From mboxrd@z Thu Jan 1 00:00:00 1970 Delivery-date: Tue, 10 Feb 2026 17:06:54 -0800 Received: from mail-oa1-f64.google.com ([209.85.160.64]) by mail.fairlystable.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (Exim 4.94.2) (envelope-from ) id 1vpygw-0006YM-33 for bitcoindev@gnusha.org; Tue, 10 Feb 2026 17:06:54 -0800 Received: by mail-oa1-f64.google.com with SMTP id 586e51a60fabf-4081db82094sf25439936fac.0 for ; Tue, 10 Feb 2026 17:06:53 -0800 (PST) ARC-Seal: i=3; a=rsa-sha256; t=1770772008; cv=pass; d=google.com; s=arc-20240605; b=drjd+Po32NnL/+RchOf1isowGcove8fvebvAMeDBUlGU4blMLll+GNdE3gOV+QGluV W8kV/29Q19CdpgtLh4Xd9uTUZEx73U2FTd9RPsblriDdVyaZ1hJEOOFgN+8T0swykKTV rSKNO3B6KH+TLcQnatd5CVLoulPqWNXflF1Nbt3+JxfgTyLRrg0TnsTyli4hEFob77S1 j7xchs5Ke1I87V1EzU8ojWo8iYpLGZxc7jf/aOvEUdQumOk5b1r8qlNNqPQ5eQta03u/ xyYlnbwYC4m53u6hiCEiS+GbDXPFx+sU8xC2aJ0OLTZmpwHNz4fToNHGWJcAoLtNpTTy 6weg== ARC-Message-Signature: i=3; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:sender:dkim-signature; bh=avtUkz2xKSHnNHPiF46jdl7AzWK+Rs1BwdF7lBEAAKo=; fh=6hDLxKjBv3oOlZfb0PNaC1/B02r6UYWIcPomE6d0gFo=; b=PGgfD01zjeFFDF64Ajv1iYE3+Ix+ykYW1XvIUQuvnJkAEp1/ZWIIQia0Y3/2w6eVNP fwIcZQ75qzYXKS8CAnaGHmxowqQpmqdfvG3UeD50D2rKuDRnZN8JRA+qJZqomqRQQ53S QRQRGiBBks5WLxFXssn0lOTtwKuVQ1pxMQIRU8j+Uou+iR+WpUIix3qtUM/M3Tw8889J ROMXK1MUAA1TnW9lJ1EbeKHV2T2D5zjBMXHHIWbVrby7z7Deo5g4ADOVkHYEHN0O0rUZ zTYwALg2DjILTG/HreEOOPNS+KxAgUjoaWcpStkbRH1Cm6PdzlQ1apVt3Zt3WoPc3LVj AX7g==; darn=gnusha.org ARC-Authentication-Results: i=3; gmr-mx.google.com; dkim=pass header.i=@q32-com.20230601.gappssmtp.com header.s=20230601 header.b=EZQ9wIVq; arc=pass (i=1); spf=pass (google.com: domain of earonesty@gmail.com designates 2a00:1450:4864:20::533 as permitted sender) smtp.mailfrom=earonesty@gmail.com; dara=pass header.i=@googlegroups.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com; s=20230601; t=1770772008; x=1771376808; darn=gnusha.org; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:x-original-authentication-results :x-original-sender:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:sender:from:to:cc:subject:date:message-id :reply-to; bh=avtUkz2xKSHnNHPiF46jdl7AzWK+Rs1BwdF7lBEAAKo=; b=d9eWjvItQ54v8CbtuVocuyXps9N/UpjT1c7uV8dEB4rGV9/98t16e0if4Ikiw9NF8y 2hDEuzKty2q9P5sjJ+j8PGEKUwd/6WQTtZMomThWJo7TyKyj9nWDtb24MGWr7E7s1yUI QP+Yb5SDaQsMB4DuvZuQpKJ8Wjbe09OABkZ6DDqgsK9iuQNRdElwdYWIZ7g92gKLyDcM 95PVDW24oo5sHEMyYB3XSbcJh0mjd9Vnxtu+e+zc6xQrAVUXA5dtdUm7b2RVWdyO/NMT t/otgkbaH18mcxSEPHXNNyvid092RxvNtRwmAV0wtrbCKRFJ1gy86LIftLP1jWt334T5 4aIQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1770772008; x=1771376808; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:x-original-authentication-results :x-original-sender:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:x-gm-gg:x-beenthere:x-gm-message-state :sender:from:to:cc:subject:date:message-id:reply-to; bh=avtUkz2xKSHnNHPiF46jdl7AzWK+Rs1BwdF7lBEAAKo=; b=PvGAnHo8WZVfLSu0Pyy1yeKPWillTY0a+CgG9BsAZhM4Pc6d/YbbBCiNHSe3oy3SfU L1Nc39mf8i+qObKCvUIuQPuP0UOAlpd41sAFKIsIHMRCfe+sXy2K8iNrU/DXfQZFDojs ZkDxfoiDedlvs3NykdmgT69l7gIntEfCH9oOKvA9LCSuv6IfEFfwj3SzZX7xh2AdOz1u ei9ukjOkdcFK3comKsQfBYIb9jVBJ7mxUBaQvk1q0GGhkLqVN4u3vJdREEmco7GMUx4d FXE3ehxLxD5qvH5gRbbgTZIUP8mGs5onf0VgMShD71f5K0EzQ+U2nevv53wYvchdyO58 1Dyg== Sender: bitcoindev@googlegroups.com X-Forwarded-Encrypted: i=3; AJvYcCWrGbQcAZKvxNfuI5gMyMlBKMFwc/TcKfalm6EvLO8GRj9eBV9qgQv7fBrkO7WrxcUIzvp++oFE51se@gnusha.org X-Gm-Message-State: AOJu0YwgH+nyjsvMzdh/IO+iCRnAVfbmAjZZVbTdyuZjCPtXiZ4WZ4n0 9DtGEFtbrBy4ipkrAeMie1EWQQ5z1xe+cTZbcwZlcEinMxy+ArXgHxGF X-Received: by 2002:a05:6871:706:b0:404:27f6:c993 with SMTP id 586e51a60fabf-40eaf718c7dmr141191fac.21.1770772007689; Tue, 10 Feb 2026 17:06:47 -0800 (PST) X-BeenThere: bitcoindev@googlegroups.com; h="AV1CL+Hw/HL8orbZBx5nYxFJIkcDdjsAzv9YsrlCBD2Np6BIaw==" Received: by 2002:a05:687c:20d3:b0:404:3336:fc1d with SMTP id 586e51a60fabf-40a7443d349ls6134016fac.0.-pod-prod-01-us; Tue, 10 Feb 2026 17:06:42 -0800 (PST) X-Forwarded-Encrypted: i=3; AJvYcCUlSCBieDKBFvvh51xaN27SLDQ5tk6lSmwfMjwrZ1Elqesczo80plW/lrxM9KWHGR2puzT0azKi+gEr@googlegroups.com X-Received: by 2002:a05:6808:640f:b0:459:b564:e20e with SMTP id 5614622812f47-4636954d84amr255953b6e.61.1770772002625; Tue, 10 Feb 2026 17:06:42 -0800 (PST) Received: by 2002:a05:600c:4793:b0:477:99f7:45de with SMTP id 5b1f17b1804b1-483200f9433ms5e9; Tue, 10 Feb 2026 16:19:56 -0800 (PST) X-Forwarded-Encrypted: i=3; AJvYcCWq2K04sphwtO8EvvYNYIKxLa6OfxZx/z/VkjUpSfd28g8Dk+3wIzagZ/GdFOlN4CCGkkKE23pyRhn2@googlegroups.com X-Received: by 2002:a05:600c:3b19:b0:477:7bca:8b34 with SMTP id 5b1f17b1804b1-48320200068mr234078595e9.6.1770769194398; Tue, 10 Feb 2026 16:19:54 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1770769194; cv=pass; d=google.com; s=arc-20240605; b=BYez0h3s5B5YvI/31GJxDLRBuOwKJaQfRz1ttNoywQHntI1gEA/Y21OYwAO8pdRHKg Xa3rc67PGH1v9jFAoeSeWKBLQKe6OMZDDPFJ71MpkDCXiDrsNyC9aP2TKH38VRgU1Oy9 qLvG0eQG9wCVnjJ+r4CrsryOyCq/mrYkxuUmnuiU8zuYT01zRPJ55VR4XXHOcaOiA4uw hZwa2OtiQ5E3EHN7+jzTNkNs2JmKu72ioycw4NLKzSwkWFj7/P1VN+C0jooe/LOCyKIG LR4UVh+7G/EOD9isvBu0FnyZTOJTaZYgVrN6zc9DqUXStENvuAFL3k2X8PVFuByydkEY ZgDQ== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:dkim-signature; bh=2Hcb1xStCpWjLaQyCa5nrp2sDIgRnymaeyqQGK77KtI=; fh=iL2v8KuKAkhCwiwjHzCtOwyUsRf/5WxvBkn46JAsXW8=; b=ZQMgY6dCuJZH/d+iC5F6zWjQrtDYQqR+UqdW2QwCBOQRbrDUCM/YHJFcn7zeArraip 6cxE9D4ye+ex1YgP4XMJFhhRjDXeXCpIbqbMjCO1niunNumM5vH5FSrhDQfimR8u/PGA ike1ceTIeueW5ud14zArz6pxlyFW9qtFWUuSUeoVHAzZ7p2hEfQs0JQUMtkLcP+WgfIp 9KbYCMyr9uM5wUrAJxWElxHxjN+p6/zXAvOh/lx2MosDfjl4oZBRfb+aPujopS3yWf6G osV3//I8nLoletg2TGL6bWN1jTjOM2jcHx5MzOHKtS9KcM57hbVd00vERWriF/6KLOe3 uMyA==; dara=google.com ARC-Authentication-Results: i=2; gmr-mx.google.com; dkim=pass header.i=@q32-com.20230601.gappssmtp.com header.s=20230601 header.b=EZQ9wIVq; arc=pass (i=1); spf=pass (google.com: domain of earonesty@gmail.com designates 2a00:1450:4864:20::533 as permitted