From mboxrd@z Thu Jan  1 00:00:00 1970
Delivery-date: Tue, 12 Aug 2025 02:04:39 -0700
Received: from mail-oa1-f60.google.com ([209.85.160.60])
	by mail.fairlystable.org with esmtps  (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
	(Exim 4.94.2)
	(envelope-from <bitcoindev+bncBAABBHEH5TCAMGQEOK7V4SA@googlegroups.com>)
	id 1ulkvu-0008DZ-JV
	for bitcoindev@gnusha.org; Tue, 12 Aug 2025 02:04:39 -0700
Received: by mail-oa1-f60.google.com with SMTP id 586e51a60fabf-30bb6a8dce4sf7206043fac.2
        for <bitcoindev@gnusha.org>; Tue, 12 Aug 2025 02:04:38 -0700 (PDT)
ARC-Seal: i=2; a=rsa-sha256; t=1754989472; cv=pass;
        d=google.com; s=arc-20240605;
        b=W8X8pwEKvhEKa+kAry8yq1E4ImT2qFPTo/AJ+sIls6Hoe9iggmkukOFPqeP8/+TZ1Y
         Hl8eYHqo5j0Bs11vzDto1rdub+o05lIPPnr5FPRocVOW4X/5jHDr2N63+9sRk8M22b0J
         xVDDIYQ8ya0DhcS7B9F15rdiyBhO+UeUAoxwR0IR+Q6DsjIgSPW0uzHjKrUtaewwjzH/
         hyEQ2smvAhUgb6eSIlqJBpl+/QuGbt3D/R+3/pwihTfGNL22RmMal4tMX5Q1PGLhUKn+
         lKcPRyZgu77pNp6g5v1Zk/4JcVeSmNVnUjsf8jpeBzZAtVdezlWCbmewIn5aK5IZBJrI
         6b/g==
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605;
        h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post
         :list-id:mailing-list:precedence:reply-to:mime-version:feedback-id
         :references:in-reply-to:message-id:subject:from:to:date
         :dkim-signature;
        bh=I5lV5t62sEE2hz+OpPbPD2dFCLwsEPWNzx5uUorvLy8=;
        fh=AgQS9boTS5EqeXAS40g7hl6t2RCiNcihONjOhh+Hutg=;
        b=PgO4QydDITPm4LL47hQpuw0sq4tJ4MvSt7ks5oN3Xz7+kv4Cn9e7gi9cIdxmm92Oya
         gdMF2bAoF44QaUmsV2XA/6CljYrQcnXjB/tY6O8mhlhrhoWQvKWZBPij0ozm/uDaJfrf
         Dliq5O74K45IqFdevv0unqKmfllJfdK2JzWOzsjcapN+e4BeI29dUc/Sj/SOmTiUh7Nb
         1agzhRfG6xJ5n4oyGCao1sxgIdJMC/4YhejqkldUtO1+rORjpguBG6OlhRvAUh7nM3mf
         cWnKagnmXgOswwSvrzZCRtLX3qemn8SghSjjHZgQIvTUeDDwAr6YI+C/ku/HqXlFbdG8
         im9g==;
        darn=gnusha.org
ARC-Authentication-Results: i=2; gmr-mx.google.com;
       dkim=pass header.i=@protonmail.com header.s=protonmail3 header.b="f/zWytAk";
       spf=pass (google.com: domain of armchaircryptologist@protonmail.com designates 79.135.106.30 as permitted sender) smtp.mailfrom=ArmchairCryptologist@protonmail.com;
       dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=protonmail.com
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=googlegroups.com; s=20230601; t=1754989472; x=1755594272; darn=gnusha.org;
        h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post
         :list-id:mailing-list:precedence:reply-to
         :x-original-authentication-results:x-original-sender:mime-version
         :feedback-id:references:in-reply-to:message-id:subject:from:to:date
         :from:to:cc:subject:date:message-id:reply-to;
        bh=I5lV5t62sEE2hz+OpPbPD2dFCLwsEPWNzx5uUorvLy8=;
        b=IcPa+1XNvQQdj77LJIYrflZJlhUDS7bey72kr8cIc2brClFLnGaKSTdF81iezB6oh5
         RTA4HPDf5MGWm+ayN5dQRwjfJQdvuE41KC6NzC/TYQSFzKeE50aQdGF6MKn83cpMinA4
         dTGiUF9LEgE42/mrRKHugOzzXolEt97oGQ5xI265wI9RPKjf0wK5vosFUKgoKpyUCjA8
         B2M8o1k/XcoAleBNRre9YnEBMArIy9u0nfx5YsBGvQLVUIQ4Efr1NNnMqY3enOFNfQep
         CwN0dXwW0wWeH45yU3TFRPnx6b3QQKM7ZKA3KSHTKC9bsHWcLX7jP6UymcY41lSGcnIb
         mrAQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1754989472; x=1755594272;
        h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post
         :list-id:mailing-list:precedence:reply-to
         :x-original-authentication-results:x-original-sender:mime-version
         :feedback-id:references:in-reply-to:message-id:subject:from:to:date
         :x-beenthere:x-gm-message-state:from:to:cc:subject:date:message-id
         :reply-to;
        bh=I5lV5t62sEE2hz+OpPbPD2dFCLwsEPWNzx5uUorvLy8=;
        b=JGo5QGx7b3Y5ii4rRlGQp9pRv/51SsJv2BbXzhgJjwnuhz7p/et9XnZcZA8wSOn749
         ZEP3dWL4vz44NKaFjrJ3BZ5ObOFIGIUMzlzbg4gs0xuHeQY1OMai7zGD0IIQNm8tbe1K
         z9Wr9Q4xdrh6Fhqbz2sdw5phWELhmLCFEZpqw/T/4+JyhAMc+yxrgkbvfK3tK8UUt2Cx
         UZtftKowSsPzP3SM9uI/+QOCgVwCvVY9iVobNMBpPXjHD9EwR+MhvJsUbNUfqrniniRF
         HV1pv8/3zj7N9zDw2OJ81jCLln2eIrJqDB279p3T1C+Ri3yjlBK1WVjo3CjhpojMRyVu
         Fr+Q==
X-Forwarded-Encrypted: i=2; AJvYcCV1zSc8Vpl8Bi+RaVv422JfDT9ys9GyX1gRfpDT6kfmx843Lm8THmxtWxYeo0L/N08vc8BPz11AI0pc@gnusha.org
X-Gm-Message-State: AOJu0Yxlfu+lk01lrYvc3ehP4+1yZaU949dV++P7A4qkdOy5rwe+33Q/
	vnHAqIMhFggv3FsA5uAur6tRKpGHynlLVN5T6Uym8BlZdpsTYDoYCKjE
X-Google-Smtp-Source: AGHT+IHfF6lL6UrbKqVAaFyD7gNfG8j+OdO9kUnp4SIiSIqHy5HCVCkm9JwGQ334GC4hAWEnkUzeWg==
X-Received: by 2002:a05:6870:d293:b0:30b:aa71:3ea9 with SMTP id 586e51a60fabf-30c20ec6f6emr10013201fac.8.1754989472006;
        Tue, 12 Aug 2025 02:04:32 -0700 (PDT)
X-BeenThere: bitcoindev@googlegroups.com; h=AZMbMZcbi6mD7V4LnbQntPW1Ll96EZHW3F2GCf/7v0SPl4f18A==
Received: by 2002:a05:6871:6a17:b0:30b:b8a1:c8d0 with SMTP id
 586e51a60fabf-30bfe7bf176ls1664542fac.1.-pod-prod-07-us; Tue, 12 Aug 2025
 02:04:28 -0700 (PDT)
X-Received: by 2002:a05:6808:398f:b0:434:12a9:db07 with SMTP id 5614622812f47-43597ee1f4bmr9205967b6e.38.1754989468735;
        Tue, 12 Aug 2025 02:04:28 -0700 (PDT)
Received: by 2002:a05:600c:8b71:b0:456:ce4:c44e with SMTP id 5b1f17b1804b1-459f521d826ms5e9;
        Sat, 9 Aug 2025 12:38:32 -0700 (PDT)
X-Received: by 2002:a05:600c:1d01:b0:459:d821:a45b with SMTP id 5b1f17b1804b1-459faf4756dmr41210135e9.9.1754768310062;
        Sat, 09 Aug 2025 12:38:30 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1754768310; cv=none;
        d=google.com; s=arc-20240605;
        b=Euz7MLfXZFE1ZETmMWane8qsPnbmKoiCbPd5/T5vbh2daFxpwbydC2ZmQta8m5BJTa
         ZI+ourCbjfDWYqPR99gymbUgHb4HjFQ24dOajmf1B3bBi3EoauGKPshXGG+sqCb6EJfx
         /rUx3BBw9xqvdf19DVoiRmYI14iq+rhv7/n1ZgeY3TNsYtJy+mY1tcCLhTRdnsYTJeEm
         tj2H1Pt7buQyCy/IE44cu8BQrLwEyAhySOknmBxd3UUFrDfdNH8qeVv+qZyiVEEOE1QR
         gQ83EfXQ40OLPba5YccKO0OWsWYKYv007IvY38xkL+63pZwG+SzWbMZT7HzgF0txi6RJ
         gitw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605;
        h=mime-version:feedback-id:references:in-reply-to:message-id:subject
         :from:to:date:dkim-signature;
        bh=E1a4p0g+Xk4JcJUxUbHTmioSogVDuvs/Dq/jAY6rXzw=;
        fh=9OrcpW+kx6pireHH2MAH3InOKB1fu0KXcYqSlUZpNzk=;
        b=YE8MuW5NvwmkiLz70X2PrKkKm16zNU3eIpfLFSxGC8yYP9+FAFcNymisGnQ/zLH9PV
         3YwT2XoZxWkCnqKi0/jyzy/+qSPuvndLmgKWxUXQjBjXMN5s2QXYoqPszsZzlIzbIocS
         7EVpUXTLYVPnkpkQkkoUEjNy9r9MEK2NUdrDlLr+rXCiYxXtKBXIJgZXMMF+l+HgYvjg
         5hsgWhN775vQ78uiMII6eRJZUejmD9DSqdWhkkbWWAABlf7puJwaCipaGaqgUyRhL6eU
