[bitcoin-dev] Transition to post-quantum
Tristan Hoy
tristan.hoy at gmail.com
Mon Feb 12 14:13:11 UTC 2018
Hi all,
Recently I've been exploring what a post-quantum attack on Bitcoin would
actually look like, and what options exist for mitigating it.
I've put up a draft of my research here:
https://medium.com/@tristanhoy/11271f430c41
In summary:
1) None of the recommended post-quantum DSAs (XMSS, SPHINCS) are scalable
2) This is a rapidly advancing space and committment to a specific
post-quantum DSA now would be premature
3) I've identified a strategy (solution 3 in the draft) that mitigates
against the worst case scenario (unexpectedly early attack on ECDSA)
without requiring any changes to the Bitcoin protocol or total committment
to a specific post-quantum DSA that will likely be superseded in the next
3-5 years
4) This strategy also serves as a secure means of transferring balances
into a post-quantum DSA address space, even in the event that ECDSA is
fully compromised and the transition is reactionary
The proposal is a change to key generation only and will be implemented by
wallet providers.
Feedback would be most appreciated.
Regards,
Tristan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/attachments/20180213/a2ca6c0e/attachment.html>
More information about the bitcoin-dev
mailing list