From mboxrd@z Thu Jan 1 00:00:00 1970 Delivery-date: Fri, 10 Apr 2026 16:10:26 -0700 Received: from mail-oo1-f56.google.com ([209.85.161.56]) by mail.fairlystable.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (Exim 4.94.2) (envelope-from ) id 1wBKza-0006nQ-40 for bitcoindev@gnusha.org; Fri, 10 Apr 2026 16:10:26 -0700 Received: by mail-oo1-f56.google.com with SMTP id 006d021491bc7-679c51b2d6csf4146675eaf.2 for ; Fri, 10 Apr 2026 16:10:25 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1775862620; cv=pass; d=google.com; s=arc-20240605; b=F7rJTp3O8eO/eMh8xaPK4qKdFrW15oml/P1uqKh8AkYmVb5ODU2JyqYpn8rQs9rL8U mN7ZHy6iFviY3LT6QfvvyiGgCrWMP76HXSCDdVwH/ges11xn2m6R8yTHe/x5ZSEhdr9z 4Dzxe2OcjW0dOwv3j3/SGzA4gMzdXlVYthOLEQvEAa0vIbAyhNd8EK2bNASNRE6JHxY4 lptfjLwp08TkKzkPAyrMmsJpwAJZmMsIEBRh0Op8ZbDInHjC/Okwri6eswsXWe9s8VXf PbGLl2g9tNHmVYBa32hyfwY3kqIIau9IpzRChGUjG2GiRbL0QkQs4JmUX36WbOT1lTav btKg== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:content-transfer-encoding :in-reply-to:from:content-language:references:cc:to:subject :mime-version:date:message-id:sender:dkim-signature; bh=TEpA/SWpC376xgo3/Ul2bP9GhD00DPxsSEunP1/tRRg=; fh=6MsnZfRQQK262Joj86y0sdgpTOHzCT3PVECRqIB169Y=; b=KTobP7Yj+WA2P5VwfgKB4Tdafrm57uQhBFZW1rZlr8RI7le+NUFF0eLIIyN0E5biGm qDb5t7V5666csUqpjvYIa1zLRrtPS7gybFhK94K674pu+wmDZTWymYYTabtGerj7Raeh oRgFTVMHN5hpWQ39SRENVmInFtTMkkDdBEYzGUtVyp7ERrMTEGz+5jIZLRhOdVJPuuF4 sA8qglsvAh1aseIAz5Ytn7P3AnNBwyaKDc20/24WKe4gD1MoyBzFIEPml7TUWrTGjWOD FMljEtdQX37wciig//STXXpPO1PcQST8nXgmdobP0w83VS0O/oFUlTDhN1lEDF1Z2JEt 26EQ==; darn=gnusha.org ARC-Authentication-Results: i=2; gmr-mx.google.com; dkim=pass header.i=@mattcorallo.com header.s=1775851263 header.b=IgcgpBrh; dkim=pass header.i=@clients.mail.as397444.net header.s=1775851265 header.b="Q8xU/un2"; spf=pass (google.com: domain of lf-lists@mattcorallo.com designates 69.59.18.99 as permitted sender) smtp.mailfrom=lf-lists@mattcorallo.com; dmarc=pass (p=NONE sp=REJECT dis=NONE) header.from=mattcorallo.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com; s=20251104; t=1775862620; x=1776467420; darn=gnusha.org; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:x-original-authentication-results :x-original-sender:content-transfer-encoding:in-reply-to:from :content-language:references:cc:to:subject:mime-version:date :message-id:sender:from:to:cc:subject:date:message-id:reply-to; bh=TEpA/SWpC376xgo3/Ul2bP9GhD00DPxsSEunP1/tRRg=; b=kI0zKllbNoepDjfzFpUqXyz08v3whNY9erpQgQ+Hq+yH0iIs97eheBqOw6w4631Imf T5KAX3/XHnNizHQmF9ullMhPjvcFX7OGT4muVvsmnoBXJ7U+TPCqPTwricQ6cdQ87+sK KRXvCvNYBFpBAu7o32kSWQAcIjbiueufvz+SmWabcn55dFNa1CvQWh5pXgQrBOpg0rfF c/js6IweDvaC1auT0x/yU4MblcanEnN8O8PmknKrI0tbbxh6pxrGebEUThthdRrFzI2j NeCKKLWwH5e9JWhctGjo02xcrMy+cA6KO3HxWWCu5o+vLO934JJFzzf799fuIlAwWbqL yhKA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1775862620; x=1776467420; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:x-original-authentication-results :x-original-sender:content-transfer-encoding:in-reply-to:from :content-language:references:cc:to:subject:mime-version:date :message-id:x-beenthere:x-gm-message-state:sender:from:to:cc:subject :date:message-id:reply-to; bh=TEpA/SWpC376xgo3/Ul2bP9GhD00DPxsSEunP1/tRRg=; b=jE36ngunO8CIFY+Nv5OW42QD3/t5SbVDJeX8fxjLEI0QB+aRbKBzwAaYKJYtI+v3rA Fbndz9j+qS/j1UB3227oOBtF+FZXTC6cbFNiAX5UEmPQvsiw8efuSbxa1a447U54QKHZ o1sw+ssoC5gJbQi+xjzAT3Q4g6JU/0yPBcVy+5vT+2XuUFFx3FbtGk7fWiqdZgLBVjU7 PlT2PfJKL2fink806jiGuc8wm0pFLVjrgH9N/mtVxHRdolQNX+vTRXL5ZUM4GKfCrGDD 2P5HCUf253mZ0pkD6p5n8LnO6uVDOZp1YAd3gEBwLgyLo6Vnn5O1+31WEHL480V3RTBN EGxw== Sender: bitcoindev@googlegroups.com X-Forwarded-Encrypted: i=2; AJvYcCUowEFH0O43q0+gq8fiBVLWNH1J0uVz97tuqqaVW0IE5dwCgaflWWwEax5EQdUPpUyZvC8pi2md2WTA@gnusha.org X-Gm-Message-State: AOJu0Yx3LUh6a3RkGxc6lb4as2gRv3VMaIWJDGYahMk+jAxJsv9GfxV6 N5NxZ6E57LW5nV/nTknipn/oQ1ilv4TBVqw5xs8RCrsgjTKkOEvIPxbx X-Received: by 2002:a05:6820:1c82:b0:689:7cd7:2592 with SMTP id 006d021491bc7-68be8fce997mr2515937eaf.55.1775862619799; Fri, 10 Apr 2026 16:10:19 -0700 (PDT) X-BeenThere: bitcoindev@googlegroups.com; h="AYAyTiKevR36axaui4PF/q1btlhNwES217IBB7MI0yQoqaef4A==" Received: by 2002:a05:6820:f02d:b0:67c:30e0:d370 with SMTP id 006d021491bc7-68bc2f9c813ls878342eaf.1.-pod-prod-01-us; Fri, 10 Apr 2026 16:10:15 -0700 (PDT) X-Forwarded-Encrypted: i=2; AJvYcCWl+I4tGyODyu3w/Pt9h8hLBXuaG/OC9kIl6ZqmyJ/kFCharPbf780T0qPE/neoxpTlZ8yogDAGkFSc@googlegroups.com X-Received: by 2002:a05:6808:22a9:b0:467:de6c:8310 with SMTP id 5614622812f47-4789fa0bf11mr3196832b6e.48.1775862615340; Fri, 10 Apr 2026 16:10:15 -0700 (PDT) Received: by 2002:a05:6808:b0f:b0:467:e362:ec8e with SMTP id 5614622812f47-4775de3ea0amsb6e; Fri, 10 Apr 2026 13:33:39 -0700 (PDT) X-Forwarded-Encrypted: i=2; AJvYcCWpHcEUt33wOG1OdNfXJ86dz4otsvBtSMEhBvh9AWTbeVQY3rNYPMny1HyXOzNc6qMeYdf1Tdj2OS/L@googlegroups.com X-Received: by 2002:a17:90b:3950:b0:35e:30bc:804d with SMTP id 98e67ed59e1d1-35e42846535mr4235009a91.15.1775853218131; Fri, 10 Apr 2026 13:33:38 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1775853218; cv=none; d=google.com; s=arc-20240605; b=KkznKaH72K2d9G5sunC/IF71aq5/Fp0TPMoUFtvxTRcjRxlyFZdEdjJg37gPu0oBlk 8UGvKV3qtdCF7k5JK23uVnEzPGW1RkCoVuy/E7NP21onOiV1sxf/52BLOhjwAt/vZo0g QBLYGRfBRVKQFnJHBfFZEsOOawVsMjra4WH6MSFDiGArkziWN6oLA5crXdELC1tkFV7a kT2o7vnI1e+Pwvn6IEc6zb/JV02tr+Uw3CihITU1F3Svaa1zFziRzZRbvauNkmYhcOYe wLyu95buAOGSxM3EpKBuluVn915BuL8TnLOagj74cjBCzrS7iJgjuaxTLvewTmgitGzL /Z8g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=content-transfer-encoding:in-reply-to:from:content-language :references:cc:to:subject:mime-version:date:message-id :dkim-signature:dkim-signature; bh=Aa699nADVmgQ5KjQ8WZtixh4yjBdrjcRvboirrTmLMs=; fh=wJpl6xQm+yWd6DR3oSAjHM9Xzh9NIwIFX3gBeS78sUQ=; b=KnClQ0Ebj0oQV3jV/2EDoB/Bi01+2hctK81bMQiDl1aYl7cgNQ7w7oRkkocD0hL0e9 