96/ccf283f46134b71e0d35bf2eb9308f453c565f


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176

Delivery-date: Wed, 01 Jan 2025 04:25:28 -0800
Received: from mail-qt1-f183.google.com ([209.85.160.183])
	by mail.fairlystable.org with esmtps  (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
	(Exim 4.94.2)
	(envelope-from <bitcoindev+bncBDZ3NVEJ5UFBBLXI2S5QMGQEZH5KOIA@googlegroups.com>)
	id 1tSxmx-0006ZE-Hf
	for bitcoindev@gnusha.org; Wed, 01 Jan 2025 04:25:27 -0800
Received: by mail-qt1-f183.google.com with SMTP id d75a77b69052e-467982f8816sf232730101cf.1
        for <bitcoindev@gnusha.org>; Wed, 01 Jan 2025 04:25:27 -0800 (PST)
ARC-Seal: i=2; a=rsa-sha256; t=1735734321; cv=pass;
        d=google.com; s=arc-20240605;
        b=XL0CPLxi65t26KHN21JUW2ccp2TSiZ+d1ijjw1QGcU+LGJ7s9EXudAWmjfmEI2BpFF
         VeeCsgwyNiYRHTo5AKCiSCVKATBWkaCYbBlNVC1UG2KFVFcr0fthJdjr9s04VHczX5vz
         wE5bUc2ZWU21E/sb4aqM9bsozebUG598CwiQcTLzCeO31uySqn4sfsIShZ6TUefJHEbY
         aM6cmSd4PnAw/wjaE6F+rNq0KiA+MlSBnBjbXFJHclyxhC7j3sgZZaSbPCRqKJfCngpW
         w1LWEqpWaWupTi3L3HShOBReqZlLzS3Vo26VYmNQfg4aCEVED0K+GIJBzPuLwurpKcX+
         axoQ==
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605;
        h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post
         :list-id:mailing-list:precedence:message-id:references:in-reply-to
         :subject:cc:to:from:date:mime-version:sender:dkim-signature;
        bh=iPwORE1KhPqZ5gNiDuJ3tsKN053aH56pNQgYVG8MMxQ=;
        fh=astGKPSuxfkAYCS52awD+dB1lUfMO5ywhcnzXhfXDaM=;
        b=V+dBn6KKU2U0qvFd/C+yCfnM2ypcFt8D97H0w2SRRps/1mO0XOpIA96ZQJgn95U6jH
         zGg7f9YheIaCDiTKfd4PPG/Qb4fpxyAsEScF/8q4X5Ol1r6aLxUugJOUBhLfdO/q4rfY
         YQl1+dEFlAM9Z9PXpstGNT3fCNXmkifKa6ZEw4HHajSs+1knNMOZhXKmmZoOZDnJkrEm
         LTdFxBElBC+9gj+me/kNBdStlOu+iRcdFpo3yT6d/U2TCe4degoyce2UGhVZTPOnBrRo
         SkY7EizZ8RsqbbEcjxLmc9LyjeFCiR2uUYTc0iM5JOhAbf4fcb9nIzto+jlhagsH2FQp
         zZTA==;
        darn=gnusha.org
ARC-Authentication-Results: i=2; gmr-mx.google.com;
       spf=pass (google.com: domain of dave@dtrt.org designates 208.79.240.5 as permitted sender) smtp.mailfrom=dave@dtrt.org
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=googlegroups.com; s=20230601; t=1735734321; x=1736339121; darn=gnusha.org;
        h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post
         :list-id:mailing-list:precedence:x-original-authentication-results
         :x-original-sender:message-id:references:in-reply-to:subject:cc:to
         :from:date:mime-version:sender:from:to:cc:subject:date:message-id
         :reply-to;
        bh=iPwORE1KhPqZ5gNiDuJ3tsKN053aH56pNQgYVG8MMxQ=;
        b=O2ZyFXvmEv9+0DQF9f1wuHqfUCR6ZU4RAiQVvXqBO2zoaW6Vwgtg55Vp9feuyhaU/l
         FiPTxrH+urqAB/OiYq960MI/+8WhBFZ3N0GtUqcYP/UADKKP45qfIjPvo8UgqEPsMu4z
         1B6rAJUOiahtGOAcFV9MJS2F5olNrW//+K5JSDF/UIxAf6ufNGsWBIfl4STbg9en2ZEa
         jwt2k4n2mE9yW/3I+Y0fvltsnmMZtCrtuqeF7V8VKaOOgd9af1ilB5BCT38tAiturgAV
         J8H5HpQYnaQrhwHRCITgYT1PhGogA47aQ8n8vQRU1eroZ0DGS+GqmWfO/qK2oCTRAr3I
