1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
|
Delivery-date: Mon, 07 Jul 2025 08:28:14 -0700
Received: from mail-ot1-f63.google.com ([209.85.210.63])
by mail.fairlystable.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
(Exim 4.94.2)
(envelope-from <bitcoindev+bncBDSJ7DXSQ4PRBBGPV7BQMGQEUYWQOJA@googlegroups.com>)
id 1uYnlN-00042n-N8
for bitcoindev@gnusha.org; Mon, 07 Jul 2025 08:28:14 -0700
Received: by mail-ot1-f63.google.com with SMTP id 46e09a7af769-735abe7be85sf2774218a34.1
for <bitcoindev@gnusha.org>; Mon, 07 Jul 2025 08:28:13 -0700 (PDT)
ARC-Seal: i=2; a=rsa-sha256; t=1751902087; cv=pass;
d=google.com; s=arc-20240605;
b=BwBFD2VGHZWqUxUKAT3adP4bvsGh3GKOJ2GE3WfaCbQFjl6YOORZH+0mSqBxg3hXna
XPHeRJTapJIeGu92gVqvaL6YscRRGWb2QopmCv5MQFVfI32YYFq6sb7BoLujSOlj1AxV
MLRdp9YpOOYHHyGn6yDkUmuonNpbJJXcDEuj6aZJvYlgV4yKmf7kkESjwSvhPJnBoo+P
dS1suZ9bEG84ldpp2BS+m7ySeSIaBn+NuDEv+fwSx+5v1LGEENjReeNxIUX5RPEFH7aW
WvYBSlJ2i+grYUcV4Qt12WfMbIiCa8SO0m9sU0aFazhrwXVw2dNczZXPQvg150Xk0Us9
RItg==
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605;
h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post
:list-id:mailing-list:precedence:to:subject:message-id:date:from
:mime-version:sender:dkim-signature:dkim-signature;
bh=tDSQDrA/Sxf7tqiGX2nbipDbOzNjF9oJBwcCORqRsvc=;
fh=+75QBANSEkPM+v2MQnboy8HPuNpuy1qszHLZN8QqbyA=;
b=UJwD0a/osdMcja7JohmP4RUCHjSpRsO0Wd7xIfN27za5Tdi5oEuVSXSFLvvOs8WOEy
NiDSE/JdBv+iyt3etAqLA4yib5g/Ukp7stGf//CdJW5gjAavl/770UHkkLbn0ubQ5je4
TNUjGL8moZfTOR3EW57knA329CRdMyiWVabfm1ztTD3K4rfTh5lFh61RxpSnwNasQlzm
Bk1m6pBeMIZgIJnnrgFWq/vZ1wzxFHIBBOnIjkg1IPqJ6vSb3YELjP249gaYg3WNjTrB
CyWsNMY/nSWJQGZFozs3B6UA8/VuYMRbOIZbYUVoC/1ZzrfQVXxhhAe5JNSVHgsCK75K
90qw==;
darn=gnusha.org
ARC-Authentication-Results: i=2; gmr-mx.google.com;
dkim=pass header.i=@gmail.com header.s=20230601 header.b=A6HWgq5f;
spf=pass (google.com: domain of eth3rs@gmail.com designates 2a00:1450:4864:20::531 as permitted sender) smtp.mailfrom=eth3rs@gmail.com;
dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com;
dara=pass header.i=@googlegroups.com
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=googlegroups.com; s=20230601; t=1751902087; x=1752506887; darn=gnusha.org;
h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post
:list-id:mailing-list:precedence:x-original-authentication-results
:x-original-sender:to:subject:message-id:date:from:mime-version
:sender:from:to:cc:subject:date:message-id:reply-to;
bh=tDSQDrA/Sxf7tqiGX2nbipDbOzNjF9oJBwcCORqRsvc=;
b=cKj5DPLoeTY50u1FiE56IpxfDsC+qwkiekYr0o0ViPYYQHy+YcMKjdhrBRrExXH0sv
N0bdxrJb3/kzoNK2ZhJcTIRH/0wmxtQEDWihIdU5nj7HeZ+4hLzaSE/09pfkb/H/Rdvd
aa1TfipvyTSYCnHGRbmrRJ7XMY4Rp7R8w2vZxViMToCxi21hmS0BuK3RM4fHuRhmyGKm
e665KgtjU3GQUhJ2ZNdwaVivO6CRsWHt8VXYB0KGFtjKqdbz+DyE9SYA5Wkb6hT3qYHi
