QRAMP addition: Alternative to legacy freeze: “quarantine-mode” legacy spends via two-phase destination commitment

This protocol design is aimed at allowing these UTXOs to remain spendable even after the activation of quantum-resistant mechanisms, effectively placing them in a quarantine mode. The initial commit phase requires the publication of a commitment on-chain, which binds the future spend outputs with specifics like amounts and scriptPubKeys, only becoming valid after achieving a set number of confirmations. Subsequently, the spend phase necessitates proof that a matching commitment was previously mined and has matured, along with evidence confirming the spend's outputs adhere to the committed template.

Addressing a critical technical challenge, the proposal suggests spends include an SPV-style inclusion proof for the commit, containing the transaction ID, a merkle branch to a block header, and a depth rule enforcing a minimum number of confirmations. This method aims to enforce consensus without relying on historical transaction lookups, which could sideline pruned nodes or those lacking a transaction index. To improve user experience and mitigate fee payment issues during the initial phase, the protocol allows for fee sponsorship. Receivers, exchanges, or services can publish the commitment transaction and cover its fees, while the legacy holder authorizes the commitment off-chain through a signature over the commitment hash. Further details and illustrations of this two-phase destination commitment mechanism are provided via links to a design note and a diagram.

Giulio Golinelli's feedback raises additional concerns about the vulnerability of UTXOs within this proposed framework. Specifically, the risk posed by quantum attackers capable of recovering private keys from publicly revealed public keys during the transaction phase, which could allow them to compromise unspent UTXOs at their convenience. This scenario underscores the potential severity of quantum attacks beyond real-time transaction hijacking. Despite these concerns, Giulio acknowledges the value of assuming a quantum-resistant commitment scheme, albeit with the caveat that its effectiveness and mechanics need further definition and evaluation.

In response to Giulio's concerns, it is emphasized that the intent behind the proposal is not to secure the sending address but to prevent a race condition between a legitimate sender and a quantum attacker, suggesting a shift of all coins from an old address to a new one, with the old address never to be reused. This strategy aligns with longstanding recommendations within the blockchain community. The communication concludes with an expression of openness towards exploring all possible solutions to avoid freezing coins on old addresses and the consideration of automatic conversions of classic addresses to post-quantum ones at a designated "Q-day," acknowledging the practical limitations such as the requirement for private key sharing.