         q61Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1735734321; x=1736339121;
        h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post
         :list-id:mailing-list:precedence:x-original-authentication-results
         :x-original-sender:message-id:references:in-reply-to:subject:cc:to
         :from:date:mime-version:x-beenthere:x-gm-message-state:sender:from
         :to:cc:subject:date:message-id:reply-to;
        bh=iPwORE1KhPqZ5gNiDuJ3tsKN053aH56pNQgYVG8MMxQ=;
        b=feABcOyg8JYBkayoLSbmsInlSI3Kmkh2s2qOijv8RgKAklW7BJ5tFCkp0IsuHm+6ZJ
         u2g3G5XPLD66XPYmkQoV8f9PfbBYwZFky0gwzWJxLo+eG7mXnkvT5GGOS41thpn37+tk
         ouQFmOl5TsF9gmxxj+mtswu7gVvFgssAnPSh5DbrSRE3HDwHhs7cJkN7YSMUmAJ1eP8+
         PriGj3x8oMsT8K8DHzKCbCV3ZoYTZEzjgO6Mc7QnAKlbbISHLzxtZ7l/ZVnO8M0Suuyc
         4qi3+eXabVXlAIQzZg6qI9vUNK8HFJs8D6hH89uuRfuNvd1d6PqrD2P3u/QaaJH3pDFb
         KtDQ==
Sender: bitcoindev@googlegroups.com
X-Forwarded-Encrypted: i=2; AJvYcCXPonrWbdu3jzqrpLJP1J5V4+rLRBniA50PGyh4vF33YLZFRII766aueW3iy50ZxyLzQhYe4hKd83Hx@gnusha.org
X-Gm-Message-State: AOJu0YxIK/MWX6vt5lvREA12KuL3WtbV18ejHKD9o9qXjCVj0cthdSJN
	m+YBmlBi+IAO+Vll4pVOOCz+Kikxv/jC1oTFa6cTYlBaW/vcNtHS
X-Google-Smtp-Source: AGHT+IH5iU8pu4o7P7GQtX2KfmBha/Jx1XgjXPBhgvJXUVY+YVdSsnHfhybnnyBGa+eDVWqBEk44Yg==
X-Received: by 2002:a05:622a:13:b0:466:b2c9:fb00 with SMTP id d75a77b69052e-46a4a8c1c27mr715686511cf.3.1735734320951;
        Wed, 01 Jan 2025 04:25:20 -0800 (PST)
X-BeenThere: bitcoindev@googlegroups.com
Received: by 2002:ac8:5246:0:b0:466:a845:1c8f with SMTP id d75a77b69052e-46a3b16943dls29770071cf.1.-pod-prod-02-us;
 Wed, 01 Jan 2025 04:25:18 -0800 (PST)
X-Received: by 2002:a05:620a:800f:b0:7b6:dc4f:8872 with SMTP id af79cd13be357-7b9ba82b0f3mr6617884885a.56.1735734317921;
        Wed, 01 Jan 2025 04:25:17 -0800 (PST)
Received: by 2002:a05:620a:1258:b0:7b6:d72a:7c26 with SMTP id af79cd13be357-7b9ab36d14ems85a;
        Wed, 1 Jan 2025 00:37:40 -0800 (PST)
X-Received: by 2002:a17:907:97c5:b0:aac:431:4ee7 with SMTP id a640c23a62f3a-aac2883fe8fmr3925252566b.5.1735720658366;
        Wed, 01 Jan 2025 00:37:38 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1735720658; cv=none;
        d=google.com; s=arc-20240605;
        b=A7AKIcga3IkP9EHjD1jzGbeBwvQZDB3YHufO41qHJbg6DsgaAgzMWQ590w3jJzRo+b
         l1UNvpV7/PEw8IDSOEdRydD957UXKsbaTZc3JX/J41Wb32fCa8NoM/PXXxgQ1jBkyJIy
         N9hshcBdyU1DvtkFsG2ODOYKvySD2dtKKORcUdMA3EXzyzWBUyR+zq/+soEr+f+IqJHf
         mDwqh8hVNSBepm5KKPcu4euQK/+cXipUtPT8XU1uxgkByXnC3npy1M16LVhtjYQ2o4Pm
         vTVEvwBLUyP0daB/piVzo8eFj223CV4krujM9tZ9UO1qvDUBvsJJvlK6puhyGZsJPIkz
         IJgQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605;
        h=content-transfer-encoding:message-id:references:in-reply-to:subject
         :cc:to:from:date:mime-version;
        bh=roH+9JKzep2MRJLugvvb33kg2IqMayU/d3GjJmSQKvs=;
        fh=xW8bxyqQYHE1uH3XvdCMfZVppoYs0vQZCdqgnVz97es=;
        b=Y8+TFHK80eDM2Qn6ya1hHghZk8C7O3FOHL8cnk/fHuE0Ab1wdQpihMUXGPilai0/TB
