OP_CIV - Post-Quantum Signature Aggregation

In a recent discussion on the merits of using "addresses" versus "outpoints" within Bitcoin transactions, Tadge outlines several key considerations. The debate centers around whether to prioritize privacy or ease of implementation in transaction design. Tadge leans towards utilizing outpoints primarily due to privacy concerns. He highlights an optimization that could arise from using addresses: if a transaction involves multiple inputs with the same scriptPubKey, only one signature might be necessary, thereby simplifying processes and reducing costs. However, this approach could inadvertently encourage the practice of using a single address for multiple transactions, which is seen as undesirable.

Tadge argues that linking transactions to outpoints rather than addresses could discourage the reuse of addresses, promoting privacy and security. Each new transaction would require a new address, potentially linked to a subset of the user's unspent transaction outputs (UTXOs) at the time, enabling the use of operation codes like OP_CIV for fee reductions. This method contrasts with the simpler, yet less secure, practice of reusing addresses and potentially compromising on privacy and security.

Furthermore, Tadge touches upon the implications of address reuse in the context of hash-based signature designs such as SPHINCS+. The frequency with which a public key can safely be reused without security degradation is a critical factor. By encouraging the generation of new addresses for each transaction, the ecosystem can align more closely with the principles of reducing address reuse, thus enhancing overall security with smaller and faster-to-verify signatures.

The discussion also mentions the potential integration of privacy-preserving techniques with coinjoin transactions, albeit recognizing the challenges in achieving this effectively, especially when considering the practicality of setting up multisig outputs in advance.

Overall, while acknowledging the subjective nature of these considerations, Tadge suggests that prioritizing privacy through the use of outpoints could offer significant benefits, despite potential complexities in implementation compared to a more straightforward address-based approach.