bitcoin-dev

Proposing a P2QRH BIP towards a quantum resistant soft fork

Proposing a P2QRH BIP towards a quantum resistant soft fork

Original Postby Antoine Riard

Posted on: June 17, 2024 01:07 UTC

The discussion around post-quantum upgrade signature algorithms in the context of Bitcoin highlights the necessity for a nuanced understanding of practical attacks using Shor's algorithm against quantum computing threats.

The diversity of quantum computer architectures, which utilize different technologies to encode qubits, introduces uncertainty regarding the effectiveness of any specific variant of Shor's algorithm. Factors such as gate frequency, infidelity, and energy consumption for cooling are crucial considerations that may impact the viability of these algorithms across different quantum computing models.

One of the significant challenges mentioned is the game-theory aspect of quantum computing in the Bitcoin ecosystem. Specifically, the feasibility of concentrating sufficient energy to exploit quantum vulnerabilities before Bitcoin owners can react (for example, by observing a quantum break in the mempool and executing a counter-spend) remains an open question. This issue underscores the strategic interplay between potential quantum attackers and Bitcoin users, highlighting the need for proactive measures to safeguard assets.

Moreover, previous discussions on the mailing list have been criticized for unrealistic portrayals of the state of quantum computing, with accusations of hyperbolic risk characterization. Such critiques emphasize the importance of grounding discussions in empirical realities rather than theoretical speculation about quantum advancements.

In terms of solutions, the suggestion to adopt one of the algorithms (Dilithium, SPHINCS+, Falcon) that has undergone extensive cryptanalysis through three rounds by NIST is notable. These algorithms offer smaller signature sizes without compromising verification performance in a network of full nodes, presenting a viable path forward for enhancing Bitcoin's resistance to quantum attacks.

Additionally, a practical defensive measure for coin owners to consider today involves configuring spending scripts to require an artificially inflated witness stack. This approach leverages OP_DUP and OP_GREATERTHAN operations along with stack shuffling to increase the computational cost for potential quantum adversaries. However, the effectiveness of this technique is limited by Bitcoin's consensus rules on maximum script stack and stack element sizes. This strategy effectively imposes a higher resource requirement on attackers, introducing an additional layer of security against quantum computing threats.

In summary, addressing the challenge of quantum computing in relation to Bitcoin requires a comprehensive strategy that includes both theoretical analysis and practical defensive measures. Understanding the limitations and capabilities of various quantum computing architectures is essential for developing robust cryptographic responses. Furthermore, adopting NIST-vetted algorithms and exploring innovative script-based defenses can significantly enhance the resilience of Bitcoin against potential quantum attacks.