1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
|
Return-Path: <tristan.hoy@gmail.com>
Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org
[172.17.192.35])
by mail.linuxfoundation.org (Postfix) with ESMTPS id 1E6F9CE9
for <bitcoin-dev@lists.linuxfoundation.org>;
Mon, 12 Feb 2018 14:13:15 +0000 (UTC)
X-Greylist: whitelisted by SQLgrey-1.7.6
Received: from mail-lf0-f52.google.com (mail-lf0-f52.google.com
[209.85.215.52])
by smtp1.linuxfoundation.org (Postfix) with ESMTPS id 30B645BB
for <bitcoin-dev@lists.linuxfoundation.org>;
Mon, 12 Feb 2018 14:13:14 +0000 (UTC)
Received: by mail-lf0-f52.google.com with SMTP id 37so1745840lfs.7
for <bitcoin-dev@lists.linuxfoundation.org>;
Mon, 12 Feb 2018 06:13:14 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
h=mime-version:from:date:message-id:subject:to;
bh=x+sYuFOqFFMMFNCAowZjc9S1/h+ZADyn9kYCkjvSWEI=;
b=Q/FPzJHaZbT1G7yu84+ZPOlvNCp2MWyFiaSkE0orJE5pe3bGf0dMQzykHgflhmv66W
py0MMyHZultY5O2WyzOUXdspnVZNiY1BztFFo65Gk7JjDKn8EglrCuF0X/D+yaF3cjJe
5Sd+4IKq0AQgeOkBiMbkGxDx+9pLD140f+wg+EgfrfVsrE7/bP8mD6vtCynaGorJLVuA
QQy5XehODTv/Hl7AUya6Zr60oWlzw7rcTIKrmozONiNHEaqZFK0sKxk0YX/SAXF0RQll
4kgxTe0MCTJfxBNRwZ3k02et4A+v+dQKuviDZYupNUyx0BmgC3+aaI9nxnwuozb2xkQJ
aAog==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20161025;
h=x-gm-message-state:mime-version:from:date:message-id:subject:to;
bh=x+sYuFOqFFMMFNCAowZjc9S1/h+ZADyn9kYCkjvSWEI=;
b=edVjgv7nQ70lADMb57JfLzmIZiRI8nbDCAi6a09XgpBzX3pxk1OelQUMbS75HXnwTZ
U+kTGeZSd4fDNtXTGYZbyrBRD7RkQ58qtSMKbQR+OyJdUzlWSh8dDxYdy03MRtNqYfyB
U5x5D7eglpnjVV01lcR07u8JZFCb/jFaKltMCHSWZGmXUFzl0gVWTdGz25TD/NkFiG7f
uzcMIpR8q1y6Gc/0SycZTREBZwYV8ZdxUKGQL//Ki/QxRZFlPNwvhvYoWjSHW9W9Po6+
6hItOZE6WnDfREEQFNSjJcPTMLRRug3lgXP7lqqo//pm0dMfOzmI/BGoeWuN4QBD4yow
X8zw==
X-Gm-Message-State: APf1xPDL+skevmAzVs63+/XgmxSDKtAba9YztuoEKPoiUx3skrNZ6JlM
ZDnZFw0gKB1x34rsR19YKQ4+3tMwjFgD55aF+2SUnvxm
X-Google-Smtp-Source: AH8x227OU+HnNYAkb4jxwHlpMsY3NUSWiOftLLZx4YBVxcDTbvM7BeUPjPtFLvPK8WDQAoOBJUJuMvGa2shR0jb5X84=
X-Received: by 10.46.74.17 with SMTP id x17mr7739744lja.84.1518444792166; Mon,
12 Feb 2018 06:13:12 -0800 (PST)
MIME-Version: 1.0
Received: by 10.25.89.140 with HTTP; Mon, 12 Feb 2018 06:13:11 -0800 (PST)
From: Tristan Hoy <tristan.hoy@gmail.com>
Date: Tue, 13 Feb 2018 01:13:11 +1100
Message-ID: <CAFEpHQHP7XXBYUP6CF1OeYoBpj0UwK+qpYG-14_zQZDX4Md7UA@mail.gmail.com>
To: bitcoin-dev@lists.linuxfoundation.org
Content-Type: multipart/alternative; boundary="f403045ec64672bd810565047a51"
X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED,
DKIM_VALID, DKIM_VALID_AU, FREEMAIL_FROM, HTML_MESSAGE,
RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
smtp1.linux-foundation.org
X-Mailman-Approved-At: Mon, 12 Feb 2018 15:23:21 +0000
Subject: [bitcoin-dev] Transition to post-quantum
X-BeenThere: bitcoin-dev@lists.linuxfoundation.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Bitcoin Protocol Discussion <bitcoin-dev.lists.linuxfoundation.org>
List-Unsubscribe: <https://lists.linuxfoundation.org/mailman/options/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=unsubscribe>
List-Archive: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/>
List-Post: <mailto:bitcoin-dev@lists.linuxfoundation.org>
