Commit-Reveal for PQ Migration

This method involves a precommitment phase, where holders can secure their intention to migrate without revealing specific details like the underlying keys or the chosen PQ scheme. This precommitment occurs within a multi-year window, providing flexibility and time for participants to decide without compromising their security.

Once this window concludes, only those coins that have valid prior commitments are eligible for migration. The actual migration takes places through a reveal step where the PQ public key and associated signature materials are disclosed. This step confirms the holder's consistent commitment from the initial phase. This dual-phase process is beneficial as it delays the necessity for proof-of-control, thereby allowing coin holders to protect their assets proactively without exposing critical private information prematurely.

An interesting aspect of this proposal is its allowance for multiple redundant commitments per coin. This feature enables users to anticipate various PQ schemes and select the most suitable one later on. However, this flexibility could lead to increased risks in settings involving multiple parties, as the number of commitments might expand the attack surface. The proposal suggests a potential fallback to Lamport-style signatures to mitigate such risks, with commitments specifically tied to these keys.

The concept also aligns with similar initiatives found in ongoing discussions and literature. For instance, a somewhat related idea is detailed in an article by Paradigm about protecting Bitcoin from quantum threats (Protecting Your Bitcoin from a Quantum Sunset). Additional resources and proposals discussing PQ migration strategies are available through various platforms and discussions, including academic papers and developer forums (Bitcoin Dev Mailing List, Arxiv paper on Post-Quantum Cryptography, Google Groups discussion on Bitcoin Development). These resources provide a broader context and deeper insights into the landscape of quantum-resistant cryptographic solutions.