From mboxrd@z Thu Jan 1 00:00:00 1970 Delivery-date: Sat, 27 Jun 2026 02:58:49 -0700 Received: from mail-oa1-f55.google.com ([209.85.160.55]) by mail.fairlystable.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (Exim 4.94.2) (envelope-from ) id 1wdPoG-0007rC-Oo for bitcoindev@gnusha.org; Sat, 27 Jun 2026 02:58:49 -0700 Received: by mail-oa1-f55.google.com with SMTP id 586e51a60fabf-4413ecf22a0sf1779342fac.1 for ; Sat, 27 Jun 2026 02:58:48 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1782554322; cv=pass; d=google.com; s=arc-20260327; b=Q/sMs6Ax/cAHMNRrxqeo7ibesWkOqbwXxDLobW74uh32dg2xGTFUtZskwxQ3ALT/dA EPJA/hO4fmzB9RpcG+4KymPGkXRx0/WSgL0YBRtEndcpOoMcMITihhQKqlpvFjM/ndT3 BNO1Oqe5JEFeufIComqJMAte49s/NM4dU8BefvGGSbbAWjtxxKloaBVwWSQ486EQ9mxK 2n+bXJ2ckguNSVBushjFbva1pieQ9f34s9mII4qTBHmZJvVMXBAufkK10cjVTQmpoETJ tME9iBeEIB3n3qvHH+h0z0LvmCVXTYwJl1zoHMN3gewN7NM4gtyTJjK6BzYBkMfULNfh 8nIg== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20260327; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:in-reply-to:content-disposition :mime-version:references:message-id:subject:cc:to:from:date:sender :dkim-signature; bh=/FAh5r0A6kMjCrtLgbUZZcEbHtxm/Gku62d31PmJams=; fh=pA54fyjKn+Oa0yfFE0Zg652367MeaDnMqueqomnS+4o=; b=lTb5jDMSW1YKi11ybe5VjTwXk2v/MTzGHJpv2w2RnZ0H8+rxT9gp4UFQ4aEKBJl7iF fz1Pei5gvhBokTIXwGtLBj3zNJse1mu2oy5Mwv+w9j1YNQJuU6oBuNmCD1RKSlme08WH 7iLrv2jjlJjddZprf141A1uDlc7J/EBXyylbR3ytnl8Ed6J8Vnr9dfARNaEqkp73PxKK CEfkmycnOB8CxelfDCQZdZE3X0LTFwkgnq0bnt2rNHtpD02gweSMQ4B2VUjvSAf6Wdla 6Kc5kXeWxxQHcCAmgiFdHuZik6eQli/tRxfje3OQTrevCbIXlIs8kH8jjg6VjdiJvaSc 8Pzg==; darn=gnusha.org ARC-Authentication-Results: i=2; gmr-mx.google.com; spf=pass (google.com: domain of aj@erisian.com.au designates 172.104.61.193 as permitted sender) smtp.mailfrom=aj@erisian.com.au DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com; s=20251104; t=1782554322; x=1783159122; darn=gnusha.org; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:x-original-authentication-results :x-original-sender:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:sender:from:to:cc :subject:date:message-id:reply-to; bh=/FAh5r0A6kMjCrtLgbUZZcEbHtxm/Gku62d31PmJams=; b=uEfWTHgQ79NFLgI1WmHibW7okALbY38JMri3Emn+voq653U4IwxU2QQ6l3E0S4QPFA LtCHZZBt6ONM9pWd7qndrl6WC20tSxncDwhMByX4+po4pmO5Xw/+50AK2dBLKy1a5tk2 WhEwGtXvdIELGSFce31FLLcjbAflHQnVFHiKJUXNuFf1mhh09jb5EHoklLefiVqaQYvD tuePvPHFptMSOeQ4unzuf9hQE1zPHWd1lqdSY6b4u4rRapUddwCbZwaqw4UxKg7iiQRu LMJR+O449j5CLtDTUDnpThjK8CmEPLC6ilU0/BSl+P5ZFnOR3W/z9C1t/XD2E04D+B4j 8/xg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1782554322; x=1783159122; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:x-original-authentication-results :x-original-sender:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:x-beenthere :x-gm-message-state:sender:from:to:cc:subject:date:message-id :reply-to; bh=/FAh5r0A6kMjCrtLgbUZZcEbHtxm/Gku62d31PmJams=; b=Ad5bxXY9fKbURPK64dKAwHQGIsEoUGywq0U/IIJ6Mz2T8nwtm5oqvlsWF4maAQ5bXt jw9wN/QvB1/g6HlNp23ofqUCfyYj2tK5tnRx9p10vF15x7mzxbFJkecPazxFyhNANcPA IZ5xyKLKYuCzCRo0Qc5sBlgWYjFr28SMOsdzUo1JtvY8mULMrHfk3TbEAJcBM2Ix+ZwV 7iQkU001ghdCb7vVMSoL1wzdtCCD4Mcfcb/OPMlrrGY/YnFZiiauResusxq2H21R3xrd 4/XbsOJSSJY1pcLbHZ1CKekdWfgiDzn1B2r+EiNq6MRHLW4Z7xUSS+4XAlBrNGe7ijIK LJkw== Sender: bitcoindev@googlegroups.com X-Forwarded-Encrypted: i=2; AHgh+RoPGuJZPy3KxRNs8QCNlxwwI4uH6lmMPHt6UU7vz0vMEiAiP7fveCBj9FZrRF2yVDTkkHUBvukLsled@gnusha.org