tevador proposes 'radical idea for forward secrecy and instant wallet sync'
[..] the Diffie-Hellman key exchange will become the weakest point of Monero with respect to forward (or post-quantum) privacy. [..] we can use a 100x faster symmetric key derivation.
The idea is to get rid of the key exchange and that would imply a drastic protocol modification so that every user constructs their own outputs.
- Smaller public addresses (just 1 pubkey instead of 2-3).
- Bypasses the 10 block lock time.3
- No publicly observable Diffie-Hellman key exchange.4
- The recipient learns the e-notes that are being spent.
- Each output needs a separate range proof, which is less efficient.
- The sender needs a private communication channel with the recipient to pass the partial transaction.
Consult MRL issue #1062 to learn more about the technical details of this proposal.