Pre-emptive commit/reveal for quantum-safe migration (poison-pill)

Posted by Leo Wandersleb

Jun 5, 2025/08:18 UTC

The discussion revolves around the implications of EC cryptography vulnerability on Bitcoin transactions and proposes a new scheme to safeguard against potential attacks. The concern is centered on situations where an attacker might exploit the weak announcement of a transaction, breaking the encryption before the transaction is mined. However, it's argued that strong announcements, which include the full transaction details, remain secure. This is because they demonstrate a prior commitment to a specific transaction, ensuring its legitimacy even if it's mined later than the attacker's transaction.

The proposed solution outlines a process initiated after a specified block height, designed to protect vulnerable Unspent Transaction Outputs (UTXOs). Initially, these UTXOs cannot be directly spent; they require a declaration of intent through a commitment to a wTXID (witness transaction ID) that specifies the spending of the vulnerable UTXO. These commitments could be aggregated within a hash tree stored in an OP_RETURN output for efficiency.

Following this commitment phase, the actual transaction, accompanied by proof of the previous commitment, is revealed but not executed as a conventional transaction. This stage serves to confirm the spender's intention without finalizing the transaction. To further enhance security, there's a counter-reveal period lasting 144 blocks during which others can disclose older commitments, thus prioritizing earlier claims and protecting exposed public keys.

After this counter-reveal phase, the transaction can proceed based on the strongest (oldest) valid commitment, effectively implementing a soft fork that remains backward compatible with existing transactions, including those for which the original keys are lost. This approach, however, implies at least a doubling of on-chain costs for transactions involving vulnerable UTXOs, given the necessity of storing complete transaction details twice. Nonetheless, the proposal mentions the possibility of making these announcements prunable to mitigate such drawbacks, suggesting a strategy to balance security enhancements with operational efficiency.

Link to Raw Post
Bitcoin Logo

TLDR

Join Our Newsletter

We’ll email you summaries of the latest discussions from authoritative bitcoin sources, like bitcoin-dev, lightning-dev, and Delving Bitcoin.

Explore all Products

ChatBTC imageBitcoin searchBitcoin TranscriptsSaving SatoshiBitcoin Transcripts Review
Built with 🧡 by the Bitcoin Dev Project
View our public visitor count

We'd love to hear your feedback on this project?

Give Feedback