From mboxrd@z Thu Jan 1 00:00:00 1970 Delivery-date: Tue, 10 Feb 2026 18:53:37 -0800 Received: from mail-oo1-f62.google.com ([209.85.161.62]) by mail.fairlystable.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (Exim 4.94.2) (envelope-from ) id 1vq0MC-0002Eq-Gx for bitcoindev@gnusha.org; Tue, 10 Feb 2026 18:53:37 -0800 Received: by mail-oo1-f62.google.com with SMTP id 006d021491bc7-663006e4c3csf6780051eaf.2 for ; Tue, 10 Feb 2026 18:53:36 -0800 (PST) ARC-Seal: i=3; a=rsa-sha256; t=1770778410; cv=pass; d=google.com; s=arc-20240605; b=ROCxrXbEQeeGDtfScbC9GLZ3IKDicbcpOHuKaCPRhqWeBIBroJQm8/gkSHGqzMYd5Q itvFUH7qAREUYLnukR+nuuTxNngbxfVgPQUwfUGET2DO7OcVHYVhMk7ptC68ktnsngi9 WUqkaEtSc1/2wdypXVpgcWrSYFxQKxZl9dtMTgcNZN8kL/dWfIV+o5RO2gGqkeSF5K1I KHPXDaL/fegoOCulDx/byh82HHUr7Pg2SXf+IrMuTHGSkoAShHpGjEEs7NTdbP66j2Pp JTVHSk3Le5ngoskxOHA5zCnrOi0CqDSK7cKpm4b70VI6Mhg8ZqkpHOGEu4OB7/fxUZn1 j8sQ== ARC-Message-Signature: i=3; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:sender:dkim-signature :dkim-signature; bh=/yJA27cCjvGQiJoxFr9t00X83LWpru+ftAGeMyizExs=; fh=HKQ9AylO9M9KhSilH8AjbCjD2ENIYmZ9IhHjJ76HhNk=; b=EKFRTGxztZ1e5BU9TzTbDLyzGvA6TXg97qFbbJavFqfxGqyvc8FHsh+wEeVkrbK3e5 BkfCVWlsswIsEGElDJ/aCZU7+H786PRNADA403CfIC9gyOKtjk2su5LQBDWcd6f/aCOO X8kwrG8TC7EVMYfVtvDOKucZ1WiEuy5XcOIHYiqmtsxRfc9a4iGisk+xhVFiqkJRfFBJ iPaVmwAepj7DFEePzkTDeYNM5sRdLKoJ75us3aYGIBrgB4sULW3XfCg69FShaI4gmQ5n GGogesFyrZBKsNiWfcpGbcw1yLTveLNOvMhCeTHkXr8/H+OpXHkZAlIDQRs8DALjFn6z pJFg==; darn=gnusha.org ARC-Authentication-Results: i=3; gmr-mx.google.com; dkim=pass header.i=@gmail.com header.s=20230601 header.b=e9QGhsUS; arc=pass (i=1); spf=pass (google.com: domain of eth3rs@gmail.com designates 2607:f8b0:4864:20::102c as permitted sender) smtp.mailfrom=eth3rs@gmail.com; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com; dara=pass header.i=@googlegroups.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com; s=20230601; t=1770778410; x=1771383210; darn=gnusha.org; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:x-original-authentication-results :x-original-sender:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:sender:from:to:cc:subject:date:message-id :reply-to; bh=/yJA27cCjvGQiJoxFr9t00X83LWpru+ftAGeMyizExs=; b=jekm4T0RlxvErkuzShplT1vvoEubExqrN/CQjKL8NZXiaDqZ2yDitfUXlnUYQ/O5G2 0zywYO9+f2I7QJOTq8W8j0UmoQ51ikYHD+XpGU5vRruzqQS3O7dm/RPJ85F/aaEeuw5P 7u0UaoADoe+cw8LhPKePY6y/sHdN+5mwoWIChtiBH1NeBRu/hVrP+LTxJDiUlrtkLjn6 kT8Pb76GVakKbhY/qN/no5ZUeLkP2cmNsqnXC/JLA4qO7ylIguE55zWrD3Lc35fGEGc6 sQZlXXvBDZVbUakY/yDfGLCooLZ5EGtvwnzIdJkGRfdSOqvoPJHW86yCwrOnW3MoSE+1 jKDQ== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1770778410; x=1771383210; darn=gnusha.org; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:x-original-authentication-results :x-original-sender:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:from:to:cc:subject:date:message-id:reply-to; bh=/yJA27cCjvGQiJoxFr9t00X83LWpru+ftAGeMyizExs=; b=WDBvw7hY+67f87O4sTHOdQYUtxsPxj/7YTn+Xij7NoxvVIdaT4k66ahFg1a9yqArD5 