pull down to refresh

OP_CAT and Bitcoin’s Path to Quantum Resistancedelvingbitcoin.org/t/op-cat-and-bitcoin-s-path-to-quantum-resistance/2207
434 sats \ 3 comments \ @0xbitcoiner 20 Jan bitcoin
by sCrypt-ts

How OP_CAT enables post-quantum security while preserving Bitcoin’s design principles

Introduction: Quantum Risk as a Bitcoin Engineering QuestionIntroduction: Quantum Risk as a Bitcoin Engineering Question

At a very simple level, Bitcoin security relies on a kind of mathematical lock. Today, creating a Bitcoin signature is easy if you know the private key, but effectively impossible if you only see the public key. The gap between “easy” and “impossible” is what keeps coins safe.

Under the hood, this lock is built using elliptic curve cryptography. An elliptic curve is a specific mathematical structure where adding a point to itself repeatedly follows simple rules in one direction, but is extremely hard to reverse. In Bitcoin, a private key is just a very large number. The corresponding public key is generated by multiplying that number by a fixed point on the curve. This operation is fast and deterministic. Going backwards — recovering the private key from the public key — requires solving what is known as the elliptic curve discrete logarithm problem, which classical computers cannot do efficiently.

Classical computers approach problems step by step, trying possibilities sequentially or with limited parallelism. Even with massive computing power, reversing Bitcoin’s elliptic curve operation by brute force would take longer than the age of the universe. This asymmetry is exactly why elliptic-curve signatures are practical and secure today.

Quantum computers work very differently. Instead of operating on bits that are either zero or one, they operate on quantum states that can represent many possibilities at once. Carefully designed, quantum computers are extraordinarily powerful for certain classes of mathematical problems.

One such problem is the discrete logarithm problem. Shor’s algorithm, a quantum algorithm discovered in the 1990s, can exploit the algebraic structure of elliptic curves to solve this problem efficiently. Where a classical computer must grind through an infeasible search space, a sufficiently powerful quantum computer can extract the private key directly from the public key.

...read more at delvingbitcoin.org
write
preview
related posts
33 sats \ 2 replies \ @optimism 20 Jan

As a glorified script fanboi I'm still thinking this should be s/OP_CAT/GSR/g haha

reply
100 sats \ 1 reply \ @0xbitcoiner OP 20 Jan

🤔 That went over my head!

reply
174 sats \ 0 replies \ @optimism 20 Jan

See #1405141

I guess I'm sharing the first part of this opinion:

The choice between OP_CAT, the Great Script Restoration or anything in-between is purely engineering.

To me: OP_CAT alone is bad engineering. We know people will have to do atrocious things to convince Script to do what they want, so we should do better.

but without the followup tweet weakening the assertion by proposing to introduce a whole bunch of opcodes instead of GSR if "GSR is deemed too big".

reply