Author: Anthony Towns 2018-01-23 22:22:29
Published on: 2018-01-23T22:22:29+00:00
In a recent email exchange, Gregory Maxwell debated the use of public keys vs. pubkey hashes in the Taproot proposal. Anthony Towns questioned if paying directly to a pubkey rather than a pubkey hash would be detrimental to Bitcoin's resistance against quantum attacks. Maxwell was skeptical that hashing provided any meaningful quantum resistance and regretted introducing the concept in the first place. He argued that addressing quantum resistance specifically would be more effective. Towns pointed out that individuals could choose not to reuse addresses currently, but this may not be possible with Taproot. Even using "X + H(X|script)g" with X being a random point could end up attackable. Additionally, if people currently reusing addresses cycle funds through quickly, they may simply stop doing so when quantum attacks become feasible. However, holding funds in reused addresses long-term would pose a greater problem. Maxwell argued that when collision resistance is needed (as in the case of Taproot), there is no space savings in the txout from hashing, so there is an argument for using the public key directly. Direct SPK use is also advantageous for efficiently ZKP over the UTXO set for private solvency proofs, but it isn't mandatory.
Updated on: 2023-05-20T04:48:24.953785+00:00