NIST Releases First 3 Finalized Post-Quantum Encryption Standards

[larry_vw_1955]

While analysis of these two additional sets of algorithms will continue, Moody said that any subsequent PQC standards will function as backups to the three that NIST announced today.

“There is no need to wait for future standards,” he said. “Go ahead and start using these three. We need to be prepared in case of an attack that defeats the algorithms in these three standards, and we will continue working on backup plans to keep our data safe. But for most applications, these new standards are the main event.”

https://www.nist.gov/news-events/news/2024/08/nist-releases-first-3-finalized-post-quantum-encryption-standards

time for the bitcoin developers to upgrade bitcoin's digital signature and such...

[NotATether]

time for the bitcoin developers to upgrade bitcoin's digital signature and such...

That's going to be quite difficult to do because ECDSA signatures are stuck inside a specific part of the transaction (scriptsig field for legacy transactions and the witness for segwit transactions), so you would actually need to upgrade the witness version if you want to use a different form of signature, which requires a new address type and a soft-fork.

The new address part should be trivial but old clients would have to treat the new form of signatures as instantly valid somehow.

[ABCbits]

time for the bitcoin developers to upgrade bitcoin's digital signature and such...

I don't know much about cryptography, but there are few other steps they should do first such as,

1. Choose which one could be used by Bitcoin. Abstract of FIP 203 doesn't mention anything about cryptography signature, so i guess the choice is either FIP 204 or 205.
2. Do through verification about security of each cryptography. Don't forget some older cryptography accepted by NIST may have backdoor, https://en.wikipedia.org/wiki/Dual_EC_DRBG.

The new address part should be trivial but old clients would have to treat the new form of signatures as instantly valid somehow.

Good thing Bech32m exist, so theoretically bc1z or Bech32m with witness version 2 can be used. As for old client, "anyone can spend" trick could be used again.

[larry_vw_1955]

That's going to be quite difficult to do because ECDSA signatures are stuck inside a specific part of the transaction (scriptsig field for legacy transactions and the witness for segwit transactions), so you would actually need to upgrade the witness version if you want to use a different form of signature, which requires a new address type and a soft-fork.

The new address part should be trivial but old clients would have to treat the new form of signatures as instantly valid somehow.

I think it has more to do with than just the signature though. Bitcoin is built on Elliptic Curve Cryptography. So it's entire foundation is going to need to be rebuilt. FIPS-204 can help with that too I imagine. But the question is, is the bitcoin community going to get off their ass and do something about it. Or wait until the threat is materialized.

[seoincorporation]

The migration will not be that easy, because as other users already mentioned,the encryption is like the soul of the coin, and change that will make bitcoin a different coin. I can predict a fork for the migration, but the original blockchain will stay alive until the point where quantum computing can vulnerable the blockchain encryption.

It will be a complex change and i can't see it happening soon, but it will happen at some point. Maybe in the next 50 years... or something like that.

[larry_vw_1955]

The migration will not be that easy, because as other users already mentioned,the encryption is like the soul of the coin, and change that will make bitcoin a different coin. I can predict a fork for the migration, but the original blockchain will stay alive until the point where quantum computing can vulnerable the blockchain encryption.

so a fork like bitcoin cash. people have a copy of their old coins on the old network and their new ones on the new network. i guess that's what we would be looking at.

It will be a complex change and i can't see it happening soon, but it will happen at some point. Maybe in the next 50 years... or something like that.

i would hope a fork could happen sooner than that. it might take a few tries to get it "right"...