3fKcG3MYOgjGdLG67UcPNVo1etcKj5gXnHlbzx5+vne/sJ3ckFa38RMRyTD6ra0PrLjq 9gep3T2LPwJet/VI7CSChr5K+lLwQ3L/Tk3OtO53DOW6I1AH7mUKclYZBzpoAQm+rf/e RZ6aPLopGz5Se81OWzTVBQZoSzEzwgUTzwJLO8NvvuRzhGiMm3nUZksKFx+RV3AhBpVW LqfWmG/4SIJlLPnQ87X3ycX/vJZZkOaksLArSmuBzpz0PZsOtL6+c3xdbq0lEEix0slg zDYg==; dara=google.com ARC-Authentication-Results: i=1; gmr-mx.google.com; dkim=pass header.i=@mattcorallo.com header.s=1775851263 header.b=IgcgpBrh; dkim=pass header.i=@clients.mail.as397444.net header.s=1775851265 header.b="Q8xU/un2"; spf=pass (google.com: domain of lf-lists@mattcorallo.com designates 69.59.18.99 as permitted sender) smtp.mailfrom=lf-lists@mattcorallo.com; dmarc=pass (p=NONE sp=REJECT dis=NONE) header.from=mattcorallo.com Received: from mail.as397444.net (mail.as397444.net. [69.59.18.99]) by gmr-mx.google.com with ESMTPS id 98e67ed59e1d1-35e4132aa2bsi119713a91.3.2026.04.10.13.33.37 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 10 Apr 2026 13:33:37 -0700 (PDT) Received-SPF: pass (google.com: domain of lf-lists@mattcorallo.com designates 69.59.18.99 as permitted sender) client-ip=69.59.18.99; X-DKIM-Note: Keys used to sign are likely public at X-DKIM-Note: https://as397444.net/dkim/mattcorallo.com and X-DKIM-Note: https://as397444.net/dkim/clients.mail.as397444.net X-DKIM-Note: For more info, see https://as397444.net/dkim/ Received: by mail.as397444.net with esmtpsa (TLS1.3) (Exim) (envelope-from ) id 1wBIXn-000000055qo-20ez; Fri, 10 Apr 2026 20:33:35 +0000 Message-ID: <765490aa-5df3-4619-86cc-17570b6d3e99@mattcorallo.com> Date: Fri, 10 Apr 2026 16:33:34 -0400 MIME-Version: 1.0 Subject: Re: [bitcoindev] In defense of a PQ output type To: conduition Cc: Antoine Poinsot , Bitcoin Development Mailing List References: <0vqF88LoOnY4GiUB4vf-MdeZpTAtR70tokS3cLwt2DX0e6_fD1X_wyhPwWEdIdm6R88AULObIU08CWsb5QfeoaM5c4yXPqN5wHyCrqMCtfQ=@protonmail.com> <6wBygQ_pK40ZpU_CMXfzIy-6LkthOmEh-xd2g9bwUl-f8w2K6G4rUWJEssE2zeJgxyipGe2GrFH9y_TUUI48asqfh7dhi9A2rl7NpWyFW1o=@proton.me> Content-Language: en-US From: Matt Corallo In-Reply-To: <6wBygQ_pK40ZpU_CMXfzIy-6LkthOmEh-xd2g9bwUl-f8w2K6G4rUWJEssE2zeJgxyipGe2GrFH9y_TUUI48asqfh7dhi9A2rl7NpWyFW1o=@proton.me> Content-Type: text/plain; charset="UTF-8"; format=flowed Content-Transfer-Encoding: quoted-printable X-Original-Sender: lf-lists@mattcorallo.com X-Original-Authentication-Results: gmr-mx.google.com; dkim=pass header.i=@mattcorallo.com header.s=1775851263 header.b=IgcgpBrh; dkim=pass header.i=@clients.mail.as397444.net header.s=1775851265 header.b="Q8xU/un2"; spf=pass (google.com: domain of lf-lists@mattcorallo.com designates 69.59.18.99 as permitted sender) smtp.mailfrom=lf-lists@mattcorallo.com; dmarc=pass (p=NONE sp=REJECT dis=NONE) header.from=mattcorallo.com Precedence: list Mailing-list: list bitcoindev@googlegroups.com; contact