There's significant concern about the long term security of the Bitcoin network, since BTC rewards, which currently account for most miner revenue, keep dwindling at an exponential rate over time, and if total miner revenue gets low enough it becomes possible to exploit the bitcoin network to double-spend.
Proposed solutions to this usually involve either BTC price increasing to maintain security budget even with less rewards or an increase of onchain activity and, along with it, fees paid to miners, which has the side-effect of increasing fees for all other bitcoin users as well.
But what if there was another solution? One-shot signatures is a cryptography construction that enables the creation of public keys for which only a single signature can be generated, after which the keys self-destruct.
Now imagine every wallet stored a set of genesis UTXOs, and then when somebody paid you they would send you a one-shot signature spending a UTXO to your address and a set of UTXOs linking this UTXO back to a genesis UTXO. Then you'd be able to verify that the spent UTXO is real and because of one-shot signatures you'd know that you have the only signature that spent it. Then receiver stores that set of UTXOs and can use it to prove UTXO is real when spending it next.
In other words, one-shot signatures solve the issue of double-spends, and with that solved we can do away with global ordered lists of transactions, also known as blockchains.
This has lots of other benefits:
- Offline: Payments involve only 2 parties so they can be done without internet
- Full censorship resistance: It's just sending a signature between 2 devices, so no tx can be censored by miners
- Uncapped throughput: Payments happen in isolation so there can be as many at the same time as needed, there's no congestion
- No BTC rewards needed: No miners, no need for massive costs in rewards
- Instant payments: As soon as you receive the tx you can verify and be sure it's final, no more waiting for inclusion and relying on probabilistic finalization
- No chain forks
- Solve miner centralization: No miners so no longer need to worry about centralized miner pools or ASIC makers
- Completely removes all attacks: It doesn't just make attacks harder, it completely removes 51% attacks fundamentally and eliminates the need for a security budget
- Maybe lower fees? You can theoretically remove fees altogether but then you could get very long chains of UTXOs, so it's hard to tell how this market will evolve, maybe users only accept UTXOs with a chain shorter than X or maybe they require each tx to waste a bit of BTC to avoid spam. However since there's no longer a cap on txs in a given timeframe and txs don't need to be verified by everyone I think we can expect that tx fees will be lower.
- Better privacy: There's no need to broadcast transactions, only the parties that take downstream payments need to know instead of everyone.
There's multiple ways to migrate from the current bitcoin network:
- The social migration: People burn their coins pointing to a new public key in this system, and a new genesis UTXO is generated, then social consensus accepts these new UTXOs as Bitcoin.
- BTC bridge migration: Bitcoin blockchain is upgraded to allow users to submit a chain of UTXOs in new system and mint back BTC in the chain, thus users can bridge in and out of the new system, eventually old chain is shut down.
- BTC bridge based on custodian: Same as before but instead of relying on a blockchain upgrade bridging is handled by a custodian (maybe secured by a bond), eventually old chain along as custodian are deprecated.
I've googled trying to find other ideas like this since I figured someone else must have come up with it too but couldn't find anything, so chose to post it myself cause I believe it's a good alternative solution to Bitcoin's long term security that I've never seen discussed.