1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
|
Delivery-date: Mon, 02 Jun 2025 14:12:25 -0700
Received: from mail-oi1-f184.google.com ([209.85.167.184])
by mail.fairlystable.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
(Exim 4.94.2)
(envelope-from <bitcoindev+bncBD2IRYOX4AFRBL5H7DAQMGQEM225N4I@googlegroups.com>)
id 1uMCSH-0007DN-2Y
for bitcoindev@gnusha.org; Mon, 02 Jun 2025 14:12:25 -0700
Received: by mail-oi1-f184.google.com with SMTP id 5614622812f47-4033c872b60sf4144555b6e.2
for <bitcoindev@gnusha.org>; Mon, 02 Jun 2025 14:12:25 -0700 (PDT)
ARC-Seal: i=2; a=rsa-sha256; t=1748898739; cv=pass;
d=google.com; s=arc-20240605;
b=VIxe8NFm6aDfqjIkUfuae6FYAZJ70zUblf8CyUrz9X6BdDz8t48O+i1OaNWfXvZmBY
aGAJmgGtZNvUkSzWrGMB4h+hB1xJrRuvW+Ion9B6gYIRXOSyZLOUlmHL1MUdtZyBQgv9
q3aOSkpwp9yodIBq2ib0noMzFSMBqfOFnN2Uod8hMrjL0JvHjGgCNsmWj5zArtdZVdJp
Tp+dV0fGMY/DXnkRzxeRi3PsrA/gSzguaI3CDjXgWVTaIk4cPebUph4X8lu3ol9bVnKQ
Mc4H7bv4vPSU4D5UCKVG+cKDDfkSJMZitpPhAA6xvQwgk6EfnggLwpsV9I3kJCNInOU4
kGTg==
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605;
h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post
:list-id:mailing-list:precedence:content-language:to:subject:from
:user-agent:mime-version:date:message-id:sender:dkim-signature
:dkim-signature;
bh=x/cgXAOIUbQEFsimA7vH4vgpNniK+EKCM+1T17Cxa24=;
fh=8VbUavqbvkEzyK17FDHxP6iV7s4snRVJMCz2YajJ5H0=;
b=UwIfeYo4cK/OU6CfZYC2m3zMirUNJoaywMkAOR6prCs12aAU+ycSChS4/XYRpzbP2V
/Ny49BirCAehTE42uvoqHevpJ6hxRmv56841A10GGgl66jX+fQd9XJY066cSZujGxTZy
AENS2BCb7m1QF4s99gnkymY055I2m8qpugpSDcSK085uDiZU+PrxmfAFCWgY0n1C1ELu
e+ChYVMnYoVvzcS7s0IFJiGw16qmFZC32YGeCjt2Wq7VnGZbh/tO6E3mkyYtRX697NGQ
+HNIIpbohL+QaqBX/B3pMvsVzVW9NiWvZFg+LUy9zFPAGLRaLLc/AptBBCPti3mVJEJ3
1VWg==;
darn=gnusha.org
ARC-Authentication-Results: i=2; gmr-mx.google.com;
dkim=pass header.i=@gmail.com header.s=20230601 header.b=XJSwq7OS;
spf=pass (google.com: domain of lwandersleb@gmail.com designates 2a00:1450:4864:20::433 as permitted sender) smtp.mailfrom=lwandersleb@gmail.com;
dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com;
dara=pass header.i=@googlegroups.com
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=googlegroups.com; s=20230601; t=1748898739; x=1749503539; darn=gnusha.org;
h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post
:list-id:mailing-list:precedence:x-original-authentication-results
:x-original-sender:content-language:to:subject:from:user-agent
:mime-version:date:message-id:sender:from:to:cc:subject:date
:message-id:reply-to;
bh=x/cgXAOIUbQEFsimA7vH4vgpNniK+EKCM+1T17Cxa24=;
b=LiuzcDx6dHH7/hI3DcDExH8uxHBRhAeSFFK5iO46JDj7rpvCDJKIjzkXO+VzvRRHi/
eslVa6Db152pkECHs9EQAOdpPG3Wt9YtW15PercpfcyX+WmSX0UBjEal/dRPaAIjuxjO
z3PJFlhXFvlcdVrlcM6yVlGRf7Pjg9WIDtEoKaYa5W4Gqhl6iC9aVQIpV/tHEeksmEpu
I8lOwaeohZspMRMy3xH9LMZSSrJXx/OydtqZaOdZaM+ItMC23eXQtjccDJ807IiQ18ZQ
8aMdu+9H1MHy2AiSEwT42yniq5fVZB2PghlGwmFFRBSuQVYUlNAdJqX+B5E+NDHuulhG
4bGw==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=gmail.com; s=20230601; t=1748898739; x=1749503539; darn=gnusha.org;
h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post
:list-id:mailing-list:precedence:x-original-authentication-results
:x-original-sender:content-language:to:subject:from:user-agent
:mime-version:date:message-id:from:to:cc:subject:date:message-id
:reply-to;
bh=x/cgXAOIUbQEFsimA7vH4vgpNniK+EKCM+1T17Cxa24=;
