Author: Ethan Heilman 2021-07-09 19:02:15
Published on: 2021-07-09T19:02:15+00:00
A proposal has been put forward to use Lamport signatures to sign longer messages in Bitcoin script arithmetic and make Bitcoin quantum-proof. Lamport signatures are quantum secure, but unfortunately, they require a couple of kilobytes, which is too large for the current block size limit. However, it may be possible to compress them significantly by using Winternitz OTS or OP_CAT to build a merkle tree so that the full signature can be derived during script execution from a much shorter set of seed values. In a blog post, Rubin presented a construction that uses an OP_CAT-like operation to sign up to 20 bytes, which could then be used with the HASH160 digest to create a "quantum safe" signature algorithm. The ECDSA signature could be signed with a quantum proof signature algorithm to create a quantum-proof Bitcoin. Rubin also suggested that Schnorr, which has a stronger non-malleability property than ECDSA, could be used to bind the signatures to the approved transaction and once Lamport signed, even a quantum computer could not steal the funds. This scheme can nest inside of a Tapscript path, and many Lamport keys can be committed inside a taproot tree to make keys reusable.
Updated on: 2023-06-15T00:15:48.979279+00:00