From: "'conduition' via Bitcoin Development Mailing List" <bitcoindev@googlegroups.com>
To: Erik Aronesty <erik@q32.com>
Cc: Ethan Heilman <eth3rs@gmail.com>,
Jonas Nick <jonasd.nick@gmail.com>,
bitcoindev@googlegroups.com
Subject: Re: [bitcoindev] Algorithm Agility for Bitcoin to maintain security in the face of quantum and classic breaks in the signature algorithms
Date: Tue, 17 Feb 2026 04:13:44 +0000 [thread overview]
Message-ID: <ByJc1I7sSQAMLnAzSHPi8KSSscU0qakPM2YI0qC6VBBOwzmYtQEW5NY6d80eLUCf7fmKxbdFlSuxm4RCoT5rtKT68Khdi2xjwYIu4B5e6BQ=@proton.me> (raw)
In-Reply-To: <CAJowKgL5okUA=DHSyUJfzdb6p_z5a6H_hN6NuhZo6R9ZYbJFUQ@mail.gmail.com>
[-- Attachment #1.1.1: Type: text/plain, Size: 3742 bytes --]
Hi list, just wanted to pipe in on the subject of commit/reveal using OP_TXHASH. I don't think it is possible. The protocol link Erik posted ( https://delvingbitcoin.org/t/a-quantum-resistance-script-only-using-op-ctv-op-txhash-and-no-new-signatures/2168 ) seems to contradict itself. On one hand the author says phase zero doesn't commit to final CTV templates E & T. However it also says T & E are committed to via the P_anchor tapscript tree, which must be pinned by phase 0. So unless I'm misunderstanding, this technique seems to require a priori knowledge of template hashes T and E when creating the funding address and UTXO in phase 0, so this would not be viable as a PQ fallback spending path. Happy to be proven wrong.
regards,
conduition
On Wednesday, February 11th, 2026 at 1:06 AM, Erik Aronesty <erik@q32.com> wrote:
> >
> >
> > You'd still need BIP 360 P2MR (or P2TRD) since OP_TXHASH needs tapscript, and the only available tapscript supporting output type, P2TR, isn't quantum safe.
>
>
> false, covenant based multistep secret-reveal spending paths don't rely on signatures at all
>
> >
> > I'm going to assume:
> > - you mean to use this commit-reveal for migrating between signature algorithms, not for everyday use,
>
>
> it can be used if "q day" happens. otherwise ignored.
>
> > - TXHASH is being used because you are waiting for the commitment to be confirmed on-chain rather than lifeboat's out-of-band commitment system
>
>
> it's used so you can commit to a spending constraint without committing to the final "as yet to be determined" quantum-safe destination: https://delvingbitcoin.org/t/a-quantum-resistance-script-only-using-op-ctv-op-txhash-and-no-new-signatures/2168
>
> > Once you post your commit-txn, but before it confirms, other parties can post competing commit-txns that double spend your output. If one of malicious transactions confirm, you must now wait for a timelock to expire and then try to post your transaction.
>
>
> agreed. they have to spend resources to attack your private key and the only thing they can do is "grief" using a timing attack with the results, rather than steal outright. a massive incentive difference.
>
> > They can block you again. Each time they burn some of you coins in fees. Miners get the fees, so they might be incentivized to do this. Thus, we must trust miners not to do this. Lifeboat doesn't have this issue since it uses out-of-band commitments, but out-of-band commitments have their own issues.
>
>
> each time you use the reset-path, they have to re-attack a new key. very expensive just to grief a small amount of fees spread across all miners. sounds like science-fiction levels of compute.
>
> plus.... TX_HASH is simple and generally useful and there is no guarantee that q-day will even come
>
> --
> You received this message because you are subscribed to the Google Groups "Bitcoin Development Mailing List" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to bitcoindev+unsubscribe@googlegroups.com.
> To view this discussion visit https://groups.google.com/d/msgid/bitcoindev/CAJowKgL5okUA%3DDHSyUJfzdb6p_z5a6H_hN6NuhZo6R9ZYbJFUQ%40mail.gmail.com.
