📅 Original date posted:2021-03-15
📝 Original message:On Tue, 16 Mar 2021 at 07:48, Matt Corallo via bitcoin-dev
<bitcoin-dev at lists.linuxfoundation.org> wrote:
>
> Overall, the tradeoffs here seem ludicrous, given that any QC issues in Bitcoin need to be solved in another way, and
> can't practically be solved by just relying on the existing hash indirection.
The important distinction here is that, with hashes, an attacker has
to race against the spending transaction confirming, whereas with
naked pubkeys, the attacker doesn't have to wait for a spend to occur,
drastically increasing the available time to attack.
It may initially take months to break a single key. In such a
scenario, anyone with a hashed pubkey would be completely safe* (even
at spend time), until that speeds up significantly, while Super Secure
Exchange X with an ultra-cold 38-of-38 multisig setup using Taproot
would have a timer ticking, since the attacker need only find a single
privkey like with any old P2PK output.
(* assuming no address reuse)
Karl-Johan Alm [ARCHIVE] /
npub17c…qmtzy
2023-06-07 18:30:52
in reply to nevent1q…6wr9
Author Public Key
npub17cwk7hm623dm5npjzu8cvv994h43k2keanegs8w78xyvlez8hqqsqqmtzyPublished at
2023-06-07 18:30:52Event JSON
{
"id": "ef67bcab59934ea5be86f00d0186b016d99baeddb242d9eda9ddf88277204a31",
"pubkey": "f61d6f5f7a545bba4c32170f8630a5adeb1b2ad9ecf2881dde3988cfe447b801",
"created_at": 1686162652,
"kind": 1,
"tags": [
[
"e",
"a234deec8deaa4b2f960309b1c4b9227805148596a77c14f96fdcb654e31f3ba",
"",
"root"
],
[
"e",
"1e5562d5a18ad900bd2367341898fa418b395a303a68e546f9fc077b9a53e69c",
"",
"reply"
],
[
"p",
"cd753aa8fbc112e14ffe9fe09d3630f0eff76ca68e376e004b8e77b687adddba"
]
],
"content": "📅 Original date posted:2021-03-15\n📝 Original message:On Tue, 16 Mar 2021 at 07:48, Matt Corallo via bitcoin-dev\n\u003cbitcoin-dev at lists.linuxfoundation.org\u003e wrote:\n\u003e\n\u003e Overall, the tradeoffs here seem ludicrous, given that any QC issues in Bitcoin need to be solved in another way, and\n\u003e can't practically be solved by just relying on the existing hash indirection.\n\nThe important distinction here is that, with hashes, an attacker has\nto race against the spending transaction confirming, whereas with\nnaked pubkeys, the attacker doesn't have to wait for a spend to occur,\ndrastically increasing the available time to attack.\n\nIt may initially take months to break a single key. In such a\nscenario, anyone with a hashed pubkey would be completely safe* (even\nat spend time), until that speeds up significantly, while Super Secure\nExchange X with an ultra-cold 38-of-38 multisig setup using Taproot\nwould have a timer ticking, since the attacker need only find a single\nprivkey like with any old P2PK output.\n\n(* assuming no address reuse)",
"sig": "08bfc04bacf08896fbc1c03853ea5ea9be528412a7a28c952e599e1f8cf962052800a9c937997d1bf446cc3f1ac110c6155741f9916d75e72d1ef6626da7cbf3"
}