         g5vWFSibUENG1tSZuxCufRN855bQ4tDvG/7LOosMD19UrqXWuWrJtaGpumxs6dlsp+yy
         ZCGQ==;
        dara=google.com
ARC-Authentication-Results: i=1; gmr-mx.google.com;
       dkim=pass header.i=@protonmail.com header.s=protonmail3 header.b="f/zWytAk";
       spf=pass (google.com: domain of armchaircryptologist@protonmail.com designates 79.135.106.30 as permitted sender) smtp.mailfrom=ArmchairCryptologist@protonmail.com;
       dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=protonmail.com
Received: from mail-10630.protonmail.ch (mail-10630.protonmail.ch. [79.135.106.30])
        by gmr-mx.google.com with ESMTPS id 5b1f17b1804b1-459e1d0a218si3793635e9.0.2025.08.09.12.38.29
        for <bitcoindev@googlegroups.com>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Sat, 09 Aug 2025 12:38:30 -0700 (PDT)
Received-SPF: pass (google.com: domain of armchaircryptologist@protonmail.com designates 79.135.106.30 as permitted sender) client-ip=79.135.106.30;
Date: Sat, 09 Aug 2025 19:38:23 +0000
To: Bitcoin Development Mailing List <bitcoindev@googlegroups.com>, Bitcoin Foundation <contact@bitcoin.foundation>
From: "'ArmchairCryptologist' via Bitcoin Development Mailing List" <bitcoindev@googlegroups.com>
Subject: Re: [bitcoindev] Re: [Draft BIP] Quantum-Resistant Transition
 Framework for Bitcoin
Message-ID: <1LDO_bQOdcKkNoKyyjfqLXAPUBVXSL667nAKDCNUfN2D7HEpDAkuFQrMubklIi1QdDI6BXdgB674g4uWYRlyQ5f-dlztDtnoEbIAlmrCg5M=@protonmail.com>
In-Reply-To: <6532d72c-fc2b-485a-9984-a9ade31e1760n@googlegroups.com>
References: <4d6ecde7-e959-4e6c-a0aa-867af8577151n@googlegroups.com> <fff86606-d6ce-4319-a341-90e9c4eba49dn@googlegroups.com> <6532d72c-fc2b-485a-9984-a9ade31e1760n@googlegroups.com>
Feedback-ID: 24244585:user:proton
X-Pm-Message-ID: 87f7dcb467db4db1c81e24f379d5ad11ebea5322
MIME-Version: 1.0
Content-Type: multipart/alternative;
 boundary="b1=_jIV8gSTRTH1oX4cmlQHE7IeEpcNQwtMmL63SNtWgu8"
X-Original-Sender: armchaircryptologist@protonmail.com
X-Original-Authentication-Results: gmr-mx.google.com;       dkim=pass
 header.i=@protonmail.com header.s=protonmail3 header.b="f/zWytAk";
       spf=pass (google.com: domain of armchaircryptologist@protonmail.com
 designates 79.135.106.30 as permitted sender) smtp.mailfrom=ArmchairCryptologist@protonmail.com;
       dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=protonmail.com
X-Original-From: ArmchairCryptologist <ArmchairCryptologist@protonmail.com>
Reply-To: ArmchairCryptologist <ArmchairCryptologist@protonmail.com>
Precedence: list
Mailing-list: list bitcoindev@googlegroups.com; contact bitcoindev+owners@googlegroups.com
List-ID: <bitcoindev.googlegroups.com>
X-Google-Group-Id: 786775582512
List-Post: <https://groups.google.com/group/bitcoindev/post>, <mailto:bitcoindev@googlegroups.com>
List-Help: <https://groups.google.com/support/>, <mailto:bitcoindev+help@googlegroups.com>
List-Archive: <https://groups.google.com/group/bitcoindev
List-Subscribe: <https://groups.google.com/group/bitcoindev/subscribe>, <mailto:bitcoindev+subscribe@googlegroups.com>
List-Unsubscribe: <mailto:googlegroups-manage+786775582512+unsubscribe@googlegroups.com>,
 <https://groups.google.com/group/bitcoindev/subscribe>
X-Spam-Score: -1.0 (-)

--b1=_jIV8gSTRTH1oX4cmlQHE7IeEpcNQwtMmL63SNtWgu8
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

> An astute observation. To clarify the quantum computing landscape: Google=
's current quantum processors do not possess 50 logical qubits, and even if=
 they did, this would be insufficient to compromise ECDSA - let alone RSA-2=
048, which would require approximately 20 million noisy physical qubits for=
 successful cryptanalysis [0].

That paper is pretty old. There is a recent paper from a couple of months a=
go by the same author (Craig Gidney from Google Quantum AI) claiming that y=
ou could break RSA-2048 with around a million noisy qubits in about a week.

Paper: https://arxiv.org/pdf/2505.15917

Blog post: https://security.googleblog.com/2025/05/tracking-cost-of-quantum=
-factori.html

I can't say for sure whether this approach can be applied to ECDSA; I have =
seen claims before that it has less quantum resistance than RSA-2048, but I=
'm unsure if this is still considered to be the case. And while these paper=
s are of course largely theoretical in nature since nothing close to the re=
quired amount of qubits exists at this point, I haven't seen anyone refute =
these claim at this point. These is still no hard evidence I'm aware of tha=
t a quantum computer capable of breaking ECDSA is inevitable, but given the=
 rate of development, there could be some cause of concern.

Getting post-quantum addresses designed, implemented and activated by 2030 =
in accordance with the recommendations in this paper seems prudent to me, i=
f this is at all possible. Deactivating inactive pre-quantum UTXOs with exp=
osed public keys by 2035 should certainly be considered. But I still don't =
feel like deactivating pre-quantum UTXOs without exposed public keys in gen=
eral is warranted, at least until a quantum computer capable of breaking pu=
blic keys in the short time between they are broadcast and included in a bl=
ock is known to exist - and even then, only if some scheme could be devised=
 that still allows spending them using some additional cryptographic proof =
of ownership, ZKP or otherwise.

--
Best,
ArmchairCryptologist

--=20
You received this message because you are subscribed to the Google Groups "=
Bitcoin Development Mailing List" group.
To unsubscribe from this group and stop receiving emails from it, send an e=
mail to bitcoindev+unsubscribe@googlegroups.com.
To view this discussion visit https://groups.google.com/d/msgid/bitcoindev/=
1LDO_bQOdcKkNoKyyjfqLXAPUBVXSL667nAKDCNUfN2D7HEpDAkuFQrMubklIi1QdDI6BXdgB67=
4g4uWYRlyQ5f-dlztDtnoEbIAlmrCg5M%3D%40protonmail.com.

