I went on a deep dive into post-quantum hash-based signatures and tried to apply them to bitcoin. At the end of the article I propose a way to insure today's Bitcoin wallets with a quantum-resistant fallback key, without any consensus changes needed.
Discussion
Great stuff, thanks! As a post-quantum attack wouldn't the codebase of all wallets be viable to a compromise via darkskippy kind off exploit?
First time for me hearing of Dark Skippy, but it sounds like a pretty obvious idea: Malicious firmware causes compromise of hardware wallets. That idea applies to pre and post quantum signatures of any algorithm.
What I meant is that even if bitcoin is made quantum-resistant I am not sure that everything else will be. And if not what kind of implications will that have for bitcoin security? For example, if one can compromise github/gitlab accounts easilly then one has a larger attack surface by modifying either hw wallet firmware or wallet clients code. Do you know if passcodes or ssh comunication are somehow more resistant to quantum-comp attacks?
That's completely true! The transition to PQ crypto is a slow march across all digital industries. I know for sure OpenSSH is actively working on this. https://linuxiac.com/openssh-9-9-released/
The most important part of the overall migration IMO will be TLS. Almost all TLS traffic today is basically plaintext to a quantum computer (incl passwords sent to log into online services, and access keys downloaded over TLS). Cloudflare has a good post about that here: https://blog.cloudflare.com/pq-2024/
Searching up Dark Skippy was definitely not on my bingo card today.
๐งก๐๐ป๐ป
Epic.
Sounds like something we need
Anyone interested in this topic, may want to check out nostr:npub1qqqqqqqrxtrcx8vut2vlrqa0c2qn5mmf59hdmflkls8dsyg9vmnqsclxwk pod on YouTube.
https://primal.net/e/note1gy7hy07enzfq753e6htpfhylq00tj2easc7mmjr70k6c3n7hhncq9pcxpu
we need more of that kind of research
Great ideas here and thanks so much for researching this. The BTC dev community definitely needs to start having a plan and strategy in place to counter this threat. Probably the most important attack vector to counter in the coming years if not days!