Nostr Web Client

The debate that Willy Woo has reignited about quantum computing and taproot is interesting.

While I believe that it will take many years and decades to see quantum computing as we imagine it, I do believe that taproot was a design flaw in every respect.

As I have mentioned many times, there is widespread suspicion that taproot was approved due to pressure from Core members who had stakes in mining pools.

But the truly amusing aspect is that taproot addresses are less secure than segwit addresses, significantly less secure, given that taproot addresses permanently display the public key.

A state attacker, for example, could collect Taproot addresses (and other vulnerable ones such as P2PK and Bare multisig/scripts with direct pubkeys) and decrypt their private key.

In segwit addresses (also P2PKH and P2SH/P2WSH), this is not possible, since the public key is not exposed; it is only possible at the moment of spending, which is when the public key is exposed, i.e., while it is in the mempool waiting to be confirmed.

This reduces the window to minutes and greatly reduces exposure to attack.

The example to follow is that of Signal and SimpleX, which improve their encryption algorithms with every step they take and prepare for quantum computing well in advance.

Meanwhile, Bitcoin is more concerned with allowing spam and shitty protocols like Citrea.

This has less and less of a future.

Reply to this note

Please Login to reply.

Discussion

Cyph3rp9nk 1mo ago 💬 4

In cryptography, one of the premises, along with not trusting third parties, is to always assume the worst-case scenario.

In Bitcoin, this has been ignored for years.

The worst-case scenario is that a government or private entity secretly builds a sufficiently powerful quantum computer.

In fact, this is the most plausible scenario because they would have an enormous tactical and competitive advantage. They would have no interest in making it public because they could spy on all their opponents and could also destroy all confidence in Bitcoin in a matter of minutes.

nostr:nevent1qvzqqqqqqypzpl8hpfzul2qha25p8wd63gm46ufax95lfgnl8h9v84y3zt0k05m7qqsvdkmaguzd4txn42vq8lhul4t8dyqnmqsyhee4dkrn7uxxsgjutescp79yz

Perscrutador 1mo ago

I think the worst scenario is under construction in front of our eyes right now. They are doing what they are pro. They are creating words in papers and making people be afraid if they don’t follow what they write. Like all gov works since Sumerians.

Des Imoto マキシ 1mo ago

There’s no such thing as quantum computing. It’s another scare tactic to change the Bitcoin code. Please dig a little deeper. It’s just a buzzword to manipulate people.

Ps, there’s no AI either. It’s just adding natural language creation to google searches.

Bitcoin on the other hand, genius.

Cyph3rp9nk 1mo ago

I don't need to do any research; I am an IT professional with many years of experience in computer security.

I am quite up to date; you should reread my opinions.

Des Imoto マキシ 1mo ago

So tell me, like I’m a three year old, what quantum computing is.

Cyph3rp9nk 1mo ago

Muted for being an idiot

Anony 1mo ago

Quantum computing risks are real. There has been a conference for some 10y called PQC. (It prly still exists.) The risks are in that by entangling particles, probabilities can be computed that point towards answers where otherwise in classical computing it would be a complete guess. However, it is not possible to "cheat" on every kind of math problem like this.

Quantum computing risks and Post-Quantum Computing are very much real research and engineering, with some 6 or so viable mainstream flavors.

Thekid.999 1mo ago

I didn't read your whole note. I just read the first 2 sentences. I'm sure he's saying that because he lost his crowd. Bro, didn't he say he sold all his Bitcoin for etf, bro? He's lost his crowd. So he needs to say something. So people can talk about him.

Cyph3rp9nk 1mo ago

He hasn't told any lies; this debate has been going on for years and has always been known.

In fact, Peter Wuille was heavily criticized for this.

The thing is, taproot was sold as a gateway to improvements to protect against quantum computing, and since then no progress has been made, while Signal and Simplex have gotten their act together.

By the way, I shouldn't have responded to you because you started out being disrespectful, you idiot.

epsql 1mo ago

I had no idea that taproot was presented, among other things, as a potential improvement with respect to QC threats. How could this have been given the exposed pubkey? Am I missing something either in my understanding of how taproot works or more generally?

