bitcoin-dev
Proposing a P2QRH BIP towards a quantum resistant soft fork
Posted on: September 25, 2024 12:04 UTC
The recent discussions and updates regarding Bitcoin Improvement Proposals (BIPs) highlight the ongoing efforts to enhance Bitcoin's security in anticipation of potential quantum computing threats.
A notable focus has been on developing a cryptographically relevant quantum computer (CRQC) capable of significantly outperforming traditional computers in specific tasks, such as cryptography. The IBM Quantum System Two is mentioned as an example, with capabilities that could eventually support up to 16,000 qubits. This advancement underscores the importance of considering both the power of quantum computers and the methods for verifying their outputs using classical computers.
The conversation also touches upon the complexities of quantum computer development, particularly the challenges associated with cross-linking multiple chips and the uncertainties in performance gains from increasing qubit counts. This raises questions about the practicality and efficiency of quantum computations versus classical error correction approaches. The dialogue further delves into the specifics of post-quantum cryptography, discussing various signature schemes and their implications for Bitcoin's security model. Notably, the discussion points to the need for distinguishing between different post-quantum algorithms by key size or other characteristics, highlighting the trade-offs between algorithmic complexity, security, and transaction throughput.
A significant portion of the exchange is dedicated to exploring potential modifications to Bitcoin's protocol to accommodate the advent of quantum computing. This includes proposals for soft forks that introduce new cryptographic standards like FALCON signatures, which offer a balance between size and security but may lead to increased transaction costs due to their larger size compared to current standards. The concept of a "quitness" discount for post-quantum signatures is introduced as a way to manage these costs while maintaining network throughput.
Furthermore, the emails explore defensive strategies against quantum attacks, such as artificially inflating witness stack sizes to increase the computational burden on attackers. This approach leverages Bitcoin's existing script capabilities to impose additional costs on potential quantum adversaries, albeit with limitations due to consensus rules on script sizes.
Lastly, the correspondence acknowledges the broader implications of quantum computing for Bitcoin, including the potential for quantum attacks to exploit public keys exposed in P2PK transactions. This highlights the urgency of developing quantum-resistant cryptographic methods and the importance of proactive measures to secure Bitcoin against future quantum threats. The discussion encapsulates a forward-looking perspective on cryptocurrency security, emphasizing the need for a nuanced understanding of quantum computing's impact and the collaborative effort required to safeguard digital assets in the quantum era.