Return-Path: Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org [172.17.192.35]) by mail.linuxfoundation.org (Postfix) with ESMTPS id 6010F104E for ; Tue, 23 Jan 2018 22:45:08 +0000 (UTC) X-Greylist: whitelisted by SQLgrey-1.7.6 Received: from mail-vk0-f43.google.com (mail-vk0-f43.google.com [209.85.213.43]) by smtp1.linuxfoundation.org (Postfix) with ESMTPS id D3BC2CA for ; Tue, 23 Jan 2018 22:45:07 +0000 (UTC) Received: by mail-vk0-f43.google.com with SMTP id n132so1374053vke.2 for ; Tue, 23 Jan 2018 14:45:07 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc; bh=0gmRBCSwV5qPntphLNQ+ny5ytC7SU3pcNzu3AxzNrCo=; b=AebP3UD1HtjcBJyMz2jt84yl/O/sxna5Yy0aFIkwS7jiWadjCEuNgF9LPN7T6cecJO KIOUyCA788IfJMSpeczRcaJIkZSZurr+bj03C3SnDBJUrJ7vEuZK/tvFyw4TdT7QGixq 6La483B/mMLr+5zuknnz6kpg9WD7kIQOXCa1qF0lMITfaty2Oj6MQXLmn+2kfCBfMKv1 oB9iVS+jPTHje+E4uOLaRzwTTPXtayRIaa9MT0kdH9/irziMYjZlNbY6DUz+9TQfIbcg kmZuFz78izLVvXQDrfK0MuseH1KbpZlE7vFHw1PPBtPIiVYGyz5DxtLpWXe/OkBdt71M CMZQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:sender:in-reply-to:references:from :date:message-id:subject:to:cc; bh=0gmRBCSwV5qPntphLNQ+ny5ytC7SU3pcNzu3AxzNrCo=; b=V1N6N9hiQNTOOtnKK5w3gakeQbhuSfb5e9O+o76Kb09JEr4nhmfOAk8GXbVE8u+XVP ic0E4Y4ayet46OJVwH8/YReQ/mwSPUxrYE04y9kmpFwiH4Kb5HUEta63R7DORYnKvYcR FEliTb6Q8NAvKYIgScjA2agI6hr8xzAmRmA6SafI+QwTNiuvjsghssCS3XrW0EigrtZM HQSlmBVM+y5UBRCv5Zj9/10bfrr6xlNiok2yp7ipUW5PyG9rnSj21JLGM1Uuwk5LPbga 8y8+ph6BXqi/RipjYjAHY7arJMpY+ih4UmEZWtFT3ZRjqjxiOTGfLcDymVDmrxOa1NHy RO/w== X-Gm-Message-State: AKwxytca5/QAWsSOeblhXTDfJLv1U9M7F+6Lh0NtjQrM9XANT0k+X89L Pz48sAQywK+ZsHzg/1sqGJegXH3F2EyNUU8+w+g9Eg== X-Google-Smtp-Source: AH8x227KtXuVZ8cY4QzIW23mMRPq8LDnKoVAD8ZnqdShQKla0ns8kUV53jC+//AgDhHiDdsbU+B5I5fyj4aNyWeWOyY= X-Received: by 10.31.195.196 with SMTP id t187mr1839420vkf.182.1516747507036; Tue, 23 Jan 2018 14:45:07 -0800 (PST) MIME-Version: 1.0 Sender: gmaxwell@gmail.com Received: by 10.103.78.155 with HTTP; Tue, 23 Jan 2018 14:45:06 -0800 (PST) In-Reply-To: <20180123222229.GA3801@erisian.com.au> References: <20180123064419.GA1296@erisian.com.au> <20180123222229.GA3801@erisian.com.au> From: Gregory Maxwell Date: Tue, 23 Jan 2018 22:45:06 +0000 X-Google-Sender-Auth: EMGyq_wkyABu3DyJGzRSDRQbslw Message-ID: To: Anthony Towns Content-Type: text/plain; charset="UTF-8" X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID, FREEMAIL_FROM, RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on smtp1.linux-foundation.org Cc: Bitcoin Protocol Discussion Subject: Re: [bitcoin-dev] Taproot: Privacy preserving switchable scripting X-BeenThere: bitcoin-dev@lists.linuxfoundation.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Bitcoin Protocol Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 23 Jan 2018 22:45:08 -0000 On Tue, Jan 23, 2018 at 10:22 PM, Anthony Towns wrote: > Hmm, at least people can choose not to reuse addresses currently -- > if everyone were using taproot and that didn't involve hashing the key, Can you show me a model of quantum computation that is conjectured to be able to solve the discrete log problem but which would take longer than fractions of a second to do so? Quantum computation has to occur within the coherence lifetime of the system. > way for individuals to hedge against quantum attacks in case they're ever feasible, at least that I can see (well, without moving their funds out of bitcoin anyway)? By using scriptpubkeys with actual security against quantum computers instead of snake-oil. > (It seems like using the point at infinity wouldn't work because Indeed, that doesn't work. > that when quantum attacks start approaching feasibility. If funds are > being held in reused addresses over the long term, that would be more They are. But I don't believe that is relevant; the attacker would simply steal the coins on spend.