Public key recovery for EC leaves in P2MR (BIP-360)

Posted by starius

Jun 19, 2026/01:02 UTC

The discussion revolves around a modification in the Schnorr challenge where there's a suggestion to commit to H(Q) rather than Q itself, which would facilitate key recovery. This alteration appears to address concerns related to security and functionality within cryptographic systems.

In relation to Bitcoin's protocol enhancements, Pay to Witness Public Key Hash (P2WPKH) is noted for its security feature that protects against quantum attacks by not revealing an EC public key until a transaction is made. This characteristic stands in contrast to Taproot's approach, where similar protections are absent. However, the proposed Pay to Taproot Hash (P2TRH) aims to incorporate this beneficial attribute into Taproot, enhancing its security against potential quantum threats.

An innovative concept introduced is the "relative expiry for the key spend" on P2TRH coins. This idea entails disabling the key spend path after a coin has been held for a certain period, such as one year, making it only possible to execute transactions via the script path. This mechanism provides a preventive measure against quantum attacks by ensuring that even if a quantum computer could compromise the EC keys from the mempool, the coins would remain secure due to the expired EC path, allowing only the post-quantum secure script path to be used for transactions. This strategy offers a fallback that does not rely on an EC-disabling fork and adds an extra layer of security to the system.

Link to Raw Post
Bitcoin Logo

TLDR

Join Our Newsletter

We’ll email you summaries of the latest discussions from high signal bitcoin sources, like bitcoin-dev, lightning-dev, and Delving Bitcoin.

Explore all Products

ChatBTC imageBitcoin searchBitcoin TranscriptsSaving SatoshiDecoding BitcoinWarnet
Built with 🧡 by the Bitcoin Dev Project
View our public visitor count

We'd love to hear your feedback on this project.

Give Feedback