It’s “Quantum Recoverability” (or “Orchard Quantum Recoverability”), not “Quantum Resistance”.
The choice of terminology is carefully considered:
This proposal does not itself allow recovering the funds in case of quantum (or other) attacks on the elliptic-curve discrete log problem. It enables doing so in future (and some details of that future protocol are intentionally left open for flexibility). So “Recoverability”, not “Recovery”.
The proposal was originally called “Quantum Resilience”, but @nuttycom or @str4d (sorry I can’t remember which of yous) suggested that this was too strong and not sufficiently specific about what it achieves. In particular it only mitigates future discrete-log-breaking attacks on spendability and balance, not privacy. This is also why “Resistance” would be too strong.
The imprecision about using “Quantum” rather than “Discrete-log-breaking” is fine in practice. Quantum attacks are the focus and main motivation. “Discrete-log-breaking Recoverability”, although more precise, would be unclear to most people and too jargony.
Since the proposal only affects Orchard, I may also change the ZIP title to “Orchard Quantum Recoverability”.
Note that you can’t read the X thread without being logged into X (a platform owned and closely controlled by a white supremacist and trans-exterminationist).
Orchard Quantum Recoverability is great, we should clearly update for this.
I can’t think of any reason to not be in support. It massively de-risks a QC threat for the orchard pool, we now could react and keep all user funds safe. Furthermore, it is not an ecosystem wide, urgent engineering spend on the recovery side of the logic, as its not needed today. It is clear that the recovery side will work though, thus user funds will not be at risk.
To be scrupulously honest, the argument that it will work hasn’t yet been analyzed as fully as it should be; there are some outstanding issues (e.g. [draft-ecc-quantum-recoverability] Error in Spendability argument · Issue #1150 · zcash/zips · GitHub), and after those are fixed it needs more eyes from experts on quantum security analysis (who we have contacts with). The issues are minor and shouldn’t really affect a sentiment vote in my view, though.
