From mboxrd@z Thu Jan 1 00:00:00 1970 Delivery-date: Sun, 31 May 2026 00:40:23 -0700 Received: from mail-oo1-f58.google.com ([209.85.161.58]) by mail.fairlystable.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (Exim 4.94.2) (envelope-from ) id 1wTamU-0001EO-KC for bitcoindev@gnusha.org; Sun, 31 May 2026 00:40:23 -0700 Received: by mail-oo1-f58.google.com with SMTP id 006d021491bc7-69dd543babfsf4515822eaf.1 for ; Sun, 31 May 2026 00:40:22 -0700 (PDT) ARC-Seal: i=3; a=rsa-sha256; t=1780213216; cv=pass; d=google.com; s=arc-20240605; b=kB2GH0yhZ0brFwOFxIPtY2ATqqe6t7YOrGzENM2WvrGNp3WP5OgMTeDSUBpnNkg1mv 1F60rJZ2/qp9G8ChRFgdJKcQ6MOr4zdzIyhWZ+N6y9Ju1cVqWxtK2mxskgBtABzDDhi1 6CZfZq9gDMVIA6KmvUfaUzE7uokcq3Ja9wvHpfUIenlY7EvDSwCNJbE3h8dFGXgeMK5g tCvyZh8ew1YmB+6wwUgnwHuWF5ZQcMunSKEKkQ5FlU+HlFLhTv1DMXquuoqhP9iKtrJ7 mYRvDYGFi2cJT3raFjl8YhCZoHK1muvl9ammEvi7+kQ2RrirZd0BuYpV2bdHregxH4gP W/lA== ARC-Message-Signature: i=3; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:sender:dkim-signature :dkim-signature; bh=TIQ+qLSTYSwQdEDWiBIvejEfal1sIrHFsQV+PoipjOI=; fh=NhZVCEIPJPVWG5OExf1jSsVThpZyQA49DXFcOObq+L4=; b=MPWyN1sQec3A5TLmJeveNyKs7QTs7BiBw1mJO1PDWSaVwDWmJbdS7+EHn5tyoGKxfL h1WYhRtiDgZ00PRAr/WKjdMTa6XnCqCoEmN9ebi2EPGf7MsptiDoQbQ7Ws7DV15vwWqU WEF+6ph0cY5PMnoVjurfEaF4tBiK0x+p7yxAhybOU3d96MJ6yuJyEzjd7FnmHbJ3uojL CD2Ttp4OdjMV+PJY3jA1h5dbtydh/EsS/qoM1+xV25jXeR5XpsjKAX8q9qWyAPQ8Vwuc sxIBE8e8cAea5osnbpfGbL3CGUQw8ba5i2JNToAYpoR3+3uEtwQAVJmA6PE/FKaeNCv+ aXAg==; darn=gnusha.org ARC-Authentication-Results: i=3; gmr-mx.google.com; dkim=pass header.i=@gmail.com header.s=20251104 header.b=NVw6xRMO; arc=pass (i=1); spf=pass (google.com: domain of garlonicon@gmail.com designates 2a00:1450:4864:20::632 as permitted sender) smtp.mailfrom=garlonicon@gmail.com; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com; dara=pass header.i=@googlegroups.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com; s=20251104; t=1780213216; x=1780818016; darn=gnusha.org; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:x-original-authentication-results :x-original-sender:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:sender:from:to:cc:subject:date:message-id :reply-to; bh=TIQ+qLSTYSwQdEDWiBIvejEfal1sIrHFsQV+PoipjOI=; b=ocZVvNUB0oIzbxerOEsWqe+xFmYFDzSKMdLq9VWNC66KcTDk8zy9+HpJ21oYXC2MYW AuBoPr3XjGSuxI0Cvd31R5moCyQg/l89sXd35d9KHiqNpENcN0aXB85TeenyyUUeIXlL Exvkf7BNwuvIzz5uC/mTej8XjxKHIRZn0zPt2Crs28T+NjkVm6ye3/f0EWRXRUoA0vJG k91Qi50NBvoH1OpgQGycT8Q0+SppJ4bd72HcQA2RU7960tHNTaqHZaZL8XbcLTPFHc4X XBWHrWF4eC/thk/Iv1r12CL5jP+ZUeSSx0LrrGQlaFLSSBXU/nfCabYf6Tv8zBDslmI9 SD7A== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20251104; t=1780213216; x=1780818016; darn=gnusha.org; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:x-original-authentication-results :x-original-sender:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:from:to:cc:subject:date:message-id:reply-to; bh=TIQ+qLSTYSwQdEDWiBIvejEfal1sIrHFsQV+PoipjOI=; b=G/9tHxKMYO/iduhJbw4WiSewKjeeZqlVA7+hU2bOPRWb7kESwk5sJR698ST0K3wDo2 7S5g8NrzDr/rjZvEZPZaZ3RXCc+pQ0uGdM2D2UUXQnNzuq5yf7wGD98Pq/8ybXhdltUe