b=UkgPGMRmJO+21UIag7Ju4LoLqXHdnLawMLLhMcwnydSIk1ijrIwqWjPZLFolTL12iz
fqO7txrFFxCAXV6ktqMsjxU/e6MgLBDv6/VNWHTvAIq9YHT0kDbk4oazpEPajExfrNdM
Tr8rrqe9FofdF6HZ644lDYgmbGVQApmusCsfCPjFGLZ5s2fPkxzIKPsPhjrg3zqU0EqK
jiaxILjD8yW4xegXl1MrSQjie2YJAM5sBSSt7BTHMxwlmejbfwH2erkZh7R3R0VDGlIp
t7KxgxfncpmYWAliqUaMRSgRx3gkyLQN3vS5mt3Q3RQiWzlGHPQJ56X/1fomb9jJZEJ1
vGvA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20230601; t=1748898739; x=1749503539;
h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post
:list-id:mailing-list:precedence:x-original-authentication-results
:x-original-sender:content-language:to:subject:from:user-agent
:mime-version:date:message-id:x-beenthere:x-gm-message-state:sender
:from:to:cc:subject:date:message-id:reply-to;
bh=x/cgXAOIUbQEFsimA7vH4vgpNniK+EKCM+1T17Cxa24=;
b=n/hV84D0AwZU61A8bTmPgSM6d0W2T64ViPQHQl7NnbXQDzYpIJXcgpBnu+qC8Qtfpv
IIy4Y/qyWM++PAw8D2vE6R6AKQHNR7edZ5zT6posJxFswq+kmwFIKwIzbf6HWlGHVfBZ
85KrEFQe0TfbpaFyWm0G9X/xz/llVcR6rrQszy9kCJbpyKjhRp6yaZgogoTYflbgQWrj
fBgE/MvhnmYjQcOz5kxqhnoboxFcrMYStxudyjTa4mL+2rCYAV3IOiDV1ZOmnxDvXl6+
ydfEngHNeWqR146Elg+S5YABKyRDqJMHXDclGd8fNFLmEpdFKjrrbHJvy8dPZEkIQMtj
uwMw==
Sender: bitcoindev@googlegroups.com
X-Forwarded-Encrypted: i=2; AJvYcCXY0XI6lkLSAH6q8os7qg+/nHb7otCTBouFfNEsopPfi30yoYx4FGFQHlEWNeGGT0o33di4/tDo5aWE@gnusha.org
X-Gm-Message-State: AOJu0Yzw3fOxPBW0OKwtd0U40HNBbQHL87ZoCOMtHlaQm+5lJK7oaGeE
fPV7O0hxFKzbj86FD6WYhVh+P1BhPZxSOtHILuyxTvjQMkQRlUsVZM07
X-Google-Smtp-Source: AGHT+IGUUrn+GidktT2MuKEwIfqcD7Qn7x9JpvK0PXsGhKkDRU7Qhugk9rIKbdHp3Fs6t1a6oWFjGg==
X-Received: by 2002:a05:6808:3319:b0:406:7186:5100 with SMTP id 5614622812f47-407a65dd795mr6176842b6e.22.1748898739033;
Mon, 02 Jun 2025 14:12:19 -0700 (PDT)
X-BeenThere: bitcoindev@googlegroups.com; h=AZMbMZejITKMIFgM3GXt5Bf5bCsiwXW60B2dRj4zEyxQ14k2Tw==
Received: by 2002:a4a:e381:0:b0:60e:f246:1b76 with SMTP id 006d021491bc7-60ef2461bc0ls327249eaf.0.-pod-prod-08-us;
Mon, 02 Jun 2025 14:12:15 -0700 (PDT)
X-Received: by 2002:a05:6808:4492:b0:3fa:3a0:137b with SMTP id 5614622812f47-407a66115a4mr6420078b6e.29.1748898735488;
Mon, 02 Jun 2025 14:12:15 -0700 (PDT)
Received: by 2002:a05:6504:1294:b0:2b1:9db7:3101 with SMTP id a1c4a302cd1d6-2b1a1c1d5f4msc7a;
Mon, 2 Jun 2025 14:06:40 -0700 (PDT)
X-Received: by 2002:a2e:bc29:0:b0:32a:651c:9af3 with SMTP id 38308e7fff4ca-32a90804ccdmr41019291fa.37.1748898398077;
Mon, 02 Jun 2025 14:06:38 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1748898398; cv=none;
d=google.com; s=arc-20240605;
b=gEnhYmNoQZ4gNsY5YjPZSl9JK3FhSqk6s6jV6aeqWmshwztlAW6ng/xD8GXiazBdmp
ZlX6Ni1/C/aqxv/+FYsOvtMs5xyBcCFv1PPO0CSvMO1OAtj1JM7Phy44hUDrLSCAa2q7
NaCHbSbHaZ3atSYxZJtafDsr3WqgIXTDBa3kOdV/xuclZSOBmp7Ic+RykXTX2A31vuvE
NipGDrLzT7HmkMBc/fsioilydsSOjGmq9qmaxQ3q20zQXmCVv8rU5nHebvzZCWI+ZrTm
FY5coQZkXOR7CqGXySs2SqvsKXG1gUM6dZCPH/eyn9YnLow9n2mm5/t8DZzDSI0/w/zx
FCNw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605;
h=content-transfer-encoding:content-language:to:subject:from
:user-agent:mime-version:date:message-id:dkim-signature;
bh=blaJiqs/ZlkeyD/MKH+bSCwviZD37JLLtJ4q+eP7umM=;
fh=DMP0F9ULS1guKiqimntQRCN8ZraraesEgQuVcn7F0Z0=;
b=bQMttO5yQziycChD+KKYRADDQ0N4lurJ6nZjeefqNij/IZr/pXLmVcS+VzdXl//bbj
XglzcAt0VrRjQlpoTGhPVYSoW+bhBl2OLGwOknHAXLiKIgEddJQ8mhEo+Zd/Ui5UOVZq
3w0xfVrBxjhPHoiGzPjiGPJelVLDpg9W61pPe8DoZMhSV+E13lZrDhNlcG3fe8CSVm4V
