Ladies & gentleman, it is my absolute pleasure to announce I believe $DGB DigiDollar, the Worlds 1st Truly Decentralized, TimeLocked Stablecoin is ready for MainNet!🙏
Thank you to everyone who has helped make this a reality. Stay tuned to the end of the video for a surprise 🤓
DigiDollar & Quantum: Is Your Public Key Exposed When You Mint?
The question everyone is asking: When I mint DigiDollars in RC30, is my public key exposed on-chain? Could a future quantum computer use that to steal my locked $DGB?
The honest answer: yes, your public key is visible in the current mint transaction. But there are specific protections that prevent it from being exploitable — with one caveat about long lockups. Let me walk through exactly what happens.
What Quantum Computers Actually Threaten
A quantum computer powerful enough (Google estimates ~500,000 qubits, possibly by 2029) could take a public key and derive the private key from it. With your private key, they can sign transactions as if they were you.
This ONLY threatens public key cryptography — the math that proves you own your coins. It does NOT threaten mining, block hashing, Merkle trees, or any hash-based security. DigiByte's 5 mining algorithms are completely safe.
The key question is: can an attacker SEE your public key, and if so, do they have enough TIME to crack it?
What's Actually In a Mint Transaction (Output by Output)
When you mint DigiDollars, the transaction your wallet broadcasts has 3-4 outputs. Here's exactly what's in each one, traced directly from our code:
Output 1 — The Collateral Lock (your locked DGB)
OP_1 <32-byte tweaked key>
This is a Taproot address. The 32-byte key on-chain is a "tweaked" key — it's mathematically derived from the NUMS point (an unspendable key) combined with the script tree.
Your public key is NOT in this output. The key visible here is based on NUMS, not you. Nobody can reverse-engineer your key from this. The collateral lock uses a special "master key" called NUMS — short for "Nothing Up My Sleeve." This is a public key that is mathematically proven to have no private key. It's derived from a known formula that anyone can verify, but nobody can sign with. Ever. Not with every computer on Earth. Not with a quantum computer. There is simply no private key to find.
Your actual public key IS inside the script tree (the MAST leaves), where it's used in the spending conditions (<ownerKey> OP_CHECKSIG). But MAST is a Merkle tree — only the root hash goes on-chain. Your raw key stays hidden inside the tree until you actually spend.
Output 2 — Your DigiDollar Tokens
OP_1 <32-byte tweaked owner key>
This is a standard Taproot output where YOUR key is the internal key, tweaked for Taproot. The tweaked version of your key is on-chain. This is the same as any normal Taproot address in DigiByte or Bitcoin — standard behavior. A quantum attacker could derive the private key for this tweaked key and steal the DD tokens.
However — DD tokens have zero DGB value locked in them (the output value is 0 sats). They're freely transferable and meant to move around. They have the same quantum risk profile as any Taproot address in any blockchain today.
Output 3 — The OP_RETURN Metadata
OP_RETURN "DD" <type> <amount> <lockHeight> <lockTier> <ownerXOnlyPubKey>
This is where your raw 32-byte public key is directly visible. It's right there in the metadata, readable by anyone.
Why is it there? Every node on the network needs your raw public key to verify that NUMS was actually used in the collateral lock. The verification works like this:
Read your public key from the OP_RETURN
Rebuild the expected collateral output using NUMS + your key + the timelock
Compare the rebuilt output against the actual one
Reject the transaction if they don't match
Without this check, an attacker could substitute their own key for NUMS and bypass the timelock entirely. So the OP_RETURN pubkey exists to prevent a worse attack.
Output 4 — DGB Change (if any)
Standard Taproot change address. Uses a different key, not your minting key. Not relevant to this question.
So What Does This Mean for Security?
Your public key IS exposed in the OP_RETURN. A future quantum attacker could see it, take their time, and derive your private key. So can they steal your locked DGB?
No — because of NUMS.
The collateral lock's internal key is NUMS (the unspendable key). Even with your private key, the attacker CANNOT do a key-path spend. NUMS has no private key — not today, not with quantum computers, not ever. It's mathematically provable.
The only way to spend the collateral is through the script-path (the MAST tree), which requires the timelock to expire first. Both the Normal path and the ERR path start with <lockHeight> OP_CHECKLOCKTIMEVERIFY — the network rejects any spend attempt before that block height. Period.
