From mboxrd@z Thu Jan 1 00:00:00 1970 Delivery-date: Fri, 14 Jun 2024 07:15:36 -0700 Received: from mail-yw1-f190.google.com ([209.85.128.190]) by mail.fairlystable.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (Exim 4.94.2) (envelope-from ) id 1sI7iJ-0007tN-Fa for bitcoindev@gnusha.org; Fri, 14 Jun 2024 07:15:35 -0700 Received: by mail-yw1-f190.google.com with SMTP id 00721157ae682-62fb4a1f7bfsf46849827b3.3 for ; Fri, 14 Jun 2024 07:15:35 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com; s=20230601; t=1718374529; x=1718979329; darn=gnusha.org; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:x-original-sender:mime-version :subject:references:in-reply-to:message-id:to:from:date:sender:from :to:cc:subject:date:message-id:reply-to; bh=jJC+Xw3aFjWlzjeJgicl5C+goMksSH+mL3lghvUM4zA=; b=dA5c+0mCdtCYV3hNGnAtnuPpJf0rLsvatPYL4SYXWwc4/lWAeUYikyjW/AIx071O5p rxJ960vT9HGI4FPXT8DumrlwdvtqFYHhoAeOt4NbbY9WIoNwDwROfL9EhFPaQw6VwLlg ys/saieiJ/zRUU4TIO+HSw+WMarVDzFKorr4RUEM7bqMIOCvmH7jcOdBEOUG/1O64vSN 4yXXqPnQwT00tzFMuB5wkcGCpIQpqlVVMI0FFQT/g0AsfHevcYePntCi1X/Q5dAfXNaP e+Co2IV/dTShmRTa9WxMGD4qS97LBXSr9KUyPfJPzUr09yxUb1GNlU+LkBrzv48VE8Ad 17dQ== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1718374529; x=1718979329; darn=gnusha.org; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:x-original-sender:mime-version :subject:references:in-reply-to:message-id:to:from:date:from:to:cc :subject:date:message-id:reply-to; bh=jJC+Xw3aFjWlzjeJgicl5C+goMksSH+mL3lghvUM4zA=; b=MDWU/rYKsx6M+yXygNS/qcf2Bh4sn3l/vHcEKN52Cd9dLRUoyv3Sh8H4eBQABAtYex b0z2xbevCO26xd//2Xu9H3gcYrR5o1E8J7g5/9wrEdSbQ5ESAC5NnLUdaMxGXkfcAVhX ngFID0BQGDVqJtwR1r8XRvo7d3Ae4B+UdQ0m0o+dZhfvknyfi5x6PLeVkisXbmbZmmeY xPB6DG1EVw2r+eIujeoZBb3Ysjco8Q9GW0EvnPjOOLqNEWjsvd4flKZX1jsvNAVM31C4 BqzZiHpsPTyTOJCQziuRUSKTIUf/f9dNouryyunpZUbGnlvoT6wDr+t86kPOpH0drhiD hqXg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1718374529; x=1718979329; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:x-original-sender:mime-version :subject:references:in-reply-to:message-id:to:from:date:x-beenthere :x-gm-message-state:sender:from:to:cc:subject:date:message-id :reply-to; bh=jJC+Xw3aFjWlzjeJgicl5C+goMksSH+mL3lghvUM4zA=; b=T56Aqf5EaGX86DZpE2QC+X68iITX61pocU7G2Gp8tz8YqYMnvxEjvDOFZl/Q7RDRXC 7uizTJQgic1/GjCjzcco9tu6XcmIq2l1klIuqZomPYoAbJLHxIb3Oafc8OYQO5vqhKbq ZNkpPlMiaGBZzzXuSONc7smJ19Zok3CfzSHuT8vjGhXnrM7jq/9kgUA+ioBLhwHEXQ5O o8fzjHh+iG78rKzzdtPJE3lRYdOzi8vMiuatKau+85/NAfRMhjEL9u5GCN/sLgeDxMP6 5odeg96gfPsehfbPt863xtLHOpuxxHlE6krMTVHjK2VLlBPly90jF99ZtGnox+AUHMdx kiSw== Sender: bitcoindev@googlegroups.com X-Forwarded-Encrypted: i=1; AJvYcCWZwF5VMm+jjKu0qnl+JmZBA8JmZWGf2gwz3EZb2NuietrcSb6WTHrD5HAkszKuKqV6V7kbwdtC8+vgx93g1ZLJ7tsRQJc= X-Gm-Message-State: AOJu0YyI2R4a6aAb3to+/9NO0eKe+3H3k0gYjAAJz6YnsOjRmwedh9U9 N/r8DGl6bi7SQyNel0WzLTQy8LwG+qAd2L7+niiWsS3LQpFAGDL4 X-Google-Smtp-Source: AGHT+IECavU9Z8LVSc1cBQctFCuZCUOBw01UgUi3qah4vgwdsNFElLBXCjtG7HVexM/3jOQCRmyE4Q== X-Received: by 2002:a25:8187:0:b0:dfa:599e:8b6c with SMTP id 3f1490d57ef6-dff153b3260mr2565094276.25.1718374529218; Fri, 14 Jun 2024 07:15:29 -0700 (PDT) X-BeenThere: bitcoindev@googlegroups.com Received: by 2002:a05:6902:1249:b0:dfe:54e6:8233 with SMTP id 3f1490d57ef6-dfefe6e2bacls3055175276.0.-pod-prod-08-us; Fri, 14 Jun 2024 07:15:27 -0700 (PDT) X-Received: by 2002:a05:6902:136d:b0:dfa:5a22:c4d4 with SMTP id 3f1490d57ef6-dff15468d20mr480747276.12.1718374527035; Fri, 14 Jun 2024 07:15:27 -0700 (PDT) Received: by 2002:a81:fe08:0:b0:627:7f59:2eee with SMTP id 00721157ae682-63219bff5c8ms7b3; Fri, 14 Jun 2024 06:51:09 -0700 (PDT) X-Received: by 2002:a05:690c:d87:b0:61b:791a:9850 with SMTP id 00721157ae682-6322480e75dmr6559907b3.9.1718373068103; Fri, 14 Jun 2024 06:51:08 -0700 (PDT) Date: Fri, 14 Jun 2024 06:51:07 -0700 (PDT) From: Pierre-Luc Dallaire-Demers To: Bitcoin Development Mailing List Message-Id: In-Reply-To: <62fd28ab-e8b5-4cfc-b5ae-0d5a033af057n@googlegroups.com> References: <62fd28ab-e8b5-4cfc-b5ae-0d5a033af057n@googlegroups.com> Subject: [bitcoindev] Re: Proposing a P2QRH BIP towards a quantum resistant soft fork MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="----=_Part_13076_600048989.1718373067734" X-Original-Sender: dallairedemers@gmail.com Precedence: list Mailing-list: list bitcoindev@googlegroups.com; contact bitcoindev+owners@googlegroups.com List-ID: X-Google-Group-Id: 786775582512 List-Post: , List-Help: , List-Archive: , List-Unsubscribe: , X-Spam-Score: -0.5 (/) ------=_Part_13076_600048989.1718373067734 Content-Type: multipart/alternative; boundary="----=_Part_13077_601844276.1718373067734" ------=_Part_13077_601844276.1718373067734 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable SQIsign is blockchain friendly but also very new, I would recommend adding= =20 a hash-based backup key in case an attack on SQIsign is found in the future= =20 (recall that SIDH broke over the span of a=20 weekend https://eprint.iacr.org/2022/975.pdf). Backup keys can be added in the form of a Merkle tree where one branch=20 would contain the SQIsign public key and the other the public key of the=20 recovery hash-based scheme. For most transactions it would only add one bit= =20 to specify the SQIsign branch. The hash-based method could be Sphincs+, which is standardized by NIST but= =20 requires adding extra code, or Lamport, which is not standardized but can= =20 be verified on-chain with OP-CAT. On Sunday, June 9, 2024 at 12:07:16=E2=80=AFp.m. UTC-4 Hunter Beast wrote: > The motivation for this BIP is to provide a concrete proposal for adding= =20 > quantum resistance to Bitcoin. We will need to pick a signature algorithm= ,=20 > implement it, and have it ready in event of quantum emergency. There will= =20 > be time to adopt it. Importantly, this first step is a more substantive= =20 > answer to those with concerns beyond, "quantum computers may pose a threa= t,=20 > but we likely don't have to worry about that for a long time". Bitcoin=20 > development and activation is slow, so it's important that those with low= =20 > time preference start discussing this as a serious possibility sooner=20 > rather than later. > > This is meant to be the first in a series of BIPs regarding a hypothetica= l=20 > "QuBit" soft fork. The BIP is intended to propose concrete solutions, eve= n=20 > if they're early and incomplete, so that Bitcoin developers are aware of= =20 > the existence of these solutions and their potential. > > This is just a rough draft and not the finished BIP. I'd like to validate= =20 > the approach and hear if I should continue working on it, whether serious= =20 > changes are needed, or if this truly isn't a worthwhile endeavor right no= w. > > The BIP can be found here: > https://github.com/cryptoquick/bips/blob/p2qrh/bip-p2qrh.mediawiki > > Thank you for your time. > > --=20 You received this message because you are subscribed to the Google Groups "= Bitcoin Development Mailing List" group. To unsubscribe from this group and stop receiving emails from it, send an e= mail to bitcoindev+unsubscribe@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/= bitcoindev/b3561407-483e-46cd-b5e9-d6d48f8dca93n%40googlegroups.com. ------=_Part_13077_601844276.1718373067734 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable SQIsign is blockchain friendly but also very new, I would recommend adding = a hash-based backup key in case an attack on SQIsign is found in the future= (recall that SIDH broke over the span of a weekend=C2=A0https://eprint.iac= r.org/2022/975.pdf).
Backup keys can be added in the form of a Merkle t= ree where one branch would contain the SQIsign public key and the other the= public key of the recovery hash-based scheme. For most transactions it wou= ld only add one bit to specify the SQIsign branch.
The hash-based= method could be Sphincs+, which is standardized by NIST but requires addin= g extra code, or Lamport, which is not standardized but can be verified on-= chain with OP-CAT.

