Topic: Could alternative (e.g. post-quantum) cryptography be introduced via BitVM? (Read 20 times)

It is better to make a regular soft-fork in that case: https://groups.google.com/g/bitcoindev/c/p8xz08YTvkw

It shouldn't matter, because you shouldn't put everything on-chain. See: https://bitcointalksearch.org/topic/really-really-ultimate-blockchain-compression-coinwitness-277389 (this topic contains the word "witness", but it is not about Segwit).

Even if ECDSA will be broken, then still, there are scripts you can do, which could be safely used, even in that kind of scenarios. For example: "OP_SHA256 OP_CHECKSIG" is one of those Scripts, where you have to put a message, which will hash perfectly into x-value of the public key, and will pass Schnorr signature verification.

Another example is "Pay to Proof of Work", when you require a DER signature below N bytes.

So, even if OP_CHECKSIG will lose its original meaning, then still, it will then be just a calculator, working on 256-bit numbers. But: it will be possible to mount another challenge, where you would need many OP_CHECKSIGs, to move the coins. And they can be wired in a way, where knowing the private key will give you no advantage, because the challenge will require solving dependencies between keys, and not the keys alone.

Well, there are some posts. Here is another one: https://groups.google.com/g/bitcoindev/c/SPmrzARLMFU

It is possible that eventually ECDSA (the cryptosystem Bitcoin uses for its PKS, i.e. private and public keys) is broken, be it due to quantum computers or an undiscovered flaw.

Of course the developers could add opcodes for challenges in alternative cryptosystems once this becomes a real issue, and currently it seems very far away and it may even be impossible or in the far future. But judging by the fact that all the time threads are opened about quantum computers and how they could "destroy" ECDSA and Bitcoin (and even SHA256 according to some), perhaps it could make sense to offer this alternative earlier -- and to end the quantum computer FUD once and for all time.

With BitVM we now have a working concept to "emulate" all kinds of programs with Bitcoin Script via "logic gates" built into a special kind of transactions.

There have been lots of ideas with BitVM already, but I haven't seen the use case to "emulate" post quantum cryptography.

Would this be possible? I can imagine the "simulation algorithm" to be enormous, like the gigabyte-big ZK provers. But in theory it should be possible to build a "challenge" based on alternative cryptosystems to "lock" a coin so it is spendable only with the "post-quantum" keys. Or are there unsurmountable challenges? Was this perhaps even discussed in some technical forum or mailing list already?