w9klnqb4/S5BDsl9THlthJztW89R0cl1P+YBYPiyDI61s2D35MelzAhKbi/25xPLloo/ XFQu0wihrZmu8W4CRuHWCcqxl3B88Brt9irIBaiPFCncxUjg7BKff0gY48yGZUq6rz2q C7oINpcIa2W9R2P8aalvjy4zs7RwVxjbVQMphhxX4/Na0kAirYblDaogJbneMll7sb0E b+sw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1780213216; x=1780818016; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:x-original-authentication-results :x-original-sender:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:x-gm-gg:x-beenthere:x-gm-message-state :sender:from:to:cc:subject:date:message-id:reply-to; bh=TIQ+qLSTYSwQdEDWiBIvejEfal1sIrHFsQV+PoipjOI=; b=qd/W1QqdrPWRqXdcPammJpRU2wQ5i0+B0D5U7rT9K57K8R/Ro/KFO2RlQdJ7f3Ufp7 MQh4JhpWwR4fdZjG6A/+fdmpay+Z6zp/QZsEQSUDLRFTVmb+yDBx8pyMoJ0a8wvIWKZM 2G79y9pKi98kF3z5T+5i/PxBEcWRl2iugH5dTv2vUScawxIFjS5fH1g/EQuk6t+NTCPD lHZq41XwxvK0UIMi8tpoC4VwpCEpRCAckmdKusWYL/oAiEdOGGS3x8B/nnuyv3b58AZe gF52uxTc/27q/ewUngRPSTzB142oCiz/2YI+Ot1lD/I505tkQTaThsRTD4whG6jHGciU EMyg== Sender: bitcoindev@googlegroups.com X-Forwarded-Encrypted: i=3; AFNElJ8JrJ/4kmwlW0IArbRg73BXwkHtmZW7Xix/BVKpsBZfzXEt/uY65mdjocunqs4Txv/PTAWaeI2RBPaF@gnusha.org X-Gm-Message-State: AOJu0YxZqA7HM12CJuEyifZryf71KLB2zNsmsf3ovYAkNZ95/Kgsd+Jj wOKConlez8afJ3zSH98dYWImW8i1UQAaikYkS7dkBgWsYYMbpj2QFrsN X-Received: by 2002:a05:6820:1885:b0:69d:ecb9:4a2 with SMTP id 006d021491bc7-69e0fe38512mr2872007eaf.4.1780213215910; Sun, 31 May 2026 00:40:15 -0700 (PDT) X-BeenThere: bitcoindev@googlegroups.com; h="AUV6zMOZlKCV1XCFn3z7ZR2+DrJLwh9ZuD4F1wlFmPb3KT8zXg==" Received: by 2002:a05:6820:a1d8:b0:69d:6cb2:88d2 with SMTP id 006d021491bc7-69de15702b6ls748025eaf.0.-pod-prod-00-us-canary; Sun, 31 May 2026 00:40:10 -0700 (PDT) X-Forwarded-Encrypted: i=3; AFNElJ9haxlSUxdRFhBbVuVhiDYk2KovQxF3znxSBPFbiF7VPC86Wed61WkA3fG16N1Twc/vf7FhhkW4wU5b@googlegroups.com X-Received: by 2002:a05:6808:c236:b0:485:50e:5899 with SMTP id 5614622812f47-485fb018d1bmr2976716b6e.2.1780213210434; Sun, 31 May 2026 00:40:10 -0700 (PDT) Received: by 2002:a05:600c:1d08:b0:490:3d60:134 with SMTP id 5b1f17b1804b1-49089da4eb1ms5e9; Sat, 30 May 2026 22:03:20 -0700 (PDT) X-Forwarded-Encrypted: i=3; AFNElJ8mLzy8KtU5JcnCE8hDTI/ZsKZpPDreqjX8ePSoTkY3GFJ5sNAvMyQRVbL3ZkVxJjaODzxUgWiDCBnk@googlegroups.com X-Received: by 2002:a05:600c:6091:b0:490:5cd8:d213 with SMTP id 5b1f17b1804b1-490a2b6b211mr92552255e9.15.1780203799070; Sat, 30 May 2026 22:03:19 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1780203799; cv=pass; d=google.com; s=arc-20240605; b=McACtUQ/x5iagS9Gf7in6MLiDRrwKlxaH/JiGhqaCMc43rJB8P6He1Hm+qTsbDk/HX AtUZWFJmQPd5afQEveY+mCXuJJiuFDvNXmKs7Bk9DPSK+lSvwpfBHf2RG7m5Y48kaVZc kerft48uhYAAR+4xKSCz0BY6h+w5unKv4a9/w45Qk6eA3VTijC06ek2ZwpZyE7mL83xW StPySXiRg1jJI4hVPjm45MVgORBPukNAPlhawmiMb+BjPT1J6/f8cVYWzCraADrPzIpg kLtQmwI0f4Npv6IARb0h3joquUfpgUw6kryBATgp3tKzZgVwYdbEgXbD741h3xv+Tw5j 3ZvA== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:dkim-signature; bh=2kD7Au27LyeHV+7HZgoeO5+rzhS1dVMbhxoHCRN373Q=; fh=9nE5HpbTbtnOp2wW+PyLu1h9TPWqmukfge5Oz8U2a60=; b=b/D+YnKtOnT0gNGX4CxjrWFxnkqOGFzPkaqrw1+YGFHsHKXNaR40n6AydJILtKDfEi