* Re: [bitcoindev] Major BIP 360 Update
2025-12-19 20:45 [bitcoindev] Major BIP 360 Update Hunter Beast
@ 2025-12-21 5:05 ` Erik Aronesty
0 siblings, 0 replies; 2+ messages in thread
From: Erik Aronesty @ 2025-12-21 5:05 UTC (permalink / raw)
To: Hunter Beast; +Cc: Bitcoin Development Mailing List
[-- Attachment #1: Type: text/plain, Size: 3551 bytes --]
This is amazing! I have always been concerned about the exposure of public
keys (mostly because of the greater potential for implementation bugs, not
quantum).
Between BIP360 and something like TXHASH, it's possible to make quantum
safe scripts and multi-step commit-reveal vaults that don't relay solely on
signatures at all. And we can do so while closing broader security issues
(allowing people to more easily mine for implementation flaws), and
expanding capabilities with lightweight, proven tech.
I would personally love to move BIPs 360,119,346 forward as a comprehensive
"quantum-readiness" plan.
These can keep Bitcoin safe and vaulted behind commitments and hashes...
until the industry stabilizes on PQ signatures and an appropriately
hardened, efficient, proven and reliabile library, like libsecp256k1 is for
ECC. That is likely to take much longer, especially considering how
recently SIKE was broken, and the structural correlations found in SPHINCS.
On Fri, Dec 19, 2025, 6:32 PM Hunter Beast <hunter@surmount.systems> wrote:
> After reviewing community feedback, Ethan Heilman and I have enlisted the
> help of a third co-author, Isabel Foxen Duke
> <https://x.com/isabelfoxenduke>, in an editorial role to lead and execute
> a clean sheet rewrite of BIP 360.
>
> Because previous revisions introduced meaningful technical changes, we
> determined that a full rewrite, rather than incremental edits, was
> warranted to improve clarity, internal coherence, and to better articulate
> our intentions for managing potential quantum-related risks.
>
> Consistent with its previous version, this proposal does not introduce
> post-quantum signature schemes. Instead, BIP 360 proposes the addition of a
> new output type with the key path spend removed, which is thus protected
> from hypothetical breaks of Elliptic Curve Cryptography (ECC).
>
> We have renamed this proposed output type "Pay-to-Tapscript-Hash (P2TSH)"
> for clarity, and believe its adoption is an important first step in
> protecting Bitcoin from potential threats to ECC, via quantum computers or
> any other cryptanalytic advancements.
>
> Additionally, the proposal now includes test vectors in Python and Rust.
> With gratitude, we hope you’ll review these changes in the BIP Repo
> <https://github.com/bitcoin/bips/pull/1670> or at BIP360.org
> <http://bip360.org>. We look forward to ongoing community feedback, and
> new ideas in our efforts to Make Bitcoin Quantum Resistant.
>
> Thank you for your time,
> Hunter Beast
>
> --
> You received this message because you are subscribed to the Google Groups
> "Bitcoin Development Mailing List" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to bitcoindev+unsubscribe@googlegroups.com.
> To view this discussion visit
> https://groups.google.com/d/msgid/bitcoindev/7edb8e8f-064b-4409-9c6d-b4361c1e7df7n%40googlegroups.com
> <https://groups.google.com/d/msgid/bitcoindev/7edb8e8f-064b-4409-9c6d-b4361c1e7df7n%40googlegroups.com?utm_medium=email&utm_source=footer>
> .
>
--
You received this message because you are subscribed to the Google Groups "Bitcoin Development Mailing List" group.
To unsubscribe from this group and stop receiving emails from it, send an email to bitcoindev+unsubscribe@googlegroups.com.
To view this discussion visit https://groups.google.com/d/msgid/bitcoindev/CAJowKgK_kccO3SEfCZCJ6V2CCumE8%2BA5Ks5U31dgAoF_KcjP5A%40mail.gmail.com.
[-- Attachment #2: Type: text/html, Size: 10508 bytes --]
^ permalink raw reply [flat|nested] 2+ messages in thread