PQ provers for P2PKH outputs

This exploration is in response to the potential threat posed by quantum computers, which could compromise systems where knowledge of the public key is sufficient to derive the private key. Given that P2PKH addresses conceal the public key until a transaction occurs, revealing it makes it susceptible to quantum attacks. The proposed solution involves a zero-knowledge proof system that allows users to demonstrate ownership of a Bitcoin address and link it to a post-quantum address without revealing their public key on the blockchain.

The core of the benchmarking study was the comparison of various PQ proof systems' ability to generate and verify proofs concerning P2PKH ownership. These systems were evaluated based on proof generation time, verification time, memory usage, and proof size, with tests conducted on an Apple M2 Max. The results highlighted significant differences among the systems, such as STWO-Cairo's fast proving time but high memory requirement, Ligero's browser compatibility, RISC Zero's mobile feasibility, and others' varying proof sizes and computational demands. Notably, these benchmarks underscore the evolving feasibility of client-side STARK proving for P2PKH ownership, although challenges remain regarding proof size and practical implementation for on-chain applications.

Additionally, the research introduced the concept of simplifying the circuit used for generating these proofs. By eliminating the need for full ECDSA signature verification within the circuit and focusing solely on key generation and SHA256 hashing, the proving process could be made more efficient and less resource-intensive. This approach suggests a shift towards using Schnorr signatures over ECDSA, potentially enabling faster proving times and smaller proof sizes due to the reduced complexity of Schnorr verification.

The discussion also ventured into practical considerations for implementing such PQ-proof systems within the Bitcoin ecosystem. One idea explored was the creation of a registry to link traditional P2PKH addresses with new post-quantum keys, utilizing a secure timestamping service to establish this connection before the advent of quantum dominance. Moreover, the conversation touched upon alternative strategies like commit/reveal protocols, which could offer a simpler, more space-efficient method for quantum-resistant transactions, albeit with its own set of design and user experience challenges.

In summary, the exploration into PQ proof systems for securing Bitcoin addresses against quantum threats reveals a landscape of technological innovation and strategic consideration. While significant progress has been made in demonstrating the feasibility of such systems, further work is needed to refine these solutions, balance their trade-offs, and integrate them into the broader framework of Bitcoin's security infrastructure.