this scheme has no mitm attack or replay attack because of the use of covenants to secure each step in the chain

The best part about starting with something like this is that we can have a safe quantum vault, too useful covenants that are broadly helpful for other vaulting schemes, while we develop a proper library that is both performant and efficient for quantum signatures.  

secp256k1 has been optimized to the point where timing attacks are challenging, and I wouldn't want to use some sort of quantum library that hasn't had that level of optimization. 

simple commit reveal schemes use hashes that are well known to be quantum resistant. I consider that a lot safer at first step forward. especially because we can take that step sooner than later without too much discussion over implementation since the underlying covenants have been well studied. (txhash and ctv)

we can't say that about any signature schemes.



On Fri, Dec 19, 2025, 3:34 AM Jonas Nick <jonasd.nick@gmail.com> wrote:
This appears to be a variant of a commit-reveal scheme, a design that has been
discussed a few times on this mailing list. Commit-reveal schemes come with
their own set of trade-offs.

--
You received this message because you are subscribed to the Google Groups "Bitcoin Development Mailing List" group.
To unsubscribe from this group and stop receiving emails from it, send an email to bitcoindev+unsubscribe@googlegroups.com.
To view this discussion visit https://groups.google.com/d/msgid/bitcoindev/b6df02a0-8d69-4882-a13c-411bc90adfa1%40gmail.com.

--
You received this message because you are subscribed to the Google Groups "Bitcoin Development Mailing List" group.
To unsubscribe from this group and stop receiving emails from it, send an email to bitcoindev+unsubscribe@googlegroups.com.
To view this discussion visit https://groups.google.com/d/msgid/bitcoindev/CAJowKgL-VBTgbacpbPStGMqe6u6Y7wB6fWNiGy28zWfkCODp%3DA%40mail.gmail.com.