On Sunday, June 9, 2024 at 12:07:16=E2=80=AFp.m.= UTC-4 Hunter Beast wrote:
The motivation for this BIP is to provide a concrete proposal= for adding quantum resistance to Bitcoin. We will need to pick a signature= algorithm, implement it, and have it ready in event of quantum emergency. = There will be time to adopt it. Importantly, this first step is a more subs= tantive answer to those with concerns beyond, "quantum computers may p= ose a threat, but we likely don't have to worry about that for a long t= ime". Bitcoin development and activation is slow, so it's importan= t that those with low time preference start discussing this as a serious po= ssibility sooner rather than later.

This is meant to be the first in= a series of BIPs regarding a hypothetical "QuBit" soft fork. The= BIP is intended to propose concrete solutions, even if they're early a= nd incomplete, so that Bitcoin developers are aware of the existence of the= se solutions and their potential.

This is just a rough draft and not= the finished BIP. I'd like to validate the approach and hear if I shou= ld continue working on it, whether serious changes are needed, or if this t= ruly isn't a worthwhile endeavor right now.

The = BIP can be found here:
=

Thank you for your time.

--
You received this message because you are subscribed to the Google Groups &= quot;Bitcoin Development Mailing List" group.
To unsubscribe from this group and stop receiving emails from it, send an e= mail to bitcoind= ev+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msg= id/bitcoindev/b3561407-483e-46cd-b5e9-d6d48f8dca93n%40googlegroups.com.=
------=_Part_13077_601844276.1718373067734-- ------=_Part_13076_600048989.1718373067734--