ALVH6vMEdB2OL+EUrh8DyQrsaAJbB0l3+vCxW7WTWNbfvvq8PBF7Ni/taETjM1JEoMHi
fHMu5i6/UlrcXmLyUZEPL+FafQWip+CwhabRt5lYkxJgnUT27V39R0omN1z5cyJU1Fy0
p9UA==;
dara=google.com
ARC-Authentication-Results: i=1; gmr-mx.google.com;
dkim=pass header.i=@gmail.com header.s=20230601 header.b=XJSwq7OS;
spf=pass (google.com: domain of lwandersleb@gmail.com designates 2a00:1450:4864:20::433 as permitted sender) smtp.mailfrom=lwandersleb@gmail.com;
dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com;
dara=pass header.i=@googlegroups.com
Received: from mail-wr1-x433.google.com (mail-wr1-x433.google.com. [2a00:1450:4864:20::433])
by gmr-mx.google.com with ESMTPS id 38308e7fff4ca-32a85bb2e5bsi2457491fa.3.2025.06.02.14.06.38
for <bitcoindev@googlegroups.com>
(version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128);
Mon, 02 Jun 2025 14:06:38 -0700 (PDT)
Received-SPF: pass (google.com: domain of lwandersleb@gmail.com designates 2a00:1450:4864:20::433 as permitted sender) client-ip=2a00:1450:4864:20::433;
Received: by mail-wr1-x433.google.com with SMTP id ffacd0b85a97d-3a3771c0f8cso2985247f8f.3
for <bitcoindev@googlegroups.com>; Mon, 02 Jun 2025 14:06:38 -0700 (PDT)
X-Gm-Gg: ASbGncus95flg4nTiFQpwcVjl8hiKweHCUDd0NUu3blmxnIv5SFdEoOdxLleT9nHfwe
LfJrOsom3xtIonMW4IBKMGvfad7LOc9CR25iYY2fX/2QjprzwUJheHtLypx35vyON3B1zzOWEop
RfOy5LRH08mtvU3rYG8KkpfXH7Z/xyXZGeUtWMqlMC0s1CP4bTBRALWuFAQs3d9fb6eSGrFIfjy
wcpW2gzVjOth8JC5eF20xKibd1w3/T80AbI+1rTCHPhG/oxbwad6elqvN4QzQ40KFWYkjS4dG8d
KgFJuo9WfYl+iRwz65Amai8MAQt0b/UpLhmxc8NsWcXFQpx5SItFw+cD1mr/BPA+Vz3Mhavj+wI
3zl/TITOU0RQLqdpFKyNl2wMKghvE
X-Received: by 2002:a5d:5f56:0:b0:3a4:e423:4080 with SMTP id ffacd0b85a97d-3a4f89a5b17mr10777763f8f.4.1748898396786;
Mon, 02 Jun 2025 14:06:36 -0700 (PDT)
Received: from ?IPV6:2a02:2455:180a:7500:26ce:1d54:62ee:8582? ([2a02:2455:180a:7500:26ce:1d54:62ee:8582])
by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-3a4efe73f22sm15872488f8f.43.2025.06.02.14.06.36
for <bitcoindev@googlegroups.com>
(version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128);
Mon, 02 Jun 2025 14:06:36 -0700 (PDT)
Message-ID: <2c3b7e1c-95dd-4773-a88f-f2cdb37acf4a@gmail.com>
Date: Mon, 2 Jun 2025 23:06:35 +0200
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
From: Leo Wandersleb <lwandersleb@gmail.com>
Subject: [bitcoindev] Pre-emptive commit/reveal for quantum-safe migration (poison-pill)
To: Bitcoin Development Mailing List <bitcoindev@googlegroups.com>
Content-Language: en-US
Content-Type: text/plain; charset="UTF-8"; format=flowed
X-Original-Sender: LWandersleb@gmail.com
X-Original-Authentication-Results: gmr-mx.google.com; dkim=pass
header.i=@gmail.com header.s=20230601 header.b=XJSwq7OS; spf=pass
(google.com: domain of lwandersleb@gmail.com designates 2a00:1450:4864:20::433
as permitted sender) smtp.mailfrom=lwandersleb@gmail.com; dmarc=pass
(p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com; dara=pass header.i=@googlegroups.com
Precedence: list
Mailing-list: list bitcoindev@googlegroups.com; contact bitcoindev+owners@googlegroups.com
List-ID: <bitcoindev.googlegroups.com>
X-Google-Group-Id: 786775582512
List-Post: <https://groups.google.com/group/bitcoindev/post>, <mailto:bitcoindev@googlegroups.com>
List-Help: <https://groups.google.com/support/>, <mailto:bitcoindev+help@googlegroups.com>
