Gregory Maxwell [ARCHIVE] on Nostr: 📅 Original date posted:2018-01-23 📝 Original message:On Tue, Jan 23, 2018 at ...
📅 Original date posted:2018-01-23
📝 Original message:On Tue, Jan 23, 2018 at 10:22 PM, Anthony Towns <aj at erisian.com.au> wrote:
> Hmm, at least people can choose not to reuse addresses currently --
> if everyone were using taproot and that didn't involve hashing the key,
Can you show me a model of quantum computation that is conjectured to
be able to solve the discrete log problem but which would take longer
than fractions of a second to do so? Quantum computation has to occur
within the coherence lifetime of the system.
> way for individuals to hedge against quantum attacks in case they're ever feasible, at least that I can see (well, without moving their funds out of bitcoin anyway)?
By using scriptpubkeys with actual security against quantum computers
instead of snake-oil.
> (It seems like using the point at infinity wouldn't work because
Indeed, that doesn't work.
> that when quantum attacks start approaching feasibility. If funds are
> being held in reused addresses over the long term, that would be more
They are. But I don't believe that is relevant; the attacker would
simply steal the coins on spend.
📝 Original message:On Tue, Jan 23, 2018 at 10:22 PM, Anthony Towns <aj at erisian.com.au> wrote:
> Hmm, at least people can choose not to reuse addresses currently --
> if everyone were using taproot and that didn't involve hashing the key,
Can you show me a model of quantum computation that is conjectured to
be able to solve the discrete log problem but which would take longer
than fractions of a second to do so? Quantum computation has to occur
within the coherence lifetime of the system.
> way for individuals to hedge against quantum attacks in case they're ever feasible, at least that I can see (well, without moving their funds out of bitcoin anyway)?
By using scriptpubkeys with actual security against quantum computers
instead of snake-oil.
> (It seems like using the point at infinity wouldn't work because
Indeed, that doesn't work.
> that when quantum attacks start approaching feasibility. If funds are
> being held in reused addresses over the long term, that would be more
They are. But I don't believe that is relevant; the attacker would
simply steal the coins on spend.