Author: ZmnSCPxj 2021-04-16 03:47:45
Published on: 2021-04-16T03:47:45+00:00
In a bitcoin-dev email thread, David A. Harding asked whether anyone informed about ECC and QC knew how to create output scripts with lower difficulty that could be used to measure the progress of QC-based EC key cracking. ZmnSCPxj responded that the task was relatively easy if a trusted setup was used, where the trusted party takes a secp256k1 secret key and verifiably encrypts it under a NUMS public key from the weaker group. As long as the trusted party deletes the secret key afterward, the scheme is secure. Splitting the trusted setup among several parties where only one of them needs to be honest looks doable but would take some engineering and analysis work. ZmnSCPxj suggested that instead of using the trusted setup, OP_CHECKMULTISIG may be sufficient. The N parties would generate individual private keys, encrypt each of them with the NUMS pubkey from the weaker group, then pay out to an N-of-N OP_CHECKMULTISIG address of all the participants. This should reduce the need for analysis and engineering.
Updated on: 2023-06-14T19:34:29.601684+00:00