1
It is often said that if a bitcoin user uses addresses only once, then quantum computer cannot compromise their security since the public key is revealed only when the money are actually spent.
But how come an attacker could not detect a transaction, reverse the public key and forge a transaction from the same address with a higher fee before the first transaction is mined?
1
It is often said that if a bitcoin user uses addresses only once, then quantum computer cannot compromise their security since the public key is revealed only when the money are actually spent.
There's no quantum computing algorithm that can easily find the pre-image of a hash. Therefore, single-use P2SH/P2PKH/P2WSH/P2WPKH addresses are safe. Its not so much to do with single-use. Single-use helps with Privacy, but the hash protects against an adversary with a quantum computer that is capable of breaking ECDSA.
But how come an attacker could not detect a transaction, reverse the public key and forge a transaction from the same address with a higher fee before the first transaction is mined?
This follows from the fact that there's hashing involved while producing bitcoin addresses.
When you spend from an address, you reveal the underlying public key which, in turn, a subject to tampering with by QC. That's why single usage [allegedly] protects one from losing money to a QC-wielding adversary. The question is why is it safe when an attacker can use replace-by-fee – Daniel Vartanov – 2018-06-28T15:06:28.133
Can you provide an attack scenario where an attack uses RBF while reversing a public key so the question is more explicit? – renlord – 2018-06-28T15:19:12.650
sure, consider this:
How single usage of an address helps? – Daniel Vartanov – 2018-07-17T14:18:44.740
resistance to doublespend is orthogonal to resistance to a quantum computer, since spending a single-usage address immediately reveals the public key (you immediately lose all protections against an adversary with a quantum computer). – renlord – 2018-07-17T21:48:12.563