So the worst case: A quantum attacker derives your private key from the OP_RETURN, then waits for the timelock to expire, then races you to redeem. They'd need to:
Have a working quantum computer (doesn't exist yet)
Wait for your entire lock period to pass
Beat you to the redemption transaction
What This Means for Launch
For lockups under 18 months: safe. No quantum computer capable of cracking secp256k1 exists today or will exist before your lockup expires. Google's most aggressive internal timeline is 2029.
For lockups over 2 years: this is where we should be cautious. If quantum computing advances faster than expected, a key exposed today in an OP_RETURN could theoretically be cracked before a long lockup expires.
Recommendations:
Launch with an 18-month lockup cap. This keeps all mints safely within the pre-quantum window. Nobody's exposed public key matters if the lockup expires before quantum computers exist.
Before enabling longer lockups, replace the raw pubkey in OP_RETURN with a hash. Instead of storing the raw public key directly, store a hash of it. The raw key would only be revealed at redemption time (15-second block window — quantum infeasible even in 2030+). This requires updating the validation logic to verify the hash at mint time and the full key at spend time.
Plan the post-quantum upgrade path. ML-DSA-44 (NIST's primary standard) for quantum-proof signatures. DigiDollar has zero legacy UTXOs — we can build post-quantum signatures in from scratch. This is an advantage no other stablecoin has.
The 8-of-15 MuSig2 oracle system is solid for launch. Oracle price feeds are independent of the pubkey exposure question. No single oracle can manipulate prices — you'd need to compromise 8 of 15 independent operators simultaneously.
Bottom line: DigiDollar is safe to launch with short lockups. The pubkey exposure in OP_RETURN is a known design tradeoff — it prevents a worse attack (timelock bypass) and is only a concern in a future where quantum computers exist. We cap lockups at 18 months, ship the launch, and upgrade to hash commitments before extending lockup periods.
RC27 is a huge update! Testnet reset & massive rewrite of Oracle sig system to use MuSig2 to dramatically reduce Oracle signature bloat on chain & allow more oracles to be added without bloat.
Thank you to everyone who is helping dev & test $DGB DigiDollar 🚀🚀 80+ people 🚀🚀
🚀 $DGB DigiDollar RC27 is now live!
The latest release introduces a refreshed testnet along with MuSig2-based oracle signing. Key highlights include a 6-of-11 consensus model, 208 fuzz testing targets, and zero detected bugs.
A sincere thank you to all 11 oracle operators and the developers who contributed to this milestone. Onward. 💎🔥
https://t.co/mXvKpQpN70
Hey @coingecko as $DGB founder I can promise you that DigiByte was Made In The USA 🇺🇸 over 11 years ago. If the genesis hash from USA Today used to start the $DGB blockchain wasn't proof enough, please see this video for further verification:🇺🇸🫡
A set of questions I get asked:
Q: "Why is your work on CPI controversial? Why is it attacked and laughed at? Isn't CPI just a backwater of economics anyway?"
A: "Ha ha ha ha. Oh that's a good one. My dear sweet child: I bet you have no idea what is at stake. Like no idea whatsover of how much rides on one number.
The @BLS_gov is like a second Federal Reserve operating through CPI. WAKE UP. This isn't about Billions. It's about Trillions. It's about taxing you and denying you benefits that you paid for. Without ever waking you up. It's not about inflation measurement. It's about you sleeping through the constant involutary transfer of your wealth."
I'm going to start posting these type of quotes (attached) a lot more. You have no idea what is going on or who is running your lives. Or what my being called a 'Fraud', 'Charlatan' or 'Grifter' by minor walk-on academics is about.
Its about academicians aiding politicians in economically raping you, your family, your future, your country and your children without you having a clue as to what is going on because you have never heard of a Modified Lowe's index.
Dear @pdimitrakos thank you for letting $DGB community know your DM's are open. Just sent a DM intro to AZ Sen. @RealMarkFinchem ID Sen. Hagedorn @Luckygroundrock with an invite to sit-down to discuss how we can help achieve a Win-Win for USA led blockchain innovation. @krakenfx
People still don't get it, or even know, but I promise you $DGB DigiDollar is the most innovative decentralized tech I have seen since I discovered $BTC in 2012.
It will turn DigiByte into a Global Strategic Reserve asset. Absolutely revolutionary: https://t.co/tE9tvI6YYs