SImple quantum security, at the expense of slower tx time

A novel approach to creating a quantum-secure vault through a simple secret-reveal scheme is being discussed, emphasizing its resistance to quantum attacks without the need for new signature schemes or cryptographic libraries. The scheme utilizes covenant-protected vaults with depth-locks, leveraging OP_CHECKTEMPLATEVERIFY (OP_CTV) as outlined in BIP119 and OP_TXHASH / OP_CHECKTXHASHVERIFY from current draft proposals. These elements, combined with relative timelocks (BIP68 / BIP112) and the SHA256 preimage resistance assumption, form the backbone of the system's security against quantum threats.

The strategy encompasses a multi-phase process designed to segregate the execution trigger from the permissible value destinations. This separation ensures that, despite potential signature forgeries, assets can only transition into a secured Anchor envelope and subsequently move along predetermined paths. The initial phase locks all value into an Anchor envelope that does not specify a destination but is committed to a secret-reveal scheme using TXHASH. Subsequent phases involve on-chain instantiation of this envelope and either a final reveal of a one-time secret following successful transaction mining or an escape route if undesirable transactions are mined, without disclosing the secret.

The locking policy for Phase 0 mandates the creation of a single value-bearing output pinned to a specific Anchor, prohibits other value-bearing outputs to prevent value leakage, and enforces a cap on fee extraction through OP_TXHASH by verifying the number of outputs, the scriptPubKey of the Anchor output, and sufficient value information. Once the Anchor envelope is instantiated on-chain in Phase 1, it adopts a Taproot script tree structure offering two spending paths: a normal reveal spend path requiring block aging, a reveal check, and template matching via OP_CTV; and an escape hatch path allowing for immediate or delayed execution without revealing the secret.

This scheme boasts several security features: quantum signature safety ensuring value confinement prior to any secret revelation; prevention of redirect-after-reveal through OP_CTV output pinning; the inclusion of an escape hatch usable even if an attacker initiates Phase 0 or Phase 1 spends; reorg resistance via relative timelock to mitigate shallow reorg threats; and graceful degradation under quantum attack allowing forced execution or delays but preventing value theft. Further details and discussions on this subject can be found at delving bitcoin.