A3lWNY/0jmS6sZzq1lyN0REOX8LNcvzAO3rpdEEUd/VoM+NalJU97Qch4BOfNxV4suc5
ccCA==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=gmail.com; s=20230601; t=1751902087; x=1752506887; darn=gnusha.org;
h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post
:list-id:mailing-list:precedence:x-original-authentication-results
:x-original-sender:to:subject:message-id:date:from:mime-version:from
:to:cc:subject:date:message-id:reply-to;
bh=tDSQDrA/Sxf7tqiGX2nbipDbOzNjF9oJBwcCORqRsvc=;
b=C6exxJtfnUJOD2kSWbsRaeu7pafIV4dLNfOiNrUzRq5AGUa3pyQlZea5RSoiHxaBGM
FZSHZlU0EnsIwmq7i95VvHxZprnDzL0NGzWeEgx5ekK5mDjGZeBD0xA3gfdQI7qTt3qy
T1HrwgzxWNu4i55edT6++O5JAtw/53L2HWShEJyn1F2MYXLjVyMH2p8MufTDSYEo2bhM
qhGPSr/6BNFK834klXgvmu0IEXPlsI//uoK3w8hn6LdGkHdkHAxmzcYsdPhhdycNwgj/
9lSjEUSTcMM8xPw2yeUIYFVgewi7GYMWv+1tsPGtEUFEtnPZdCmGqgdYhNo0vUHW70iX
cmZA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20230601; t=1751902087; x=1752506887;
h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post
:list-id:mailing-list:precedence:x-original-authentication-results
:x-original-sender:to:subject:message-id:date:from:mime-version
:x-beenthere:x-gm-message-state:sender:from:to:cc:subject:date
:message-id:reply-to;
bh=tDSQDrA/Sxf7tqiGX2nbipDbOzNjF9oJBwcCORqRsvc=;
b=iRc4YoIbzu8ECqAKNfmw/dWzegTszCZkflNm0VTKsoKUnjafUuJlNpWzAHITziY8pc
SUPjBYwUhW6lPvGdt4YExoCBbcdGFita5HvrpPB8tlmxiFOyVuEsOfVEKmLkZHqCWzV9
gfMJUKKkuaW0QY7uLgNh3qJAqkGZfnCFIkfJQ17oXV5JD3zxKhHmJ2U0Lu31Es+l9T3h
w/4Ql2PUUH4eZ/Ifzww5Qj1RZbtfkyiQAbg3U6cAdxaTAQx6yUDBdJmPMIQV1OOqArbe
nbmYTEYYmv7mVdHD6f7gsirOG6k2/B2tiFhathAtw+0M7FRa+hCNoBxy2jmz9dhDiv8D
YIAw==
Sender: bitcoindev@googlegroups.com
X-Forwarded-Encrypted: i=2; AJvYcCU5ojlK8jhifZrAiff0WdvD30Cu4m5rdYsIEfdxIL4bgPCLvH7MP0y190CkXODhxE2ipOoavT6kRRsh@gnusha.org
X-Gm-Message-State: AOJu0YyEJDlE/wGMBfWqNSG00OFfsOYmXdeWnf4Rkp3R6hMQFbkxrYMR
LrkNN+oWoDZoq3D2NnKPATcMl2GL4MdbArGKCEPrsQsL4zVV4Cr7WJxg
X-Google-Smtp-Source: AGHT+IH3INfv+ayK0bZod7crSg6U+JyerP6c1Ccu0gjMN+8qJvBZZUrCiYA/Q7TfihTCSnszk2F+RA==
X-Received: by 2002:a05:6830:2c05:b0:73a:d3f6:8b22 with SMTP id 46e09a7af769-73ca0577d52mr8421982a34.11.1751902087516;
Mon, 07 Jul 2025 08:28:07 -0700 (PDT)
X-BeenThere: bitcoindev@googlegroups.com; h=AZMbMZd6lZNhFEUvZ50gBSobBthN4Xk3Vy8WcxAbeBMiNhpjNw==
Received: by 2002:a05:6870:5486:b0:2e8:f5c9:64cb with SMTP id
586e51a60fabf-2f79b14beb4ls1271462fac.0.-pod-prod-00-us; Mon, 07 Jul 2025
08:28:04 -0700 (PDT)
X-Received: by 2002:a05:6808:6d8d:b0:401:e9e:5042 with SMTP id 5614622812f47-40d02a56551mr10270979b6e.15.1751902084037;
Mon, 07 Jul 2025 08:28:04 -0700 (PDT)
Received: by 2002:a50:ccde:0:b0:609:bcd7:3415 with SMTP id 4fb4d7f45d1cf-60c86878d63msa12;
Mon, 7 Jul 2025 08:23:28 -0700 (PDT)
