Author: Andrew Poelstra 2018-01-24 01:52:57
Published on: 2018-01-24T01:52:57+00:00
In a discussion on the bitcoin-dev mailing list about quantum resistance, Gregory Maxwell asked for a model of quantum computation which is conjectured to solve the discrete log problem but would take longer than fractions of a second to do so. Anthony Towns suggested using scriptpubkeys with actual security against quantum computers instead of snake-oil as a way for individuals to hedge against quantum attacks in case they become feasible. However, if funds are being held in reused addresses over the long term, they could still be stolen by an attacker. Andrew Poelstra suggested that in a post-quantum world, the system would need to be hardforked to allow spending through a quantum-resistant ZKP of knowledge of the hashed public key, and he expects there will be demand for such a fork if there is surprise evidence of a discrete log break.
Updated on: 2023-06-13T00:07:41.355384+00:00