C+52/1t+zyDOaYYUZtvqmWvfLmNofEEmGnQlbvxN/CJnvJFeroRjzklLGr2I7BQBnhcN k78T452dUR6A8Mpm/pXxcnEh9swAMXxJWYbswnuV67qPHN6sr8Wj5MrtFuzWJ+AspsKv njOasSKjqNgIFy6hLqtsIytTHfNXj4IXLpydLa2+XhdJkm4G0zdUDpUtsaRAeP/gVclr RkJ/KAeE5c9Sab80ehMNRy7wh37RLAKVsL0HhYFjJ5VhimiuSFtx4FI0FZaTTYarcsIN n+wQ==; dara=google.com ARC-Authentication-Results: i=2; gmr-mx.google.com; dkim=pass header.i=@gmail.com header.s=20251104 header.b=NVw6xRMO; arc=pass (i=1); spf=pass (google.com: domain of garlonicon@gmail.com designates 2a00:1450:4864:20::632 as permitted sender) smtp.mailfrom=garlonicon@gmail.com; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com; dara=pass header.i=@googlegroups.com Received: from mail-ej1-x632.google.com (mail-ej1-x632.google.com. [2a00:1450:4864:20::632]) by gmr-mx.google.com with ESMTPS id 5b1f17b1804b1-4909d69f380si1058375e9.1.2026.05.30.22.03.19 for (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Sat, 30 May 2026 22:03:19 -0700 (PDT) Received-SPF: pass (google.com: domain of garlonicon@gmail.com designates 2a00:1450:4864:20::632 as permitted sender) client-ip=2a00:1450:4864:20::632; Received: by mail-ej1-x632.google.com with SMTP id a640c23a62f3a-bdce61897ebso983414166b.2 for ; Sat, 30 May 2026 22:03:19 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1780203798; cv=none; d=google.com; s=arc-20240605; b=HlRNbIJ2YutBnY0+kyAWci/JlWe3ZicVw/TL4XO7t+6F8wVT9Ag6zlfqDA+bAW/gBa h0PNsZE2xw3cHnWAHE/0Ht7Ar1p5uWDGFU8MRD/ICc4yN8MPNzKCFXfV9cM+Y6lgvJ7N VRd4VlTW5pnwh7+cikMSwDxF9FUZ1kW5SSqCgZ/u1cIhUYI7+Duxoegq/PDMgWShKr1g EaayQdGYxIdmJlghwEYRJ+XJ9c6+Rfbed9HqBr6Pg/JZTFwRBwvws0eN+XrtaBGsJRtd sSsBDnE+RL8RAcCCVxPx+ix30TarXsFdiEHkLC36hsnmXCUJ8ov32BUySAW/RMyqSSKT Tx5A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:dkim-signature; bh=2kD7Au27LyeHV+7HZgoeO5+rzhS1dVMbhxoHCRN373Q=; fh=9nE5HpbTbtnOp2wW+PyLu1h9TPWqmukfge5Oz8U2a60=; b=hE1/RwkKQKTdVzHqVaFdpBAvdV/iilcopFkC3Ly3l1HMw6hzls0Ukz7v2m8vpBV4mn iLIilHTjWO1gntEvRFJPf4B+y+qvIi623XIbjZwgG37KQP/FMx3hERli6kdY3Txs+UjY yQa2r1BoDG5fI5YEl2Z6c79J7Anh+ceVtBFxXuhm9Chg6eXBPwblPwJ8r66U1IggCdsZ UlTGNVhqu6xC/LuuQTxmelz/r1uNw1sOpBoXr/6YKxQ35frLneASfresI+CdLcTctM1Z pfc3NkhL1cvG3ukvaqqC0dKSw/9iuZNd9WRcO7KB1XFHnrJ7eRiYxfgqrAngfDFL7A7/ +83A==; dara=google.com ARC-Authentication-Results: i=1; mx.google.com; arc=none X-Forwarded-Encrypted: i=1; AFNElJ9BjUjT4f8WylQgd7WDtg8STuoTW4apU/5Vvla+n4+RlCBPTaqMetTjMehS29IjcDOVdcG/T38cGwE5@googlegroups.com X-Gm-Gg: Acq92OEwIeNX9OGK495cvFNLIgmcMDvBqTjlWTNnxGkjdyG7HtAB15imQjZ8AQDJSq2 Xl9zvVirJvs0qi6dtJBHvWvsdMoFphHZxqykPnmiUr3KCHYI0lse74gr+ZXYjqD85PMjrqnFV9R WqkKjp//ZbBTOLFONYEvgdA2PR+XeTkhNfef9GaxgXO+xAmm3WtN2AFRy61Ahwky03DsnK7bVKe 4sZBgXTpPlFeUTrvyMZYREIN9Mj35OPHRNHWzzW/686qmIrZliBSX8BVeZwJF+rjppIDRD5EdAf TjqqJBpavZ2cvBgLyw== X-Received: by 2002:a17:907:9606:b0:baf:e47:1b6a with SMTP id a640c23a62f3a-beab78b5625mr319683066b.24.1780203798205; Sat, 30 May 2026 22:03:18 -0700 (PDT) MIME-Version: 1.0 References: <28eeaa8b-dc19-463f-882f-1ed69c4c9037@app.fastmail.com> In-Reply-To: From: Garlo Nicon Date: Sun, 31 May 2026 07:03:06 +0200 X-Gm-Features: