--snip--
Yeah I see what you’re saying. Since Bitcoin can’t actually verify post quantum signatures directly at least not yet, then yeah, both the second and third options pretty much fall into the same bucket, it is just about revealing some kind of preimage to unlock the funds. One is a hash of a PQ public key, the other is just raw entropy from dice rolls or whatever.
The main difference in my head was the intention behind them, like the PQ one feels more like a tech driven backup, while the raw entropy one is more like a last resort, human level backup. But yeah, if someone sees the reveal before you spend, they can absolutely front run it. That is the scary part.
The attacker doesn't care whether the data is arbitrary/randomly generated or PQ public key. This issue also discussed about spending reward for claiming reward on hash collision challenge, see
REWARD offered for hash collisions for SHA1, SHA256, RIPEMD160 and other.
Yeah, makes total sense, the attacker doesn’t care whether it is random data or a PQ pubkey. Once the preimage is public, it is fair game. So yeah, same weakness either way. I will check out that hash collision bounty thread....
The mining pool trick is interesting, I’ve seen it done for privacy, but hadn’t thought about it as a way to dodge front running. don't seems is easy to pull off though, unless you really trust the pool.
Also, do you think something like adaptor sigs or even some clever Taproot construction could help here? Or does the core problem of reveal before spend still make that a dead end?
Personally i wouldn't bother with non-common way to spend Bitcoin. It introduce risk losing access to your Bitcoin if you lost details about spending it.
And yeah, I appreciate your rep a lot... You’re right straying too far from standard ways of spending BTC just increases the odds of locking yourself out, especially if there is any human error down the line. Thanks again for sharing your thoughts...