X-Received: by 2002:a05:6402:1d54:b0:5f3:26bb:8858 with SMTP id 4fb4d7f45d1cf-60fd6e5c176mr11701598a12.34.1751901806463;
Mon, 07 Jul 2025 08:23:26 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1751901806; cv=none;
d=google.com; s=arc-20240605;
b=eOS/2x8xrFA4SRiOdhm2B1vYK02T8VI3L8USJR9Gs4nKwNlM5NEdJY0z3Y/PVhL/ZO
S5ZVUnvhhQlBDufuaerMlZamH/ArmjRG48cvE+tPuuh5k51DmQ1l+w8uk00e7iNc3ifv
FMpfpICFmgo4nT42T32rD7PXJx9sEPnlrLRxAcdejiPxF+4J4IzwhzMMCIpLm+TC1yEs
oNvWMp/TXHoIDNnNzwnVAPrxZOnxVVTQU0Oxpq4UzHHmrNoXIxbzit1p8EtNswisB1KS
BB6o7wujuCZexKNyUwEZQR4lkNFk/Iv+OhbqlgRHeKY7e687DhLWZ08HAg/oZXgCrqAU
ENfA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605;
h=to:subject:message-id:date:from:mime-version:dkim-signature;
bh=QSlSBp1WtEVckNkzG5WXMcxXZ4x54mohNH4+otF8ZuQ=;
fh=DMP0F9ULS1guKiqimntQRCN8ZraraesEgQuVcn7F0Z0=;
b=Ql4vgF1NMRkq56xKInKh50cpWN15x7lO/agrqB/nUg9WoOVETiMQbG+cgCsLd/uq93
dl8iS9Sd/L9lGFKLAb4WEaZgBxnFJhd0l7Sri91x37AhZ58JUuNkz3X5lN7azoVpTOeo
iCZ/uUQEyFqDBXwT1WXBKVLH4KKJFM5t/BNhoOnbZ0J8lv/OvURKZci2Is4RCnVsYhIx
18j9yEutW7Dr46xT8WD+qj1bNBb+JATOl6QoIduXJF00SkWJ1Vu4DghaeVckLE8C20RJ
JWNJPqn1g/gj9nmR81hFdAjM09B2tJEgMonzr4RLuls5B0dm45keAHqvTn5HXDsqf8la
sfuA==;
dara=google.com
ARC-Authentication-Results: i=1; gmr-mx.google.com;
dkim=pass header.i=@gmail.com header.s=20230601 header.b=A6HWgq5f;
spf=pass (google.com: domain of eth3rs@gmail.com designates 2a00:1450:4864:20::531 as permitted sender) smtp.mailfrom=eth3rs@gmail.com;
dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com;
dara=pass header.i=@googlegroups.com
Received: from mail-ed1-x531.google.com (mail-ed1-x531.google.com. [2a00:1450:4864:20::531])
by gmr-mx.google.com with ESMTPS id 4fb4d7f45d1cf-60fcb0cd7aesi261111a12.5.2025.07.07.08.23.26
for <bitcoindev@googlegroups.com>
(version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128);
Mon, 07 Jul 2025 08:23:26 -0700 (PDT)
Received-SPF: pass (google.com: domain of eth3rs@gmail.com designates 2a00:1450:4864:20::531 as permitted sender) client-ip=2a00:1450:4864:20::531;
Received: by mail-ed1-x531.google.com with SMTP id 4fb4d7f45d1cf-60bfcada295so5338078a12.1
for <bitcoindev@googlegroups.com>; Mon, 07 Jul 2025 08:23:26 -0700 (PDT)
X-Gm-Gg: ASbGnctRn/N4NnsyHKJnWVka6uoEpEcttwYs9IBxqAbVrPE+MvGXWYisv5/fIapRFdC
r53IvXdr/o1+tMlgkDihY587M4HuxZa36/Q5/ZOn30JJvbQ/YMqc6Vkhic6ch0TARAtnnEUWQmk
un+zb5AUfGQIk79CjZ+taTPRyu59x4gKcNhc31ecEdptg/6np22WNkaDveXICdGhwns0GJ+uCnT
/Z+
X-Received: by 2002:a17:907:6d04:b0:ae0:34d4:28a5 with SMTP id
a640c23a62f3a-ae3fe3dafd3mr1206116966b.0.1751901805357; Mon, 07 Jul 2025
08:23:25 -0700 (PDT)
MIME-Version: 1.0
From: Ethan Heilman <eth3rs@gmail.com>
Date: Mon, 7 Jul 2025 11:22:49 -0400
X-Gm-Features: Ac12FXw30TNsHGKX_gkcYMNTJkoXsCyosXovVBeq2YXOMSV_PqOQR1QRlZTw-vY
Message-ID: <CAEM=y+W=rtU2PLmHve6pUVkMQQmqT67KOg=9hp5oMspuHrgMow@mail.gmail.com>