AVHnY4KKmUSXSAB2wouqTI0bztrGyQynHd8z1wo0XyKtQ_UQOXjZDbADnIksjVM Message-ID: Subject: Re: [bitcoindev] Weak Quantum Bounty Ceremony To: Erik Aronesty Cc: Nikita Karetnikov , bitcoindev@googlegroups.com Content-Type: multipart/alternative; boundary="000000000000051a21065315ff6f" X-Original-Sender: garlonicon@gmail.com X-Original-Authentication-Results: gmr-mx.google.com; dkim=pass header.i=@gmail.com header.s=20251104 header.b=NVw6xRMO; arc=pass (i=1); spf=pass (google.com: domain of garlonicon@gmail.com designates 2a00:1450:4864:20::632 as permitted sender) smtp.mailfrom=garlonicon@gmail.com; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com; dara=pass header.i=@googlegroups.com Precedence: list Mailing-list: list bitcoindev@googlegroups.com; contact bitcoindev+owners@googlegroups.com List-ID: X-Google-Group-Id: 786775582512 List-Post: , List-Help: , List-Archive: , List-Unsubscribe: , X-Spam-Score: -0.5 (/) --000000000000051a21065315ff6f Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable I think I saw a similar topic on Delving: https://delvingbitcoin.org/t/qcap-a-bitcoin-native-quantum-canary-alert/249= 8 > and intentionally limited to 160 bits of entropy If you need 160-bit keys, then I think you can use secp160k1. As I said, there are four curves with similar properties: secp160k1, secp192k1, secp224k1, and secp256k1. Also, because the half of the generator in secp224k1 and secp256k1 is identical, it could make them easier to connect. > After the transcript is finalized, participants destroy their secret shares and temporary randomness. Well, we have some existing puzzle, where it was not done, but other than that, it looks exactly like you described. Also, the missing part here is proving, that private keys are in a given range: https://mempool.space/tx/08389f34c98c606322740c0be6a7125d9860bb8d5cb182c02f= 98461e5fa6cd15 I guess your puzzle would be similar to that, but would also contain some proofs, that private keys are really placed in a proper range. > whether there are cleaner constructions I wonder, if grinding some bits of x-value on secp256k1 has a similar difficulty, as finding the N-bit private key. Because in that case, it could be checked by OP_SIZE instead. And for that cases, we already have some puzzle: https://mempool.space/tx/aba3c2ae442aa20150996ee68f9aa4da83b57a4312891078be= 0c2e68c50b2801 Then, if OP_CHECKSIG would be completely broken, we would see 9-byte DER signatures. But if only secp256k1 would be, without breaking SHA-256, then we would have one-byte r-value, and then grinded s-value, which would mean 40-byte or smaller DER signatures. sob., 30 maj 2026 o 21:30 Erik Aronesty napisa=C5=82(a): > > If the network is not updated to be post-quantum, the attackers can > just go for the funds elsewhere > > .This assumes that quantum computing speedup for classical computing is > feasible and finite-energy for classically interprable results, which has > not been proven or demonstrated > > > The counterargument is that a discovery can be made by a lab that=E2=80= =99s not > interested