Bitcoin Forum
July 30, 2021, 09:13:15 PM *
News: Latest Bitcoin Core release: 0.21.1 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: Transaction Commitment idea (to ensure that QC can't steal anyone's BTC)  (Read 96 times)
CIYAM
Legendary
*
Offline Offline

Activity: 1890
Merit: 1004


Ian Knowles - CIYAM Lead Developer


View Profile WWW
March 23, 2018, 02:32:02 PM
Merited by ETFbitcoin (1)
 #1

Not sure what other ideas have been put forward to address this issue (but QC is looking more and more like a real issue these days) so I thought I'd just bring up this idea (it may have been brought up before as I haven't followed this forum now for quite a while so sorry if I'm wasting anyone's time).

From memory I believe that stealth addresses worked using some magic to do with "adding" a value to public and private EC keys and I think this idea could be harnessed to prevent QC theft. Basically the method would be to divide a tx into two separate parts (that need to be confirmed separately) with the first part being a "tx commitment" and the second part being the "tx verification". The first tx looks pretty much like a normal tx but the public key is not valid at the time (as it has had a random X value added to it) although the signature would be valid with the munged public key (thus any QC trying to determine the private key will end up with the wrong private key value and AFAICT the real value can't be worked out until X is published).

After this first tx has been confirmed the funds should remain locked for N blocks (probably no more than 100 or so I'd think) so that interception of the second tx can't be then used to bypass this mechanism (and maybe a greater than normal tx fee should be required for the first tx to make sure people just don't try to lock up everyone's UTXOs in this manner for fun).

Once the commitment tx confirms enough times and no other tx using the same "munged public key" has appeared before it (which potentially could happen if the QC worked out the private key of the munged public key fast enough) then you would send out a "tx verification" that would reference the tx id of the commitment tx and provide the random X value which will then allow the actual ownership transfer to take place.

It's not very elegant and probably needs a lot of refining and improving but that's one idea to counter QC before we work out a completely new signature approach (presumably along the lines of Lamport signatures).

With CIYAM anyone can create 100% generated C++ web applications in literally minutes.

GPG Public Key | 1ciyam3htJit1feGa26p2wQ4aw6KFTejU
Pages: [1]
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!