List-Help: <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=help>
List-Subscribe: <https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=subscribe>
X-List-Received-Date: Mon, 12 Feb 2018 14:13:15 -0000
--f403045ec64672bd810565047a51
Content-Type: text/plain; charset="UTF-8"
Hi all,
Recently I've been exploring what a post-quantum attack on Bitcoin would
actually look like, and what options exist for mitigating it.
I've put up a draft of my research here:
https://medium.com/@tristanhoy/11271f430c41
In summary:
1) None of the recommended post-quantum DSAs (XMSS, SPHINCS) are scalable
2) This is a rapidly advancing space and committment to a specific
post-quantum DSA now would be premature
3) I've identified a strategy (solution 3 in the draft) that mitigates
against the worst case scenario (unexpectedly early attack on ECDSA)
without requiring any changes to the Bitcoin protocol or total committment
to a specific post-quantum DSA that will likely be superseded in the next
3-5 years
4) This strategy also serves as a secure means of transferring balances
into a post-quantum DSA address space, even in the event that ECDSA is
fully compromised and the transition is reactionary
The proposal is a change to key generation only and will be implemented by
wallet providers.
Feedback would be most appreciated.
Regards,
Tristan
--f403045ec64672bd810565047a51
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
<div dir=3D"ltr">Hi all,<div><br></div><div>Recently I've been explorin=
g what a post-quantum attack on Bitcoin would actually look like, and what =
options exist for mitigating it.</div><div><br></div><div>
<span style=3D"color:rgb(34,34,34);font-family:arial,sans-serif;font-size:s=
mall;font-style:normal;font-variant-ligatures:normal;font-variant-caps:norm=
al;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;t=
ext-transform:none;white-space:normal;word-spacing:0px;background-color:rgb=
(255,255,255);text-decoration-style:initial;text-decoration-color:initial;f=
loat:none;display:inline">I've put up a draft of my research here:=C2=
=A0<a href=3D"https://medium.com/@tristanhoy/11271f430c41">https://medium.c=
om/@tristanhoy/11271f430c41</a></span>
<br></div><div><br></div><div>In summary:</div><div>1) None of the recommen=
ded post-quantum DSAs (XMSS, SPHINCS) are scalable<br></div><div>2) This is=
a rapidly advancing space and committment to a specific post-quantum DSA n=
ow would be premature</div><div>3) I've identified a strategy (solution=
3 in the draft) that mitigates against the worst case scenario (unexpected=
ly early attack on ECDSA) without requiring any changes to the Bitcoin prot=
ocol or total committment to a specific post-quantum DSA that will likely b=
e superseded in the next 3-5 years</div><div>4) This strategy also serves a=
s a secure means of transferring balances into a post-quantum DSA address s=
pace, even in the event that ECDSA is fully compromised and the transition =
is reactionary</div><div><br></div><div>The proposal is a change to key gen=
eration only and will be implemented by wallet providers.</div><div><br></d=
iv><div>Feedback would be most appreciated.</div><div><br></div><div>Regard=
s,</div><div><br></div><div>Tristan</div></div>
--f403045ec64672bd810565047a51--
|