X-Gm-Message-State: AOJu0Yw8C4vzJU1HOZJ1MagN7JYAccjYu4iEfcoFC4KjQwKPxIKQal4m ZB93zV/QbKsFbh9EIl9FpGQqEz5LGXG4VW2hnVGfdJDlFoQ4hBMeOZCH X-Received: by 2002:a05:6870:1709:b0:447:6c7f:81 with SMTP id 586e51a60fabf-4481184d43dmr8232757fac.12.1782554322237; Sat, 27 Jun 2026 02:58:42 -0700 (PDT) X-BeenThere: bitcoindev@googlegroups.com; h="AX0PUUe5kPAGag4aYx2dCf3W5sXC61+yLBv+9INVukhmJkWp5w==" Received: by 2002:a05:6871:5b13:b0:447:88d1:85e7 with SMTP id 586e51a60fabf-44788d1a27cls4349812fac.2.-pod-prod-05-us; Sat, 27 Jun 2026 02:58:37 -0700 (PDT) X-Received: by 2002:a05:6808:2203:b0:495:3690:accf with SMTP id 5614622812f47-4953690b456mr570963b6e.17.1782554317527; Sat, 27 Jun 2026 02:58:37 -0700 (PDT) Received: by 2002:a05:6808:3a0d:b0:480:77ce:ad79 with SMTP id 5614622812f47-4934763e51bmsb6e; Fri, 26 Jun 2026 21:33:33 -0700 (PDT) X-Received: by 2002:a17:903:3201:b0:2c8:248a:5dbb with SMTP id d9443c01a7336-2c8248a6466mr36997925ad.7.1782534811921; Fri, 26 Jun 2026 21:33:31 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1782534811; cv=none; d=google.com; s=arc-20260327; b=iorqaljDamsKiiAmCZjK3ZRlxc4noF8GeprMgzgCbuFLc/zt/sUXKNROp8qVVDS63f 9T4k6NFLSK/gUFLHPQgFRQRmHvJ7PROgC2/RCrwiNxi0tcApnSCcH+LGspEVbW/Vc+3b 4ll7wqpzwpBC2VEhuiFehgCVq0BXLldiLvXmdz2PxkciKpXtJGiO3Wayo7YDmxrTKI0H 5YGbeb8ve6CDllHVLVgIxMGUFw5P0rr0fagvtZUxFTHvHgHJfuNXMfaJ+RhXr/0RRN/A PWgR6GQB89WBI+v0c0bY3pJJAmizu3pK4hlH3D7qHKaer6B6lcrNnAwJaT2vbH7sT6F9 YBSA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20260327; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date; bh=CLw+zD+UnXtVEbALt+0x5ZpmxsY+VtR1gdOB6VQqnBs=; fh=dRl5MJeON1RwI+/xO4/cP/Y3U38+pgB9/4rd/p1o9tg=; b=iurSNA9cZbmZrcWh0OP2txv0JrzPSHlDKbwSmHHlU2Nt9fsVjAanpk5mTxxeiTkJCf Hpyhjxr8ElsXy0PYC+6F7u8dvV1wxbibf3rj7z8jLXNExQfXhfZj7dB8fCCd79SYkj1m rI0kukUBkZiUZ+h+MhfCc6llyS3knbz1O3XhmbJX3kGCn+uohRHXA/Yvw/TEk1Ci6tIm LrRvH1wF8hnTbNCPCf4duCkJX4RMVynAl1UYYS2a7IXpUqvYt1TbOPIzO3Yf4kslBkgM fi11fMikTMYgJa3JTKuhuV1dc//yk9VYlin39n7noEkQq2DnaIJWjNANBYVCTPYXq8sZ H5mw==; dara=google.com ARC-Authentication-Results: i=1; gmr-mx.google.com; spf=pass (google.com: domain of aj@erisian.com.au designates 172.104.61.193 as permitted sender) smtp.mailfrom=aj@erisian.com.au Received: from cerulean.erisian.com.au (azure.erisian.com.au. [172.104.61.193]) by gmr-mx.google.com with ESMTPS id d9443c01a7336-2c7f5b087c1si2622095ad.2.2026.06.26.21.33.30 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 26 Jun 2026 21:33:30 -0700 (PDT) Received-SPF: pass (google.com: domain of aj@erisian.com.au designates 172.104.61.193 as permitted sender) client-ip=172.104.61.193; Received: from aj@azure.erisian.com.au by cerulean.erisian.com.au with esmtpsa (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96) (envelope-from ) id 1wdKjN-0002md-2p; Sat, 27 Jun 2026 14:33:27 +1000 Received: by email (sSMTP sendmail emulation); Sat, 27 Jun 2026 14:33:23 +1000 Date: Sat, 27 Jun 2026 14:33:23 +1000 From: Anthony Towns To: Pieter Wuille Cc: Bitcoin Development Mailing List Subject: Re: [bitcoindev] Giving teeth to expected EC disabling: P2XX(-T)(-ML) Message-ID: References: MIME-Version: 1.0 Content-Type: text/plain; charset="UTF-8" Content-Disposition: inline In-Reply-To: X-Spam_score: 1.0 X-Spam_bar: + X-Original-Sender: aj@erisian.com.au X-Original-Authentication-Results: gmr-mx.google.com; spf=pass (google.com: domain of aj@erisian.com.au designates 172.104.61.193 as permitted sender) smtp.mailfrom=aj@erisian.com.au Precedence: list Mailing-list: list bitcoindev@googlegroups.com; contact bitcoindev+owners@googlegroups.com List-ID: X-Google-Group-Id: 786775582512 List-Post: , List-Help: , List-Archive: , List-Unsubscribe: , X-Spam-Score: 2.3 (++) On Thu, Jun 25, 2026 at 05:42:35PM +0000, Pieter Wuille wrote: > * Tripwire (P2XX-T): use the presence of a NUMS point spend as trigger > (suggested by Tadge Dryja[4]). > > Specifically, as part of the softfork definition, a NUMS point is > picked. Whenever a transaction is mined whose input contains a successful > " OP_CHECKSIG", EC opcodes/paths are disabled within the new > output type, as of the next block. A slight variant of this approach would be to have a 128 byte value "aRsm", such that P = N+a*G, N is the BIP-341 NUMS point, and Rs is a BIP340 signature of m by P. That would allow the victim of post-quantum theft via a key-path spend of a BIP341 NUMS IPK to trigger the tripwire, in addition to someone who has direct access to a CRQC. I think it could make sense to have the tripwire be included in the block via the coinbase witness commitment output, rather than having it be locked to a transaction, so you only having to check the coinbase for the magic rather than every transaction. That would require a separate P2P message to relay the necessary ECDL-break proof to miners, and would probably need stratumv2 or a getblocktemplate update in order for the node to be able to tell pools to actually include that info in the coinbase. > * Miner Lockdown (P2XX-ML): allow a hashrate majority/threshold to trigger > the disabling, allowing a faster reaction time to urgent CRQC threats. > The same is true > for the Miner Lockdown idea. I'm a bit more hesitant about that, as it may > be empowering the (collective of) miners too much. They always have the > ability to just disallow EC spends of course, but the Miner Lockdown idea > makes network nodes start enforcing the same rule too, making it > irreversible. Some potential ways of making that less dangerous: * Have it require a 100% signalling threshold, instead of 90%/95% * Have it have a longer signalling period (4032 blocks?) * Have it be continually soft-forked out (URSF-style): a) 100% signalling activates it, at any time b) as at 2026-07-01, 100% signalling is invalid prior to 2026-12-31 c) as at 2026-10-01, 100% signalling is invalid prior to 2026-03-31 d) as at 2027-01-01, 100% signalling is invalid prior to 2026-06-30 e) as at 2027-04-01, danger signs! 100% signalling remains valid after 2026-06-30 f) as at 2027-07-01, signalling actually starts (alternatively, if three to six months lead time was too long, a secondary soft-fork could be done on as soon as the danger signs appear that indepdently disables EC spends immediately, and also forces 100% signalling from 2027-07-01 for backwards compatibility) Cheers, aj -- You received this message because you are subscribed to the Google Groups "Bitcoin Development Mailing List" group. To unsubscribe from this group and stop receiving emails from it, send an email to bitcoindev+unsubscribe@googlegroups.com. To view this discussion visit https://groups.google.com/d/msgid/bitcoindev/aj9SkwXqdRbuVZxH%40erisian.com.au.