Subject: [bitcoindev] Changes to BIP-360 - Pay to Quantum Resistant Hash (P2QRH)
To: Bitcoin Development Mailing List <bitcoindev@googlegroups.com>
Content-Type: multipart/alternative; boundary="000000000000ca30560639586cee"
X-Original-Sender: eth3rs@gmail.com
X-Original-Authentication-Results: gmr-mx.google.com; dkim=pass
header.i=@gmail.com header.s=20230601 header.b=A6HWgq5f; spf=pass
(google.com: domain of eth3rs@gmail.com designates 2a00:1450:4864:20::531 as
permitted sender) smtp.mailfrom=eth3rs@gmail.com; dmarc=pass (p=NONE
sp=QUARANTINE dis=NONE) header.from=gmail.com; dara=pass header.i=@googlegroups.com
Precedence: list
Mailing-list: list bitcoindev@googlegroups.com; contact bitcoindev+owners@googlegroups.com
List-ID: <bitcoindev.googlegroups.com>
X-Google-Group-Id: 786775582512
List-Post: <https://groups.google.com/group/bitcoindev/post>, <mailto:bitcoindev@googlegroups.com>
List-Help: <https://groups.google.com/support/>, <mailto:bitcoindev+help@googlegroups.com>
List-Archive: <https://groups.google.com/group/bitcoindev
List-Subscribe: <https://groups.google.com/group/bitcoindev/subscribe>, <mailto:bitcoindev+subscribe@googlegroups.com>
List-Unsubscribe: <mailto:googlegroups-manage+786775582512+unsubscribe@googlegroups.com>,
<https://groups.google.com/group/bitcoindev/subscribe>
X-Spam-Score: -0.5 (/)
--000000000000ca30560639586cee
Content-Type: text/plain; charset="UTF-8"
We made the following changes to BIP-360 (Pay to Quantum Resistant Hash) PR
<https://github.com/bitcoin/bips/pull/1670>:
-
P2QRH (Pay to Quantum Resistant Hash) is now taproot (P2TR) but with the
quantum vulnerable key-spend path removed.
-
PQ signatures have been moved to a future BIP (coming soon).
-
The plan for PQ signatures is to redefine OP_SUCCESSx opcodes:
OP_CHECKMLSIG
Below we go into these changes one by one, see BIP-360 PR for full
details (BIP-360
mediawiki render as of 7/7/2025
<https://github.com/bitcoin/bips/blob/a375b65e2df340915a74bff5401a8bc83472b1a3/bip-0360.mediawiki>
).
P2QRH is now script-spend only P2TR (taproot), i.e. no quantum vulnerable
key-spend. P2QRH outputs commit directly to the tapleaf merkle root
computed by taproot.
The scriptPubKey for a P2QRH output is:
OP_PUSHNUM_3 OP_PUSHBYTES_32 <tapleaf merkle root>
Advantages of this approach
1.
We can reuse taproot code, but just skip taptweak steps.
2.
Everyone who understands P2TR, already understands P2QRH.
3.
By supporting tapscript and tapleaf, it supports everything that
supports tapscript.
4.
P2QRH protects tapscript outputs against long-exposure attacks. This is
a big win because long-exposure attacks will be practical before
short-exposure attacks. Note: protecting against short-exposure attacks
requires PQ signatures.
5.
