Changes to BIP-360 - Pay to Quantum Resistant Hash (P2QRH)

The discussion revolves around an innovative approach in the realm of Bitcoin Improvement Proposals (BIPs), specifically focusing on enhancing security against quantum threats without immediately specifying post-quantum (PQ) signature algorithm opcodes for use within a Merkle Abstract Syntax Tree (MAST). A suggestion was made for a naming convention, "Pay to TapScript Hash" (P2TSH), with advice against using the term "Quantum resistant" due to the current absence of PQ opcode specifications.

The conversation introduces the concept of borrowing ideas from SPHINCS (SLH-DSA), a quantum-resistant cryptographic scheme. The key innovation of SPHINCS is its separation of the public key from numerous child signing keys through intermediate layers of certification keys. This structure is likened to the operation of TLS certificate authorities and proposes a method that could be applied to BIP360. The proposal involves creating tapscript leaves that can dynamically define at spending time, which would allow for the transition towards quantum-safe addresses even before defining PQ opcodes.

The proposed model suggests the utilization of a new address format, potentially named P2QRH, which would enable a leaf to commit to a hash-based one-time signature (OTS) public key instead of a direct script commitment. This mechanism would require a locking script signed by the OTS public key and a witness stack to unlock the "dynamically endorsed script." This approach is argued to provide several benefits, including a gentle transition towards PQ signatures, maintaining forward-looking compatibility, protecting against quantum attackers by requiring an OTS endorsement signature, enabling safe HODLing until PQ opcodes are released, preventing classical attackers from exploiting the wallet, and introducing dynamic selection of script pubkeys for addresses.

Furthermore, the discussion touches upon the potential for exploring new use cases enabled by this dynamic script endorsement capability and considers the possibility of incorporating ML-DSA and SLH-DSA into BIP360 as separate BIPs, despite recognizing practical challenges. This idea represents a strategic plan for transitioning towards quantum-resistant cryptographic mechanisms within the Bitcoin protocol, highlighting the need for innovative solutions to secure digital assets against emerging quantum threats.