374529; x=1718979329; darn=gnusha.org;
        h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post
         :list-id:mailing-list:precedence:x-original-sender:mime-version
         :subject:references:in-reply-to:message-id:to:from:date:from:to:cc
         :subject:date:message-id:reply-to;
        bh=jJC+Xw3aFjWlzjeJgicl5C+goMksSH+mL3lghvUM4zA=;
        b=MDWU/rYKsx6M+yXygNS/qcf2Bh4sn3l/vHcEKN52Cd9dLRUoyv3Sh8H4eBQABAtYex
         b0z2xbevCO26xd//2Xu9H3gcYrR5o1E8J7g5/9wrEdSbQ5ESAC5NnLUdaMxGXkfcAVhX
         ngFID0BQGDVqJtwR1r8XRvo7d3Ae4B+UdQ0m0o+dZhfvknyfi5x6PLeVkisXbmbZmmeY
         xPB6DG1EVw2r+eIujeoZBb3Ysjco8Q9GW0EvnPjOOLqNEWjsvd4flKZX1jsvNAVM31C4
         BqzZiHpsPTyTOJCQziuRUSKTIUf/f9dNouryyunpZUbGnlvoT6wDr+t86kPOpH0drhiD
         hqXg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1718374529; x=1718979329;
        h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post
         :list-id:mailing-list:precedence:x-original-sender:mime-version
         :subject:references:in-reply-to:message-id:to:from:date:x-beenthere
         :x-gm-message-state:sender:from:to:cc:subject:date:message-id
         :reply-to;
        bh=jJC+Xw3aFjWlzjeJgicl5C+goMksSH+mL3lghvUM4zA=;
        b=T56Aqf5EaGX86DZpE2QC+X68iITX61pocU7G2Gp8tz8YqYMnvxEjvDOFZl/Q7RDRXC
         7uizTJQgic1/GjCjzcco9tu6XcmIq2l1klIuqZomPYoAbJLHxIb3Oafc8OYQO5vqhKbq
         ZNkpPlMiaGBZzzXuSONc7smJ19Zok3CfzSHuT8vjGhXnrM7jq/9kgUA+ioBLhwHEXQ5O
         o8fzjHh+iG78rKzzdtPJE3lRYdOzi8vMiuatKau+85/NAfRMhjEL9u5GCN/sLgeDxMP6
         5odeg96gfPsehfbPt863xtLHOpuxxHlE6krMTVHjK2VLlBPly90jF99ZtGnox+AUHMdx
         kiSw==
Sender: bitcoindev@googlegroups.com
X-Forwarded-Encrypted: i=1; AJvYcCWZwF5VMm+jjKu0qnl+JmZBA8JmZWGf2gwz3EZb2NuietrcSb6WTHrD5HAkszKuKqV6V7kbwdtC8+vgx93g1ZLJ7tsRQJc=
X-Gm-Message-State: AOJu0YyI2R4a6aAb3to+/9NO0eKe+3H3k0gYjAAJz6YnsOjRmwedh9U9
	N/r8DGl6bi7SQyNel0WzLTQy8LwG+qAd2L7+niiWsS3LQpFAGDL4
X-Google-Smtp-Source: AGHT+IECavU9Z8LVSc1cBQctFCuZCUOBw01UgUi3qah4vgwdsNFElLBXCjtG7HVexM/3jOQCRmyE4Q==
X-Received: by 2002:a25:8187:0:b0:dfa:599e:8b6c with SMTP id 3f1490d57ef6-dff153b3260mr2565094276.25.1718374529218;
        Fri, 14 Jun 2024 07:15:29 -0700 (PDT)
X-BeenThere: bitcoindev@googlegroups.com
Received: by 2002:a05:6902:1249:b0:dfe:54e6:8233 with SMTP id
 3f1490d57ef6-dfefe6e2bacls3055175276.0.-pod-prod-08-us; Fri, 14 Jun 2024
 07:15:27 -0700 (PDT)
X-Received: by 2002:a05:6902:136d:b0:dfa:5a22:c4d4 with SMTP id 3f1490d57ef6-dff15468d20mr480747276.12.1718374527035;
        Fri, 14 Jun 2024 07:15:27 -0700 (PDT)
Received: by 2002:a81:fe08:0:b0:627:7f59:2eee with SMTP id 00721157ae682-63219bff5c8ms7b3;
        Fri, 14 Jun 2024 06:51:09 -0700 (PDT)
X-Received: by 2002:a05:690c:d87:b0:61b:791a:9850 with SMTP id 00721157ae682-6322480e75dmr6559907b3.9.1718373068103;
        Fri, 14 Jun 2024 06:51:08 -0700 (PDT)
Date: Fri, 14 Jun 2024 06:51:07 -0700 (PDT)
From: Pierre-Luc Dallaire-Demers <dallairedemers@gmail.com>
To: Bitcoin Development Mailing List <bitcoindev@googlegroups.com>
Message-Id: <b3561407-483e-46cd-b5e9-d6d48f8dca93n@googlegroups.com>
In-Reply-To: <62fd28ab-e8b5-4cfc-b5ae-0d5a033af057n@googlegroups.com>
References: <62fd28ab-e8b5-4cfc-b5ae-0d5a033af057n@googlegroups.com>
Subject: [bitcoindev] Re: Proposing a P2QRH BIP towards a quantum resistant
 soft fork
MIME-Version: 1.0
Content-Type: multipart/mixed; 
	boundary="----=_Part_13076_600048989.1718373067734"
X-Original-Sender: dallairedemers@gmail.com
Precedence: list
Mailing-list: list bitcoindev@googlegroups.com; contact bitcoindev+owners@googlegroups.com
List-ID: <bitcoindev.googlegroups.com>
X-Google-Group-Id: 786775582512
List-Post: <https://groups.google.com/group/bitcoindev/post>, <mailto:bitcoindev@googlegroups.com>
List-Help: <https://groups.google.com/support/>, <mailto:bitcoindev+help@googlegroups.com>
List-Archive: <https://groups.google.com/group/bitcoindev
List-Subscribe: <https://groups.google.com/group/bitcoindev/subscribe>, <mailto:bitcoindev+subscribe@googlegroups.com>
List-Unsubscribe: <mailto:googlegroups-manage+786775582512+unsubscribe@googlegroups.com>,
 <https://groups.google.com/group/bitcoindev/subscribe>
X-Spam-Score: -0.5 (/)

