Oddbean new post about | logout
conduition | 1 months ago (raw) | export | reply | flag +34 
 I went on a deep dive into post-quantum hash-based signatures and tried to apply them to bitcoin. At the end of the article I propose a way to insure today's Bitcoin wallets with a quantum-resistant fallback key, without any consensus changes needed.

https://conduition.io/cryptography/quantum-hbs/
Diacone Frost | 1 months ago (raw) | root | parent | reply | flag 
 As always awesome. Need to re-read this.


nostr:nevent1qqsx9hn8x95zarwefv7evvqq5vxndcx9ulquukpwe4axudutfml6g5sprpmhxue69uhkummnw3ezuendwsh8w6t69e3xj730qgs0awzzutnzfj6cudj03a7txc7qxsrma9ge44yrym6337tkkd23qkgrqsqqqqqpz4g2jv
Duncan Cary Palmer | 1 months ago (raw) | root | parent | reply | flag 
 👇👇👇Fascinating👇👇👇
nostr:nevent1qqsx9hn8x95zarwefv7evvqq5vxndcx9ulquukpwe4axudutfml6g5spz4mhxue69uhhyetvv9ujuerpd46hxtnfduhsyg87hppw9e3yedvwxe8c7l9nv0qrgpa7j5v66jpjdagcl9mtx4gstypsgqqqqqqs74t70f
Jimmy | 1 months ago (raw) | root | parent | reply | flag 
 Great stuff, thanks! As a post-quantum attack wouldn't the codebase of all wallets be viable to a compromise via darkskippy kind off exploit?
conduition | 1 months ago (raw) | root | parent | reply | flag 
 First time for me hearing of Dark Skippy, but it sounds like a pretty obvious idea: Malicious firmware causes compromise of hardware wallets. That idea applies to pre and post quantum signatures of any algorithm.
Jimmy | 1 months ago (raw) | root | parent | reply | flag 
 What I meant is that even if bitcoin is made quantum-resistant I am not sure that everything else will be. And if not what kind of implications will that have for bitcoin security? For example, if one can compromise github/gitlab accounts easilly then one has a larger attack surface by modifying either hw wallet firmware or wallet clients code. Do you know if passcodes or ssh comunication are somehow more resistant to quantum-comp attacks?
conduition | 1 months ago (raw) | root | parent | reply | flag 
 That's completely true! The transition to PQ crypto is a slow march across all digital industries. I know for sure OpenSSH is actively working on this. https://linuxiac.com/openssh-9-9-released/

The most important part of the overall migration IMO will be TLS. Almost all TLS traffic today is basically plaintext to a quantum computer (incl passwords sent to log into online services, and access keys downloaded over TLS). Cloudflare has a good post about that here: https://blog.cloudflare.com/pq-2024/
telluride | 1 months ago (raw) | root | parent | reply | flag 
 Searching up Dark Skippy was definitely not on my bingo card today.
🧡👊🏻🍻
yonson | 1 months ago (raw) | root | parent | reply | flag 
 Epic.
VictorieeMan | 1 months ago (raw) | root | parent | reply | flag 
 Sounds like something we need
telluride | 1 months ago (raw) | root | parent | reply | flag +1 
 Anyone interested in this topic, may want to check out @HunterBeast pod on YouTube.

https://primal.net/e/note1gy7hy07enzfq753e6htpfhylq00tj2easc7mmjr70k6c3n7hhncq9pcxpu
Alex | 1 months ago (raw) | root | parent | reply | flag 
 we need more of that kind of research