From mboxrd@z Thu Jan 1 00:00:00 1970 Delivery-date: Mon, 31 Mar 2025 02:43:50 -0700 Received: from mail-ot1-f63.google.com ([209.85.210.63]) by mail.fairlystable.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (Exim 4.94.2) (envelope-from ) id 1tzBgL-00031r-2A for bitcoindev@gnusha.org; Mon, 31 Mar 2025 02:43:49 -0700 Received: by mail-ot1-f63.google.com with SMTP id 46e09a7af769-72b87bd96a9sf1409530a34.0 for ; Mon, 31 Mar 2025 02:43:49 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1743414223; cv=pass; d=google.com; s=arc-20240605; b=S/I+E2MTncXh3IUpHQl94GZRNfFu0YVUkLcrbi6bRby3usTzF8j65opHULIyZnH+Qg cfm66fI/pUtzyfVf8Qbu983xkjiVV3LxxoUFW6vsCN993zLWPyVNvB3yAikXWaDI9Dws yEJaHLaK1cuak3VovvTkQED0GKk7OLs3CQg1spaMjh43bXBd5oh5NpnBjTIULTOZZaDV fmCfBN6JGqYe2hzNhJk4rvxBqtkOc4PInuD1oVllRSJzBqtt5E0jqF6dBClxFKTi9VMa A4Lkvej5d0otLOUj06eCGPckELhmX6sHhl1C23ndV1hUnsN8bJz+PwKzXzKQItAMbp2Z q9eg== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:sender:dkim-signature :dkim-signature; bh=+IRZpE8KOEtgQ4KIRmSPGp7+Pqx/JasHMH1T+d27Lvg=; fh=xWuqjZ6xgEfklpQu7eluC+Zo4IZKoD8I2uE0v0JJR/w=; b=CB8fl7NcLaoYS4M1WsgHVZAJ43cQWEIPfiN9Pqp3NhmDlfyGG9RYyv/XVEmXfLTeIm oSzfutSuUXrExFOECk77d8SxlKYQ6zS8ShuXEoz3Y81b0x+vXo4nsLHTDsHjTyCLX0zV +XzS/PZy+NK6Xeq+P1/e1WEqxHhk4+REGUL99vmvDUR/H8XGw7Am1DivNlJ1aX+YXjf3 IQAPOfDB2VTdgXcRKP3iPkdXZvDxn326i9/S1oZHwNIaPwT/1CNOFSTrxml4Vt10RErf juL60aDsf+sYb7sBXSZikVTE4GGWiVGLP+52rwz2ANytuAerHPsbs9gNsYz4gl87V3M5 bsVw==; darn=gnusha.org ARC-Authentication-Results: i=2; gmr-mx.google.com; dkim=pass header.i=@gmail.com header.s=20230601 header.b=AxZWhOv7; spf=pass (google.com: domain of martin.habovstiak@gmail.com designates 2607:f8b0:4864:20::a33 as permitted sender) smtp.mailfrom=martin.habovstiak@gmail.com; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com; dara=pass header.i=@googlegroups.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com; s=20230601; t=1743414223; x=1744019023; darn=gnusha.org; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:x-original-authentication-results :x-original-sender:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:sender:from:to:cc:subject:date:message-id :reply-to; bh=+IRZpE8KOEtgQ4KIRmSPGp7+Pqx/JasHMH1T+d27Lvg=; b=kqyLkppNb0AnYyXU2z+qmAe19dpfvlfef8skNGNbtb9PByjH/2YG4nwMatAh/MEAVc MsE4GaULbhmIMY3TDQwn54zE54lMOLMFJZo1v2f4rEaZFUFIlkkYEsoWnCXl9/BOKghF hHTI2Sy/IPoEWB9nWx90vdVrJ87mtOkERQDIXYTNOgT8ZSSRihje6TL3eh/uUXlMms15 GxgPW3TSKcl4NcsBk8JKcAbc15fsqc8Xfkjh0Eb5g6498K+rmc1jiNSveK0y7mYmAyZ1 xj9421g+uk8Jn52jiIdNws0VyZ4lASvcwxqOID1fpjeKz1oRXS57/tKUMdUWcNJ9qQ5i 38OA== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1743414223; x=1744019023; darn=gnusha.org; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:x-original-authentication-results :x-original-sender:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:from:to:cc:subject:date:message-id:reply-to; bh=+IRZpE8KOEtgQ4KIRmSPGp7+Pqx/JasHMH1T+d27Lvg=; b=MkrU5ejFsqV1hp+aNOX1nm+GY62eHg+t+DlrFEmSZRzLvz3a7lEaxfb5sdqy1gCZNY Rug7aMO+NTm8FEWK/FBE71MXjcvFdqvsj6mjEjWY5AxJ3apAgdxZCYURNrpLPfncve75 0vipyy/3xFlJOynpKVBJmQoW88WP9zU2Gf2CaC9C10DMkAOa3eFIh/kii/Rd8wwcEn72 njYYCfW5TvHhT0LD7Q9EUw8erTZBT79IAo73YLd7n0kMqyP7tNDsy1n9bOLtvy03cVCP YfSDPG3POQ1CW9IEumf77F5Ou5NO6H5c8cmeZJXqjz7dCwVTSj71qnLIXIex4y2cgRt/ h/lg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1743414223; x=1744019023; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:x-original-authentication-results :x-original-sender:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:x-beenthere:x-gm-message-state:sender:from :to:cc:subject:date:message-id:reply-to; bh=+IRZpE8KOEtgQ4KIRmSPGp7+Pqx/JasHMH1T+d27Lvg=; b=aOb8tKCEGTNWsyJlUPv3Xjz7mCFkjt/w81l5qkqDqzZ3nVRVXtzfzpcLG7P4TVGEs8 WxPgpyG7DunRFOHHbTbfkRIiPGac0bZmhfC/F/F+d6JiKF6mXo08lilQxfgRJv1Hx7J4 