A safe way to remove objectionable content from the blockchain

In a recent discussion with Erik Aronesty, the conversation delved into the intricacies of cryptographic signatures, particularly focusing on the superiority of using a unique hash-to-curve output from a publicly verifiable BLS root signature over a user-chosen point on the secp256k1 curve. This observation is credited with theoretical importance, emphasizing the distinct advantages that BLS (Boneh-Lynn-Shacham) signatures hold, especially when compared to other deterministic signature schemes like RSA-FDH or hash-based signatures, which lack nonces and zero-knowledge properties.

Despite the theoretical appeal, the practical implications of such a cryptographic transition, especially within the Bitcoin ecosystem, are deemed minimal. A significant barrier to its adoption is the monumental shift it would necessitate in Bitcoin's cryptographic foundations without offering improvements in quantum resistance. The discussion also touches upon performance considerations, weighing the potential benefits of batching properties against the drawbacks of single pairing performance.

Furthermore, the conversation expands to address broader issues within Bitcoin's protocol that overshadow the feasibility of integrating deterministic signatures. These include various aspects that allow for non-trivial data insertion, such as transaction amounts, locktimes, and sequence ordering, as well as the complexities involved in grinding curve points. However, the most substantial obstacle highlighted is the need to overhaul Bitcoin’s scripting language, which is deeply integrated into its operational fabric. The scripting language and related elements, like the control block in Taproot, present non-trivial challenges that dwarf the concerns surrounding deterministic signatures. This comprehensive examination of cryptographic signatures within the Bitcoin protocol illustrates both the theoretical intrigue and the practical hurdles facing their implementation.