P2QRH gives us similar functionality as the much discussed option of
disabling key-spends in P2TR on Q-Day (when quantum attacks become
practical), but with the added benefit that the ecosystem can upgrade well
before Q-Day. This removes the risks of attempting a consensus change
during an emergency or acting too late.
We moved PQ signatures specification out of BIP-360 so that P2QRH can be
debated independently of the debate over PQ signature algorithms. This
allows us to move forward on P2QRH without forcing a commitment to any
particular algorithm.
BIP-360 includes a purely informational plan for adding PQ signature
algorithms to tapscript. This plan to add tapscript PQ signature
verification opcodes for ML-DSA (CRYSTALS-Dilithium) and SLH-DSA (SPHINCS+)
via OP_SUCCESSx. This allows separate activation of PQ signature algorithms
if desired and provides a pattern for adding new signature algorithms in
the future. No new tapleaf version needed. The full specification will be
given in a new BIP.
See BIP-360 for details.
Thanks,
Ethan and Hunter
--
You received this message because you are subscribed to the Google Groups "Bitcoin Development Mailing List" group.
To unsubscribe from this group and stop receiving emails from it, send an email to bitcoindev+unsubscribe@googlegroups.com.
To view this discussion visit https://groups.google.com/d/msgid/bitcoindev/CAEM%3Dy%2BW%3DrtU2PLmHve6pUVkMQQmqT67KOg%3D9hp5oMspuHrgMow%40mail.gmail.com.
--000000000000ca30560639586cee
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
<div dir=3D"ltr"><span id=3D"gmail-docs-internal-guid-f747c4dd-7fff-668f-55=
1d-e5f9f5f091ef"><p dir=3D"ltr" style=3D"line-height:1.38;margin-top:0pt;ma=
rgin-bottom:0pt"><span style=3D"font-size:11pt;font-family:Arial,sans-serif=
;color:rgb(0,0,0);background-color:transparent;font-variant-numeric:normal;=
font-variant-east-asian:normal;font-variant-alternates:normal;vertical-alig=
n:baseline">We made the following changes to </span><a href=3D"https://gith=
ub.com/bitcoin/bips/pull/1670" style=3D"text-decoration-line:none"><span st=
yle=3D"font-size:11pt;font-family:Arial,sans-serif;background-color:transpa=
rent;font-variant-numeric:normal;font-variant-east-asian:normal;font-varian=
t-alternates:normal;text-decoration-line:underline;vertical-align:baseline"=
>BIP-360 (Pay to Quantum Resistant Hash) PR</span></a><span style=3D"font-s=
ize:11pt;font-family:Arial,sans-serif;color:rgb(0,0,0);background-color:tra=
nsparent;font-variant-numeric:normal;font-variant-east-asian:normal;font-va=
riant-alternates:normal;vertical-align:baseline">:</span></p><br><ul style=
=3D"margin-top:0px;margin-bottom:0px"><li dir=3D"ltr" style=3D"list-style-t=
ype:disc;font-size:11pt;font-family:Arial,sans-serif;color:rgb(0,0,0);backg=
round-color:transparent;font-variant-numeric:normal;font-variant-east-asian=
:normal;font-variant-alternates:normal;vertical-align:baseline;white-space:=
pre"><p dir=3D"ltr" style=3D"line-height:1.38;margin-top:0pt;margin-bottom:=
0pt" role=3D"presentation"><span style=3D"font-size:11pt;background-color:t=
ransparent;font-variant-numeric:normal;font-variant-east-asian:normal;font-=
variant-alternates:normal;vertical-align:baseline">P2QRH (Pay to Quantum Re=
sistant Hash) is now taproot (P2TR) but with the quantum vulnerable key-spe=
nd path removed.</span></p></li><li dir=3D"ltr" style=3D"list-style-type:di=
sc;font-size:11pt;font-family:Arial,sans-serif;color:rgb(0,0,0);background-=
color:transparent;font-variant-numeric:normal;font-variant-east-asian:norma=
l;font-variant-alternates:normal;vertical-align:baseline;white-space:pre"><=
p dir=3D"ltr" style=3D"line-height:1.38;margin-top:0pt;margin-bottom:0pt" r=
ole=3D"presentation"><span style=3D"font-size:11pt;background-color:transpa=
