[ExI] Sell your Bitcoins!
Jason Resch
jasonresch at gmail.com
Sun May 17 17:01:22 UTC 2026
On Sun, May 17, 2026 at 10:18 AM Jason Resch <jasonresch at gmail.com> wrote:
>
>
> On Sun, May 17, 2026, 7:39 AM John Clark via extropy-chat <
> extropy-chat at lists.extropy.org> wrote:
>
>>
>>
>> - *Which algorithm?* Post-quantum cryptography is still maturing.
>> NIST only finalized its first PQC standards in 2024. Candidates like
>> CRYSTALS-Dilithium (lattice-based) look promising but have larger signature
>> sizes, which would affect Bitcoin's block space economics. Picking the
>> wrong one and having to migrate *again* would be catastrophic.
>>
>>
> The one with the smallest (signature+public key) size is best for
> minimizing the size of the chain. Beyond that there's not much of a
> question technically. Lattice based cryptography has a long history and
> it's security is fairly well vetted.
>
>
>
SQISign looks quite promising as a replacement for ECDSA for block-chain
applications:
https://csrc.nist.gov/csrc/media/Projects/pqc-dig-sig/documents/round-2/spec-files/sqisign-spec-round2-web.pdf
>From Table 1: to provide an equivalent post-quantum security level to
AES-128 (which the current Bitcoin signature scheme provides outside
quantum attacks) public key sizes are 65 bytes (compared to 33 bytes for a
compressed 256-bit ECDSA key), and the signature size is 148 bytes compared
to ECDSA's 64 byte signatures. Note that hard drives capacities have
increased by 30X since Bitcoin's original block size was selected in 2008,
so increasing the block size by 2-3 times to accommodate a new signature
scheme is well within the realm of feasibility.
Where this signature scheme is inefficient is in key generation and
signing, while verification (which must be done by everyone) is efficient.
This is also ideal for Bitcoin, since key generation and signing are rare
and done by individuals only once (by the person generating a wallet, or
spending their bitcoins), while verification must be done by everyone
maintaining and verifying their own local copy of the blockchain.
Note that the energy use you complain about is unrelated to the block
verification, but is almost exclusively driven by the mining. A single
laptop is enough to power the entire bitcoin network, if verification is
all you are interested in. So the relative computational cost change from
one cryptographic signature scheme to another is largely irrelevant to the
energy cost of bitcoin.
Jason
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.extropy.org/pipermail/extropy-chat/attachments/20260517/1e1a4803/attachment-0001.htm>
More information about the extropy-chat
mailing list