Groups
Groups
Sign in
Groups
Groups
Bitcoin Development Mailing List
Conversations
About
Send feedback
Help
Sort By Relevance
Sort By Date
1–30 of many
Pieter Wuille
, …
Antoine Riard
7
Jun 28
Giving teeth to expected EC disabling: P2XX(-T)(-ML)
post-
quantum
> theft via a key-path spend of a BIP341 NUMS IPK to trigger the tripwire, > in addition to someone who has direct access to a CRQC. > > I think it could make sense
unread,
Giving teeth to expected EC disabling: P2XX(-T)(-ML)
post-
quantum
> theft via a key-path spend of a BIP341 NUMS IPK to trigger the tripwire, > in addition to someone who has direct access to a CRQC. > > I think it could make sense
Jun 28
conduition
, …
ArmchairCryptologist
20
Jun 26
Aligning privacy incentives in P2MR
post-
quantum
transition cannot > rely primarily on self-reliance. If the migration requires most users to > understand Q-Day timing, keep EC spend paths secret, or react quickly
unread,
Aligning privacy incentives in P2MR
post-
quantum
transition cannot > rely primarily on self-reliance. If the migration requires most users to > understand Q-Day timing, keep EC spend paths secret, or react quickly
Jun 26
3D
,
conduition
2
Jun 13
Simple Setup for SPHINCS+ Bitcoin-style Address (proof-of-concept)
post-
quantum
signature schemes. I put together a small, two-program proof-of-concept to show how double-shake256 with SPHINCS+ using small paramaters can produce bitcoin sytled
unread,
Simple Setup for SPHINCS+ Bitcoin-style Address (proof-of-concept)
post-
quantum
signature schemes. I put together a small, two-program proof-of-concept to show how double-shake256 with SPHINCS+ using small paramaters can produce bitcoin sytled
Jun 13
Erik Aronesty
, …
Saint Wenhao
7
Jun 13
Weak Quantum Bounty Ceremony
made by
quantum
computer and can > prove it, but then it will be clear who leaked it, because the > signature has a unique nonce. This is where ZK can help. But how to do > ZK onchain
unread,
Weak Quantum Bounty Ceremony
made by
quantum
computer and can > prove it, but then it will be clear who leaked it, because the > signature has a unique nonce. This is where ZK can help. But how to do > ZK onchain
Jun 13
opus lux
, …
conduition
4
Jun 8
[BIP] P2WOTS: 64 Slot Winternitz UTXO's (witness version three)
post-
quantum
-utxo-winternitz-signatures/2530 > > A live signet with full P2WOTS support is live for testing and a wallet demo can be interacted with from my website. I will
unread,
[BIP] P2WOTS: 64 Slot Winternitz UTXO's (witness version three)
post-
quantum
-utxo-winternitz-signatures/2530 > > A live signet with full P2WOTS support is live for testing and a wallet demo can be interacted with from my website. I will
Jun 8
Amarildo
,
Alex
3
Jun 5
Q-Lock: Quantum-Resistant Spending via ECDSA + Hash-Based Secrets
approach to
quantum
resistance >> for Bitcoin that I believe is simpler than BIP-360 P2QRH. >> >> **Q-Lock:
Quantum
-Resistant Spending Protocol** >>
unread,
Q-Lock: Quantum-Resistant Spending via ECDSA + Hash-Based Secrets
approach to
quantum
resistance >> for Bitcoin that I believe is simpler than BIP-360 P2QRH. >> >> **Q-Lock:
Quantum
-Resistant Spending Protocol** >>
Jun 5
Matt Corallo
, …
Louise Michel
26
May 28
PQC - What is our Goal, Even?
, because
quantum
-resistant hybrid addresses > would be the specified standard for consumer wallets, and those wallets > would already have at least two script leaves. The
unread,
PQC - What is our Goal, Even?