rent;font-variant-numeric:normal;font-variant-east-asian:normal;font-varian=
t-alternates:normal;vertical-align:baseline">PQ signatures have been moved =
to a future BIP (coming soon).</span></p></li><li dir=3D"ltr" style=3D"list=
-style-type:disc;font-size:11pt;font-family:Arial,sans-serif;color:rgb(0,0,=
0);background-color:transparent;font-variant-numeric:normal;font-variant-ea=
st-asian:normal;font-variant-alternates:normal;vertical-align:baseline;whit=
e-space:pre"><p dir=3D"ltr" style=3D"line-height:1.38;margin-top:0pt;margin=
-bottom:0pt" role=3D"presentation"><span style=3D"font-size:11pt;background=
-color:transparent;font-variant-numeric:normal;font-variant-east-asian:norm=
al;font-variant-alternates:normal;vertical-align:baseline">The plan for PQ =
signatures is to redefine OP_SUCCESSx opcodes: OP_CHECKMLSIG</span></p></li=
></ul><br><p dir=3D"ltr" style=3D"line-height:1.38;margin-top:0pt;margin-bo=
ttom:0pt"><span style=3D"font-size:11pt;font-family:Arial,sans-serif;color:=
rgb(0,0,0);background-color:transparent;font-variant-numeric:normal;font-va=
riant-east-asian:normal;font-variant-alternates:normal;vertical-align:basel=
ine">Below we go into these changes one by one, see BIP-360 PR for full det=
ails (</span><a href=3D"https://github.com/bitcoin/bips/blob/a375b65e2df340=
915a74bff5401a8bc83472b1a3/bip-0360.mediawiki" style=3D"text-decoration-lin=
e:none"><span style=3D"font-size:11pt;font-family:Arial,sans-serif;backgrou=
nd-color:transparent;font-variant-numeric:normal;font-variant-east-asian:no=
rmal;font-variant-alternates:normal;text-decoration-line:underline;vertical=
-align:baseline">BIP-360 mediawiki render as of 7/7/2025</span></a>).</p><b=
r><p dir=3D"ltr" style=3D"line-height:1.38;margin-top:0pt;margin-bottom:0pt=
"><span style=3D"font-size:11pt;font-family:Arial,sans-serif;color:rgb(0,0,=
0);background-color:transparent;font-variant-numeric:normal;font-variant-ea=
st-asian:normal;font-variant-alternates:normal;vertical-align:baseline">P2Q=
RH is now script-spend only P2TR (taproot), i.e. no quantum vulnerable key-=
spend. P2QRH outputs commit directly to the tapleaf merkle root computed by=
taproot.</span><span style=3D"font-size:11pt;font-family:Arial,sans-serif;=
color:rgb(0,0,0);background-color:transparent;font-variant-numeric:normal;f=
ont-variant-east-asian:normal;font-variant-alternates:normal;vertical-align=
:baseline"><br></span><span style=3D"font-size:11pt;font-family:Arial,sans-=
serif;color:rgb(0,0,0);background-color:transparent;font-variant-numeric:no=
rmal;font-variant-east-asian:normal;font-variant-alternates:normal;vertical=
-align:baseline"><br></span><span style=3D"font-size:11pt;font-family:Arial=
,sans-serif;color:rgb(0,0,0);background-color:transparent;font-variant-nume=
ric:normal;font-variant-east-asian:normal;font-variant-alternates:normal;ve=
rtical-align:baseline">The scriptPubKey for a P2QRH output is:</span></p><p=
dir=3D"ltr" style=3D"line-height:1.38;margin-top:0pt;margin-bottom:0pt"><s=
pan style=3D"font-size:11pt;font-family:Arial,sans-serif;color:rgb(0,0,0);b=
ackground-color:transparent;font-variant-numeric:normal;font-variant-east-a=
sian:normal;font-variant-alternates:normal;vertical-align:baseline">OP_PUSH=
NUM_3 OP_PUSHBYTES_32 <tapleaf merkle root></span></p><br><p dir=3D"l=
tr" style=3D"line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style=
=3D"font-size:11pt;font-family:Arial,sans-serif;color:rgb(0,0,0);background=
-color:transparent;font-variant-numeric:normal;font-variant-east-asian:norm=
al;font-variant-alternates:normal;vertical-align:baseline">Advantages of th=
is approach</span></p><br><ol style=3D"margin-top:0px;margin-bottom:0px"><l=
i dir=3D"ltr" style=3D"list-style-type:decimal;font-size:11pt;font-family:A=