6IuEa27zZ2Jyf2V3z2IQtWX8+b9QjvuFHTWwKlxC30ZRrpcc4X50OL7iOp2ZsKQNDmLD weHhYEgRH2LygOmL0LdROdyVYtpdjqx9H8B0ixVOD72e143PeMqkxlwFWJli85warz8w qR0FZEg4QcMHvDnje64/97FGyPi82d6HLMqhPuNzyj4Sup2tx8rJxh/IpbzY1o5+zDnU y5VQ== Sender: bitcoindev@googlegroups.com X-Forwarded-Encrypted: i=2; AJvYcCVbFQSfUKte8OR4yskWaa2LniluXTVyVwluQ1DL8UKqzxx/6B11vO+hx+nZ+tdfrOieQuYF2wi0iVeZ@gnusha.org X-Gm-Message-State: AOJu0YxgS6LuWDI0wPHMXbwuAXYGp/1gha4v2M20ro2c+X0hxawqD4ca 01nD2z+igZoyEXc7v51BEIA+z4YuAUR5IxFWT30J3WdN1u5yc9Tl X-Google-Smtp-Source: AGHT+IG4d/OeT0L2NYw7oA6VU9Up1xqGzEJe/YTQcgzZCtVB1J4s0fNiF0yD1rOFfFMnHzsLHkt25g== X-Received: by 2002:a05:6830:661c:b0:727:4576:36f9 with SMTP id 46e09a7af769-72c6377c7f0mr5129825a34.3.1743414223477; Mon, 31 Mar 2025 02:43:43 -0700 (PDT) X-BeenThere: bitcoindev@googlegroups.com; h=ARLLPAI6jWBvkalGj/yOOilojFUFAISwRik/EaE8VTBQPMwceg== Received: by 2002:a4a:c807:0:b0:5fc:fc5a:c55b with SMTP id 006d021491bc7-6027ca7a086ls1058065eaf.0.-pod-prod-02-us; Mon, 31 Mar 2025 02:43:40 -0700 (PDT) X-Received: by 2002:a05:6808:15a0:b0:3f8:a088:3e45 with SMTP id 5614622812f47-3ff0f5cdee1mr4339041b6e.36.1743414220252; Mon, 31 Mar 2025 02:43:40 -0700 (PDT) Received: by 2002:a05:6808:985:b0:3fa:6f09:b173 with SMTP id 5614622812f47-3feefbac77emsb6e; Sun, 30 Mar 2025 13:11:20 -0700 (PDT) X-Received: by 2002:a05:6602:4181:b0:85b:505a:7def with SMTP id ca18e2360f4ac-85e9e85c51amr603350239f.6.1743365479368; Sun, 30 Mar 2025 13:11:19 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1743365479; cv=none; d=google.com; s=arc-20240605; b=OkgK5vysyYqH2vw6ZaxfNjwJNyZNjGpwNK4EPWM59c7JHYo50oDq/fC0gUXY6u19UE YqtIIRqU/DyM1baLrtH1sMO8h0qF2ot8M0aCzjQFk7c30eHPggipgGmN7BWAo937kHrh EOYvPwaUKQMWD4JdBWTrbZnJqW4UP97RaXhKo2/K3kOsFneyJPzJBO1AgxjPvr63BDfr ujB6dkbqqWUTZeE5yFWLtCFJ7p1A6z/WLXR2uNY/StBsHwvcbvGNCQ/onJlvnzCTW46Q +Bdb9PVWlnsvuMNnPxkvUY3C6Jfj7gGLXYElA5M0l58I4gZ0d7dpyw04ym93ESKaK1u0 8fFg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:dkim-signature; bh=6PqkvYNKQuxSzN8eZrv5TCEuwdp1bRhBMcBbpB0RTl0=; fh=ORh+iEPmgboQ22R142U1OIJuGECSCHd3LBJEERtwxbc=; b=ZV8JgPIiVd21CilKDqXxujtFB8BgaEY77H0ns+FU/WWGxjDmb68LiUVICIdg6MXLsF STvayq1c2PrLZ/6qqR1lSg95sPApGBRFPzhUykLkfQ3MOVxoIJCsZYWRW7TNpyY8fxTw W56cF7fzFU3O7XWCCKjdhA1PG+ocmhqiqCgR8OiPFMTNC65SiD6JEua+iqu3tpTiFiKd cauurYn3Gx8guRjpJpSPMaJlUR2CrrDB3iF+0jH43hKq4hIERkRk1n/NU+6DeUoVnvJd UibOKMUuF9Q689ZsP7V8AZtseROO4tatsIKI/UE0KxGSUZKVoIHhYJVE6W4LyZf/oss6 PxHQ==; dara=google.com ARC-Authentication-Results: i=1; gmr-mx.google.com; dkim=pass header.i=@gmail.com header.s=20230601 header.b=AxZWhOv7; spf=pass (google.com: domain of martin.habovstiak@gmail.com designates 2607:f8b0:4864:20::a33 as permitted sender) smtp.mailfrom=martin.habovstiak@gmail.com; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com; dara=pass header.i=@googlegroups.com Received: from mail-vk1-xa33.google.com (mail-vk1-xa33.google.com. [2607:f8b0:4864:20::a33]) by gmr-mx.google.com with ESMTPS id 8926c6da1cb9f-4f46470f006si263570173.1.2025.03.30.13.11.19 for (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Sun, 30 Mar 2025 13:11:19 -0700 (PDT) Received-SPF: pass (google.com: domain of martin.habovstiak@gmail.com designates 2607:f8b0:4864:20::a33 as permitted sender) client-ip=2607:f8b0:4864:20::a33; Received: by mail-vk1-xa33.google.com with SMTP id 71dfb90a1353d-523ffbe0dbcso4285000e0c.0 for ; Sun, 30 Mar 2025 13:11:19 -0700 (PDT) X-Gm-Gg: ASbGncvA33eppv1q/wFkAehX5s4FallGRRXKgJoSh2gCD9PXbK1SFCr0xDNIGf5lrm9 g+d/2tBlgoPxEpzcL5iLxPnr/L51zx1afKriMOymAWFxyyPOaXmQJRJ4VkfGpyMJFVNkxoEdjN8 yBkl4CeoHafCA596TVI2hNVkuSew== X-Received: by 2002:a05:6102:3e8a:b0:4c3:6ba1:3aac with SMTP id ada2fe7eead31-4c6d3837bcdmr4440674137.3.1743365478594; Sun, 30 Mar 2025 13:11:18 -0700 (PDT) MIME-Version: 1.0 References: In-Reply-To: From: =?UTF-8?Q?Martin_Habov=C5=A1tiak?