Developers debate an emergency soft fork that would leave many Taproot wallets disabled.
The proof of concept was presented by Olaoluwa Osuntokun, CTO of Lightning Labs.
Olaoluwa Osuntokun, CTO of Lightning Labs, published on April 8 on the Bitcoin developers mailing list a proof of concept that addresses one of the unresolved problems of the post-quantum debate: what would happen to Bitcoin wallets if a soft fork emergency to disable the most common spending mechanism on Taproot addresses.
He soft fork potential that the developers discuss would be activated as an emergency response to the arrival of “Q-Day”, disabling the ‘keyspend path’ of Taproot, the mechanism that allows funds to be spent with a simple Schnorr signature, in an attempt to prevent a quantum computer from being able to derive a private key from a public key in Taproot addresses.
Through this, the wallets that use that scheme, the majority of those generated with the standard BIP-86they would be blocked indefinitely since They do not have an alternative spending route configured.
However, Taproot addresses with an alternate spending route configured, known as ‘script path’they would continue working.
The solution that proposes Osuntokun is the use of technology zk-STARKa type of zero-knowledge proof (ZK proofs) that would allow a user to prove that they are the rightful owner of an address without revealing your private key or master seed. With this system, the user would be able to access their funds and move them to a secure post-quantum format, even in the scenario where the keyspend path is disabled.
One more tool in the post-quantum kit
A zk-STARK proof is a cryptographic mechanism that allows proving that something is true without revealing the information that proves it. In this case, the Bitcoin user would prove that they know the seed that generated a specific public key, without exposing that seed.
The advantage for the post-quantum scenario is that the zk-STARK tests rely on symmetric cryptography, considered resistant to quantum attacks.
Osuntokun notes that the test is far from optimized and that a production implementation would use a more efficient and smaller circuit. Its current purpose is to demonstrate that the solution is technically feasible with hardware available today.
The context: Taproot going backwards
As reported by CriptoNoticias, Taproot addresses show signs of disuse in the Bitcoin ecosystem, in a phenomenon that could be linked to its quantum vulnerability.
Taproot addresses expose the public key directly on the chain, making them a direct target for Shor’s algorithm: a sufficiently powerful quantum computer could use that exposed public key to derive the private key and access the funds.
Finally, and as eloquent proof of the low use of the Taproot address, data from the Clarkmoody platform indicates that currently only 10% of all Bitcoin addresses correspond to the Taproot format.