9i9axpNv5LrOmHkwudXmg7u7e7RcZdDmyO3+C1LrWtZ4StyQPyRLgXHdq0CtdZBY2Ruy cN4uo1SCiuRwuZKOvPlarNUncemekv4dCmBazmw6oJE8Fa412t/SWLh5Yx83y06IePPK NibhAyc2C8XzcHtk1kta31c6xyt23+QAjozpKpxPyTndMpQztuJAkbP+92diLq0Urgmx IWjshHbC/mTKmmNxCfw6bB3yRdk7srm5SvggNUcaW1JxN60uxt2qto5E+A9MYf3XMDp4 pF4A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1770778410; x=1771383210; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:x-original-authentication-results :x-original-sender:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:x-gm-gg:x-beenthere:x-gm-message-state :sender:from:to:cc:subject:date:message-id:reply-to; bh=/yJA27cCjvGQiJoxFr9t00X83LWpru+ftAGeMyizExs=; b=Kb4VOmST8y51E4tVdMiCZPSlL3OkVr2+OQ4KvN67Y+Vfu1Ei+zfOQwOUr2n7pkBWdn ZGj7zakLxSFpfd7GjoJhgohGMWw2gb7zh4NU+TW/jhSnfcpy/zgU+wKB7J4kYzbkNmYj VFuStJgp6DCWxU2n4QEacSE1b9FjcCZEjkqDDILRNtJuQh70V98kBwV2BYtUVpKXbkUB Iq5xjIEzJ+Gmr3xUCAb1yFiYZC80+lDgAWzF42OWP+UzD+7WhyilVFSGUAngyt8cPPxT +cCdsNUukh1uicvfXdbrlPUTtN1Y3pNfgyErd1LWaBTSYpANyxUkieyUrx2J/KE+OiUI osWg== Sender: bitcoindev@googlegroups.com X-Forwarded-Encrypted: i=3; AJvYcCWd+ci4dVlXTpCDb+zSbgPa0Kdfgvxo5ezlz9vLM1RrnjEoS8ZfSmVgUwzJ3zm69RN4+ABHFA3G09OV@gnusha.org X-Gm-Message-State: AOJu0Yy5EDKE3DAJPoznfDYTj2MwTikLrntDCTvGUenQtbXHSeoeiy2g eblDWp95lRQCRjcpFnx8N07T9Ven4gl6yPZdBQwB/I4bYC7UoPZrlG5N X-Received: by 2002:a05:6820:4cc1:b0:66a:357a:8c7a with SMTP id 006d021491bc7-66d0c666484mr8646146eaf.63.1770778410140; Tue, 10 Feb 2026 18:53:30 -0800 (PST) X-BeenThere: bitcoindev@googlegroups.com; h="AV1CL+HOaNxsJwSuY3w42MEta7Dyprp5L1FHyqoULL/llFplPQ==" Received: by 2002:a05:6820:821:b0:66a:18b5:e23e with SMTP id 006d021491bc7-67286b77a6als1390494eaf.1.-pod-prod-09-us; Tue, 10 Feb 2026 18:53:25 -0800 (PST) X-Forwarded-Encrypted: i=3; AJvYcCUV4/OVaUleJMgbffCjKHeoMbIOQW9EZ3C65YOKITNsgAmw8oFBiyVramDKaGSHarZDEEcQGY9KJu+S@googlegroups.com X-Received: by 2002:a05:6808:14c7:b0:45e:ed45:15f4 with SMTP id 5614622812f47-462fcaceb44mr10141052b6e.35.1770778405196; Tue, 10 Feb 2026 18:53:25 -0800 (PST) Received: by 2002:a05:620a:d8a:b0:8b2:e5d4:9264 with SMTP id af79cd13be357-8ca415c8dcems85a; Tue, 10 Feb 2026 18:41:24 -0800 (PST) X-Forwarded-Encrypted: i=3; AJvYcCUeFcSfI3a4bep43KZDZYPFfik/Y8tEf/bHDc3OyZSQlTww6bhWdhkZlPkKGO0tCmwCUarimsZXjzHF@googlegroups.com X-Received: by 2002:ac8:5d8d:0:b0:4ff:a3ef:40d1 with SMTP id d75a77b69052e-50639869643mr196938391cf.15.1770777683285; Tue, 10 Feb 2026 18:41:23 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1770777683; cv=pass; d=google.com; s=arc-20240605; b=LB1EKpkXO26xCIbdQ2S7x7oRc1jVnPfK5isz9GZ4i18pvlEC3E89nMNcJmZuI42C35 HK1KJY/i5yr2i8a5Db1CSpVghLZ79hi3kJOaZqTZB7CmVZoGcwKxT3FxwOujLGPVZeSd Rv7GZMss6k6qrmn00qZR9TSTrzKuSo7gADljlFjkhFjmTqxFm0bYyREnS90gl35Wm4Vj ByjQIbfb+wfSmT1T+vDnVQw0DpKZU4mTh890CawQQZRWaCdeQdRot7UWJzZC1aGO921Z