--
You received this message because you are subscribed to the Google Groups "Bitcoin Development Mailing List" group.
To unsubscribe from this group and stop receiving emails from it, send an email to bitcoindev+unsubscribe@googlegroups.com.
To view this discussion visit https://groups.google.com/d/msgid/bitcoindev/ByJc1I7sSQAMLnAzSHPi8KSSscU0qakPM2YI0qC6VBBOwzmYtQEW5NY6d80eLUCf7fmKxbdFlSuxm4RCoT5rtKT68Khdi2xjwYIu4B5e6BQ%3D%40proton.me.
[-- Attachment #1.1.2.1: Type: text/html, Size: 6703 bytes --]
[-- Attachment #1.2: publickey - conduition@proton.me - 0x474891AD.asc --]
[-- Type: application/pgp-keys, Size: 649 bytes --]
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 343 bytes --]
next prev parent reply other threads:[~2026-02-17 4:23 UTC|newest]
Thread overview: 42+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-02-09 14:20 Ethan Heilman
2026-02-10 8:53 ` Jonas Nick
2026-02-10 16:44 ` Ethan Heilman
[not found] ` <CAJowKg+WJLAJoMhyhVfkC9OSdks5jBieDWty9ce-Qju-84URFA@mail.gmail.com>
2026-02-10 23:13 ` Ethan Heilman
2026-02-11 0:19 ` Erik Aronesty
2026-02-11 2:40 ` Ethan Heilman
2026-02-11 7:25 ` Erik Aronesty
2026-02-11 16:37 ` Ethan Heilman
2026-02-17 4:13 ` 'conduition' via Bitcoin Development Mailing List [this message]
2026-02-17 7:39 ` 'conduition' via Bitcoin Development Mailing List
2026-02-19 14:35 ` Garlo Nicon
2026-02-20 1:41 ` Alex
2026-02-20 18:48 ` Erik Aronesty
2026-02-23 14:00 ` 'conduition' via Bitcoin Development Mailing List
2026-02-23 19:08 ` Erik Aronesty
2026-02-23 21:42 ` Ethan Heilman
2026-02-24 0:12 ` Alex
2026-02-25 10:43 ` Javier Mateos
2026-02-26 13:24 ` 'Mikhail Kudinov' via Bitcoin Development Mailing List
2026-02-26 15:51 ` Matt Corallo
2026-02-27 15:18 ` 'Mikhail Kudinov' via Bitcoin Development Mailing List
2026-02-27 19:31 ` 'conduition' via Bitcoin Development Mailing List
2026-03-01 12:24 ` 'Mikhail Kudinov' via Bitcoin Development Mailing List
2026-03-01 21:28 ` Alex
2026-02-11 18:53 ` Matt Corallo
2026-02-11 22:57 ` Ethan Heilman
2026-02-12 14:55 ` Matt Corallo
2026-02-12 15:35 ` Alex
2026-02-12 19:20 ` Matt Corallo
2026-02-12 18:08 ` Ethan Heilman
2026-02-12 19:13 ` Matt Corallo
2026-02-12 20:35 ` Ethan Heilman
2026-02-12 20:43 ` Matt Corallo
2026-02-12 15:13 ` Alex
2026-02-12 19:16 ` Matt Corallo
2026-02-12 15:36 ` waxwing/ AdamISZ
2026-02-12 19:35 ` Matt Corallo
2026-02-12 19:43 ` Matt Corallo
2026-02-14 12:39 ` waxwing/ AdamISZ
2026-02-15 12:12 ` Matt Corallo
2026-02-10 21:51 ` 'Brandon Black' via Bitcoin Development Mailing List
2026-02-10 22:19 ` Ethan Heilman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='ByJc1I7sSQAMLnAzSHPi8KSSscU0qakPM2YI0qC6VBBOwzmYtQEW5NY6d80eLUCf7fmKxbdFlSuxm4RCoT5rtKT68Khdi2xjwYIu4B5e6BQ=@proton.me' \
--to=bitcoindev@googlegroups.com \
--cc=conduition@proton.me \
--cc=erik@q32.com \
--cc=eth3rs@gmail.com \
--cc=jonasd.nick@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox