Changes to BIP-360 - Pay to Quantum Resistant Hash (P2QRH)

The discussion revolves around the necessity for a quantum-resistant option in the realm of cryptocurrency, particularly focusing on the transition and challenges associated with Bitcoin's Pay-to-Taproot (P2TR) addresses. The concern is that once quantum computers (QCs) become a reality, which could be anytime from a year to over a decade away, there needs to be a secure method for users to transfer their funds to avoid potential quantum attacks. A proposed solution involves disabling key-path spending on P2TR addresses, akin to the implementation suggested by BIP360. However, this approach introduces several user experience (UX) and developer experience (DX) problems.

One significant issue is the indistinguishability between quantum-vulnerable and quantum-resistant addresses before the advent of quantum computing. This similarity could lead to confusion among users, as they might not be able to discern if their P2TR wallets are equipped with quantum-resistant features or if they are using legacy systems susceptible to quantum attacks. The reliance on wallet maintainers for assurance or the need for users to inspect the source code themselves is not ideal. Additionally, there's a risk that users might mistakenly believe their funds are safe from quantum threats upon hearing "P2TR is now quantum secure," without understanding the need for further action on their part.

Another layer of complexity is added by the requirement for Bitcoin client authors to perpetually maintain secp256k1 code, emphasizing that tap-tweaking the internal key is essential for transactions in a post-quantum scenario. This signifies a permanent shift in the operational dynamics of Bitcoin transactions, underscoring the technical challenges that lie ahead.

The dialogue also touches on the proposition to temporarily disable Elliptic Curve (EC) opcodes as a preventive measure against quantum vulnerabilities, pending the introduction of a Zero-Knowledge Scalable Transparent Argument of Knowledge (ZK-STARK) soft fork. This measure is seen as a way to safeguard the ecosystem until a more robust quantum-resistant solution, possibly facilitated through BIP360, is universally adopted. Nevertheless, there's an acknowledgment of the potential controversy such a move might invite, especially if implemented simultaneously with BIP360, which could hinder the migration to quantum-resistant addresses known as Pay-to-Quantum-Resistant-Hashes (P2QRH).

In conclusion, the core of the discussion underscores the urgency and complexity of preparing the cryptocurrency infrastructure, particularly Bitcoin, for the eventual emergence of quantum computing capabilities. It highlights the multifaceted challenges involved in transitioning to quantum-resistant solutions, balancing between technological feasibility, user and developer experiences, and the overarching goal of maintaining security and integrity within the blockchain ecosystem. The conversation encapsulates the broader consensus on the necessity for quantum-resistant addresses, despite differing viewpoints on how to achieve this transition effectively. For further details, refer to the mailing list thread here.