L4NoBeS2zBh1Eod+rWbKaz8eFBSbHiQ/5okprxN0pz/HI1iLkJSL216w7rKOHjXo8JEz HwIQ== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:dkim-signature; bh=4/cSde9ovQ+oewBRctpusxe3HQvmZEEKmacNuJlaeXQ=; fh=iS4GQHDC6JiLjSt3LEjDkAaUCuSJYKytECzkkYTql8U=; b=lfW5vqWSmfiNu/BSGxaasbgThzbvNEKjikS4n5uhL6/4g7e0Yf91aguELkWz1HDkRq EKTzrFGR0W0+xL4V48OXGE/zNEoZzghX4UbbsgepICDo+AyqgIvth7S/GvFTkwP/Yjy3 S6LXIuIvdA7mpHjiozyoifSDrzlKyK+vvimKym8v/cyxtK4WdD+KZY/gLJFPxyEitq/G w9QnhdafFQagXL1ab7gZTqkF3lymi76DJh1XCFUfnfygPeyoK28EQsJ715XGUWoESjnh 0JVyo1ncWaSEdnt5tjVKStz+sc5tpOcMixwlWXGPqVi2qmavkqxJ9Hzbh3OqGe7p44vE esEw==; dara=google.com ARC-Authentication-Results: i=2; gmr-mx.google.com; dkim=pass header.i=@gmail.com header.s=20230601 header.b=e9QGhsUS; arc=pass (i=1); spf=pass (google.com: domain of eth3rs@gmail.com designates 2607:f8b0:4864:20::102c as permitted sender) smtp.mailfrom=eth3rs@gmail.com; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com; dara=pass header.i=@googlegroups.com Received: from mail-pj1-x102c.google.com (mail-pj1-x102c.google.com. [2607:f8b0:4864:20::102c]) by gmr-mx.google.com with ESMTPS id 6a1803df08f44-8971c8f18a0si184656d6.0.2026.02.10.18.41.23 for (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Tue, 10 Feb 2026 18:41:23 -0800 (PST) Received-SPF: pass (google.com: domain of eth3rs@gmail.com designates 2607:f8b0:4864:20::102c as permitted sender) client-ip=2607:f8b0:4864:20::102c; Received: by mail-pj1-x102c.google.com with SMTP id 98e67ed59e1d1-3543b9f60e3so769207a91.3 for ; Tue, 10 Feb 2026 18:41:23 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1770777682; cv=none; d=google.com; s=arc-20240605; b=ezpUeZxWJedktSC6R0zEsHV88TcWAVBc827eRnHGB7fb7Q2GXfMZvcTLGhXA5iJ6Nc k+eUHBCfIkCKomIysnatX19pooUxKYLJcxKhxBFPF7wiBPhXPGOr+T2WcuzCB5wBPgw7 dLHS0Uq8blknXHfmmTDhHWSkRneDhZBkyl4098JjxeeoPbjv/YhWqcy696I3CwI0M8eI ycNh/ifvpM83CsltDmzvOyuRU3YIOHQm7NulGCadSoNaAwhWrPomJKyBIgPfAuzoqH4r X77/rZ0YmGVJiyd6uGoaO4V3pXlxZ6i9X7tj2MLg/t+Y7St0L7cK+VXr4wEs7T3Zx38i pmfA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:dkim-signature; bh=4/cSde9ovQ+oewBRctpusxe3HQvmZEEKmacNuJlaeXQ=; fh=iS4GQHDC6JiLjSt3LEjDkAaUCuSJYKytECzkkYTql8U=; b=C6JySzl0BMmEHUrw+S9pJiL+37Nx6jLbdfaTgd/9mlmhnoP7THLPEod/vxlrtjnPLu gCViFeekV4IFVkhRyQZuJATOO+HCWqUCFejgRvIabJrnGXwNYT7nNwpi2hRcFDtWcxJh jDy8Vs+5ROE1PmfZdpB4208y6oB1gFnx9J679TChf5BOwZMCN/RQ2sLlff7UvFpHLCpb QzmbT9+/7DHGQcnZL8fPHuPXzMDlxqfTjKlRIC0oPyA+fHwjLInTeNBivMmq+aNd3H4Y aQyl9s+NEExBGGzxJnxnzY95U8LnCkn8jSIM9fd2n3GAbXpOiKmkwjYdZj4UIudWBmEn G1Wg==; dara=google.com ARC-Authentication-Results: i=1; mx.google.com; arc=none X-Forwarded-Encrypted: i=1; AJvYcCWChOebhNE3gHIySQstAu3dn+dhMTnGPKLiNea/+57SnreakQlqgci6k4S2xfGuG0M3983bXyjBZRr9@googlegroups.com X-Gm-Gg: AZuq6aIAdeKj41PKx0jWIlhRTlGy+pxUD/kIp1XfZQ+BWC1Qv4bp23o6shyLH62j+fG VZ6rgVodQPTTs57A8+uYSg1ZI28gSoOpHtU5aGJ0XIDSN8WQXJNziY73BYTg4FQS+l/20QCuHcB N//kSGtz9N1NGFye7NqfdvRfN1XkkV97pe/WsHWWx9eZ1Sv7SzYbqkd5V6l0BsZvVoC8znA7Lg0 