--b1=_jIV8gSTRTH1oX4cmlQHE7IeEpcNQwtMmL63SNtWgu8
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

<div style=3D"font-family: Arial, sans-serif; font-size: 14px;"><div class=
=3D"protonmail_quote"><br>
        <blockquote class=3D"protonmail_quote" type=3D"cite">
           =20
An astute observation. To clarify the quantum computing landscape:
Google's current quantum processors do not possess 50 logical qubits,
and even if they did, this would be insufficient to compromise ECDSA -
let alone RSA-2048, which would require approximately 20 million noisy
physical qubits for successful cryptanalysis [0].<br></blockquote><div><br>=
</div><div><span>That paper is pretty old. There is a recent paper from a c=
ouple of months ago by the same author (<span>Craig Gidney</span>&nbsp;from=
&nbsp;<span>Google Quantum AI</span>) claiming that you could break RSA-204=
8 with around a million noisy qubits in about a week.&nbsp;<span><br></span=
></span><div><span><br></span></div><div><span>Paper:&nbsp;<a target=3D"_bl=
ank" rel=3D"noreferrer nofollow noopener" href=3D"https://arxiv.org/pdf/250=
5.15917">https://arxiv.org/pdf/2505.15917</a><br></span></div><div>Blog pos=
t:&nbsp;<span><a target=3D"_blank" rel=3D"noreferrer nofollow noopener" hre=
f=3D"https://security.googleblog.com/2025/05/tracking-cost-of-quantum-facto=
ri.html">https://security.googleblog.com/2025/05/tracking-cost-of-quantum-f=
actori.html</a></span></div><div><br></div><div>I
 can't say for sure whether this approach can be applied to=20
ECDSA; I have seen claims before that it has less quantum resistance than R=
SA-2048, but I'm unsure if this is still considered to be the case. And whi=
le these papers are of course largely theoretical in nature=20
since nothing close to the required amount of qubits exists at this=20
point, I haven't seen anyone refute these claim at this point. These is sti=
ll no hard evidence I'm aware of that a quantum computer capable of breakin=
g ECDSA is inevitable, but given the rate of development, there could be so=
me cause of concern.</div><div><br></div><div><span>Getting post-quantum ad=
dresses designed, implemented and activated by 2030 in accordance with the =
recommendations in this paper seems prudent to me, if this is at all possib=
le. Deactivating inactive&nbsp;<span>pre-quantum </span>UTXOs with exposed =
public keys by 2035 should certainly be considered. But I still don't feel =
like deactivating pre-quantum UTXOs without exposed public keys in general =
is warranted, at least until a quantum computer capable of breaking public =
keys in the short time between they are broadcast and included in a block&n=
bsp;<span>is known to exist</span>&nbsp;- and even then, only if some schem=
e could be devised that still allows spending them using some additional cr=
yptographic proof of ownership, ZKP or otherwise.</span></div><div><span><b=
r></span></div><div><span>--</span></div><div><span>Best,</span></div><div>=
<span>ArmchairCryptologist</span></div></div></div></div>

<p></p>

-- <br />
You received this message because you are subscribed to the Google Groups &=
quot;Bitcoin Development Mailing List&quot; group.<br />
To unsubscribe from this group and stop receiving emails from it, send an e=
mail to <a href=3D"mailto:bitcoindev+unsubscribe@googlegroups.com">bitcoind=
ev+unsubscribe@googlegroups.com</a>.<br />
To view this discussion visit <a href=3D"https://groups.google.com/d/msgid/=
bitcoindev/1LDO_bQOdcKkNoKyyjfqLXAPUBVXSL667nAKDCNUfN2D7HEpDAkuFQrMubklIi1Q=
dDI6BXdgB674g4uWYRlyQ5f-dlztDtnoEbIAlmrCg5M%3D%40protonmail.com?utm_medium=
=3Demail&utm_source=3Dfooter">https://groups.google.com/d/msgid/bitcoindev/=
1LDO_bQOdcKkNoKyyjfqLXAPUBVXSL667nAKDCNUfN2D7HEpDAkuFQrMubklIi1QdDI6BXdgB67=
4g4uWYRlyQ5f-dlztDtnoEbIAlmrCg5M%3D%40protonmail.com</a>.<br />

--b1=_jIV8gSTRTH1oX4cmlQHE7IeEpcNQwtMmL63SNtWgu8--