OP_CIV - Post-Quantum Signature Aggregation

Traditional CISA techniques, while beneficial in reducing the size of transactions on blockchain platforms such as Bitcoin, have limitations when applied to post-quantum signatures due to their reliance on elliptic curve-based methods. The proposed method, tentatively named OP_CIV or OP_CHECKINPUTVERIFY, offers a solution that is compatible with any signature type, including those based on post-quantum cryptography.

OP_CIV enables a transaction input to demonstrate a connection to another input within the same transaction by pointing to it and using its signature instead of providing an additional one. This mechanism relies on a script that includes parameters such as input index, output index, transaction ID, and nonce. The script fails if these parameters are incorrect, ensuring the integrity of the transaction. The use of a nonce adds a layer of privacy protection by preventing potential attacks aimed at identifying ownership of multiple UTXOs through taptree analysis.

For implementation on the wallet side, each time a new address is generated, the wallet would look up existing UTXOs and create a taproot tree branch for each, incorporating blinding data to safeguard against linkage guessing. This structure allows for significant savings in transactions, often requiring only one signature per transaction. However, challenges arise in scenarios where a wallet generates many addresses at once without direct linkage between UTXOs, necessitating multiple signatures. Further complications exist for deterministic wallets, where key recovery can become cumbersome due to the exponential increase in possibilities when addresses point to all existing UTXOs within a wallet. Solutions include limiting the number of OP_CIV scripts or incorporating scripts for spent TXOs to facilitate recovery.

The proposal also considers the potential for replay attacks and address reuse. OP_CIV's design, which references outpoints rather than addresses or keys, inherently mitigates the risk of replay attacks. Additionally, using SIGHASH_ALL for the signing input further protects against unauthorized transaction alterations.

Beyond its primary goal of reducing transaction sizes for post-quantum signatures, OP_CIV may find applications in smart contracts and other areas requiring secure, efficient linkage between transaction inputs. While still in the conceptual stage, this approach promises to enhance blockchain technology's adaptability to post-quantum cryptographic standards.

The idea was shared by Tadge during a presentation at TABConf, aiming to gather feedback and improvements from the broader community. The talk is available for viewing at TABConf, offering insights into the practical applications and benefits of OP_CIV in real-world scenarios.