Author: Gregory Maxwell 2018-01-23 13:15:38
Published on: 2018-01-23T13:15:38+00:00
In an email exchange, Anthony Towns questions whether paying directly to a pubkey instead of a pubkey hash in Bitcoin is a step backwards in terms of resistance to quantum attacks against ECC. However, the writer suggests that using hashing for quantum resistance may not be as effective as previously thought and should not drive decision-making. As such, there is an argument to use the public key directly in transactions where collision resistance is needed, as it provides no space savings from hashing. Moreover, direct SPK use can also enable efficient ZKP over the UTXO set, although it is not mandatory for this purpose.
Updated on: 2023-05-20T04:48:50.805342+00:00