in stealing. > > Yes, and this bounty would not be stealing, so labs can freely do this > legally. > > > The bounty is already there, it=E2=80=99s the network itself, pre- or > post-quantum. > > This is a canary bounty with a weaker key, presumably it will be unlocked > at least a few months in advance of any needed emergency upgrades, should > they ever prove necessary. > > > On Sat, May 30, 2026 at 12:18=E2=80=AFPM Nikita Karetnikov > wrote: > >> Dear Erik, >> >> The bounty idea has been discussed recently in =E2=80=9CWhat if we let Q= uantum >> Hunters get Bitcoin rewards ?=E2=80=9D >> I=E2=80=99ve also seen it mentioned elsewhere. >> >> Before going into the implementation, let=E2=80=99s discuss the concept. >> I don=E2=80=99t understand what problem is being solved by the bounty. >> To me it serves no purpose. >> >> If the network is not updated to be post-quantum, the attackers can just >> go for the funds elsewhere. >> The counterargument is that a discovery can be made by a lab that=E2=80= =99s not >> interested in stealing. >> What is the bounty for in that case? >> The researchers are primarily motivated by producing novel results. >> They already receive salary and the companies working on this have >> funding. >> This also assumes that the lab would be allowed to publish this result >> publicly. >> They would have other means to demonstrate their discovery as well. >> Why would you optimize for this very specific use case? >> >> And if the network is updated to be post-quantum, the PQ bounty has no >> purpose. >> >> The bounty is already there, it=E2=80=99s the network itself, pre- or >> post-quantum. >> >> Thanks, >> Nikita >> >> -- >> You received this message because you are subscribed to the Google Group= s >> "Bitcoin Development Mailing List" group. >> To unsubscribe from this group and stop receiving emails from it, send a= n >> email to bitcoindev+unsubscribe@googlegroups.com. >> To view this discussion visit >> https://groups.google.com/d/msgid/bitcoindev/28eeaa8b-dc19-463f-882f-1ed= 69c4c9037%40app.fastmail.com >> . >> > -- > You received this message because you are subscribed to the Google Groups > "Bitcoin Development Mailing List" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to bitcoindev+unsubscribe@googlegroups.com. > To view this discussion visit > https://groups.google.com/d/msgid/bitcoindev/CAJowKgJZk%3Dc17stAtWxa%3Dh1= fAhZL4YfvbbAY%2Bgo32wmDKffNzQ%40mail.gmail.com > > . > --=20 You received this message because you are subscribed to the Google Groups "= Bitcoin Development Mailing List" group. To unsubscribe from this group and stop receiving emails from it, send an e= mail to bitcoindev+unsubscribe@googlegroups.com. To view this discussion visit https://groups.google.com/d/msgid/bitcoindev/= CAN7kyNggyHQ6SNmrDqdZg9R8FgP6-5ia0eQhPbAaQCte6PzXUA%40mail.gmail.com. --000000000000051a21065315ff6f Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
I think I saw a similar topic on Delving: ht= tps://delvingbitcoin.org/t/qcap-a-bitcoin-native-quantum-canary-alert/2498<= /a>

