📅 Original date posted:2021-03-23
📝 Original message:On Mon, 2021-03-22 at 10:24 -0400, Erik Aronesty via bitcoin-dev wrote:
>
> Does anyone think it would it be useful to write up a more official,
> and even partly functional plan for Bitcoin to use zero-knowledge
> proofs to transition to quantum resistance?
Yes, for sure. This is certainly something that the community should
discuss. Looking into this problem is also on my (too long) list of
research problems.
I think IF we arrive at the conclusion that this is a good idea (which
is possible but not at all clear to me at this point), then one of the
questions is whether it's desirable to use something more efficient
than a zero-knowledge proof, at the potential cost of committing to a
real public key of a simple post-quantum signature scheme. This could
for example be a hash-based one-time signature scheme (but something
more efficient than the often mentioned Lamport signatures, e.g.,
Winternitz or W-OTS+ signatures).
Tim Ruffing [ARCHIVE] /
npub1cm…dwkls
2023-06-07 18:30:57
in reply to nevent1q…jw86
Author Public Key
npub1cmt6gqyfw3sdngkq0wadtpe3kmgyyeld6ad0g2h5tar3kpzcrmpqddwklsPublished at
2023-06-07 18:30:57Event JSON
{
"id": "a824efd66aff8a6f72d5c560ffdd9daa010182f68d2e971b7402d3badceabb42",
"pubkey": "c6d7a400897460d9a2c07bbad58731b6d04267edd75af42af45f471b04581ec2",
"created_at": 1686162657,
"kind": 1,
"tags": [
[
"e",
"a234deec8deaa4b2f960309b1c4b9227805148596a77c14f96fdcb654e31f3ba",
"",
"root"
],
[
"e",
"d7af3a7f1175cd519f184fb63908499baf2dd3426df6ecf241689300204f1e2c",
"",
"reply"
],
[
"p",
"c688b08e8985ed20aae15a403624c4d02d6c20792a585674e0203d7aa60f8e6f"
]
],
"content": "📅 Original date posted:2021-03-23\n📝 Original message:On Mon, 2021-03-22 at 10:24 -0400, Erik Aronesty via bitcoin-dev wrote:\n\u003e \n\u003e Does anyone think it would it be useful to write up a more official,\n\u003e and even partly functional plan for Bitcoin to use zero-knowledge\n\u003e proofs to transition to quantum resistance?\n\nYes, for sure. This is certainly something that the community should\ndiscuss. Looking into this problem is also on my (too long) list of\nresearch problems.\n\nI think IF we arrive at the conclusion that this is a good idea (which\nis possible but not at all clear to me at this point), then one of the\nquestions is whether it's desirable to use something more efficient\nthan a zero-knowledge proof, at the potential cost of committing to a\nreal public key of a simple post-quantum signature scheme. This could\nfor example be a hash-based one-time signature scheme (but something\nmore efficient than the often mentioned Lamport signatures, e.g.,\nWinternitz or W-OTS+ signatures).",
"sig": "5d906c34653b760d7173d43686525deafd6284473d2db09f4e7047dbf36933854c58334e65e8f9b8379961fdd21a7e257636ba1ea717e0b16cba34008855b3ce"
}