[Draft BIP] Quantum-Resistant Transition Framework for Bitcoin

The discourse surrounding the transition of Bitcoin to quantum resilience emphasizes a methodical and evidence-based approach over an accelerated one driven by commercial interests. A critical analysis points out that while the goal of achieving quantum resilience aligns with proposals from various groups, including the Pauli Group, the differentiation lies in the advocated timelines and motivations. The Pauli Group's proposal is seen as alarmist, pushing for an expedited timeline that does not align with the cautious approach recommended by international standards bodies such as NIST. According to NIST's Internal Report 8547, the transition to Post-Quantum Cryptography (PQC) is a complex undertaking requiring coordination across the cryptographic ecosystem, with a target completion year of 2035. This timeline takes into account the need to manage the transition without causing disruption, allowing for the continued use of classical signatures until quantum computers become a tangible threat.

Contrary to the urgency portrayed by the Pauli Group, which appears to be motivated by commercial gains, the proposed Bitcoin Improvement Proposal (BIP) focuses on a stable and secure migration aligned with NIST's 2035 horizon. This approach prioritizes the long-term cryptographic integrity of Bitcoin, ensuring a globally coordinated upgrade that mitigates risks associated with rushed implementations. The critique against the Pauli Group extends to their speculative timeline for the availability of Cryptographically Relevant Quantum Computers (CRQCs), based on aggressive assumptions about error correction and hardware scalability.

Additionally, the NIST report underscores the unprecedented scale of the migration to PQC, highlighting the engineering challenges and the necessity for global standardization efforts. It recognizes the varying migration timelines across sectors but reiterates the importance of a holistic target date of 2035 to balance the quantum threat against practical transition challenges. In contrast to the doomsday scenario suggested by the Pauli Group, the BIP aims for a gradual sunset of ECDSA by 2035, reflecting a prudent adherence to NIST's guidance.

Furthermore, references to works by Gheorghiu and Mosca on quantum resource estimation underline the difference between theoretical projections and the practical realities of developing fault-tolerant quantum systems. NIST's plan acknowledges the "harvest now, decrypt later" threat to data confidentiality, advocating for a managed transition that allows authentication systems to continue using quantum-vulnerable algorithms until the actual advent of quantum computing capabilities. The flexible, yet deliberate, transition strategy embraced by the Bitcoin Foundation seeks to ensure a secure implementation of PQC algorithms like the hash-based SLH-DSA, as standardized by NIST. This reflects a comprehensive approach that considers legacy constraints and risk profiles, aiming for an ecosystem-wide transition by approximately 2035.