Author: Erik Aronesty 2021-07-03 11:31:04
Published on: 2021-07-03T11:31:04+00:00
A member of the Bitcoin Development mailing list posed a question regarding the possibility of using Schnorr signatures to perform complex arithmetic operations without involving the Bitcoin network and nodes. Another member responded in the affirmative, pointing out that C++ templates also have these issues. The responder suggested that one can create a quantum-proof signature by signing the signature made with checksig with the Lamport (there are some crypto assumption gotchas with this). The responder also mentioned that it works better in segwit V0 because there's no keypath spend which breaks the quantum-proofness of this scheme. The responder then discussed a technique for implementing Lamport signatures for arbitrary values representable in small binary numbers. They showed how to use bitwise expansion of the number and a Lamport signature, and provided a concrete example of a 16-bit sequence lock. They also noted that while Merkle signatures would be much smaller for the pubkey, they would be much larger for the signature and the script would be more complicated. Furthermore, since both Lamport and Merkle are single-use-only and pubkey reuse is discouraged, Merkle sigs end up being more expensive.
Updated on: 2023-06-14T23:54:25.679531+00:00