. While quantum computers are still in theory, so if I would have to guess, then I would put more money on a scenario, where RIPEMD-160 collision is found faster than anyone will break

post-quantum-secure commutative group action scheme allows non-interactive key exchange. CSIDH is just one such example, and I'm sure there are and will be others. > >

would be quantum-resistant. Each old-address holder is responsible to migrate to a new quantum-resistant address. 2. So when a hunter (I prefer this term instead of attacker), proves

do with quantum-vulnerable > coins?"[a][b] For reasons I have > explained elsewhere, I reject the meta-premise of the question ie that > there is any discussion >

are post quantum secure, as they don't require much more than polynomials and hash functions, and they don't have trust assumptions like SNARKs, which is why they are called

post-quantum, >> just discussing the technical possibilities. >> >> Best, >> Abubakar Sadiq >> On Friday, April 10, 2026 at 7:47:09 PM UTC+2 conduition

until some quantum-safe address has been created. Second of all, this change will not be possible without a hard fork. Hard forks are generally avoided by the community because they

post-quantum > security. I don't see how this moves the needle on the above goal, and in > fact in many cases detracts from the above goal. Of course if we can > accomplish

"Post Quantum Signatures and Scaling Bitcoin" > post [0], which proposed using STARKs to aggregate PQ signatures per > block and raised the concern that proof generation

"all quantum-vulnerable addresses") spendable via a previously non-existant quantum safe path is a hard fork. Sorry if I didn't phrase that clearly enough. It is

adress to quantum resistant scheme so user do not > need to rush to move bitcoin before qday, in a space efficient form. > > > - *Universal P2PKH freeze* — At a defined block

if a quantum computer finds the private key to an exposed EC pubkey, to forge a new EC signature for a different SIGHASH is still quantum hard. > > > > Benefits: > > -

in a quantum-resistant environment. This email demos techniques we can use as drop-in post-quantum replacements for classical HD wallet standards, and shows how to mitigate problems

Post-Quantum-Cryptopgraphy (PQC) method of Bluetooth communication that's in their new Passport Prime device , but they've also implemented URs, Animated QRs, SSKR,

is not quantum-resistant — I fully acknowledge this. Like P2WPKH, >> it relies on secp256k1 and will need to be migrated once post-quantum >> schemes are deployed in Bitcoin

Post-quantum signatures. FALCON-512, FALCON-1024, Dilithium3, and SPHINCS+ are native block types. A SCHEME field on any signature block routes verification to classical Schnorr

approach to quantum resistance > for Bitcoin that I believe is simpler than BIP-360 P2QRH. > > **Q-Lock: Quantum-Resistant Spending Protocol** > > SUMMARY: >

19 Ian Quantum : > YKYC but P2PK has been deprecated since a little in 2013 after I joined Bitcoin as one of the silent masses around 2010. What does 13 years of "deprecated"

as a quantum computer (unicorn); it renders the optional PQC script spend path and PQ signatures unnecessary bloat to Bitcoin (and the entire tech and military industry) and makes

for a quantum-secure vault. There may be some missing details, but in general, this shows that covenant-protected vaults, with appropriate depth-locks are quantum-resistant.

post-quantum-surprise/#floating-points-falcons-achilles > > > > > > While I wouldn't rule out Falcon permanently, I personally feel > > > more

Hi, The issue with defining all non-monetary data as spam is that it eliminates functionality Bitcoin has relied on since inception. Bitcoin was

post-quantum ones at Q-day - without the need of any action from owners. This could be achieved via forced transactions of all unspent funds to the new addresses. Of course this comes

savings are smaller. > > [0] > https://delvingbitcoin.org/t/shrincs-324-byte-stateful-post-quantum-signatures-with-static-backups/2158 > > Jonas >

post-quantum signing schemes work at scale. The main issue I see with your protocol as described is that unlike other commit/reveal protocols, the "anchor tx" as you call

to full quantum-safe signature schemes. One strength of beginning with a commit-and-reveal path is that it allows the ecosystem to develop a quantum-resilient vault mechanism and

, not quantum). Between BIP360 and something like TXHASH, it's possible to make quantum safe scripts and multi-step commit-reveal vaults that don't relay solely on signatures

chance that quantum computing relevant to cryptography turns out to be real and numerous protocols become insecure due to it. > > what if mining was done just on an accumulator

post-quantum hash-based signature scheme SLH-DSA (formerly SPHINCS+), which is being considered as a candidate for a quantum-resistant soft-fork upgrade to Bitcoin, re: BIP360

Post-Quantum cross-input signature aggregation. It's > not quite "signature aggregation" the way we normally think of it, but > gives similar benefits while