> and intentionally limited to 160 bits of entropy

If = you need 160-bit keys, then I think you can use secp160k1. As I said, there= are four curves with similar properties: secp160k1, secp192k1, secp224k1, = and secp256k1. Also, because the half of the generator in secp224k1 and sec= p256k1 is identical, it could make them easier to connect.

> Afte= r the transcript is finalized, participants destroy their secret shares and= temporary randomness.

Well, we have some existing puzzle, where it = was not done, but other than that, it looks exactly like you described. Als= o, the missing part here is proving, that private keys are in a given range= : https://mempool.space/tx/08389f34c98c606322740= c0be6a7125d9860bb8d5cb182c02f98461e5fa6cd15

I guess your puzzle = would be similar to that, but would also contain some proofs, that private = keys are really placed in a proper range.

> whether there are cle= aner constructions

I wonder, if grinding some bits of x-value on sec= p256k1 has a similar difficulty, as finding the N-bit private key. Because = in that case, it could be checked by OP_SIZE instead. And for that cases, w= e already have some puzzle: https://mempool.spac= e/tx/aba3c2ae442aa20150996ee68f9aa4da83b57a4312891078be0c2e68c50b2801
Then, if OP_CHECKSIG would be completely broken, we would see 9-byte = DER signatures. But if only secp256k1 would be, without breaking SHA-256, t= hen we would have one-byte r-value, and then grinded s-value, which would m= ean 40-byte or smaller DER signatures.

sob., 30 maj 20= 26 o 21:30=C2=A0Erik Aronesty <erik@q32.= com> napisa=C5=82(a):
>=C2=A0 If the network is not updated to b= e post-quantum, the attackers can just go for the funds elsewhere

.T= his assumes that quantum computing speedup for classical computing is feasi= ble and finite-energy for classically interprable results, which has not be= en proven or demonstrated

> The counterargument is that a discove= ry can be made by a lab that=E2=80=99s not interested in stealing.

Y= es, and this bounty would not be stealing, so labs can freely do this legal= ly.

>=C2=A0 The bounty is already there, it=E2=80=99s the network itself, pre- or post-= quantum.

This is a canary bounty with a weaker key, presumably=C2=A0= it will be unlocked at least a few months in advance of any needed emergenc= y upgrades, should they ever prove necessary.=C2=A0 =C2=A0

On Sat, M= ay 30, 2026 at 12:18=E2=80=AFPM Nikita Karetnikov <nikita@karetnikov.org> wrote:<= br>
Dear Erik,

The bounty idea has been discussed recently in =E2=80=9CWhat if we let Quan= tum Hunters get Bitcoin rewards ?=E2=80=9D
I=E2=80=99ve also seen it mentioned elsewhere.

Before going into the implementation, let=E2=80=99s discuss the concept. I don=E2=80=99t understand what problem is being solved by the bounty.
To me it serves no purpose.

If the network is not updated to be post-quantum, the attackers can just go= for the funds elsewhere.
The counterargument is that a discovery can be made by a lab that=E2=80=99s= not interested in stealing.
What is the bounty for in that case?
The researchers are primarily motivated by producing novel results.
They already receive salary and the companies working on this have funding.=
This also assumes that the lab would be allowed to publish this result publ= icly.
They would have other means to demonstrate their discovery as well.
Why would you optimize for this very specific use case?

And if the network is updated to be post-quantum, the PQ bounty has no purp= ose.

The bounty is already there, it=E2=80=99s the network itself, pre- or post-= quantum.

Thanks,
Nikita

--
You received this message because you are subscribed to the Google Groups &= quot;Bitcoin Development Mailing List" group.
To unsubscribe from this group and stop receiving emails from it, send an e= mail to bitcoindev+unsubscribe@googlegroups.com.
To view this discussion visit https://groups.google.com/d/msgid/bitcoindev/= 28eeaa8b-dc19-463f-882f-1ed69c4c9037%40app.fastmail.com.

--
You received this message because you are subscribed to the Google Groups &= quot;Bitcoin Development Mailing List" group.
To unsubscribe from this group and stop receiving emails from it, send an e= mail to bitcoindev+unsubscribe@googlegroups.com.
To view this discussion visit ht= tps://groups.google.com/d/msgid/bitcoindev/CAJowKgJZk%3Dc17stAtWxa%3Dh1fAhZ= L4YfvbbAY%2Bgo32wmDKffNzQ%40mail.gmail.com.

--
You received this message because you are subscribed to the Google Groups &= quot;Bitcoin Development Mailing List" group.
To unsubscribe from this group and stop receiving emails from it, send an e= mail to bitcoind= ev+unsubscribe@googlegroups.com.
To view this discussion visit https://groups.google.com/d/ms= gid/bitcoindev/CAN7kyNggyHQ6SNmrDqdZg9R8FgP6-5ia0eQhPbAaQCte6PzXUA%40mail.g= mail.com.
--000000000000051a21065315ff6f--