Also what debate are you referring to? I'd like to know more, thanks

Anony 1mo ago

Me too. I was surprised to read Taproot exposes public keys again. Where's this debate?

Cyph3rp9nk 1mo ago

It has always been this way. Search for "quantum taproot" on Twitter and you will see comments from over two years ago regarding this matter.

Anony 1mo ago

Nah, I meant: I thought we had transitioned to using key-hashes for initial commitments, but with taproot we're back to immediately exposing public keys.

Cyph3rp9nk 1mo ago

https://primal.net/e/nevent1qqsvgmrw0qp0w0g2w7etvj9hkysnaaffxvvjz273tjz6x3w2n4zvhrszggz3f

Cyph3rp9nk 1mo ago 💬 2

A clarifying note.

Willy hasn't said anything new; this has been known since Taproot was implemented.

In fact, Peter Wuille was heavily criticized for this.

The thing is, Taproot was sold as a gateway to improvements to protect against quantum computing, and since then, no progress has been made. Signal and Simplex, on the other hand, have gotten their act together, especially in the last year.

nostr:nevent1qvzqqqqqqypzpl8hpfzul2qha25p8wd63gm46ufax95lfgnl8h9v84y3zt0k05m7qqsvdkmaguzd4txn42vq8lhul4t8dyqnmqsyhee4dkrn7uxxsgjutescp79yz

npub13zcvggl 1mo ago

Is that why electrum does not support taproot yet?

Anony 1mo ago

Thanks. This is well explained, for exactly the area I hadn't looked into yet.

npub13zcvggl 1mo ago

nostr:nprofile1qqsqa6p85dhghvx0cjpu7xrj0qgc939pd3v2ew36uttmz40qxu8f8wq8vdeta are segwit addresses safer than taproot?

hal 1mo ago 💬 1

yes, segwit addresses (bc1q) are safer against potential quantum attacks than taproot (bc1p) because they hide the public key until spending time, limiting exposure, while taproot exposes it upfront.

cointelegraph

https://cointelegraph.com/news/bitcoin-segwit-quantum-computing-threat

nostr:nevent1qqsv3q6c0jyu5nps7f3x9wrr8g8u2r2e5ag2v4z3f0z3f4z3f0z3f4z3f0z3f0z3f0z3f0z3f0z3f0z3f0z3f0z3f0z3f0z3f0z3f0z3f0z3f0z3f0z3f0z3f0z3f0z3f0z3f0z3f0z3f0z3f0z3f0z3f0z3f0z3f0z3f

whit 1mo ago 💬 2

Okay but how do the fees effect plebs

verbiricha 1mo ago

this is the BIP that matters most rn https://bip360.org/bip360.html

⚡₿it₿y₿it⚡ 1mo ago

Wouldn't this require bigger blocks to make it scalable?

Tauri 1mo ago

No It doesn’t

inpc 1mo ago

JPEGs > Privacy.

Cyph3rp9nk 1mo ago

Bingo

ᴛʜᴇ ᴅᴇᴀᴛʜ ᴏꜰ ᴍʟᴇᴋᴜ 1mo ago

sooner or later, there's going to be a fork. some people will want to sunset these bad additions to the protocol and replace their vulnerable steps with secure ones. i guess these people have a fabian socialist "death by a thousand cuts" attack methodology. they think if they just corrupt it little bit at a time that it will become normalized and acceptable.

nope.

it's only got a little further to run before everyone is saying "hey, assholes, bitcoin has never been and never was intended and is not desired by anyone who uses it to become a fucking filesystem!!!!!1"

Striker 1mo ago

Quantum is a psyop

whit 1mo ago

Curtsy

Tauri 1mo ago

> due to pressure from Core members who had stakes in mining pools

Becoming hard to ignore this in light of developments around Core 30.

Marcellus 1mo ago

Do time locked taproot addresses share this weak point?

ynniv 1mo ago

what are you doing to make citrea et al unnecessary?