sender) smtp.mailfrom=earonesty@gmail.com; dara=pass header.i=@googlegroups.com Received: from mail-ed1-x533.google.com (mail-ed1-x533.google.com. [2a00:1450:4864:20::533]) by gmr-mx.google.com with ESMTPS id ffacd0b85a97d-43783dde550si7056f8f.5.2026.02.10.16.19.54 for (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Tue, 10 Feb 2026 16:19:54 -0800 (PST) Received-SPF: pass (google.com: domain of earonesty@gmail.com designates 2a00:1450:4864:20::533 as permitted sender) client-ip=2a00:1450:4864:20::533; Received: by mail-ed1-x533.google.com with SMTP id 4fb4d7f45d1cf-658034ce0e3so2125419a12.3 for ; Tue, 10 Feb 2026 16:19:54 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1770769194; cv=none; d=google.com; s=arc-20240605; b=HXDp0jgF96XRS7PDvvVVJQCYDHzO1XKY53D3LjV+onodZkhtyZDXx7xBozbo8jO+xd oiO1xukN3uGyPgOOc5upUWO6eANyTonWZfJXZfz334q8I+n4GIajhUPdAJhVttxpeLLZ X133LZrwdTOLyeZAlYNwB+YsmPdUNEKKmf3J/NHm92sSjxr4bbhi0XB5euQ12F8scta0 hlK1tOJ1iajdtaa8s3ovB3nUI+mrR94yDZN8reuk6HXZRxXv6yV8/LWA5nVJ95sC+MbK ZUAay8kRp/KbwrY02SFkpwLwlZwxmbxvxtGuh8odh+UgQ7mLcrHwhtpgBdHv8udhkyQS 299w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:dkim-signature; bh=2Hcb1xStCpWjLaQyCa5nrp2sDIgRnymaeyqQGK77KtI=; fh=iL2v8KuKAkhCwiwjHzCtOwyUsRf/5WxvBkn46JAsXW8=; b=gW8HZBX7XaoYWhh94Jfk6sMF8m+5rib+fMjvkj7/ukf4pcv8wOJObsjMOvHITWXxbf o6nU6fSLYEBJFupsL8phR8DZIbsZJ9xLUnX4V7gwpW2b9DIQ04sZ73lqBhDZu06u3svO q/zzeaXOOHkT6wjMVTodgtP8Q/LkcblceMlOJ4baj6v+PSb1SL3HKL5WhdlfaxJ25b29 0FMnP/o8XUu1mPCmjEIalxj7KjqJ8Tm0FmyDSnslsbTfBuORNsvOCiyYfL6/jv2T8H+R UpmtxuWGHAKxjDg037Amk8MMR2xMHW5zCo+DKKTDSh/Ljg15nH3Y3obacLgC/LsD9xtI 2TIw==; dara=google.com ARC-Authentication-Results: i=1; mx.google.com; arc=none X-Forwarded-Encrypted: i=1; AJvYcCV6ddxyqbsismsbNUspNGb3CVch6GEScS98nMJVVHLdkTbRUD/4Ec/SuP3LuMLDVswwuvuDm9Q7CQsq@googlegroups.com X-Gm-Gg: AZuq6aJdHSEY0tARi6gEhfD49mZcPPYrvcUgTyQMIzaTZwvKi1h3y429DZ/6qevmq+1 UKYtrAxFNbyZ1UVoI/vGW0F3ZI/UVyUkPTEzU7M96/rdJpktfrRlHYEjLlum5B5LCgmCN6UxMOm EpgPnArlYVIU98VT72tW7f4c+ywPKfU0rPUH5bqZZt5erFCqZgn5qM+5V5AQ9clvIoy2/zwg+H9 8Vtp6QlDCjApjzWb7PSN/MMg3z4P96sIou0KLWMCbn3xOG4CJpgDHLkbUWjysq+lXMEoJKEOdX9 rKEYXtbe5aCxE6tMAJLSBIEdo4iLKrcn6nlcPgRfOR6Z+cMbyUQ9loN+aBiP4CiL+2C8KBfQSYh F6g== X-Received: by 2002:a17:907:3fa2:b0:b8e:dd59:7b90 with SMTP id a640c23a62f3a-b8edf3440e4mr828107666b.37.1770769193464; Tue, 10 Feb 2026 16:19:53 -0800 (PST) MIME-Version: 1.0 References: In-Reply-To: From: Erik Aronesty Date: Tue, 10 Feb 2026 16:19:42 -0800 X-Gm-Features: AZwV_QjSwIPMp0dw26xrJtlj9UU7s6pgPuwHAjhm93IpdIWoLgPz7Mu1wd45I0A Message-ID: Subject: Re: [bitcoindev] Algorithm Agility for Bitcoin to maintain security in the face of quantum and classic breaks in the signature algorithms To: Ethan Heilman Cc: Jonas Nick , bitcoindev@googlegroups.com Content-Type: multipart/alternative; boundary="000000000000c179f1064a81541c" X-Original-Sender: erik@q32.com X-Original-Authentication-Results: gmr-mx.google.com; dkim=pass header.i=@q32-com.20230601.gappssmtp.com