Hashed keys are actually fully quantum secure

The discussion initiates with a reassessment of the common belief regarding the insecurity of hashed keys in the context of quantum computing (QC). The prevailing notion that hashed keys can be easily compromised by a quantum attacker directly from the mempool is challenged. A proposed scheme illustrates how secure recovery of hashed keys can be achieved, emphasizing the necessity for a quantum-resistant (QR) signing mechanism. This process involves obtaining a minimal amount of bitcoin through external means to cover fees, which would be held on a QR script. The user then generates a transaction that not only allows for usual spending but also commits to the signature of a QR public key. This action serves as proof that the user possesses the corresponding private key without revealing it.

Further elaboration on this method reveals that after a predefined number of blocks, the user can spend both the old and QR outputs in a single transaction. For the transaction to be valid, it requires the revelation of the previously committed signature. This approach aims to prevent potential attackers from stealing by making it necessary to revert the blockchain, an act deemed impossible by the original poster. A notable vulnerability highlighted is the treatment of extended public keys (xpubs) as de facto private keys due to their sensitivity in terms of privacy and the risk of being flagged by regulatory agencies.

The proposal underscores two significant implications of having such a recovery scheme in place. Firstly, it diminishes the urgency of implementing a QR scheme ahead of quantum computing becoming a tangible threat. Although delaying its implementation could temporarily freeze assets, this scenario is considered preferable to outright theft. Secondly, the freezing of coins under this scheme is portrayed as morally questionable and potentially harmful to Bitcoin's reputation, especially when compared to the freezing of coins with exposed public keys, on which the author remains undecided.

In conclusion, the author expresses willingness to support a soft fork that would incorporate this security measure into the Bitcoin protocol, highlighting a proactive approach to enhancing its resilience against quantum computing threats.