, because
quantum
-resistant hybrid addresses > would be the specified standard for consumer wallets, and those wallets > would already have at least two script leaves. The
May 28
Nikita Karetnikov
, …
conduition
16
May 28
PQC: Lattice-based signatures
So you'd essentially be computing: e = H(R || hybrid_pk || m) P = e^{-1} * (s*G - R) ie the same as BIP340 Schnorr, but hashing a commitment to the
unread,
PQC: Lattice-based signatures
So you'd essentially be computing: e = H(R || hybrid_pk || m) P = e^{-1} * (s*G - R) ie the same as BIP340 Schnorr, but hashing a commitment to the
May 28
Jason Resch
, …
Peter Todd
7
Jun 8
One Time Signatures as an Advantage?
post-
quantum
-secure > hash-based signature scheme. However, to achieve the stateless feature > of being able to sign multiple messages, requires a significant size >
unread,
One Time Signatures as an Advantage?
post-
quantum
-secure > hash-based signature scheme. However, to achieve the stateless feature > of being able to sign multiple messages, requires a significant size >
Jun 8
3D
,
conduition
2
May 26
[BIP Proposal] Hybrid SPHINCS+ / secp256k1 Key Derivation for Quantum-Resistant Paper Wallets
bridge for
quantum
-hardened cold storage/paper wallets while post-
quantum
consensus migration is still in the future. What does this even mean? There is no way to "
quantum
unread,
[BIP Proposal] Hybrid SPHINCS+ / secp256k1 Key Derivation for Quantum-Resistant Paper Wallets
bridge for
quantum
-hardened cold storage/paper wallets while post-
quantum
consensus migration is still in the future. What does this even mean? There is no way to "
quantum
May 26
Amon BAZONGO
, …
Murch
7
May 22
What if we let Quantum Hunters get Bitcoin rewards ?
concerned about
Quantum
. That is a fact regarding the number of
quantum
-related BIP 2. Now, the ecosystem has no incentive to actively participate in
Quantum
research. But the obvious
unread,
What if we let Quantum Hunters get Bitcoin rewards ?
concerned about
Quantum
. That is a fact regarding the number of
quantum
-related BIP 2. Now, the ecosystem has no incentive to actively participate in
Quantum
research. But the obvious
May 22
Olaoluwa Osuntokun
, …
conduition
18
May 22
Post-Quantum BIP-86 Recovery via zk-STARK Proof of BIP-32 Seed Knowledge
post-
quantum
, just discussing the technical possibilities. > > > > > > Best, > > > Abubakar Sadiq > > > On Friday, April 10, 2026 at 7:47:09 PM
unread,
Post-Quantum BIP-86 Recovery via zk-STARK Proof of BIP-32 Seed Knowledge
post-
quantum
, just discussing the technical possibilities. > > > > > > Best, > > > Abubakar Sadiq > > > On Friday, April 10, 2026 at 7:47:09 PM
May 22
Jason Resch
,
Pieter Wuille
5
May 20
A "Quantum-Agile" Bitcoin address proposal
On Wed, May 20, 2026, 9:02 AM Pieter Wuille wrote: > Hi Jason, > > See my comments below. > > On Tuesday, May 19th, 2026 at 11:27 PM,
unread,
A "Quantum-Agile" Bitcoin address proposal
On Wed, May 20, 2026, 9:02 AM Pieter Wuille wrote: > Hi Jason, > > See my comments below. > > On Tuesday, May 19th, 2026 at 11:27 PM,
May 20
Jameson Lopp
, …
thomas suau
54
May 18
Against Allowing Quantum Recovery of Bitcoin
. While
quantum
computers are still in theory, so if I would have to guess, then I would put more money on a scenario, where RIPEMD-160 collision is found faster than anyone will break
unread,
Against Allowing Quantum Recovery of Bitcoin
. While
quantum
computers are still in theory, so if I would have to guess, then I would put more money on a scenario, where RIPEMD-160 collision is found faster than anyone will break
May 18
Olaoluwa Osuntokun
, …
conduition
6
May 9
A Post-Quantum Path for BIP 324
post-
quantum
-secure commutative group action scheme allows non-interactive key exchange. CSIDH is just one such example, and I'm sure there are and will be others. > >
