Add draft BIP: pqcBitcoin Post-Quantum Cryptography for Bitcoin

bip-pqc-bitcoin.mediawiki

@@ -0,0 +1,74 @@
+BIP: Unassigned
+Title: pqcBitcoin Post-Quantum Cryptography for Bitcoin
+Author: Eid Al Subaie <[email protected]>
+Status: Draft
+Type: Standards Track
+Created: 2025-04-22
+License: BSD-2-Clause
+
+== Abstract ==
+This proposal introduces post-quantum cryptography (PQC) to Bitcoin, aiming to future-proof the Bitcoin protocol against quantum computing threats. As quantum computers advance, existing cryptographic primitives like ECDSA (Elliptic Curve Digital Signature Algorithm) will become vulnerable to attacks. The pqcBitcoin proposal explores the integration of PQC algorithms to provide quantum-resilient security for Bitcoin transactions and addresses the potential risk to Bitcoin’s security model posed by quantum computers.
+
+== Motivation ==
+Quantum computers have the potential to break many of the cryptographic systems on which Bitcoin and other blockchain technologies rely. Specifically, they can efficiently solve the discrete logarithm problem, which underpins the security of ECDSA used for transaction signatures in Bitcoin. By adopting post-quantum cryptographic methods, Bitcoin can mitigate the risk posed by quantum computing and ensure its long-term viability.
+
+This proposal aims to:
+- Protect Bitcoin from quantum-enabled attacks by integrating post-quantum cryptographic algorithms.
+- Provide a roadmap for transitioning to quantum-safe cryptographic techniques while maintaining Bitcoin's decentralization and security.
+- Ensure Bitcoin’s resilience in the face of future technological advancements, maintaining trust in its decentralized model.
+
+== Specification ==
+The proposed solution introduces the use of post-quantum cryptography to Bitcoin's transaction signing process. It integrates cryptographic primitives that are resistant to quantum computing-based attacks.
+
+### Proposed Algorithm
+- **Algorithm Choice**: The proposal suggests utilizing lattice-based algorithms such as **Kyber** for key exchange and **NTRU** for signatures as post-quantum alternatives to the traditional ECDSA and ECDH (Elliptic Curve Diffie-Hellman).
+- **Integration with Bitcoin**: This proposal does not aim to replace Bitcoin’s existing cryptography but to introduce hybrid solutions, where PQC algorithms are used alongside traditional ones, offering a gradual transition period.
+- **Quantum-Safe Key Management**: The proposal suggests leveraging a hybrid approach where users can generate Bitcoin addresses using PQC methods, alongside existing methods for backward compatibility during the transition period.
+
+### Implementation in Bitcoin
+- **Key Changes to Bitcoin**: 
+  - Replace existing signature verification with the PQC signature scheme.
+  - Introduce a flag to indicate whether a transaction is using the post-quantum secure method.
+  - Ensure backward compatibility by maintaining ECDSA signatures for users who don’t implement the PQC methods.
+
+### Transition Plan
+- **Phased Rollout**: The implementation of PQC can be rolled out in phases, with soft forks to accommodate the transition.
+- **Backward Compatibility**: Bitcoin will continue to accept ECDSA signatures while supporting the new PQC signatures. This ensures that the network can maintain functionality while gradually migrating towards quantum-resistant cryptographic techniques.
+
+== Reference Implementation ==
+The reference implementation of pqcBitcoin can be found at the following GitHub repository: [pqcBitcoin Reference Implementation](https://github.com/QBlockQ/pqc-bitcoin).
+
+The implementation includes the following:
+- A **PQC-enabled wallet** that supports generating quantum-safe addresses and signing transactions using NTRU-based signatures.
+- A **modified Bitcoin node** that validates both ECDSA and PQC signatures, ensuring compatibility with both old and new addresses during the transition period.
+- **Test vectors** that demonstrate the functionality and security of the proposed cryptographic methods when applied to Bitcoin transactions.
+
+== Rationale ==
+Post-quantum cryptography is an essential component in future-proofing Bitcoin against the rapidly advancing field of quantum computing. As the world moves closer to the development of practical quantum computers, Bitcoin must evolve to remain secure. The pqcBitcoin proposal strikes a balance between security and scalability, offering a gradual path to integrate quantum-safe techniques without disrupting Bitcoin's current network or ecosystem.
+
+The choice of lattice-based algorithms like Kyber and NTRU is rooted in their theoretical resistance to quantum attacks and their efficiency compared to other post-quantum alternatives. These algorithms are also widely studied and have been considered for standardization by NIST (National Institute of Standards and Technology).
+
+== Backward Compatibility ==
+The pqcBitcoin proposal is designed with backward compatibility in mind. The primary aim is not to replace Bitcoin's existing cryptographic methods but to enhance them with quantum-resistant options, ensuring a smooth transition to a more secure model. The hybrid approach allows for:
+- **Continued operation with existing ECDSA keys**: Bitcoin users will still be able to transact using traditional ECDSA signatures while new users can adopt PQC-based signatures.
+- **Gradual adoption**: This solution allows the Bitcoin network to adopt post-quantum security without requiring a complete overhaul or breaking existing user wallets.
+
+Bitcoin’s protocol will support both legacy and post-quantum cryptographic methods, ensuring minimal disruption to the user experience and allowing Bitcoin to remain secure both now and in the quantum future.
+
+== Security Considerations ==
+While the introduction of post-quantum cryptographic methods strengthens Bitcoin against future quantum attacks, there are still some security considerations:
+- **Transition Period Risk**: During the transition, the hybrid approach could lead to vulnerabilities if not carefully implemented. Special attention must be paid to the use of mixed signatures (ECDSA + PQC) to prevent attacks on weak links in the system.
+- **Algorithm Selection**: While Kyber and NTRU are strong candidates for PQC, they are not immune to future attacks. Continuous review of PQC algorithms is needed as new quantum attacks emerge.
+- **Implementation Bugs**: As with any new cryptographic system, the initial implementation must undergo extensive review and testing to ensure there are no vulnerabilities introduced.
+
+These considerations must be addressed as part of the implementation to ensure the security of the Bitcoin network remains uncompromised.
+
+== Test Vectors ==
+Test vectors have been provided in the reference implementation repository. These vectors demonstrate the signing and verification of Bitcoin transactions using both traditional ECDSA and post-quantum NTRU signatures. They also validate the correctness and interoperability of both signature schemes during the transition period.
+
+Test vectors cover:
+- **Key generation**: How keys are generated for both ECDSA and PQC signatures.
+- **Transaction signing**: How transactions are signed using both methods.
+- **Transaction verification**: How nodes validate transactions using either ECDSA or PQC signatures.
+
+These vectors ensure that the implementation adheres to the expected cryptographic standards and operates securely on the Bitcoin network.