1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
|
Return-Path: <apoelstra@wpsoftware.net>
Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org
[172.17.192.35])
by mail.linuxfoundation.org (Postfix) with ESMTPS id 0D093F08
for <bitcoin-dev@lists.linuxfoundation.org>;
Wed, 24 Jan 2018 01:52:59 +0000 (UTC)
X-Greylist: from auto-whitelisted by SQLgrey-1.7.6
Received: from mail.wpsoftware.net (wpsoftware.net [96.53.77.134])
by smtp1.linuxfoundation.org (Postfix) with ESMTP id 7B8B5293
for <bitcoin-dev@lists.linuxfoundation.org>;
Wed, 24 Jan 2018 01:52:58 +0000 (UTC)
Received: from boulet.lan (boulot.lan [192.168.0.193])
by mail.wpsoftware.net (Postfix) with ESMTPSA id 95E71400E2;
Wed, 24 Jan 2018 01:52:56 +0000 (UTC)
Date: Wed, 24 Jan 2018 01:52:57 +0000
From: Andrew Poelstra <apoelstra@wpsoftware.net>
To: Gregory Maxwell via bitcoin-dev <bitcoin-dev@lists.linuxfoundation.org>
Message-ID: <20180124015256.GR9082@boulet.lan>
References: <CAAS2fgTXg5kk6TyUM9dS=tf5N0_Z-GKVmzMLwTW1HxUgrqdo+Q@mail.gmail.com>
<20180123064419.GA1296@erisian.com.au>
<CAAS2fgSy8qg71M6ZOr=xj=W6y2Jbz8hwygZOUYv-Brkt0JwVaQ@mail.gmail.com>
<20180123222229.GA3801@erisian.com.au>
<CAAS2fgTNcCB2mfvCBhC_AhgxX=g8feYguGHN_VPWW0EoOOxMyA@mail.gmail.com>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha256;
protocol="application/pgp-signature"; boundary="HSfddtAs2KjjielS"
Content-Disposition: inline
In-Reply-To: <CAAS2fgTNcCB2mfvCBhC_AhgxX=g8feYguGHN_VPWW0EoOOxMyA@mail.gmail.com>
User-Agent: Mutt/1.7.1 (2016-10-04)
X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,T_RP_MATCHES_RCVD
autolearn=ham version=3.3.1
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
smtp1.linux-foundation.org
Subject: Re: [bitcoin-dev] Taproot: Privacy preserving switchable scripting
X-BeenThere: bitcoin-dev@lists.linuxfoundation.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Bitcoin Protocol Discussion <bitcoin-dev.lists.linuxfoundation.org>
List-Unsubscribe: <https://lists.linuxfoundation.org/mailman/options/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=unsubscribe>
List-Archive: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/>
List-Post: <mailto:bitcoin-dev@lists.linuxfoundation.org>
List-Help: <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=help>
List-Subscribe: <https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=subscribe>
X-List-Received-Date: Wed, 24 Jan 2018 01:52:59 -0000
--HSfddtAs2KjjielS
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On Tue, Jan 23, 2018 at 10:45:06PM +0000, Gregory Maxwell via bitcoin-dev w=
rote:
> On Tue, Jan 23, 2018 at 10:22 PM, Anthony Towns <aj@erisian.com.au> wrote:
> > Hmm, at least people can choose not to reuse addresses currently --
> > if everyone were using taproot and that didn't involve hashing the key,
>=20
> Can you show me a model of quantum computation that is conjectured to
> be able to solve the discrete log problem but which would take longer
> than fractions of a second to do so? Quantum computation has to occur
> within the coherence lifetime of the system.
>=20
> > way for individuals to hedge against quantum attacks in case they're ev=
er feasible, at least that I can see (well, without moving their funds out =
of bitcoin anyway)?
>=20
> By using scriptpubkeys with actual security against quantum computers
> instead of snake-oil.
>=20
> > (It seems like using the point at infinity wouldn't work because
>=20
> Indeed, that doesn't work.
>=20
> > that when quantum attacks start approaching feasibility. If funds are
> > being held in reused addresses over the long term, that would be more
>=20
> They are. But I don't believe that is relevant; the attacker would
> simply steal the coins on spend.
Then the system would need to be hardforked to allow spending through a
quantum-resistant ZKP of knowledge of the hashed public key. I expect
that in a post-quantum world there will be demand for such a fork,
especially if we came into such a world through surprise evidence of
a discrete log break.
--=20
Andrew Poelstra
Mathematics Department, Blockstream
Email: apoelstra at wpsoftware.net
Web: https://www.wpsoftware.net/andrew
"A goose alone, I suppose, can know the loneliness of geese
who can never find their peace,
whether north or south or west or east"
--Joanna Newsom
--HSfddtAs2KjjielS
Content-Type: application/pgp-signature; name="signature.asc"
-----BEGIN PGP SIGNATURE-----
iQEcBAEBCAAGBQJaZ+b4AAoJEMWI1jzkG5fBqgIH/0IXtc0XFwQwYYjYz0f17NDW
VKg08Qduk3DWKpSJs7TCJ6XHoqEwEKaAfcjy/CmgCGhiOo8KxR+mLUtoPr5hFSzX
CMuW4Lh+LyE89ZlYiFp1qzGsHhf60i7e0UFSFFdMrUyR0s06W1TDdr6C31W6hshC
28Rmp9he3+R6j0takBWQwIo0IzmgTBY2MYmy9VMmHPPpaUUIoHYTPJI3IcBnZ338
ahGrdcX6LUPOkq45SmGX6wwP4BF0HNd1tVMNg4ho1dsicuPxyx85d1iFQJpUR2pu
rXWuBhaXKCMU/wdqn5rCTXxPpAR3Go0R5xwbYK4+/ZgOS88MA/bOWIyJHmZt48s=
=/1iP
-----END PGP SIGNATURE-----
--HSfddtAs2KjjielS--
|