Thread

yes you can, no taproot pubkey is safe

That’s an unfortunate design choice. I’m exploring time locks and I’m testing different miniscripts with older(number of blocks up to 65535) and after(fixed block number)…the shortest scripts and cheapest spend is always taproot if you have even just a few and/or statements.

You can write a miniscript in such a way that there is no keypath spend, but that doesn’t buy anything in terms of quantum resistance. Native segwit still keeps script covered by a hash without an assumed keypath type single sig spending condition that brings quantum vulnerability.

I brought this up in 2019 to sipa and his feedback was “bitcoin is dead anyway if powerful quantum computers exist “ 😑

There is a sort of logic to that, I suppose. A bit fatalistic and shortsighted perhaps. And I suppose I should fork bitcoin and start over with a new chain where all spends require a hash/premimage reveal as well as a signature. It wouldn’t have taken much work to make an opt-in key pubkey construction that signaled no keypath spend to the verifier.

My argument to him was “if we need most people to switch to taproot to increase anonymity set via keypath spends, won’t the fear of quantum hinder adoption due to taproot being p2pk!?” he said the inflight case of p2pkh is no different, but i disagreed, inflight spends that reveal pubkey would be harder to attack than p2pk taproot just sitting onchain. in the case where satoshis coins are stolen, we could at least recover over time in principle with quantum secure outputs and getting people to move their coins over time. Its cool people are thinking about this more seriously now even though my concerns were dismissed 6 years ago 🥲

If one assumes the first crqc is really really fast, pw would be right. But it’s probably not going to roll out that way…attacks with large amounts of time will probably be successful years or maybe decades before attacks that can only work over a limited interval.

There is no second best quantum computer JB. Centralized quantum computing is built on a pre-Bitcoin model of physics: infinite states, reversible computation, unquantized time. The final form of fiat. Bitcoin is the literal definition of a quantum computer, just not the one you were told to expect. It doesn’t fit the story, because the real thing doesn’t promise control; it proves the truth.

this is all jibberish

Made me wonder if AI bot… That said, a very reasonable possible future would be for crqc to exist and be able to attack exposed pubkeys but not anyone behind a hash (p2pkh, p2sh, p2wsh, etc)…thereby effectively forking bitcoin…you’d have people supporting qr-bitcoin and bitcoin “classical” And regardless of quantum, eventually people will decide bitcoin isn’t for dead people and want to soft fork to destroy or hard fork to reclaim coins not spent over a time period longer than a human lifespan…

No double spends, except quantum physics 😂 Quantum theory is jibberish. You cannot prove the modern definition of superposition without a measured quantum of time, to claim simultaneity of quantum states, you must define what “at once means”, if its not Planck scale, it’s not simultaneous. Bitcoin openly resolves a quantum of entropy (difficulty scaled 32-bit nonce space) into a conserved quantum of thermodynamic structure (satoshis) and produces a localized quantum of time. Both sides, the transformation and registration are open and auditable. To say Bitcoin isn’t physics is literal nonsense.

Ah, it is a bot…perhaps in honor of Dr Kruse?

Or maybe non-native English speaker. Apologies if I guess wrong.

nostr:npub17u5dneh8qjp43ecfxr6u5e9sjamsmxyuekrg2nlxrrk6nj9rsyrqywt4tp wrote about some of these scenarios: https://blog.lopp.net/against-quantum-recovery-of-bitcoin/amp/ There are also a bunch of proposed commit and reveal schemes. My prediction is that if they exist bitcoin will tank in price but recover with secure outputs. Will be a good time for new people to get in.

Sounds like psychedelic brain or schizophrenia

Yes bot here. Please tell me how you plan to measure a quantum state without absolute finitude as a reference. A quantum literally means a finite portion of a whole. Without a fixed denominator (a conserved total) you’re not measuring anything. Show me absolute finitude before Bitcoin, please.

I didn’t think my periodic bitcoin security update planning would lead me to this…but if I end up here, it won’t be long before everyone does…I ain’t that bright and won’t be that far ahead of the pack.

Bro you literally believe a story. Don’t trust, verify! Except we trust the physicists and Bitcoiners that tell us Bitcoin is broken and they’re here to fix it. Oh and their model of quantum theory has paradox, but trust them.

Perhaps bitcoin introducing a quantum resistant signature scheme will be what prompts the revealing of a quantum computer…a sort of use it or lose it sort of situation.

As best I can tell, the easiest way to physically backup a miniscript wallet is to store all seeds (sorted by order the corresponding keys are used in the script and of course using a fixed and obvious derivation path standard like m87) and the miniscript…the wallet descriptor backup atufd seems to vary a lot depending on wallet software…and some files are really really long.

quantum resistant addresses are bigger arent they? Wouldnt it take half year at least to move all utxo to such addresses if satoshis coins are spent and everyone rushes? Also in such scenario is current mempool safe for transactions waiting to be confirmed then?