Re: [bitcoindev] Hashed keys are actually fully quantum secure

["Martin Habovštiak" <martin.habovstiak@gmail.com>]

[-- Attachment #1: Type: text/plain, Size: 2632 bytes --]

Hi,

conceptually they are the same idea, I didn't see that conversation before.

Howerver, in that conversation there seems to be a better developed scheme
that is more secure as far as I can tell. I have just assumed that the
chain cannot be censored profitably if the number of blocks to wait for is
high enough (why: the miners are giving up fees by not including the
transaction and the attacker would have to split the reward between all
miners but the honest user only needs to outbid the attacker once)

That other idea seems to work even if the chain is censored for arbitrary
number of blocks. In the meantime I was also thinking of a scheme that
allows you to commit early and then wait for a any time you want but with
the ability to detect that someone else is trying to spend it, so that you
can act quickly. In some sense it was more similar but still not that good.
The proposed scheme with unique decommitment is better and should be
implemented instead of my idea.

Anyway, I believe even my weaker idea is still good enough to make my point
given how hard it is to censor a transaction. My point wasn't saying that
my specific implementation is the best but saying we can postpone the
decision to implement a QR scheme to much later than what some people might
think.

Have a nice day!

Martin

Dňa ne 30. 3. 2025, 17:41 David A. Harding <dave@dtrt.org> napísal(a):

> On 2025-03-16 08:25, Martin Habovštiak wrote:
> > It is possible to implement fully secure recovery if we forbid
> > spending of hashed keys unless done through the following scheme:
>
> Hi Martin,
>
> How does this differ from Tim Ruffing's version[1] of Guy Fawkes
> signatures?[2][3]
>
> Thanks, -Dave
>
> [1]
>
> https://gnusha.org/pi/bitcoindev/1518710367.3550.111.camel@mmci.uni-saarland.de/
> (but see also the whole thread and the links in it)
>
> [2] https://www.cl.cam.ac.uk/archive/rja14/Papers/fawkes.pdf
>
> [3] Amusing exploration of a blockchain cryptocurrency without
> signatures by Joseph Bonneau and Andrew Miller:
> https://jbonneau.com/doc/BM14-SPW-fawkescoin.pdf (never saw it before,
> but it came up in my search results for a Guy Fawkes signatures
> reference).
>

-- 
You received this message because you are subscribed to the Google Groups "Bitcoin Development Mailing List" group.
To unsubscribe from this group and stop receiving emails from it, send an email to bitcoindev+unsubscribe@googlegroups.com.
To view this discussion visit https://groups.google.com/d/msgid/bitcoindev/CALkkCJYaLMciqYxNFa6qT6-WCsSD3P9pP7boYs%3Dk0htAdnAR6g%40mail.gmail.com.

[-- Attachment #2: Type: text/html, Size: 3921 bytes --]