rial,sans-serif;color:rgb(0,0,0);background-color:transparent;font-variant-=
numeric:normal;font-variant-east-asian:normal;font-variant-alternates:norma=
l;vertical-align:baseline;white-space:pre"><p dir=3D"ltr" style=3D"line-hei=
ght:1.38;margin-top:0pt;margin-bottom:0pt" role=3D"presentation"><span styl=
e=3D"font-size:11pt;background-color:transparent;font-variant-numeric:norma=
l;font-variant-east-asian:normal;font-variant-alternates:normal;vertical-al=
ign:baseline">We can reuse taproot code, but just skip taptweak steps.</spa=
n></p></li><li dir=3D"ltr" style=3D"list-style-type:decimal;font-size:11pt;=
font-family:Arial,sans-serif;color:rgb(0,0,0);background-color:transparent;=
font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alt=
ernates:normal;vertical-align:baseline;white-space:pre"><p dir=3D"ltr" styl=
e=3D"line-height:1.38;margin-top:0pt;margin-bottom:0pt" role=3D"presentatio=
n"><span style=3D"font-size:11pt;background-color:transparent;font-variant-=
numeric:normal;font-variant-east-asian:normal;font-variant-alternates:norma=
l;vertical-align:baseline">Everyone who understands P2TR, already understan=
ds P2QRH.</span></p></li><li dir=3D"ltr" style=3D"list-style-type:decimal;f=
ont-size:11pt;font-family:Arial,sans-serif;color:rgb(0,0,0);background-colo=
r:transparent;font-variant-numeric:normal;font-variant-east-asian:normal;fo=
nt-variant-alternates:normal;vertical-align:baseline;white-space:pre"><p di=
r=3D"ltr" style=3D"line-height:1.38;margin-top:0pt;margin-bottom:0pt" role=
=3D"presentation"><span style=3D"font-size:11pt;background-color:transparen=
t;font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-a=
lternates:normal;vertical-align:baseline">By supporting tapscript and taple=
af, it supports everything that supports tapscript.</span></p></li><li dir=
=3D"ltr" style=3D"list-style-type:decimal;font-size:11pt;font-family:Arial,=
sans-serif;color:rgb(0,0,0);background-color:transparent;font-variant-numer=
ic:normal;font-variant-east-asian:normal;font-variant-alternates:normal;ver=
tical-align:baseline;white-space:pre"><p dir=3D"ltr" style=3D"line-height:1=
.38;margin-top:0pt;margin-bottom:0pt" role=3D"presentation"><span style=3D"=
font-size:11pt;background-color:transparent;font-variant-numeric:normal;fon=
t-variant-east-asian:normal;font-variant-alternates:normal;vertical-align:b=
aseline">P2QRH protects tapscript outputs against long-exposure attacks. Th=
is is a big win because long-exposure attacks will be practical before shor=
t-exposure attacks. Note: protecting against short-exposure attacks require=
s PQ signatures.</span></p></li><li dir=3D"ltr" style=3D"list-style-type:de=
cimal;font-size:11pt;font-family:Arial,sans-serif;color:rgb(0,0,0);backgrou=
nd-color:transparent;font-variant-numeric:normal;font-variant-east-asian:no=
rmal;font-variant-alternates:normal;vertical-align:baseline;white-space:pre=
"><p dir=3D"ltr" style=3D"line-height:1.38;margin-top:0pt;margin-bottom:0pt=
" role=3D"presentation"><span style=3D"font-size:11pt;background-color:tran=
sparent;font-variant-numeric:normal;font-variant-east-asian:normal;font-var=
iant-alternates:normal;vertical-align:baseline">P2QRH gives us similar func=
tionality as the much discussed option of disabling key-spends in P2TR on Q=
-Day (when quantum attacks become practical), but with the added benefit th=
at the ecosystem can upgrade well before Q-Day. This removes the risks of a=
ttempting a consensus change during an emergency or acting too late.</span>=
</p></li></ol><br><p dir=3D"ltr" style=3D"line-height:1.38;margin-top:0pt;m=
argin-bottom:0pt"><span style=3D"font-size:11pt;font-family:Arial,sans-seri=
f;color:rgb(0,0,0);background-color:transparent;font-variant-numeric:normal=
