bitcoin-dev

Trivial QC signatures with clean upgrade path

Trivial QC signatures with clean upgrade path

Original Postby Tadge Dryja

Posted on: December 16, 2024 22:20 UTC

Matt Corallo shared insights into the complexities Bitcoin faces with potential quantum computing (QC) threats, emphasizing the dilemma of when and how to initiate protective measures against such futuristic threats.

The primary challenge lies in preparing for a QC threat long before it materializes, ensuring users have ample time to migrate to safer protocols without prematurely committing to changes that might not be necessary if QC developments stall.

Corallo suggests the implementation of a post-quantum (PQ) fallback key as a precautionary measure, acknowledging the risks involved in exposing PQ public keys prematurely. A consensus level proof of quantum computer (PoQC) is proposed as a mechanism to minimize the impact of activating forks in response to a QC threat. This involves creating a nothing-up-my-sleeve (NUMS) point public key, monitoring it for transactions that would indicate the breaking of cryptographic assumptions by a QC, thereby triggering changes in consensus rules.

The discussion also covers strategies to mitigate the loss or theft of coins in the event of a QC breakthrough. One approach is a soft fork that restricts key path spends, making it confiscatory only if proof of QC existence is established. This aims to protect funds by pre-emptively disabling certain transactions while allowing for the introduction of PQ signatures. An alternative, less radical proposal involves introducing new output types that are immune to QC attacks but maintain backward compatibility through conditional operational codes, offering a transitional pathway towards quantum-resistant blockchain security.

Overall, Corallo's message underscores the precarious balance between taking proactive steps to safeguard Bitcoin from quantum threats and the uncertainties surrounding the timeline and impact of quantum computing advancements.