List-Archive: <https://groups.google.com/group/bitcoindev
List-Subscribe: <https://groups.google.com/group/bitcoindev/subscribe>, <mailto:bitcoindev+subscribe@googlegroups.com>
List-Unsubscribe: <mailto:googlegroups-manage+786775582512+unsubscribe@googlegroups.com>,
<https://groups.google.com/group/bitcoindev/subscribe>
X-Spam-Score: -0.5 (/)
Hi all,
I'd like to propose a variant of the commit/reveal schemes being discussed for
quantum resistance, but with a different goal and timeline. This builds on ideas
from the recent thread "Post-Quantum commit / reveal Fawkescoin variant as a
soft fork" but targets a different use case.
## The Problem
Current discussions focus on emergency reactive measures - what to do *after*
quantum computers arrive. But this leaves users in a difficult position:
1. They can't prove ownership of their coins without revealing pubkeys (and thus
becoming vulnerable)
2. Moving coins to quantum-safe addresses early reveals which addresses are
active vs. abandoned
3. There's no way to prepare for migration without exposing yourself
## Pre-emptive Commit/Reveal
What if users could commit *today* to future migration transactions, without
revealing which UTXOs they control?
The idea is simple:
- Users create and sign transactions moving their funds to quantum-safe addresses
- They compute a Merkle tree of all these transactions
- They publish only the root hash (e.g., in an OP_RETURN)
- This can be done today, with no consensus changes
If/when quantum computers become a threat:
- We soft fork to require at least n confirmations on quantum vulnerable
transactions
- Transactions work as always but can't be spent for n blocks
- If attacked, the victim can reveal the commitment to execute the recovery
transaction
## Key Advantages
1. **No consensus changes needed now** - Users can start protecting themselves
immediately
2. **Privacy preserved** - The commitment reveals nothing about which UTXOs you own
3. **Efficient** - One hash can commit to migrations for all your UTXOs or even
the UTXOs of several users
4. **Flexible** - Works whether or not a quantum computer ever actually appears
## Differences from Tadge's Proposal
While Tadge's proposal solves post-quantum spending where any pubkey reveal is
dangerous, this proposal is about preparation:
- **Timing**: Pre-quantum (can start now) vs. post-quantum (activates after QC
appears)
- **Scope**: Migration to quantum-safe addresses for all address types in the
worst case vs. general spending of hashed pubkeys
Both use the same cryptographic primitive (commit/reveal) but for different
phases of the quantum transition.
This approach lets users protect their funds without waiting for consensus
changes or revealing their holdings. It's a "poison pill" against quantum
attackers - they might steal coins, but pre-committed owners can reclaim them.
Would love to hear thoughts on this approach.
Leo Wandersleb
--
You received this message because you are subscribed to the Google Groups "Bitcoin Development Mailing List" group.
To unsubscribe from this group and stop receiving emails from it, send an email to bitcoindev+unsubscribe@googlegroups.com.
To view this discussion visit https://groups.google.com/d/msgid/bitcoindev/2c3b7e1c-95dd-4773-a88f-f2cdb37acf4a%40gmail.com.
|
