free web page hit counter
Thoughts on using sect571k1 as a "emergency break glass" fallback to a formal PQC sig?

Thoughts on using sect571k1 as a "emergency break glass" fallback to a formal PQC sig?

Bitcoin Reddit

More / Bitcoin Reddit 9 Views

Going over the secp256k1 spec, I was reading through to the sect571k1 secion (3.7.1). Might it be a good PQC stop-gap upgrade to secp256k1? It is still defined on a Koblitz curve giving the higher level of efficiency compared to random parameter selection and offers 15360 bit DSA equivalency compared to the current 3072 bit equivalency (5x increase). Agreed the signatures are twice (2.23) as large and and would require twice the (witness) block space as well as much heavier load on verifying nodes, but perhaps it is a viable alternative given that it would require 5x as many qubits (in theory) to factor.

If QC arrives in the next 50 years, might it be convenient to have a PR ready to deploy to simply "kick the can" down the road another century?

submitted by /u/brianddk
[link] [comments]

Comments