= Date: Sun, 30 Mar 2025 22:11:09 +0200 X-Gm-Features: AQ5f1JrlJunJNhYOWiP88s-NQYr2rv_VIeFmFT09LHOBM54OmxL1ZXN_oDDdVjs Message-ID: Subject: Re: [bitcoindev] Hashed keys are actually fully quantum secure To: "David A. Harding" Cc: Bitcoin Development Mailing List Content-Type: multipart/alternative; boundary="00000000000010c011063194e890" X-Original-Sender: martin.habovstiak@gmail.com X-Original-Authentication-Results: gmr-mx.google.com; dkim=pass header.i=@gmail.com header.s=20230601 header.b=AxZWhOv7; spf=pass (google.com: domain of martin.habovstiak@gmail.com designates 2607:f8b0:4864:20::a33 as permitted sender) smtp.mailfrom=martin.habovstiak@gmail.com; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com; dara=pass header.i=@googlegroups.com Precedence: list Mailing-list: list bitcoindev@googlegroups.com; contact bitcoindev+owners@googlegroups.com List-ID: X-Google-Group-Id: 786775582512 List-Post: , List-Help: , List-Archive: , List-Unsubscribe: , X-Spam-Score: -0.5 (/) --00000000000010c011063194e890 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Hi, conceptually they are the same idea, I didn't see that conversation before. Howerver, in that conversation there seems to be a better developed scheme that is more secure as far as I can tell. I have just assumed that the chain cannot be censored profitably if the number of blocks to wait for is high enough (why: the miners are giving up fees by not including the transaction and the attacker would have to split the reward between all miners but the honest user only needs to outbid the attacker once) That other idea seems to work even if the chain is censored for arbitrary number of blocks. In the meantime I was also thinking of a scheme that allows you to commit early and then wait for a any time you want but with the ability to detect that someone else is trying to spend it, so that you can act quickly. In some sense it was more similar but still not that good. The proposed scheme with unique decommitment is better and should be implemented instead of my idea. Anyway, I believe even my weaker idea is still good enough to make my point given how hard it is to censor a transaction. My point wasn't saying that my specific implementation is the best but saying we can postpone the decision to implement a QR scheme to much later than what some people might think. Have a nice day! Martin D=C5=88a ne 30. 3. 2025, 17:41 David A. Harding nap=C3=ADsa= l(a): > On 2025-03-16 08:25, Martin Habov=C5=A1tiak wrote: > > It is possible to implement fully secure recovery if we forbid > > spending of hashed keys unless done through the following scheme: > > Hi Martin, > > How does this differ from Tim Ruffing's version[1] of Guy Fawkes > signatures?[2][3] > > Thanks, -Dave > > [1] > > https://gnusha.org/pi/bitcoindev/1518710367.3550.111.camel@mmci.uni-saarl= and.de/ > (but see also the whole thread and the links in it) > > [2] https://www.cl.cam.ac.uk/archive/rja14/Papers/fawkes.pdf > > [3] Amusing exploration of a blockchain cryptocurrency without > signatures by Joseph Bonneau and Andrew Miller: > https://jbonneau.com/doc/BM14-SPW-fawkescoin.pdf (never saw it before, > but it came up in my search results for a Guy Fawkes signatures > reference). > --=20 You received this message because you are subscribed to the Google Groups "= Bitcoin Development Mailing List" group. To unsubscribe from this group and stop receiving emails from it, send an e= mail to bitcoindev+unsubscribe@googlegroups.com. To view this discussion visit https://groups.google.com/d/msgid/bitcoindev/= CALkkCJYaLMciqYxNFa6qT6-WCsSD3P9pP7boYs%3Dk0htAdnAR6g%40mail.gmail.com. --00000000000010c011063194e890 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
Hi,