header.s=20230601 header.b=EZQ9wIVq; arc=pass (i=1); spf=pass (google.com: domain of earonesty@gmail.com designates 2a00:1450:4864:20::533 as permitted sender) smtp.mailfrom=earonesty@gmail.com; dara=pass header.i=@googlegroups.com Precedence: list Mailing-list: list bitcoindev@googlegroups.com; contact bitcoindev+owners@googlegroups.com List-ID: X-Google-Group-Id: 786775582512 List-Post: , List-Help: , List-Archive: , List-Unsubscribe: , X-Spam-Score: -0.7 (/) --000000000000c179f1064a81541c Content-Type: text/plain; charset="UTF-8" > > > > You'd still need BIP 360 P2MR (or P2TRD) since OP_TXHASH needs tapscript, > and the only available tapscript supporting output type, P2TR, isn't > quantum safe. > false, covenant based multistep secret-reveal spending paths don't rely on signatures at all > > I'm going to assume: > - you mean to use this commit-reveal for migrating between signature > algorithms, not for everyday use, > it can be used if "q day" happens. otherwise ignored. > - TXHASH is being used because you are waiting for the commitment to be > confirmed on-chain rather than lifeboat's out-of-band commitment system > it's used so you can commit to a spending constraint without committing to the final "as yet to be determined" quantum-safe destination: https://delvingbitcoin.org/t/a-quantum-resistance-script-only-using-op-ctv-op-txhash-and-no-new-signatures/2168 > Once you post your commit-txn, but before it confirms, other parties can > post competing commit-txns that double spend your output. If one of > malicious transactions confirm, you must now wait for a timelock to expire > and then try to post your transaction. > agreed. they have to spend resources to attack your private key and the only thing they can do is "grief" using a timing attack with the results, rather than steal outright. a massive incentive difference. > They can block you again. Each time they burn some of you coins in fees. > Miners get the fees, so they might be incentivized to do this. Thus, we > must trust miners not to do this. Lifeboat doesn't have this issue since it > uses out-of-band commitments, but out-of-band commitments have their own > issues. > each time you use the reset-path, they have to re-attack a new key. very expensive just to grief a small amount of fees spread across all miners. sounds like science-fiction levels of compute. plus.... TX_HASH is simple and generally useful and there is no guarantee that q-day will even come -- You received this message because you are subscribed to the Google Groups "Bitcoin Development Mailing List" group. To unsubscribe from this group and stop receiving emails from it, send an email to bitcoindev+unsubscribe@googlegroups.com. To view this discussion visit https://groups.google.com/d/msgid/bitcoindev/CAJowKgL5okUA%3DDHSyUJfzdb6p_z5a6H_hN6NuhZo6R9ZYbJFUQ%40mail.gmail.com. --000000000000c179f1064a81541c Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable


You'd= still need=C2=A0 BIP 360 P2MR (or P2TRD) since OP_TXHASH needs tapscript, and the only avail= able tapscript supporting output type, P2TR, isn't quantum safe.

false, covenant based multistep secret-= reveal spending paths don't rely on signatures at all
=C2=A0

I'= m going to assume:
- you mean to use this commit-reveal for migrating b= etween signature algorithms, not for everyday use,

it can be used if "q day" happens.=C2=A0 otherw= ise ignored.
=C2=A0
- TXHASH is being used because you are waiting for the = commitment to be confirmed on-chain rather than lifeboat's out-of-band = commitment system

it's used s= o you can commit to a spending constraint without committing to the final &= quot;as yet to be determined" quantum-safe destination:=C2=A0 https://delvingbitcoin.org/t/a-qu= antum-resistance-script-only-using-op-ctv-op-txhash-and-no-new-signatures/2= 168
=C2=A0
=C2=A0
Once you post your commit-txn, but bef= ore it confirms, other parties can post competing commit-txns that double s= pend your output. If one of malicious transactions confirm, you must now wa= it for a timelock to expire and then try to post your transaction.

agreed. they have to spend resources to attack yo= ur private key and the only thing they can do is=C2=A0"grief" usi= ng a timing attack with the results, rather than steal outright.=C2=A0 a=C2= =A0massive=C2=A0incentive difference.=C2=A0=C2=A0
=C2=A0
They can block you again= . Each time they burn some of you coins in fees. Miners get the fees, so th= ey might be incentivized to do this. Thus, we must trust miners not to do t= his. Lifeboat doesn't have this issue since it uses out-of-band commitm= ents, but out-of-band commitments have their own issues.

each time you use the reset-path, they have to re-attack= a new key.=C2=A0 very expensive just to grief a small amount of fees sprea= d across all miners.=C2=A0 =C2=A0sounds like science-fiction levels of comp= ute.=C2=A0=C2=A0
=C2=A0

plus.... TX_HASH is simple and gen= erally useful and there is no guarantee that q-day will even come

--
You received this message because you are subscribed to the Google Groups &= quot;Bitcoin Development Mailing List" group.
To unsubscribe from this group and stop receiving emails from it, send an e= mail to bitcoind= ev+unsubscribe@googlegroups.com.
To view this discussion visit https://groups.google.com/d/= msgid/bitcoindev/CAJowKgL5okUA%3DDHSyUJfzdb6p_z5a6H_hN6NuhZo6R9ZYbJFUQ%40ma= il.gmail.com.
--000000000000c179f1064a81541c--