X61xVqf8uHE+9jHbMQb1w9Z5pqBATzSanJ+whwq+LYrxF8sE8AuyJejWMKty3YJ43dm7C6JNQok fopwtqpw1er5jNl0yGYdu5MNIuReXiIkSqjxUSyA8sPH/In08W6hgVSwCki6zxsTXuuS6Q3RUD8 038KDE7dCHOpSRVLnRiO5orn7ZfqumPWuum17UdbqLe00nlRm4RY3QiGy3YzpsTKK0cIA1UFHmc SIs/Tjk/qvJVvEC6ZgbKeRRuqCMw== X-Received: by 2002:a17:90b:3c12:b0:354:be2e:c056 with SMTP id 98e67ed59e1d1-354be2ed154mr12611433a91.18.1770777682244; Tue, 10 Feb 2026 18:41:22 -0800 (PST) MIME-Version: 1.0 References: In-Reply-To: From: Ethan Heilman Date: Tue, 10 Feb 2026 21:40:46 -0500 X-Gm-Features: AZwV_QggoBSLvmazRjg879apL6Pc9cfA9EFNGceMoOH8a9Y5PVlTs_Jgg2D_7Kk Message-ID: Subject: Re: [bitcoindev] Algorithm Agility for Bitcoin to maintain security in the face of quantum and classic breaks in the signature algorithms To: Erik Aronesty Cc: Jonas Nick , bitcoindev@googlegroups.com Content-Type: multipart/alternative; boundary="000000000000b9f51c064a834e58" X-Original-Sender: eth3rs@gmail.com X-Original-Authentication-Results: gmr-mx.google.com; dkim=pass header.i=@gmail.com header.s=20230601 header.b=e9QGhsUS; arc=pass (i=1); spf=pass (google.com: domain of eth3rs@gmail.com designates 2607:f8b0:4864:20::102c as permitted sender) smtp.mailfrom=eth3rs@gmail.com; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com; dara=pass header.i=@googlegroups.com Precedence: list Mailing-list: list bitcoindev@googlegroups.com; contact bitcoindev+owners@googlegroups.com List-ID: X-Google-Group-Id: 786775582512 List-Post: , List-Help: , List-Archive: , List-Unsubscribe: , X-Spam-Score: -0.5 (/) --000000000000b9f51c064a834e58 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable >> You'd still need BIP 360 P2MR (or P2TRD) since OP_TXHASH needs tapscript > false, covenant based multistep secret-reveal spending paths don't rely on signatures at all P2TR has a public key baked into it via the key spend path. This key path spend bypasses any covenant or script constraints. The attacker does not need to see a value spend to break the key path spend. This means a quantum attacker can break the nums point in key spend path of the initial output and the AnchorPublishTx output and then just taking all the coins [0]. > agreed. they have to spend resources to attack your private key and the only thing they can do is "grief" using a timing attack with the results, rather than steal outright. a massive incentive difference. Ok, so a core assumption you are making here is that a CRQC isn't powerful enough for recovering signing keys to be effectively free. This is likely to be true at the early stages of CRQC, but this assumption may not hold forever. If ECC is mathematically broken via a classical attack this assumption might not hold at all. I'm attempting to address both quantum and classical breaks. > TX_HASH is simple and generally useful and there is no guarantee that q-day will even come TX_HASH is great! [0]: As