prevblock

Glossary

Every term on the site, sourced

Every term here is wrapped in a <Term> component wherever the site mentions it. Every entry cites a source file — if a claim on this page has no citation, it is not allowed in the UI. See /threat-model for the long-form version.

bare P2PK

#bare-p2pk
An output that stores the Falcon public key directly instead of its hash. The genesis coinbase is the canonical example. Same residual security as a pubkey-exposed address.
A bare P2PK-Falcon output has the shape `OP_PUSHDATA2 0x8203 <898-byte pubkey> OP_CHECKSIG`. Tidecoin's own script classifier can't recognise this form — upstream's MatchPayToPubkey checks for a single-byte push length, but 898 cannot fit in one byte, so the node reports every bare-P2PK-Falcon output as 'nonstandard'. prevblock's indexer recognises the shape directly. From a threat perspective, bare P2PK is identical to pubkey-exposed: Falcon-512 is the only remaining barrier.
sourcesdocs/source-extracts/script/standard.cpp:46, docs/tidecoin-protocol.md#31-genesis-output-bare-p2pk-falcon
see also: pubkey-exposed, Falcon-512, P2PK-Falcon

CRQC

#crqc
Cryptographically Relevant Quantum Computer — a hypothetical quantum machine with enough logical qubits and gate fidelity to break deployed public-key cryptography. None exists today.
Published estimates for breaking ECDSA-256 are on the order of 520 logical qubits if using the carry-reuse optimisation of Gidney 2019. Publicly-announced quantum machines are several orders of magnitude short of that capability. Tidecoin's posture is to be ready whether a CRQC appears tomorrow or in forty years; the chain's signatures are already Falcon, so a CRQC arriving does not, by itself, endanger any TDC.
sourcesdocs/threat-model.md
see also: Shor's algorithm, Falcon-512

Falcon-512

#falcon-512
Lattice-based post-quantum signature scheme. Tidecoin uses it for every signature on the chain. Public keys are 897 bytes and signatures are 690 bytes.
Falcon-512 is a NIST-standardised signature scheme built on NTRU lattices (degree N=512, modulus q=12289). It is what replaces ECDSA on Tidecoin. Every on-chain signature — genesis coinbase included — is Falcon-512; there is no ECDSA code path retained in the fork. NIST classifies it at security level 1 (≈ AES-128 against quantum search).
sourcesdocs/source-extracts/key.h:17-19, docs/source-extracts/pubkey.h:36-64, docs/tidecoin-protocol.md#3-the-single-signature-scheme-falcon-512
see also: lattice cryptography, NTRU, Shor's algorithm

Grover's algorithm

#grover
A quantum algorithm that roughly halves the effective bit-security of hash functions. Against 256-bit hashes it drops security from 256 bits to ~128 bits, which is still infeasible to attack.
Grover's algorithm gives a quadratic speedup to black-box search, which includes preimage attacks on cryptographic hashes. On Hash160 (RIPEMD160∘SHA256) it reduces the pre-image work from 2^160 to ~2^80, which sounds alarming but is still ~1024x harder than the biggest publicly-known classical hash collision effort. The real-world takeaway: hash-protected Tidecoin addresses are still safe, but the safety margin is finite, and it's the reason prevblock tracks hash-protected fraction as a distinct metric.
sourcesdocs/threat-model.md#grover-vs-the-address-hash
see also: hash-protected, Hash160, Shor's algorithm

hash-protected

#hash-protected
An address whose Falcon public key has never appeared on chain. The only way to attack it is to break the Hash160 that guards it (still ≈128-bit secure even against Grover).
When you receive coins to a P2PKH, P2WPKH, or P2SH-wrapped output on Tidecoin, the Falcon public key is hashed with RIPEMD160(SHA256(...)) and only the 20-byte hash is stored on chain. An attacker has to break that hash to learn the public key before they can attack the signature scheme. Hash160 against Grover is ~128-bit work — computationally infeasible for the foreseeable future.
sourcesdocs/tidecoin-protocol.md#4-quantum-risk-model-corrected, docs/threat-model.md#grover-vs-the-address-hash
see also: pubkey-exposed, Grover's algorithm, Hash160, P2WPKH-Falcon

