bitcoin-dev

Trivial QC signatures with clean upgrade path

Trivial QC signatures with clean upgrade path

Original Postby Anthony Towns

Posted on: December 16, 2024 11:14 UTC

The discussion revolves around the potential implementation of "OP_SPHINCS" signatures within the Bitcoin protocol, highlighting several critical issues and considerations.

One of the primary concerns is the large size of these signatures, ranging from 8kB to 50kB, which would significantly reduce the number of inputs per block that can be spent. This limitation contrasts sharply with current Bitcoin transactions, where many more inputs can be included within a single block without nearing its capacity limit. The suggestion to either find an alternative with smaller signature sizes or to increase block size reflects an attempt to address this challenge.

The conversation also touches upon the flexibility and risks associated with implementing OP_SPHINCS before it becomes part of the consensus. The possibility of insiders exploiting the system to steal funds, the risk of funds becoming inaccessible due to changes in activated parameters, and the dangers posed by hard forks to existing smart contracts are notable points of concern. The email emphasizes the need for caution, suggesting that any pre-emptive adoption of such a system carries significant risk without clear benefits.

Furthermore, the discussion critiques the idea of preemptively adding secret spend paths for OP_SPHINCS, pointing out the potential for fund confiscation through disabling key path spends via soft forks. Such actions could destroy a wide range of unspent transaction outputs (UTXOs), marking a drastic and perhaps unacceptable intervention in the network. The alternatives presented involve complex considerations, such as the modification of public keys to include post-quantum elements, which could facilitate a transition to a post-quantum secure protocol but would require a hard fork to implement correctly.

In conclusion, the discourse underlines the complexity and potential pitfalls of integrating post-quantum cryptographic methods into Bitcoin. It advocates for a careful, considered approach to any changes, highlighting the trade-offs between security, usability, and the integrity of the network. The proposal of modifying public keys as a means to incorporate post-quantum cryptography suggests a path forward but acknowledges the limitations and challenges that come with such a significant shift in the network's operational foundations.