Hashed keys are actually fully quantum secure

The discussion focuses on enhancing the security of Bitcoin transactions against quantum computing (QC) attacks by incorporating a mechanism that requires the pairing of a pre-quantum output with a quantum-resistant (QR) output when spending. A significant concern is raised regarding the potential for an attacker to pre-mint QR outputs, let them age, and then utilize them to compromise transactions. It's noted that the mere aging of a QR output does not inherently validate the ownership of a pre-quantum Unspent Transaction Output (UTXO), exposing a vulnerability in the current proposal.

To address this issue, a modification is suggested where the transaction must be safeguarded by QR signing, committing to the Elliptic Curve (EC) public key without revealing it, while also proving ownership. This could be achieved through various methods such as incorporating a SHA256 hash of the EC signature within an OP_RETURN output or embedding a hidden commitment within the QR output script, similar to taproot's approach. These measures ensure that, following the mining of this transaction, the legitimate user can spend both the QR and legacy UTXOs together, thereby unveiling the EC signature commitment.

For validation, it's imperative that nodes confirm the QR output's age and its commitment to the correct public key and signature. This framework aims to prevent QC attackers from exploiting the system unless they have previously exposed the legacy EC public key before the commitment transaction. The idea posits that only the genuine user would have pre-committed to that signature, thus providing a layer of protection against retroactive insertion of an EC signature commitment by QC attackers, assuming they cannot roll back the blockchain significantly.

This proposal signifies a thoughtful approach towards safeguarding Bitcoin transactions against the evolving threat of quantum computing by intricately linking age and cryptographic proof of ownership, thereby ensuring a higher degree of transactional integrity and security.