Source
TranscriptModern Crypto Library Discussion (Bitcoin Core Dev Tech, May 2026)
Added to the wiki June 17, 2026 at 06:14 PM UTC · full text archived June 17, 2026 at 06:14 PM UTC
With post-quantum signatures on the horizon, this discussion asked what a modern crypto library would need to have a realistic chance of merging into Bitcoin Core: support for hash-based and/or lattice-based signatures, formal verification, no external dependencies (no OpenSSL), ideally no dynamic memory allocation, and better error handling.
Language choice was the central tension. The community is said to lean toward Rust for formal verification — though verified C via VST is precedent in libsecp256k1 — while Rust complicates the Guix bootstrap and may not suit current C-comfortable contributors; hash-based signatures were called simple enough to implement quickly. Other points included keeping hash-based primitives in a separate repository, leaving hardware-specific SHA optimization and runtime CPU detection outside the library, the need for constant-time testing, and writing a BIP reference specification (with the difficulty that formal-language specs are complex and tooling like Hacspec has fallen out of fashion in favor of Rocq/Coq).