         R3a3CBnPlMBsZIu3sxnEf6nOYb2b5O8JlpqEA3qM6dYkgRCMscEwBlgVI631nZ37nza7
         uHmtHu1WgO/uShy5niescirQV4Z2VDstLMtjokiWJRDO8GkTd+aApY7lyPjjWLPL7Dga
         M8tkAO9zwUWfSLuf/qC44y4J2YzBtp78iQcKp+dmTArrYQanl7rKriz9/BGqu8B4E4KI
         xiqoFf8bW5Xzt07X31A6ypVqrDU+dBzsQIV/bmBfnmk2R0TOcaoYQxkafawE4/esOgwe
         eAPQ==;
        dara=google.com
ARC-Authentication-Results: i=1; gmr-mx.google.com;
       spf=pass (google.com: domain of dave@dtrt.org designates 208.79.240.5 as permitted sender) smtp.mailfrom=dave@dtrt.org
Received: from smtpauth.rollernet.us (smtpauth.rollernet.us. [208.79.240.5])
        by gmr-mx.google.com with ESMTPS id a640c23a62f3a-aac0e4a7bbdsi33693366b.0.2025.01.01.00.37.38
        for <bitcoindev@googlegroups.com>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Wed, 01 Jan 2025 00:37:38 -0800 (PST)
Received-SPF: pass (google.com: domain of dave@dtrt.org designates 208.79.240.5 as permitted sender) client-ip=208.79.240.5;
Received: from smtpauth.rollernet.us (localhost [127.0.0.1])
	by smtpauth.rollernet.us (Postfix) with ESMTP id F0DBC280184D;
	Wed,  1 Jan 2025 00:37:34 -0800 (PST)
Received: from webmail.rollernet.us (webmail.rollernet.us [IPv6:2607:fe70:0:14::a])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256)
	(Client did not present a certificate)
	by smtpauth.rollernet.us (Postfix) with ESMTPSA;
	Wed,  1 Jan 2025 00:37:34 -0800 (PST)
MIME-Version: 1.0
Date: Tue, 31 Dec 2024 22:37:33 -1000
From: "David A. Harding" <dave@dtrt.org>
To: Matt Corallo <lf-lists@mattcorallo.com>
Cc: Bitcoin Development Mailing List <bitcoindev@googlegroups.com>
Subject: Re: [bitcoindev] Trivial QC signatures with clean upgrade path
In-Reply-To: <c2684826-6c93-419b-9a96-c0f0a791c9ac@mattcorallo.com>
References: <c2684826-6c93-419b-9a96-c0f0a791c9ac@mattcorallo.com>
Message-ID: <0cc71aac9218942a1674fa25990c37a1@dtrt.org>
X-Sender: dave@dtrt.org
Content-Type: text/plain; charset="UTF-8"; format=flowed
X-Rollernet-Abuse: mailto:abuse@rollernet.us https://www.rollernet.us/policy
X-Rollernet-Submit: Submit ID 6560.6774fece.3786.0
X-Original-Sender: dave@dtrt.org
X-Original-Authentication-Results: gmr-mx.google.com;       spf=pass
 (google.com: domain of dave@dtrt.org designates 208.79.240.5 as permitted
 sender) smtp.mailfrom=dave@dtrt.org
Precedence: list
Mailing-list: list bitcoindev@googlegroups.com; contact bitcoindev+owners@googlegroups.com
List-ID: <bitcoindev.googlegroups.com>
X-Google-Group-Id: 786775582512
List-Post: <https://groups.google.com/group/bitcoindev/post>, <mailto:bitcoindev@googlegroups.com>
List-Help: <https://groups.google.com/support/>, <mailto:bitcoindev+help@googlegroups.com>
List-Archive: <https://groups.google.com/group/bitcoindev
List-Subscribe: <https://groups.google.com/group/bitcoindev/subscribe>, <mailto:bitcoindev+subscribe@googlegroups.com>
List-Unsubscribe: <mailto:googlegroups-manage+786775582512+unsubscribe@googlegroups.com>,
 <https://groups.google.com/group/bitcoindev/subscribe>
X-Spam-Score: -0.8 (/)