originally noted here: https://delvingbitcoin.org/t/a-quantum-resistance-script-only-using-op-ctv-= op-txhash-and-no-new-signatures/2168/4 On Tue, Feb 10, 2026 at 7:19=E2=80=AFPM Erik Aronesty wrote: > >> >> You'd still need BIP 360 P2MR (or P2TRD) since OP_TXHASH needs >> tapscript, and the only available tapscript supporting output type, P2TR= , >> isn't quantum safe. >> > > false, covenant based multistep secret-reveal spending paths don't rely o= n > signatures at all > > >> >> I'm going to assume: >> - you mean to use this commit-reveal for migrating between signature >> algorithms, not for everyday use, >> > > it can be used if "q day" happens. otherwise ignored. > > >> - TXHASH is being used because you are waiting for the commitment to be >> confirmed on-chain rather than lifeboat's out-of-band commitment system >> > > it's used so you can commit to a spending constraint without committing t= o > the final "as yet to be determined" quantum-safe destination: > https://delvingbitcoin.org/t/a-quantum-resistance-script-only-using-op-ct= v-op-txhash-and-no-new-signatures/2168 > > > >> Once you post your commit-txn, but before it confirms, other parties can >> post competing commit-txns that double spend your output. If one of >> malicious transactions confirm, you must now wait for a timelock to expi= re >> and then try to post your transaction. >> > > agreed. they have to spend resources to attack your private key and the > only thing they can do is "grief" using a timing attack with the results, > rather than steal outright. a massive incentive difference. > > >> They can block you again. Each time they burn some of you coins in fees. >> Miners get the fees, so they might be incentivized to do this. Thus, we >> must trust miners not to do this. Lifeboat doesn't have this issue since= it >> uses out-of-band commitments, but out-of-band commitments have their own >> issues. >> > > each time you use the reset-path, they have to re-attack a new key. very > expensive just to grief a small amount of fees spread across all miners. > sounds like science-fiction levels of compute. > > > plus.... TX_HASH is simple and generally useful and there is no guarantee > that q-day will even come > --=20 You received this message because you are subscribed to the Google Groups "= Bitcoin Development Mailing List" group. To unsubscribe from this group and stop receiving emails from it, send an e= mail to bitcoindev+unsubscribe@googlegroups.com. To view this discussion visit https://groups.google.com/d/msgid/bitcoindev/= CAEM%3Dy%2BUKMTfAi_PT04Bpr%2BvjB3CwLck0etwvaM8nzWazqf-1ig%40mail.gmail.com. --000000000000b9f51c064a834e58 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
>>=C2=A0 You'd still need=C2=A0 BIP 360 P2MR (or P2TRD) since OP_TXHASH needs ta= pscript
>=C2=A0 false, covenant based multistep secret-reveal spending paths don't rely= on signatures at all

