Author: Lloyd Fournier 2021-04-16 05:00:07
Published on: 2021-04-16T05:00:07+00:00
In a recent email exchange among Bitcoin developers, the topic of measuring progress in quantum computing-based EC key cracking was discussed. David A. Harding asked if anyone familiar with elliptic curve cryptography (ECC) and quantum computing (QC) knew how to create output scripts with lower difficulty that could be used to measure the progress of QC-based EC key cracking. ZmnSCPxj responded that it is relatively easy to do so using a trusted setup where a trusted party takes a secp256k1 secret key and verifiably encrypts it under a NUMS public key from the weaker group. People then pay the secp256k1 public key funds to create the bounty. As long as the trusted party deletes the secret key afterward, the scheme is secure. ZmnSCPxj also suggested splitting the trusted setup among several parties where only one of them needs to be honest, but this would require some engineering and analysis work. Another suggestion was using OP_CHECKMULTISIG to have N parties generate individual private keys, encrypt each of them with the NUMS pubkey from the weaker group, then pay out to an N-of-N OP_CHECKMULTISIG address of all the participants. A single honest participant would ensure security of the bounty. To simplify the process further, proving equality between the weak group's key and the secp256k1 key was another idea that was proposed. This involves generating a 160-bit key and using it both as a secp256k1 and a 160-bit curve key, and proving equality between them, giving funds to the secp256k1 key. However, this method comes with the extra assumption that it's easier to break the 160-bit key on the 160-bit curve as opposed to just breaking the 160-bit key on the 256-bit curve. More research is needed before taking this approach.
Updated on: 2023-06-14T19:33:58.127878+00:00