PQ provers for P2PKH outputs

The discussion opens with technical considerations regarding the optimization of cryptographic signatures, specifically highlighting the advantages of switching from ECDSA to Schnorr signature schemes for hardware or enclave-based cryptographic operations. The primary rationale behind this recommendation lies in the simplicity and efficiency gains associated with Schnorr signatures, particularly when uncompressed formats are utilized. These benefits are underscored by a comparison of the computational requirements for verifying Schnorr versus ECDSA signatures, where Schnorr verification is noted to be less resource-intensive due to its need for fewer cryptographic operations.

Further elaboration is provided on the procedural aspects of utilizing Schnorr signatures, detailing the process through which a prover can verify a signature by computing a hash and performing a series of cryptographic operations that include point addition and multiplications but notably exclude the more complex field inversion required by ECDSA verification. This streamlined process not only facilitates faster proof generation but also contributes to smaller proof sizes, enhancing overall system performance.

In addition to signature scheme optimizations, the discussion transitions into exploring secure timestamping services and their role in commit/reveal protocols aimed at quantum-resistant cryptographic solutions. The mention of Opentimestamps serves as an example of such a service, enabling users to securely timestamp commitments before a specific deadline. This approach, preferred over Zero-Knowledge Proofs (ZKPs) for its minimal on-chain footprint and reduced complexity, is presented as a viable method for creating a soft-forked rescue path capable of supporting a wide array of wallet types beyond BIP32.

The narrative concludes by addressing the potential challenges and drawbacks associated with commit/reveal mechanisms, such as the ease with which they can be improperly implemented and the difficulties inherent in designing a user-friendly and secure system. Despite these concerns, the space and efficiency savings offered by such approaches are deemed to justify their consideration and implementation in the context of enhancing cryptographic systems and protocols.