1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
|
Return-Path: <crypto@timruffing.de>
Received: from smtp3.osuosl.org (smtp3.osuosl.org [IPv6:2605:bc80:3010::136])
by lists.linuxfoundation.org (Postfix) with ESMTP id CAE9DC0001
for <bitcoin-dev@lists.linuxfoundation.org>;
Tue, 23 Mar 2021 10:56:36 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
by smtp3.osuosl.org (Postfix) with ESMTP id A45A060820
for <bitcoin-dev@lists.linuxfoundation.org>;
Tue, 23 Mar 2021 10:56:36 +0000 (UTC)
X-Virus-Scanned: amavisd-new at osuosl.org
X-Spam-Flag: NO
X-Spam-Score: -0.901
X-Spam-Level:
X-Spam-Status: No, score=-0.901 tagged_above=-999 required=5
tests=[BAYES_20=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1,
DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7,
SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: smtp3.osuosl.org (amavisd-new);
dkim=pass (2048-bit key) header.d=timruffing.de
Received: from smtp3.osuosl.org ([127.0.0.1])
by localhost (smtp3.osuosl.org [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id zwR9mwzXKPJs
for <bitcoin-dev@lists.linuxfoundation.org>;
Tue, 23 Mar 2021 10:56:34 +0000 (UTC)
X-Greylist: delayed 00:06:07 by SQLgrey-1.8.0
Received: from mout-p-101.mailbox.org (mout-p-101.mailbox.org [80.241.56.151])
by smtp3.osuosl.org (Postfix) with ESMTPS id 36FF26081E
for <bitcoin-dev@lists.linuxfoundation.org>;
Tue, 23 Mar 2021 10:56:34 +0000 (UTC)
Received: from smtp2.mailbox.org (smtp2.mailbox.org
[IPv6:2001:67c:2050:105:465:1:2:0])
(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
key-exchange ECDHE (P-384) server-signature RSA-PSS (4096 bits) server-digest
SHA256) (No client certificate requested)
by mout-p-101.mailbox.org (Postfix) with ESMTPS id 4F4SnX1q9TzQjww
for <bitcoin-dev@lists.linuxfoundation.org>;
Tue, 23 Mar 2021 11:50:24 +0100 (CET)
X-Virus-Scanned: amavisd-new at heinlein-support.de
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=timruffing.de;
s=MBO0001; t=1616496622;
h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
to:to:cc:mime-version:mime-version:content-type:content-type:
content-transfer-encoding:content-transfer-encoding:
in-reply-to:in-reply-to:references:references;
bh=wZwT5QD/BP17xU3ZnFv1ooDQNGTS9MmKl53Tp9MvvNU=;
b=EGD1VfqJ8U8w0fxPazM2tKVRaiGzWwS3aCWVJNXHrvQKGYHSLkNrCJVLS78ohOJsieb8SY
TrLt0keFI+AEEbMhOtEVTkaMjhtMFH380WqXqpfG/DdSR4m46pYmRKCAB8q8QMsBOphwyw
EoElGBj6+niNm68MtdmZ8YBrMEF/ZWB392ZtNIpzVjbLayEEyyhI1ZcZxJo3ckY2Qf5KQS
0qIN1f5sqBpgzb4IumrmtC+qNdn9V+QXEA6xE+lkR7z/JArQ9F4uI+0ucpVOSSj0v9aKM0
f6mv6FqLHv58K/iWdHziAzw5LmwnaGIe4Ms96zLtiXEZh/+wkZbWWKdSln+J9Q==
Received: from smtp2.mailbox.org ([80.241.60.241])
by spamfilter06.heinlein-hosting.de (spamfilter06.heinlein-hosting.de
[80.241.56.125]) (amavisd-new, port 10030) with ESMTP id 6YckQqVI9Zjp
for <bitcoin-dev@lists.linuxfoundation.org>;
Tue, 23 Mar 2021 11:50:21 +0100 (CET)
Message-ID: <f7a5d8436d112c01882c666f6a2077c48aee51f5.camel@timruffing.de>
From: Tim Ruffing <crypto@timruffing.de>
To: Bitcoin Protocol Discussion <bitcoin-dev@lists.linuxfoundation.org>
Date: Tue, 23 Mar 2021 11:50:20 +0100
In-Reply-To: <CAJowKgLuWOkD=_jDaLqG=FOG02qX7p4-EZ69yvw4UqcWpz+rRg@mail.gmail.com>
References: <202103152148.15477.luke@dashjr.org>
<CAJowKgLuWOkD=_jDaLqG=FOG02qX7p4-EZ69yvw4UqcWpz+rRg@mail.gmail.com>
Content-Type: text/plain; charset="UTF-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-MBO-SPAM-Probability:
X-Rspamd-Score: -4.84 / 15.00 / 15.00
X-Rspamd-Queue-Id: 4B3EC1806
X-Rspamd-UID: d544a7
X-Mailman-Approved-At: Tue, 23 Mar 2021 10:59:47 +0000
Subject: Re: [bitcoin-dev] PSA: Taproot loss of quantum protections
X-BeenThere: bitcoin-dev@lists.linuxfoundation.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Bitcoin Protocol Discussion <bitcoin-dev.lists.linuxfoundation.org>
List-Unsubscribe: <https://lists.linuxfoundation.org/mailman/options/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=unsubscribe>
List-Archive: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/>
List-Post: <mailto:bitcoin-dev@lists.linuxfoundation.org>
List-Help: <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=help>
List-Subscribe: <https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=subscribe>
X-List-Received-Date: Tue, 23 Mar 2021 10:56:36 -0000
On Mon, 2021-03-22 at 10:24 -0400, Erik Aronesty via bitcoin-dev wrote:
>
> Does anyone think it would it be useful to write up a more official,
> and even partly functional plan for Bitcoin to use zero-knowledge
> proofs to transition to quantum resistance?
Yes, for sure. This is certainly something that the community should
discuss. Looking into this problem is also on my (too long) list of
research problems.
I think IF we arrive at the conclusion that this is a good idea (which
is possible but not at all clear to me at this point), then one of the
questions is whether it's desirable to use something more efficient
than a zero-knowledge proof, at the potential cost of committing to a
real public key of a simple post-quantum signature scheme. This could
for example be a hash-based one-time signature scheme (but something
more efficient than the often mentioned Lamport signatures, e.g.,
Winternitz or W-OTS+ signatures).
|