Return-Path: Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org [172.17.192.35]) by mail.linuxfoundation.org (Postfix) with ESMTPS id EA779F67 for ; Mon, 12 Feb 2018 15:50:56 +0000 (UTC) X-Greylist: from auto-whitelisted by SQLgrey-1.7.6 Received: from jupiter.mpi-klsb.mpg.de (srv-40-61.mpi-klsb.mpg.de [139.19.86.15]) by smtp1.linuxfoundation.org (Postfix) with ESMTPS id AAF935BB for ; Mon, 12 Feb 2018 15:50:55 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=mmci.uni-saarland.de; s=mail200803; h=Content-Transfer-Encoding:Mime-Version:Content-Type:References:In-Reply-To:Date:To:From:Subject:Message-ID; bh=IOFnDFzcwAtOXGbBFqI35RNdXWnO4pQthJm6o7l8OVI=; b=xn4asXaJNBz6IEg8tKL/kKgDV3jeZFftd5raWOXHIoZ2DrgMGKmJyfKI9O0C1UyJ2GusYfU2iR5EgDsgFR1ExwclriNP4iUQzVvPYoQb3vda+u83Eg+3UbqF5fIL9DgIcucPJFk4Xoggx57IOijln0ve8CrLcKViUh0fOqWsdl8=; Received: from srv-00-61.mpi-klsb.mpg.de ([139.19.86.26]:56040 helo=sam.mpi-klsb.mpg.de) by jupiter.mpi-klsb.mpg.de (envelope-from ) with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.84_2) id 1elGNX-0001hQ-ST for bitcoin-dev@lists.linuxfoundation.org; Mon, 12 Feb 2018 16:50:53 +0100 Received: from port-92-203-193-151.dynamic.qsc.de ([92.203.193.151]:54532 helo=tonno.fritz.box) by sam.mpi-klsb.mpg.de (envelope-from ) with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.84_2) id 1elGNX-0007BW-JF for bitcoin-dev@lists.linuxfoundation.org; Mon, 12 Feb 2018 16:50:51 +0100 Message-ID: <1518450650.7829.87.camel@mmci.uni-saarland.de> From: Tim Ruffing To: bitcoin-dev@lists.linuxfoundation.org Date: Mon, 12 Feb 2018 16:50:50 +0100 In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" X-Mailer: Evolution 3.26.5 Mime-Version: 1.0 Content-Transfer-Encoding: 7bit X-MPI-Local-Sender: true X-Spam-Status: No, score=-4.3 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, RCVD_IN_DNSWL_MED autolearn=ham version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on smtp1.linux-foundation.org Subject: Re: [bitcoin-dev] Transition to post-quantum X-BeenThere: bitcoin-dev@lists.linuxfoundation.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Bitcoin Protocol Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 12 Feb 2018 15:50:57 -0000 Hi Tristan, Regarding the "Post-Quantum Address Recovery" part (I haven't read the other parts), you may be interested in my message to the list from last month and the rest of the thread: https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2018-January/015659.html This is an approach which aims to avoid the issues that you've mentioned in your blog post. Best, Tim On Tue, 2018-02-13 at 01:13 +1100, Tristan Hoy via bitcoin-dev wrote: > Hi all, > > Recently I've been exploring what a post-quantum attack on Bitcoin > would actually look like, and what options exist for mitigating it. > > I've put up a draft of my research here: https://medium.com/@tristanh > oy/11271f430c41 > > In summary: > 1) None of the recommended post-quantum DSAs (XMSS, SPHINCS) are > scalable > 2) This is a rapidly advancing space and committment to a specific > post-quantum DSA now would be premature > 3) I've identified a strategy (solution 3 in the draft) that > mitigates against the worst case scenario (unexpectedly early attack > on ECDSA) without requiring any changes to the Bitcoin protocol or > total committment to a specific post-quantum DSA that will likely be > superseded in the next 3-5 years > 4) This strategy also serves as a secure means of transferring > balances into a post-quantum DSA address space, even in the event > that ECDSA is fully compromised and the transition is reactionary > > The proposal is a change to key generation only and will be > implemented by wallet providers. > > Feedback would be most appreciated. > > Regards, > > Tristan > _______________________________________________ > bitcoin-dev mailing list > bitcoin-dev@lists.linuxfoundation.org > https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev