Return-Path: <apoelstra@wpsoftware.net>
Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org
	[172.17.192.35])
	by mail.linuxfoundation.org (Postfix) with ESMTPS id 0D093F08
	for <bitcoin-dev@lists.linuxfoundation.org>;
	Wed, 24 Jan 2018 01:52:59 +0000 (UTC)
X-Greylist: from auto-whitelisted by SQLgrey-1.7.6
Received: from mail.wpsoftware.net (wpsoftware.net [96.53.77.134])
	by smtp1.linuxfoundation.org (Postfix) with ESMTP id 7B8B5293
	for <bitcoin-dev@lists.linuxfoundation.org>;
	Wed, 24 Jan 2018 01:52:58 +0000 (UTC)
Received: from boulet.lan (boulot.lan [192.168.0.193])
	by mail.wpsoftware.net (Postfix) with ESMTPSA id 95E71400E2;
	Wed, 24 Jan 2018 01:52:56 +0000 (UTC)
Date: Wed, 24 Jan 2018 01:52:57 +0000
From: Andrew Poelstra <apoelstra@wpsoftware.net>
To: Gregory Maxwell via bitcoin-dev <bitcoin-dev@lists.linuxfoundation.org>
Message-ID: <20180124015256.GR9082@boulet.lan>
References: <CAAS2fgTXg5kk6TyUM9dS=tf5N0_Z-GKVmzMLwTW1HxUgrqdo+Q@mail.gmail.com>
	<20180123064419.GA1296@erisian.com.au>
	<CAAS2fgSy8qg71M6ZOr=xj=W6y2Jbz8hwygZOUYv-Brkt0JwVaQ@mail.gmail.com>
	<20180123222229.GA3801@erisian.com.au>
	<CAAS2fgTNcCB2mfvCBhC_AhgxX=g8feYguGHN_VPWW0EoOOxMyA@mail.gmail.com>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha256;
	protocol="application/pgp-signature"; boundary="HSfddtAs2KjjielS"
Content-Disposition: inline
In-Reply-To: <CAAS2fgTNcCB2mfvCBhC_AhgxX=g8feYguGHN_VPWW0EoOOxMyA@mail.gmail.com>
User-Agent: Mutt/1.7.1 (2016-10-04)
X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,T_RP_MATCHES_RCVD
	autolearn=ham version=3.3.1
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	smtp1.linux-foundation.org
Subject: Re: [bitcoin-dev] Taproot: Privacy preserving switchable scripting
X-BeenThere: bitcoin-dev@lists.linuxfoundation.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Bitcoin Protocol Discussion <bitcoin-dev.lists.linuxfoundation.org>
List-Unsubscribe: <https://lists.linuxfoundation.org/mailman/options/bitcoin-dev>,
	<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=unsubscribe>
List-Archive: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/>
List-Post: <mailto:bitcoin-dev@lists.linuxfoundation.org>
List-Help: <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=help>
List-Subscribe: <https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev>,
	<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=subscribe>
X-List-Received-Date: Wed, 24 Jan 2018 01:52:59 -0000


--HSfddtAs2KjjielS
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Tue, Jan 23, 2018 at 10:45:06PM +0000, Gregory Maxwell via bitcoin-dev w=
rote:
> On Tue, Jan 23, 2018 at 10:22 PM, Anthony Towns <aj@erisian.com.au> wrote:
> > Hmm, at least people can choose not to reuse addresses currently --
> > if everyone were using taproot and that didn't involve hashing the key,
>=20
> Can you show me a model of quantum computation that is conjectured to
> be able to solve the discrete log problem but which would take longer
> than fractions of a second to do so? Quantum computation has to occur
> within the coherence lifetime of the system.
>=20
> > way for individuals to hedge against quantum attacks in case they're ev=
er feasible, at least that I can see (well, without moving their funds out =
of bitcoin anyway)?
>=20
> By using scriptpubkeys with actual security against quantum computers
> instead of snake-oil.
>=20
> > (It seems like using the point at infinity wouldn't work because
>=20
> Indeed, that doesn't work.
>=20
> > that when quantum attacks start approaching feasibility. If funds are
> > being held in reused addresses over the long term, that would be more
>=20
> They are. But I don't believe that is relevant; the attacker would
> simply steal the coins on spend.


Then the system would need to be hardforked to allow spending through a
quantum-resistant ZKP of knowledge of the hashed public key. I expect
that in a post-quantum world there will be demand for such a fork,
especially if we came into such a world through surprise evidence of
a discrete log break.

--=20
Andrew Poelstra
Mathematics Department, Blockstream
Email: apoelstra at wpsoftware.net
Web:   https://www.wpsoftware.net/andrew

"A goose alone, I suppose, can know the loneliness of geese
 who can never find their peace,
 whether north or south or west or east"
       --Joanna Newsom


--HSfddtAs2KjjielS
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQEcBAEBCAAGBQJaZ+b4AAoJEMWI1jzkG5fBqgIH/0IXtc0XFwQwYYjYz0f17NDW
VKg08Qduk3DWKpSJs7TCJ6XHoqEwEKaAfcjy/CmgCGhiOo8KxR+mLUtoPr5hFSzX
CMuW4Lh+LyE89ZlYiFp1qzGsHhf60i7e0UFSFFdMrUyR0s06W1TDdr6C31W6hshC
28Rmp9he3+R6j0takBWQwIo0IzmgTBY2MYmy9VMmHPPpaUUIoHYTPJI3IcBnZ338
ahGrdcX6LUPOkq45SmGX6wwP4BF0HNd1tVMNg4ho1dsicuPxyx85d1iFQJpUR2pu
rXWuBhaXKCMU/wdqn5rCTXxPpAR3Go0R5xwbYK4+/ZgOS88MA/bOWIyJHmZt48s=
=/1iP
-----END PGP SIGNATURE-----

--HSfddtAs2KjjielS--