P2WOTS: Post Quantum UTXO Winternitz Signatures

The discussion on enhancing the Bitcoin protocol involves several critical considerations regarding how transactions and user signatures are managed. In particular, a proposal has been raised to shift to witness version 3 to sidestep potential conflicts. This version adjustment is part of a broader strategy to address limitations inherent in the Winternitz One-Time Signature (WOTS) scheme currently under discussion. The WOTS, known for its mathematical constraints, permits only a single signing action per Unspent Transaction Output (UTXO), which introduces complications given Bitcoin's operational requirements.

Bitcoin's need for multiple signings per UTXO stems from several practical use cases including address reuse, multi-user transactions, and scenarios involving fee adjustments or transaction retries. Address reuse issues are somewhat mitigated in the revised proposal by introducing a utxo_index counter, ensuring a unique public key for each UTXO. However, this solution still restricts the signature process to a single user, as the proposal does not accommodate multi-user transaction capabilities.

Further complexities arise with transaction fee adjustments. The current proposal acknowledges the risks associated with Replace-by-Fee (RBF) protocols, where the same key could sign different messages if fees are bumped post-transaction. A safer alternative suggested involves using the Child-Pays-for-Parent (CPFP) method via a change output, which avoids the need for a second WOTS signature and thereby maintains security integrity. This approach would necessitate clear wallet guidelines that prohibit RBF on Pay-to-Witness-One-Time-Signature (P2WOTS) inputs while recommending CPFP for fee adjustments through a Pay-to-Taproot (P2TR) change output.

These revisions aim to refine the handling of signatures within Bitcoin transactions to enhance security and functionality. The ongoing dialogue and feedback loop are essential to ensure the proposal effectively addresses all concerns and incorporates comprehensive safeguards against potential vulnerabilities introduced by operational limitations of the WOTS mechanism.