Bitcoin Forum
November 23, 2025, 11:23:49 PM *
News: Latest Bitcoin Core release: 30.0 [Torrent]
 
   Home   Help Search Login Register More  
Bitcoin Forum > Bitcoin > Development & Technical Discussion > First Quantum resistant wallet and transaction in the world!!!
Pages: [1]
« previous topic next topic »
  Print  
Author Topic: First Quantum resistant wallet and transaction in the world!!!  (Read 75 times)
harmani21 (OP)
Member
**
Offline Offline

Activity: 102
Merit: 11


View Profile
November 22, 2025, 06:42:27 PM
Merited by stwenhao (1)
 #1
# First Quantum-Resistant Bitcoin Transaction Using mask512 Derivation

I've successfully broadcast the first quantum-resistant Bitcoin transaction
to mainnet using a novel dual-signature scheme.

Transaction: https://blockstream.info/tx/143d47830c1d757583f9685396b2fb89778c47b9fc1c0d640b27bf01a366ded4

## How It Works
- Dual-lock P2SH: ECDSA signature + SHA256 hash preimage
- Even if quantum computers break ECDSA, hash preimage remains secure
- Requires 2^128 operations to break (impossible for quantum computers)
- Works on Bitcoin TODAY - no consensus changes needed

## Technical Details
- Transaction size: 510 bytes (vs normal ~190 bytes)
- Uses mask512 derivation: single seed → ECDSA key + unlock secret
- Script: <pubkey> OP_CHECKSIGVERIFY OP_HASH256 <commitment> OP_EQUAL

## Code
Link to GitHub repo coming soon

Thoughts? Feedback welcome!
```
stwenhao
Hero Member
*****
Offline Offline

Activity: 557
Merit: 1237


View Profile
Today at 09:44:37 AM
 #2
Quote
Thoughts? Feedback welcome!
You should put the hash first, and the public key second, because then, OP_CODESEPARATOR can be used, to split public key from additional conditions, so then old wallets could sign it properly. For example:
Code:
OP_HASH256 <commitment> OP_EQUALVERIFY
OP_CODESEPARATOR
<pubkey> OP_CHECKSIG
And then, it is spendable by "<signature> <data>", where signature can be correctly generated by many existing wallets, if you give them "<pubkey> OP_CHECKSIG" as a Script, and then, data can be attached even by manually inserting it into transaction HEX in any text editor.

Quote
Even if quantum computers break ECDSA, hash preimage remains secure
Wrong, because a malicious miner will know the solution, when your transaction will be flying as unconfirmed in mempools. You should think about something, which will require some effort, even if miners will know everything. For example: https://bitcointalk.org/index.php?topic=5557305.0

Quote
Requires 2^128 operations to break (impossible for quantum computers)
It requires only getting the private key, and making a successful double-spend with higher fees. And if it has a single confirmation, then it requires reorging a single block, which is currently something around 2^80, rather than 2^128.

Quote
Transaction size: 510 bytes (vs normal ~190 bytes)
It is more expensive, than it could be, because you didn't use Segwit.
Proof of Work puzzle in mainnet, testnet4 and signet.
Roberto888
Newbie
*
Offline Offline

Activity: 23
Merit: 1


View Profile
Today at 05:07:36 PM
 #3
Interesting approach. That's a clever use of existing script to add quantum resistance.
The larger transaction size is a noticeable trade-off. Good to see practical work on this problem now rather than later.
Looking forward to the code release to see how the key derivation works.
harmani21 (OP)
Member
**
Offline Offline

Activity: 102
Merit: 11


View Profile
Today at 08:36:47 PM
 #4
Quote from: harmani21 on November 22, 2025, 06:42:27 PM
# First Quantum-Resistant Bitcoin Transaction Using mask512 Derivation

I've successfully broadcast the first quantum-resistant Bitcoin transaction
to mainnet using a novel dual-signature scheme.

Transaction: https://blockstream.info/tx/143d47830c1d757583f9685396b2fb89778c47b9fc1c0d640b27bf01a366ded4

## How It Works
- Dual-lock P2SH: ECDSA signature + SHA256 hash preimage
- Even if quantum computers break ECDSA, hash preimage remains secure
- Requires 2^128 operations to break (impossible for quantum computers)
- Works on Bitcoin TODAY - no consensus changes needed

## Technical Details
- Transaction size: 510 bytes (vs normal ~190 bytes)
- Uses mask512 derivation: single seed → ECDSA key + unlock secret
- Script: <pubkey> OP_CHECKSIGVERIFY OP_HASH256 <commitment> OP_EQUAL

## Code
Link to GitHub repo coming soon

Thoughts? Feedback welcome!
```
   SCENARIO: Two Quantum Holders Battle
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

Time 0: You broadcast tx (1 BTC, 0.001 fee)

Time +30s:
Attacker quantum extracts key
Broadcasts double-spend (1 BTC, 0.01 fee)

Time +60s:
You quantum extract attacker's key 
Broadcast triple-spend (1 BTC, 0.1 fee)

Time +90s:
Attacker: quadruple-spend (0.5 fee)

Time +120s:
You: quintuple-spend (0.8 fee)

Time +150s:
Attacker: sextuple-spend (0.95 fee)

Time +180s:
You: septuple-spend (0.99 fee)

Time +200s:
Attacker: octuple-spend (0.999 fee)

Time +210s:
Mempool has 50 versions of same tx
All from same two quantum computers
Each outbidding the other
Final fee: 0.99999 BTC

Miner: "Thanks for the 1 BTC fee guys!" 🤑

NOBODY GETS THE BITCOIN! 😂😂😂
Pages: [1]
  Print  
Bitcoin Forum > Bitcoin > Development & Technical Discussion > First Quantum resistant wallet and transaction in the world!!!
 « previous topic next topic »
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!