Author: Karl-Johan Alm 2021-03-15 23:01:47
Published on: 2021-03-15T23:01:47+00:00
In a recent post on bitcoin-dev, Matt Corallo discussed the tradeoffs of using hash indirection versus naked pubkeys in Bitcoin's security. The main difference between these two methods is that with hashes, an attacker must race against the spending transaction confirming, while with naked pubkeys, they don't have to wait for a spend to occur. This means that the available time to attack is drastically increased with naked pubkeys.While it may take months to break a single key initially, Super Secure Exchange X with an ultra-cold 38-of-38 multisig setup using Taproot would have a timer ticking since the attacker only needs to find a single privkey like with any old P2PK output. In contrast, anyone with a hashed pubkey would be safe from attacks until the breaking process speeds up significantly. However, this assumes no address reuse. Corallo argues that the tradeoffs of relying on naked pubkeys seem ludicrous given that quantum computing issues in Bitcoin need to be solved in another way and can't realistically be solved by just relying on existing hash indirection. Therefore, the use of hash indirection remains the better option for ensuring Bitcoin's security.
Updated on: 2023-06-14T19:32:43.128824+00:00