Recently I've been exploring what a post-quantum attack on Bitcoin would
actually look like, and what options exist for mitigating it.
I've put up a draft of my research here:
1) None of the recommended post-quantum DSAs (XMSS, SPHINCS) are scalable
2) This is a rapidly advancing space and committment to a specific
post-quantum DSA now would be premature
3) I've identified a strategy (solution 3 in the draft) that mitigates
against the worst case scenario (unexpectedly early attack on ECDSA)
without requiring any changes to the Bitcoin protocol or total committment
to a specific post-quantum DSA that will likely be superseded in the next
4) This strategy also serves as a secure means of transferring balances
into a post-quantum DSA address space, even in the event that ECDSA is
fully compromised and the transition is reactionary
The proposal is a change to key generation only and will be implemented by
Feedback would be most appreciated.
bitcoin-dev mailing list