------=_Part_13076_600048989.1718373067734
Content-Type: multipart/alternative; 
	boundary="----=_Part_13077_601844276.1718373067734"

------=_Part_13077_601844276.1718373067734
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

SQIsign is blockchain friendly but also very new, I would recommend adding=
=20
a hash-based backup key in case an attack on SQIsign is found in the future=
=20
(recall that SIDH broke over the span of a=20
weekend https://eprint.iacr.org/2022/975.pdf).
Backup keys can be added in the form of a Merkle tree where one branch=20
would contain the SQIsign public key and the other the public key of the=20
recovery hash-based scheme. For most transactions it would only add one bit=
=20
to specify the SQIsign branch.
The hash-based method could be Sphincs+, which is standardized by NIST but=
=20
requires adding extra code, or Lamport, which is not standardized but can=
=20
be verified on-chain with OP-CAT.

On Sunday, June 9, 2024 at 12:07:16=E2=80=AFp.m. UTC-4 Hunter Beast wrote:

> The motivation for this BIP is to provide a concrete proposal for adding=
=20
> quantum resistance to Bitcoin. We will need to pick a signature algorithm=
,=20
> implement it, and have it ready in event of quantum emergency. There will=
=20
> be time to adopt it. Importantly, this first step is a more substantive=
=20
> answer to those with concerns beyond, "quantum computers may pose a threa=
t,=20
> but we likely don't have to worry about that for a long time". Bitcoin=20
> development and activation is slow, so it's important that those with low=
=20
> time preference start discussing this as a serious possibility sooner=20
> rather than later.
>
> This is meant to be the first in a series of BIPs regarding a hypothetica=
l=20
> "QuBit" soft fork. The BIP is intended to propose concrete solutions, eve=
n=20
> if they're early and incomplete, so that Bitcoin developers are aware of=
=20
> the existence of these solutions and their potential.
>
> This is just a rough draft and not the finished BIP. I'd like to validate=
=20
> the approach and hear if I should continue working on it, whether serious=
=20
> changes are needed, or if this truly isn't a worthwhile endeavor right no=
w.
>
> The BIP can be found here:
> https://github.com/cryptoquick/bips/blob/p2qrh/bip-p2qrh.mediawiki
>
> Thank you for your time.
>
>

--=20
You received this message because you are subscribed to the Google Groups "=
Bitcoin Development Mailing List" group.
To unsubscribe from this group and stop receiving emails from it, send an e=
mail to bitcoindev+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/=
bitcoindev/b3561407-483e-46cd-b5e9-d6d48f8dca93n%40googlegroups.com.

------=_Part_13077_601844276.1718373067734
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

SQIsign is blockchain friendly but also very new, I would recommend adding =
a hash-based backup key in case an attack on SQIsign is found in the future=
 (recall that SIDH broke over the span of a weekend=C2=A0https://eprint.iac=
r.org/2022/975.pdf).<div>Backup keys can be added in the form of a Merkle t=
ree where one branch would contain the SQIsign public key and the other the=
 public key of the recovery hash-based scheme. For most transactions it wou=
ld only add one bit to specify the SQIsign branch.</div><div>The hash-based=
 method could be Sphincs+, which is standardized by NIST but requires addin=
g extra code, or Lamport, which is not standardized but can be verified on-=
chain with OP-CAT.<br /><br /></div><div class=3D"gmail_quote"><div dir=3D"=
auto" class=3D"gmail_attr">On Sunday, June 9, 2024 at 12:07:16=E2=80=AFp.m.=
 UTC-4 Hunter Beast wrote:<br/></div><blockquote class=3D"gmail_quote" styl=
e=3D"margin: 0 0 0 0.8ex; border-left: 1px solid rgb(204, 204, 204); paddin=
g-left: 1ex;">The motivation for this BIP is to provide a concrete proposal=
 for adding quantum resistance to Bitcoin. We will need to pick a signature=
 algorithm, implement it, and have it ready in event of quantum emergency. =
There will be time to adopt it. Importantly, this first step is a more subs=
tantive answer to those with concerns beyond, &quot;quantum computers may p=
ose a threat, but we likely don&#39;t have to worry about that for a long t=
ime&quot;. Bitcoin development and activation is slow, so it&#39;s importan=
t that those with low time preference start discussing this as a serious po=
ssibility sooner rather than later.<br><br>This is meant to be the first in=
 a series of BIPs regarding a hypothetical &quot;QuBit&quot; soft fork. The=
 BIP is intended to propose concrete solutions, even if they&#39;re early a=
nd incomplete, so that Bitcoin developers are aware of the existence of the=
se solutions and their potential.<br><br>This is just a rough draft and not=
 the finished BIP. I&#39;d like to validate the approach and hear if I shou=
ld continue working on it, whether serious changes are needed, or if this t=
ruly isn&#39;t a worthwhile endeavor right now.<br><div><br></div><div>The =
BIP can be found here:</div><div><a href=3D"https://github.com/cryptoquick/=
bips/blob/p2qrh/bip-p2qrh.mediawiki" target=3D"_blank" rel=3D"nofollow" dat=
a-saferedirecturl=3D"https://www.google.com/url?hl=3Den-CA&amp;q=3Dhttps://=
github.com/cryptoquick/bips/blob/p2qrh/bip-p2qrh.mediawiki&amp;source=3Dgma=
il&amp;ust=3D1718459048701000&amp;usg=3DAOvVaw1VGhfaJXk9yhgoagfhKRz5">https=
://github.com/cryptoquick/bips/blob/p2qrh/bip-p2qrh.mediawiki</a><br></div>=
<div><br></div><div>Thank you for your time.</div><div><br></div></blockquo=
te></div>

<p></p>

-- <br />
You received this message because you are subscribed to the Google Groups &=
quot;Bitcoin Development Mailing List&quot; group.<br />
To unsubscribe from this group and stop receiving emails from it, send an e=
mail to <a href=3D"mailto:bitcoindev+unsubscribe@googlegroups.com">bitcoind=
ev+unsubscribe@googlegroups.com</a>.<br />
To view this discussion on the web visit <a href=3D"https://groups.google.c=
om/d/msgid/bitcoindev/b3561407-483e-46cd-b5e9-d6d48f8dca93n%40googlegroups.=
com?utm_medium=3Demail&utm_source=3Dfooter">https://groups.google.com/d/msg=
id/bitcoindev/b3561407-483e-46cd-b5e9-d6d48f8dca93n%40googlegroups.com</a>.=
<br />

------=_Part_13077_601844276.1718373067734--

------=_Part_13076_600048989.1718373067734--