[Draft BIP] Quantum-Resistant Transition Framework for Bitcoin

The current state of Google's quantum processors does not present a direct threat to the cryptographic underpinnings of modern security protocols such as ECDSA and RSA-2048. For successful cryptanalysis of RSA-2048, around 20 million noisy physical qubits would be required, far beyond the capabilities of today's quantum technologies. This emphasizes the significant gap between theoretical quantum computing advancements and their practical implications for cryptographic security in the near term.

Shor's algorithm, with its O((log n)³) complexity, poses a formidable threat to encryption schemes lacking quantum resistance. This highlights the necessity of moving towards quantum-resistant cryptographic methods to safeguard against future developments in quantum computing. The draft Bitcoin Improvement Proposal (BIP) acknowledges this by endorsing the SLH-DSA-SHAKE-256f scheme, which has been approved by NIST and offers a high level of security (NIST Level 5). Despite its seemingly large signature size, the Bitcoin network can integrate this scheme without any changes to the existing protocol.

The discussion further excludes non-NIST approved submissions like SQISign due to their failure to meet essential security standards. Meanwhile, lattice-based alternatives such as ML-DSA (CRYSTALS-Dilithium) are mentioned as promising but potentially vulnerable to quantum advancements. The hash-based construction of SLH-DSA is underscored for its unparalleled resilience, supported by over eight years of cryptanalysis post its SHA-3 standardization through Keccak’s sponge construction.

For those seeking more detailed insights into the proposed BIP, a dedicated website, Quantum-Resistant Bitcoin, has been established. This platform aims to elucidate the proposal further and will evolve based on feedback from the Bitcoin development community. The initiative is still in the draft phase, inviting substantial technical discussions to refine and enhance the proposal before its formal submission.

In terms of implementation, it's clarified that the pyspx library remains relevant with no algorithmic changes despite the rebranding of SPHINCS+ to SLH-DSA. The security foundation laid by SHAKE256 is attributed to the well-examined Keccak sponge construction, attesting to the scheme's robustness against both classical and quantum attacks. This approach solidifies Bitcoin's path towards a quantum-resistant future, minimizing the need for continuous protocol updates and avoiding the accrual of technical debt.