conceptually they are the same idea, I didn't see that = conversation before.

Howerver,= in that conversation there seems to be a better developed scheme that is m= ore secure as far as I can tell. I have just assumed that the chain cannot = be censored profitably if the number of blocks to wait for is high enough (= why: the miners are giving up fees by not including the transaction and the= attacker would have to split the reward between all miners but the honest = user only needs to outbid the attacker once)

That other idea seems to work even if the chain is cen= sored for arbitrary number of blocks. In the meantime I was also thinking o= f a scheme that allows you to commit early and then wait for a any time you= want but with the ability to detect that someone else is trying to spend i= t, so that you can act quickly. In some sense it was more similar but still= not that good. The proposed scheme with unique decommitment is better and = should be implemented instead of my idea.

=
Anyway, I believe even my weaker idea is still good enoug= h to make my point given how hard it is to censor a transaction. My point w= asn't saying that my specific implementation is the best but saying we = can postpone the decision to implement a QR scheme to much later than what = some people might think.

Have a nice day!

Martin=

D=C5=88a ne 30. 3. 2025, 17:41 David A. Harding <dave@dtrt.org> = nap=C3=ADsal(a):
On 2025-03-16 08:2= 5, Martin Habov=C5=A1tiak wrote:
> It is possible to implement fully secure recovery if we forbid
> spending of hashed keys unless done through the following scheme:

Hi Martin,

How does this differ from Tim Ruffing's version[1] of Guy Fawkes
signatures?[2][3]

Thanks, -Dave

[1]
https://gnusha.org/pi/bitcoindev/1518710367.3550.111.camel@mmci.uni-saarl= and.de/
(but see also the whole thread and the links in it)

[2] https://www.cl.cam= .ac.uk/archive/rja14/Papers/fawkes.pdf

[3] Amusing exploration of a blockchain cryptocurrency without
signatures by Joseph Bonneau and Andrew Miller:
https://jbonneau.com/doc/BM14-= SPW-fawkescoin.pdf (never saw it before,
but it came up in my search results for a Guy Fawkes signatures
reference).

--
You received this message because you are subscribed to the Google Groups &= quot;Bitcoin Development Mailing List" group.
To unsubscribe from this group and stop receiving emails from it, send an e= mail to bitcoind= ev+unsubscribe@googlegroups.com.
To view this discussion visit https://groups.google.com/d/= msgid/bitcoindev/CALkkCJYaLMciqYxNFa6qT6-WCsSD3P9pP7boYs%3Dk0htAdnAR6g%40ma= il.gmail.com.
--00000000000010c011063194e890--