Algorithm Agility for Bitcoin to maintain security in the face of quantum and classic breaks in the signature algorithms

Erik Aronesty spearheaded a conversation about implementing a commit/reveal scheme leveraging OP_TXHASH for bitcoin transactions, aiming to establish a quantum-resistant scripting method without necessitating new signatures. Despite the theoretical robustness against quantum attacks, questions arose concerning the practical application of this scheme, particularly around the ability of wallets to utilize it without prior knowledge of final destination CTV templates.

Ethan Heilman responded by providing an example script, clarifying that the initial phase does not require pinning to the final destination, as txhash facilitates partial-commitment. Heilman also pointed out a potential fee-related issue that could be mitigated through value-aware composability offered by CCV constructions, suggesting a shift towards a more complex but potentially more secure CCV-based construction over simpler alternatives like CTV and TXHASH due to their lower implementation burden and surface area issues.

Further discussion addressed the viability of hash-based signature (HBS) schemes, with Aronesty advocating for their maturity and reliability, especially given SHA256's enduring preimage resistance. Contrarily, Heilman expressed reservations about SPHINCS, an early HBS framework susceptible to fault attacks and flawed proofs, and highlighted concerns regarding its compatibility with decentralized Bitcoin owing to its large signature sizes. The conversation shifted towards lattice-based signatures as a promising post-quantum alternative, although consensus pointed out that they are not yet ready for deployment.

Heilman detailed the specifics of various lattice-sig and HBS options, including SPHINCS, CRYSTALS-Dilithium, and Falcon, noting their respective key and signature sizes. Despite the potential efficiency of lattice signatures, concerns about their size led to a preference for using SLH-DSA as a backup solution. This strategy aims to ensure safety amid uncertainty, allowing time to identify an optimal replacement for ECC.

These exchanges underscore the complexities of transitioning Bitcoin to a quantum-resistant architecture. They highlight the community's proactive measures to explore and debate various cryptographic solutions, balancing between immediate security enhancements and the long-term goal of finding efficient, quantum-safe replacements for current cryptographic standards.