unread,
A Post-Quantum Path for BIP 324
post-
quantum
-secure commutative group action scheme allows non-interactive key exchange. CSIDH is just one such example, and I'm sure there are and will be others. > >
May 9
Light
,
waxwing/ AdamISZ
3
May 5
The Bitcoin Lost and Found
do with
quantum
-vulnerable > coins?"[a][b] For reasons I have > explained elsewhere, I reject the meta-premise of the question ie that > there is any discussion >
unread,
The Bitcoin Lost and Found
do with
quantum
-vulnerable > coins?"[a][b] For reasons I have > explained elsewhere, I reject the meta-premise of the question ie that > there is any discussion >
May 5
Zac Mitton
, …
Nuh.dev
9
May 21
Fly Client Proposal
are post
quantum
secure, as they don't require much more than polynomials and hash functions, and they don't have trust assumptions like SNARKs, which is why they are called
unread,
Fly Client Proposal
are post
quantum
secure, as they don't require much more than polynomials and hash functions, and they don't have trust assumptions like SNARKs, which is why they are called
May 21
Erik Aronesty
, …
Ali Sherief
10
Apr 28
Deactivating ECDSA/Schnorr
until some
quantum
-safe address has been created. Second of all, this change will not be possible without a hard fork. Hard forks are generally avoided by the community because they
unread,
Deactivating ECDSA/Schnorr
until some
quantum
-safe address has been created. Second of all, this change will not be possible without a hard fork. Hard forks are generally avoided by the community because they
Apr 28
remix7531
,
Ethan Heilman
2
Apr 20
Benchmarking SLH-DSA STARK Aggregation
"Post
Quantum
Signatures and Scaling Bitcoin" > post [0], which proposed using STARKs to aggregate PQ signatures per > block and raised the concern that proof generation
unread,
Benchmarking SLH-DSA STARK Aggregation
"Post
Quantum
Signatures and Scaling Bitcoin" > post [0], which proposed using STARKs to aggregate PQ signatures per > block and raised the concern that proof generation
Apr 20
Antoine Poinsot
, …
Matt Corallo
36
Apr 19
In defense of a PQ output type
"all
quantum
-vulnerable addresses") spendable via a previously non-existant
quantum
safe path is a hard fork. Sorry if I didn't phrase that clearly enough. It is
unread,
In defense of a PQ output type
"all
quantum
-vulnerable addresses") spendable via a previously non-existant
quantum
safe path is a hard fork. Sorry if I didn't phrase that clearly enough. It is
Apr 19
PYM
,
Daniel Buchner
2
Apr 11
A slight change proposed on Committing to quantum resistance: a slow defence for Bitcoin against a fast quantum computing attack
adress to
quantum
resistant scheme so user do not > need to rush to move bitcoin before qday, in a space efficient form. > > > - *Universal P2PKH freeze* — At a defined block
unread,
A slight change proposed on Committing to quantum resistance: a slow defence for Bitcoin against a fast quantum computing attack
adress to
quantum
resistant scheme so user do not > need to rush to move bitcoin before qday, in a space efficient form. > > > - *Universal P2PKH freeze* — At a defined block
Apr 11
Ethan Heilman
, …
moonsettler
46
Apr 2
Algorithm Agility for Bitcoin to maintain security in the face of quantum and classic breaks in the signature algorithms
if a
quantum
computer finds the private key to an exposed EC pubkey, to forge a new EC signature for a different SIGHASH is still
quantum
hard. > > > > Benefits: > > -
unread,
Algorithm Agility for Bitcoin to maintain security in the face of quantum and classic breaks in the signature algorithms
if a
quantum
computer finds the private key to an exposed EC pubkey, to forge a new EC signature for a different SIGHASH is still
quantum
hard. > > > > Benefits: > > -
Apr 2
conduition
Mar 28
