From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org [172.17.192.35]) by mail.linuxfoundation.org (Postfix) with ESMTPS id 1E6F9CE9 for ; Mon, 12 Feb 2018 14:13:15 +0000 (UTC) X-Greylist: whitelisted by SQLgrey-1.7.6 Received: from mail-lf0-f52.google.com (mail-lf0-f52.google.com [209.85.215.52]) by smtp1.linuxfoundation.org (Postfix) with ESMTPS id 30B645BB for ; Mon, 12 Feb 2018 14:13:14 +0000 (UTC) Received: by mail-lf0-f52.google.com with SMTP id 37so1745840lfs.7 for ; Mon, 12 Feb 2018 06:13:14 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to; bh=x+sYuFOqFFMMFNCAowZjc9S1/h+ZADyn9kYCkjvSWEI=; b=Q/FPzJHaZbT1G7yu84+ZPOlvNCp2MWyFiaSkE0orJE5pe3bGf0dMQzykHgflhmv66W py0MMyHZultY5O2WyzOUXdspnVZNiY1BztFFo65Gk7JjDKn8EglrCuF0X/D+yaF3cjJe 5Sd+4IKq0AQgeOkBiMbkGxDx+9pLD140f+wg+EgfrfVsrE7/bP8mD6vtCynaGorJLVuA QQy5XehODTv/Hl7AUya6Zr60oWlzw7rcTIKrmozONiNHEaqZFK0sKxk0YX/SAXF0RQll 4kgxTe0MCTJfxBNRwZ3k02et4A+v+dQKuviDZYupNUyx0BmgC3+aaI9nxnwuozb2xkQJ aAog== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=x+sYuFOqFFMMFNCAowZjc9S1/h+ZADyn9kYCkjvSWEI=; b=edVjgv7nQ70lADMb57JfLzmIZiRI8nbDCAi6a09XgpBzX3pxk1OelQUMbS75HXnwTZ U+kTGeZSd4fDNtXTGYZbyrBRD7RkQ58qtSMKbQR+OyJdUzlWSh8dDxYdy03MRtNqYfyB U5x5D7eglpnjVV01lcR07u8JZFCb/jFaKltMCHSWZGmXUFzl0gVWTdGz25TD/NkFiG7f uzcMIpR8q1y6Gc/0SycZTREBZwYV8ZdxUKGQL//Ki/QxRZFlPNwvhvYoWjSHW9W9Po6+ 6hItOZE6WnDfREEQFNSjJcPTMLRRug3lgXP7lqqo//pm0dMfOzmI/BGoeWuN4QBD4yow X8zw== X-Gm-Message-State: APf1xPDL+skevmAzVs63+/XgmxSDKtAba9YztuoEKPoiUx3skrNZ6JlM ZDnZFw0gKB1x34rsR19YKQ4+3tMwjFgD55aF+2SUnvxm X-Google-Smtp-Source: AH8x227OU+HnNYAkb4jxwHlpMsY3NUSWiOftLLZx4YBVxcDTbvM7BeUPjPtFLvPK8WDQAoOBJUJuMvGa2shR0jb5X84= X-Received: by 10.46.74.17 with SMTP id x17mr7739744lja.84.1518444792166; Mon, 12 Feb 2018 06:13:12 -0800 (PST) MIME-Version: 1.0 Received: by 10.25.89.140 with HTTP; Mon, 12 Feb 2018 06:13:11 -0800 (PST) From: Tristan Hoy Date: Tue, 13 Feb 2018 01:13:11 +1100 Message-ID: To: bitcoin-dev@lists.linuxfoundation.org Content-Type: multipart/alternative; boundary="f403045ec64672bd810565047a51" X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, FREEMAIL_FROM, HTML_MESSAGE, RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on smtp1.linux-foundation.org X-Mailman-Approved-At: Mon, 12 Feb 2018 15:23:21 +0000 Subject: [bitcoin-dev] Transition to post-quantum X-BeenThere: bitcoin-dev@lists.linuxfoundation.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Bitcoin Protocol Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 12 Feb 2018 14:13:15 -0000 --f403045ec64672bd810565047a51 Content-Type: text/plain; charset="UTF-8" Hi all, Recently I've been exploring what a post-quantum attack on Bitcoin would actually look like, and what options exist for mitigating it. I've put up a draft of my research here: https://medium.com/@tristanhoy/11271f430c41 In summary: 1) None of the recommended post-quantum DSAs (XMSS, SPHINCS) are scalable 2) This is a rapidly advancing space and committment to a specific post-quantum DSA now would be premature 3) I've identified a strategy (solution 3 in the draft) that mitigates against the worst case scenario (unexpectedly early attack on ECDSA) without requiring any changes to the Bitcoin protocol or total committment to a specific post-quantum DSA that will likely be superseded in the next 3-5 years 4) This strategy also serves as a secure means of transferring balances into a post-quantum DSA address space, even in the event that ECDSA is fully compromised and the transition is reactionary The proposal is a change to key generation only and will be implemented by wallet providers. Feedback would be most appreciated. Regards, Tristan --f403045ec64672bd810565047a51 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
Hi all,

Recently I've been explorin= g what a post-quantum attack on Bitcoin would actually look like, and what = options exist for mitigating it.

I've put up a draft of my research here:=C2= =A0https://medium.c= om/@tristanhoy/11271f430c41

In summary:
1) None of the recommen= ded post-quantum DSAs (XMSS, SPHINCS) are scalable
2) This is= a rapidly advancing space and committment to a specific post-quantum DSA n= ow would be premature
3) I've identified a strategy (solution= 3 in the draft) that mitigates against the worst case scenario (unexpected= ly early attack on ECDSA) without requiring any changes to the Bitcoin prot= ocol or total committment to a specific post-quantum DSA that will likely b= e superseded in the next 3-5 years
4) This strategy also serves a= s a secure means of transferring balances into a post-quantum DSA address s= pace, even in the event that ECDSA is fully compromised and the transition = is reactionary

The proposal is a change to key gen= eration only and will be implemented by wallet providers.

Feedback would be most appreciated.

Regard= s,

Tristan
--f403045ec64672bd810565047a51--