Hash160

#hash160
RIPEMD160 of SHA256 of the public key. The 20-byte address fingerprint used by P2PKH, P2WPKH, and P2SH outputs on Tidecoin, inherited from Bitcoin.
sourcesdocs/source-extracts/script/standard.cpp:59
see also: hash-protected, Grover's algorithm

lattice cryptography

#lattice-cryptography
A family of post-quantum schemes whose security reduces to hard problems in high-dimensional lattices, such as SVP and LWE. Falcon is lattice-based.
see also: Falcon-512, NTRU

NTRU

#ntru
A specific lattice structure used by Falcon. Falcon-512 uses NTRU with degree N=512 and modulus q=12289.
sourcesdocs/source-extracts/key.h:17-19
see also: lattice cryptography, Falcon-512

P2PK-Falcon

#p2pk-falcon
A non-standard output that stores the 898-byte Falcon public key directly followed by OP_CHECKSIG. Most common example: the genesis coinbase.
sourcesdocs/tidecoin-protocol.md#31-genesis-output-bare-p2pk-falcon
see also: bare P2PK, Falcon-512

P2SH

#p2sh
Pay-to-Script-Hash. The output commits to the Hash160 of a redeem script, which is revealed at spend time. On Tidecoin mainnet these addresses start with `T…` (version byte 65).
sourcesdocs/source-extracts/chainparams.cpp:130
see also: Hash160, hash-protected

P2WPKH-Falcon

#p2wpkh-falcon
A native-segwit v0 output whose witness stack holds a 690-byte Falcon signature and an 898-byte Falcon public key. Serialisation is standard BIP141; only the bytes inside differ.
sourcesdocs/tidecoin-protocol.md#32-modern-outputs-p2sh-wrapped-p2wpkh-falcon, docs/sample-responses/70-big.json
see also: hash-protected, Falcon-512

pubkey-exposed

#pubkey-exposed
An address whose Falcon public key has appeared in at least one input witness on chain. The Hash160 barrier is gone; security reduces to Falcon-512 itself.
Spending from an address reveals its Falcon public key in the witness. If any coins remain on that address (or are received to it again after the spend), their only remaining protection is Falcon-512's own security. That is still believed safe, but it removes the Grover-resistant hash layer and places the coins' safety entirely on future Falcon cryptanalysis holding up. Consolidating pubkey-exposed UTXOs into a fresh P2WPKH output re-hides the pubkey behind a new Hash160 — the same reason you don't reuse Bitcoin addresses.
sourcesdocs/tidecoin-protocol.md#4-quantum-risk-model-corrected, docs/threat-model.md#cryptanalysis-of-falcon-itself
see also: hash-protected, bare P2PK, Falcon-512

Shor's algorithm

#shor
A quantum algorithm that breaks RSA and ECDSA by solving discrete logarithms in polynomial time. Does NOT apply to Tidecoin — Falcon-512 is lattice-based, not discrete-log-based.
Shor's algorithm is the headline quantum threat to Bitcoin: a sufficiently large quantum computer running Shor's can recover a private ECDSA key from a published public key. It has no known speedup for breaking lattice problems, which is why post-quantum signature schemes like Falcon exist. On Tidecoin there is no ECDSA code path anywhere in the binary, so Shor is not a concern at all — not 'less of a concern,' but 'does not apply.'
sourcesdocs/source-extracts/key.h:17-19, docs/threat-model.md
see also: Grover's algorithm, Falcon-512, CRQC

side-channel

#side-channel
Information leakage from an implementation's physical behaviour (timing, power, EM) rather than the math. The biggest near-term risk to Falcon in practice, particularly for its Gaussian sampler.
Guerreau, Martinelli, Ricosset and Rossi (2022) demonstrated a practical side-channel attack on the reference Falcon implementation's floating-point Gaussian sampler. The attack recovers the signing key from on-device traces. Wallet vendors implementing Falcon on devices without trustworthy constant-time floating-point operations are therefore a real risk surface today — not a hypothetical. This is why prevblock ranks implementation bugs as the highest of the three residual risks in docs/threat-model.md.
sourcesdocs/threat-model.md#implementation-bugs-and-side-channels
see also: Falcon-512