Add BIP: QES2 – Hybrid PQC-based Digital Signature Algorithm #1830

1. 
   j1729labs commented at 8:03 am on April 18, 2025: none

   Summary: This pull request introduces a new Bitcoin Improvement Proposal (BIP) for QES2, a hybrid digital signature algorithm that combines post-quantum cryptography (PQC) with traditional ECDSA. The proposal aims to address the potential vulnerabilities posed by quantum computing while preserving backward compatibility with existing Bitcoin infrastructure.

   Details:

   Abstract: QES2 leverages a dual-signature mechanism to incorporate both a post-quantum signature and a classical ECDSA signature into Bitcoin transactions.

   Motivation: With the emerging threat of quantum computers, classical cryptographic methods may become vulnerable. QES2 presents a transitional solution that enhances security during the shift towards quantum-safe systems.

   Specification: The BIP outlines the structure, key generation, signing, and verification methods for the hybrid scheme.

   Rationale: The hybrid approach ensures that if one signature method is compromised, the other still provides protection, offering a balanced trade-off between security and backward compatibility.

   Reference Implementation: A reference implementation will be linked later for further review and testing.

2. Create bip-newproposal.mediawiki 7f9114f662
3. Update bip-newproposal.mediawiki 5414a5c56a
4. Update bip-newproposal.mediawiki 3a34446077
5. Update bip-newproposal.mediawiki 28c2aa8a7f
6. Update bip-newproposal.mediawiki 11a563aeaf
7. 
   cryptoquick commented at 3:29 pm on April 18, 2025: none

   Would it make sense to just add QES2 support to BIP-360?
8. in bip-newproposal.mediawiki:330 in 11a563aeaf

   325+Taproot Compatibility
   326+--------------------
   327+
   328+QES2 can be integrated with BIP-340 (Taproot) by:
   329+
   330+1. Using the QES2-based signature in place of the Schnorr signature
   

   ---

   ---

   

   cryptoquick commented at 3:49 pm on April 18, 2025:

   You specify QES2 as ECDSA, but ECDSA doesn’t support all that Schnorr does. This seems like a step backwards that could break Taproot compatibility. Would it not make sense to implement QES2 with Schnorr and remove mention of ECDSA?
9. in bip-newproposal.mediawiki:581 in 11a563aeaf

   576+
   577+1. **Dilithium Security**: The Dilithium signature is secure against quantum adversaries under the hardness assumptions of Module-LWE and Module-SIS problems.
   578+
   579+2. **ECDSA Security**: While vulnerable to quantum attacks, ECDSA remains secure against classical adversaries.
   580+
   581+3. **Binding Property**: The ECDSA signature validates the Dilithium signature, creating a binding that requires breaking both schemes or finding hash collisions to forge.
   

   ---

   ---

   

   cryptoquick commented at 3:53 pm on April 18, 2025:

   Why is it necessary to sign the PQ signature? Can’t it just be included separately and still benefit from the same guarantees if committed to in the same address as BIP-360 does?
10. 
    cryptoquick commented at 3:54 pm on April 18, 2025: none

    Just some questions
11. 
    jonatack commented at 5:54 pm on April 18, 2025: member

    Hi @j1729labs, have you posted about this to the bitcoin-dev mailing list at https://groups.google.com/g/bitcoindev? Please refer to https://github.com/bitcoin/bips/blob/master/bip-0002.mediawiki#user-content-BIP_workflow for details. Thanks!
12. jonatack added the label New BIP on Apr 18, 2025
13. 
    murchandamus commented at 11:42 pm on April 18, 2025: contributor

    Please take another look at the formatting. The document’s syntax doesn’t seem to be MediaWiki, and especially the preamble does currently not conform to the required formatting.
14. murchandamus added the label PR Author action required on Apr 18, 2025

Contributors
j1729labs cryptoquick jonatack murchandamus

Labels
New BIP PR Author action required