bitcoindev+owners@googlegroups.com List-ID: X-Google-Group-Id: 786775582512 List-Post: , List-Help: , List-Archive: , List-Unsubscribe: , X-Spam-Score: -0.8 (/) On 4/10/26 1:03 PM, conduition wrote: >> But as mentioned above I do not see why any addition of hash based signa= tures to tapscript should require any kind of community consensus on future= disablement of insecure spend paths >=20 > I think Antoine's point here is that if we introduce a PQC opcode to taps= cript but choose NOT to deploy P2MR, and then encourage people to use that = opcode in P2TR script leaves, then we are locking ourselves into the assump= tion that the community will later disable P2TR key-path spending - otherwi= se those addresses will be compromised by a CRQC and the PQC leaf script is= useless. Right, but you cut my quote off and appear to be responding to a point I di= dn't make? The very next=20 few words that you cut were "not only is it a likely prerequisite for an al= ternative output type".=20 Yes, we have to figure out what kind of output type we want, whether P2MR (= 360), P2TRv2 or just=20 P2TR. There are strong arguments for each. But none of that has any bearing= on whether we add hash=20 based signatures to tapscript. We have to add hash based signatures to taps= cript first no matter=20 what output type we want! >> Adding a PQ output type which no one will use (eg one where use of the h= ash-based signature is mandatory, which drives fees up hugely and has all t= he drawbacks you mention) is not a risk mitigation strategy - it does not m= aterially allow for any migration and doesn't accomplish much of anything. = But as mentioned above I do not see why any addition of hash based signatur= es to tapscript >=20 > I don't think anyone is suggesting deployment of an output type with mand= atory hash-based signatures. That would be borderline unusable for anyone b= ut large companies and wealthy elites. >=20 > Every decent proposal I've seen has suggested using PQC in tandem with EC= C across multiple tapscript leaves, whether in some bastardized variant of = P2TR, or in BIP360's P2MR. IMO even something like P2MR's additional cost will strongly discourage ado= ption. We have a very=20 long history with Bitcoin wallets not only refusing to adopt new features b= ut actively making some=20 of the worst possible design decisions from a Bitcoin PoV. IMO we should ve= ry strongly not give them=20 any excuse, even if that's just fees. Matt --=20 You received this message because you are subscribed to the Google Groups "= Bitcoin Development Mailing List" group. To unsubscribe from this group and stop receiving emails from it, send an e= mail to bitcoindev+unsubscribe@googlegroups.com. To view this discussion visit https://groups.google.com/d/msgid/bitcoindev/= 765490aa-5df3-4619-86cc-17570b6d3e99%40mattcorallo.com.