On Tue, Jan 23, 2018 at 10:22 PM, Anthony Towns <a...@erisian.com.au> wrote: > Hmm, at least people can choose not to reuse addresses currently -- > if everyone were using taproot and that didn't involve hashing the key,
Can you show me a model of quantum computation that is conjectured to be able to solve the discrete log problem but which would take longer than fractions of a second to do so? Quantum computation has to occur within the coherence lifetime of the system. > way for individuals to hedge against quantum attacks in case they're ever > feasible, at least that I can see (well, without moving their funds out of > bitcoin anyway)? By using scriptpubkeys with actual security against quantum computers instead of snake-oil. > (It seems like using the point at infinity wouldn't work because Indeed, that doesn't work. > that when quantum attacks start approaching feasibility. If funds are > being held in reused addresses over the long term, that would be more They are. But I don't believe that is relevant; the attacker would simply steal the coins on spend. _______________________________________________ bitcoin-dev mailing list bitcoin-dev@lists.linuxfoundation.org https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev