Pre-emptive commit/reveal for quantum-safe migration (poison-pill)

Posted by Leo Wandersleb

Jun 4, 2025/17:39 UTC

In a recent correspondence, the concept of implementing soft-forks to enhance Bitcoin's compatibility with legacy nodes was explored. The idea revolves around utilizing OP_RETURN data for announcements, which wouldn't be considered transactions initially, to maintain this compatibility. After a period of 144 blocks, upgraded full nodes would then permit the inclusion of the actual transaction. This approach, however, is noted to be somewhat costly as it requires the transaction to be fully contained within the OP_RETURN strong announcement and subsequently included again without the witness component.

A significant challenge mentioned is the need for updated nodes to re-index the entire blockchain to locate these announcements unless a specific timeframe for their use is established. To mitigate this, it's proposed that any announcement must be utilized within the subsequent 1000 blocks, limiting the re-indexing requirement to those blocks. This solution aims at preserving privacy for UTXO owners who might delay action to safeguard against potential attacks.

Furthermore, the proposal outlines a method by which the original creator of Bitcoin, referred to as Satoshi, could make his UTXOs quantum-resistant anonymously. By inserting a 64B OP_RETURN in a future date, such as 2027, Satoshi's activities would remain undisclosed until a quantum computing threat necessitates revealing the protective measures taken, potentially in 2040. This strategy prevents premature panic over quantum breakthroughs while ensuring long-term security.

However, a flaw identified in this plan is that the initial, weak announcement does not require key verification, allowing anyone to potentially force an owner like Satoshi into making a move prematurely. To counteract this, it's suggested that even weak announcements should mandate key ownership verification and include a serialized transaction. This adjustment ensures that only legitimate key holders can initiate such announcements, adding a layer of security and authenticity to the process.

Link to Raw Post
Bitcoin Logo

TLDR

Join Our Newsletter

We’ll email you summaries of the latest discussions from authoritative bitcoin sources, like bitcoin-dev, lightning-dev, and Delving Bitcoin.

Explore all Products

ChatBTC imageBitcoin searchBitcoin TranscriptsSaving SatoshiBitcoin Transcripts Review
Built with 🧡 by the Bitcoin Dev Project
View our public visitor count

We'd love to hear your feedback on this project?

Give Feedback