On 2024-12-15 11:42, Matt Corallo wrote:
> wallets simply need to construct their taproot outputs to always 
> contain a script-path alternative spending condition.

If wallets simply construct their regular or alternative spending 
conditions with a QC-secure commitment to a secret preimage, they can 
use the variation of Guy Fawkes signatures described by Tim Ruffing in 
the original 2018 thread about taproot[1] and expanded by him about a 
month later.[2]  E.g., as a backup to your keypath spend, you include a 
scriptpath that is: <key> OP_CHECKSIGVERIFY OP_HASH256 <digest> 
OP_CHECKEQUAL.

This has the disadvantages of requiring a fork[3] in case QCs become a 
reality and delaying the spend of any taproot output after the QC crisis 
by 100 blocks or more---but the advantage of not requiring any 
specification work or consensus changes now (saving lazy people like me 
from having to learn anything about post-quantum cryptosystems).

-Dave

[1] 
https://gnusha.org/pi/bitcoindev/1516786100.2567.18.camel@mmci.uni-saarland.de/
[2] 
https://gnusha.org/pi/bitcoindev/1518710367.3550.111.camel@mmci.uni-saarland.de/
[3] Ruffing describes it as a hard fork, but it sounds to me like a soft 
fork.  It would break pruned nodes that upgraded after the soft fork 
activated, though, requiring them to re-download and re-scan all blocks 
since the activation.

-- 
You received this message because you are subscribed to the Google Groups "Bitcoin Development Mailing List" group.
To unsubscribe from this group and stop receiving emails from it, send an email to bitcoindev+unsubscribe@googlegroups.com.
To view this discussion visit https://groups.google.com/d/msgid/bitcoindev/0cc71aac9218942a1674fa25990c37a1%40dtrt.org.