;font-variant-east-asian:normal;font-variant-alternates:normal;vertical-ali=
gn:baseline">We moved PQ signatures specification out of BIP-360 so that P2=
QRH can be debated independently of the debate over PQ signature algorithms=
. This allows us to move forward on P2QRH without forcing a commitment to a=
ny particular algorithm.</span><span style=3D"font-size:11pt;font-family:Ar=
ial,sans-serif;color:rgb(0,0,0);background-color:transparent;font-variant-n=
umeric:normal;font-variant-east-asian:normal;font-variant-alternates:normal=
;vertical-align:baseline"><br><br></span></p><p dir=3D"ltr" style=3D"line-h=
eight:1.38;margin-top:0pt;margin-bottom:0pt"><span style=3D"font-size:11pt;=
font-family:Arial,sans-serif;color:rgb(0,0,0);background-color:transparent;=
font-variant-numeric:normal;font-variant-east-asian:normal;font-variant-alt=
ernates:normal;vertical-align:baseline">BIP-360 includes a purely informati=
onal plan for adding PQ signature algorithms to tapscript. This plan to add=
tapscript PQ signature verification opcodes for ML-DSA (CRYSTALS-Dilithium=
) and SLH-DSA (SPHINCS+) via OP_SUCCESSx. This allows separate activation o=
f PQ signature algorithms if desired and provides a pattern for adding new =
signature algorithms in the future. No new tapleaf version needed. The full=
specification will be given in a new BIP.</span><span style=3D"font-size:1=
1pt;font-family:Arial,sans-serif;color:rgb(0,0,0);background-color:transpar=
ent;font-variant-numeric:normal;font-variant-east-asian:normal;font-variant=
-alternates:normal;vertical-align:baseline"><br><br></span></p><span style=
=3D"font-size:11pt;font-family:Arial,sans-serif;color:rgb(0,0,0);background=
-color:transparent;font-variant-numeric:normal;font-variant-east-asian:norm=
al;font-variant-alternates:normal;vertical-align:baseline">See BIP-360 for =
details.</span><span style=3D"font-size:11pt;font-family:Arial,sans-serif;c=
olor:rgb(0,0,0);background-color:transparent;font-variant-numeric:normal;fo=
nt-variant-east-asian:normal;font-variant-alternates:normal;vertical-align:=
baseline"><br></span><span style=3D"font-size:11pt;font-family:Arial,sans-s=
erif;color:rgb(0,0,0);background-color:transparent;font-variant-numeric:nor=
mal;font-variant-east-asian:normal;font-variant-alternates:normal;vertical-=
align:baseline"><br></span><span style=3D"font-size:11pt;font-family:Arial,=
sans-serif;color:rgb(0,0,0);background-color:transparent;font-variant-numer=
ic:normal;font-variant-east-asian:normal;font-variant-alternates:normal;ver=
tical-align:baseline">Thanks,</span><span style=3D"font-size:11pt;font-fami=
ly:Arial,sans-serif;color:rgb(0,0,0);background-color:transparent;font-vari=
ant-numeric:normal;font-variant-east-asian:normal;font-variant-alternates:n=
ormal;vertical-align:baseline"><br></span><span style=3D"font-size:11pt;fon=
t-family:Arial,sans-serif;color:rgb(0,0,0);background-color:transparent;fon=
t-variant-numeric:normal;font-variant-east-asian:normal;font-variant-altern=
ates:normal;vertical-align:baseline">Ethan and Hunter</span></span></div>
<p></p>
-- <br />
You received this message because you are subscribed to the Google Groups &=
quot;Bitcoin Development Mailing List" group.<br />
To unsubscribe from this group and stop receiving emails from it, send an e=
mail to <a href=3D"mailto:bitcoindev+unsubscribe@googlegroups.com">bitcoind=
ev+unsubscribe@googlegroups.com</a>.<br />
To view this discussion visit <a href=3D"https://groups.google.com/d/msgid/=
bitcoindev/CAEM%3Dy%2BW%3DrtU2PLmHve6pUVkMQQmqT67KOg%3D9hp5oMspuHrgMow%40ma=
il.gmail.com?utm_medium=3Demail&utm_source=3Dfooter">https://groups.google.=
com/d/msgid/bitcoindev/CAEM%3Dy%2BW%3DrtU2PLmHve6pUVkMQQmqT67KOg%3D9hp5oMsp=
uHrgMow%40mail.gmail.com</a>.<br />
--000000000000ca30560639586cee--
|