Post Quantum HD Wallets with fallback SPHINCS keys
in a
quantum
-resistant environment. This email demos techniques we can use as drop-in post-
quantum
replacements for classical HD wallet standards, and shows how to mitigate problems
unread,
Post Quantum HD Wallets with fallback SPHINCS keys
in a
quantum
-resistant environment. This email demos techniques we can use as drop-in post-
quantum
replacements for classical HD wallet standards, and shows how to mitigate problems
Mar 28
pyth
,
Christopher Allen
2
Mar 27
[BIP Draft] Wallet Backup Metadata Format
Post-
Quantum
-Cryptopgraphy (PQC) method of Bluetooth communication that's in their new Passport Prime device , but they've also implemented URs, Animated QRs, SSKR,
unread,
[BIP Draft] Wallet Backup Metadata Format
Post-
Quantum
-Cryptopgraphy (PQC) method of Bluetooth communication that's in their new Passport Prime device , but they've also implemented URs, Animated QRs, SSKR,
Mar 27
sashabeton
, …
aaron.recompile
17
Mar 24
[BIP proposal] Pay to Schnorr Key Hash (P2SKH)
is not
quantum
-resistant — I fully acknowledge this. Like P2WPKH, >> it relies on secp256k1 and will need to be migrated once post-
quantum
>> schemes are deployed in Bitcoin
unread,
[BIP proposal] Pay to Schnorr Key Hash (P2SKH)
is not
quantum
-resistant — I fully acknowledge this. Like P2WPKH, >> it relies on secp256k1 and will need to be migrated once post-
quantum
>> schemes are deployed in Bitcoin
Mar 24
defenwycke
Mar 16
[Draft BIP proposal] Ladder script
Post-
quantum
signatures. FALCON-512, FALCON-1024, Dilithium3, and SPHINCS+ are native block types. A SCHEME field on any signature block routes verification to classical Schnorr
unread,
[Draft BIP proposal] Ladder script
Post-
quantum
signatures. FALCON-512, FALCON-1024, Dilithium3, and SPHINCS+ are native block types. A SCHEME field on any signature block routes verification to classical Schnorr
Mar 16
Mike Casey
, …
Brandon Black
15
Mar 6
Hourglass V2 Update
19 Ian
Quantum
: > YKYC but P2PK has been deprecated since a little in 2013 after I joined Bitcoin as one of the silent masses around 2010. What does 13 years of "deprecated"
unread,
Hourglass V2 Update
19 Ian
Quantum
: > YKYC but P2PK has been deprecated since a little in 2013 after I joined Bitcoin as one of the silent masses around 2010. What does 13 years of "deprecated"
Mar 6
Pieter Wuille
, …
Alex
16
Feb 25
The limitations of cryptographic agility in Bitcoin
as a
quantum
computer (unicorn); it renders the optional PQC script spend path and PQ signatures unnecessary bloat to Bitcoin (and the entire tech and military industry) and makes
unread,
The limitations of cryptographic agility in Bitcoin
as a
quantum
computer (unicorn); it renders the optional PQC script spend path and PQ signatures unnecessary bloat to Bitcoin (and the entire tech and military industry) and makes
Feb 25
Erik Aronesty
Feb 2
SImple quantum security, at the expense of slower tx time
for a
quantum
-secure vault. There may be some missing details, but in general, this shows that covenant-protected vaults, with appropriate depth-locks are
quantum
-resistant.
unread,
SImple quantum security, at the expense of slower tx time
for a
quantum
-secure vault. There may be some missing details, but in general, this shows that covenant-protected vaults, with appropriate depth-locks are
quantum
-resistant.
Feb 2
Giulio Golinelli
, …
conduition
13
Feb 2
Falcon Post-Quantum Signature Scheme Proposal
post-
quantum
-surprise/#floating-points-falcons-achilles > > > > > > While I wouldn't rule out Falcon permanently, I personally feel > > > more
unread,
Falcon Post-Quantum Signature Scheme Proposal
post-
quantum
-surprise/#floating-points-falcons-achilles > > > > > > While I wouldn't rule out Falcon permanently, I personally feel > > > more
Feb 2