P2TR has a public key baked into it via the ke= y spend path. This key path spend bypasses any covenant or script constrain= ts. The attacker does not need to see a value spend to break the key path s= pend. This means a quantum attacker can break the nums point in key spend p= ath of the initial output and the=C2=A0AnchorPublishTx output and then just= taking all the coins [0].

>=C2=A0 agreed. they have to spend resources to attack your private key and the onl= y thing they can do is=C2=A0"grief" using a timing attack with th= e results, rather than steal outright.=C2=A0 a=C2=A0massive=C2=A0incentive difference.= =C2=A0=C2=A0

Ok, so a core assumption you are making here is that a = CRQC isn't powerful enough for recovering signing keys to be effectivel= y free. This is likely to be true at the early stages of CRQC, but this ass= umption may not hold forever. If ECC is mathematically broken via a classic= al attack this assumption might not hold at all. I'm attempting to addr= ess both quantum and classical breaks.

>=C2=A0 TX_HASH is simple and generally useful and there is no guarantee that q-day= will even come

TX_HASH is great!

[0]: As originally noted he= re: https://delvingbitco= in.org/t/a-quantum-resistance-script-only-using-op-ctv-op-txhash-and-no-new= -signatures/2168/4

On Tue, Feb 10, 2026 at 7:19=E2= =80=AFPM Erik Aronesty <erik@q32.com= > wrote:


You'd still need=C2=A0 BIP 360 P2MR (or P2TRD) since OP_TXHASH needs tapscript, and the only avail= able tapscript supporting output type, P2TR, isn't quantum safe.

false, covenant based multistep secret-= reveal spending paths don't rely on signatures at all
=C2=A0

I'= m going to assume:
- you mean to use this commit-reveal for migrating b= etween signature algorithms, not for everyday use,

it can be used if "q day" happens.=C2=A0 otherw= ise ignored.
=C2=A0
- TXHASH is being used because you are waiting for the = commitment to be confirmed on-chain rather than lifeboat's out-of-band = commitment system

it's used s= o you can commit to a spending constraint without committing to the final &= quot;as yet to be determined" quantum-safe destination:=C2=A0 https://delving= bitcoin.org/t/a-quantum-resistance-script-only-using-op-ctv-op-txhash-and-n= o-new-signatures/2168
=C2=A0
=C2=A0
Once you post your c= ommit-txn, but before it confirms, other parties can post competing commit-= txns that double spend your output. If one of malicious transactions confir= m, you must now wait for a timelock to expire and then try to post your tra= nsaction.

agreed. they have to spend reso= urces to attack your private key and the only thing they can do is=C2=A0&qu= ot;grief" using a timing attack with the results, rather than steal ou= tright.=C2=A0 a=C2=A0massive=C2=A0incentive difference.=C2=A0=C2=A0
=C2=A0
They c= an block you again. Each time they burn some of you coins in fees. Miners g= et the fees, so they might be incentivized to do this. Thus, we must trust = miners not to do this. Lifeboat doesn't have this issue since it uses o= ut-of-band commitments, but out-of-band commitments have their own issues.<= br>

each time you use the reset-path, they= have to re-attack a new key.=C2=A0 very expensive just to grief a small am= ount of fees spread across all miners.=C2=A0 =C2=A0sounds like science-fict= ion levels of compute.=C2=A0=C2=A0
=C2=A0

plus.... TX_HASH= is simple and generally useful and there is no guarantee that q-day will e= ven come

--
You received this message because you are subscribed to the Google Groups &= quot;Bitcoin Development Mailing List" group.
To unsubscribe from this group and stop receiving emails from it, send an e= mail to bitcoind= ev+unsubscribe@googlegroups.com.
To view this discussion visit https://groups.google.co= m/d/msgid/bitcoindev/CAEM%3Dy%2BUKMTfAi_PT04Bpr%2BvjB3CwLck0etwvaM8nzWazqf-= 1ig%40mail.gmail.com.
--000000000000b9f51c064a834e58--