Algorithm Agility for Bitcoin to maintain security in the face of quantum and classic breaks in the signature algorithms

In a recent discussion on the Bitcoin Development Mailing List, a topic of interest was the feasibility of using commit/reveal schemes with OP_TXHASH in bitcoin transactions. The conversation was sparked by a protocol suggested by Erik, accessible at this link, which attempted to outline a quantum-resistant scripting method that did not require new signatures but leveraged OP_CTV and OP_TXHASH. However, concerns were raised about the inherent contradictions within the proposed methodology.

The protocol suggests a two-phase approach where the initial phase does not commit to the final CTV templates E & T. Yet, it simultaneously indicates that these templates are committed via the P_anchor tapscript tree, which is essential to be pinned by phase 0. This requirement implies that there must be pre-existing knowledge of the template hashes T and E when creating the funding address and UTXO in the initial phase, casting doubt on the viability of this method as a post-quantum fallback spending path.

The complexity and apparent contradiction within the protocol highlight significant challenges in developing quantum-resistant mechanisms for bitcoin transactions without introducing new signatures. The discussion underscores the necessity for a clear understanding and feasible approaches to secure bitcoin against quantum threats, emphasizing the ongoing exploration and debate within the development community.