Apply suggestions from code review

Co-authored-by: Vojtěch Strnad <[email protected]>

bip-0360.mediawiki

@@ -36,7 +36,7 @@ insufficient protection. The computational complexity of this attack is further
 [https://pubs.aip.org/avs/aqs/article/4/1/013801/2835275/The-impact-of-hardware-specifications-on-reaching ''The impact
 of hardware specifications on reaching quantum advantage in the fault-tolerant regime''].
 
-This proposal aims to mitigate these risks by introducing a Pay to Quantum Resistant Hash (P2QRH) address type that
+This proposal aims to mitigate these risks by introducing a Pay to Quantum Resistant Hash (P2QRH) output type that
 relies on post-quantum cryptographic (PQC) signature algorithms. By adopting PQC, Bitcoin can enhance its quantum
 resistance without requiring a hard fork or block size increase.
 
@@ -72,9 +72,9 @@ The following table is non-exhaustive but intended to inform the average Bitcoin
 vulnerable to a long-range quantum attack:
 
 {| class="wikitable"
-|+ Vulnerable address types
+|+ Vulnerable output types
 |-
-! Address type !! Vulnerable !! Prefix !! Example
+! Type !! Vulnerable !! Prefix !! Example
 |-
 | P2PK || Yes || 04 ||
 0496b538e853519c726a2c91e61ec11600ae1390813a627c66fb8be7947be63c52da7589379515d4e0a604f8141781e62294721166bf621e73a82cbf
@@ -87,7 +87,7 @@ vulnerable to a long-range quantum attack:
 | P2TR || Yes || bc1p || bc1p92aslsnseq786wxfk3ekra90ds9ku47qttupfjsqmmj4z82xdq4q3rr58u
 |}
 
-It should be noted that Taproot addresses are vulnerable in that they encode a 32-byte x-only public key, from which a
+It should be noted that Taproot outputs are vulnerable in that they encode a 32-byte x-only public key, from which a
 full public key can be reconstructed.
 
 If a key is recovered by a CRQC it can also be trivially checked to see if any child keys were produced using an
@@ -98,7 +98,7 @@ unhardened [https://github.com/bitcoin/bips/blob/master/bip-0032.mediawiki BIP-3
 Long Range Quantum Attack is an attack in which the public key has been exposed on the blockchain for an extended
 period of time, giving an attacker ample opportunity to break the cryptography. This affects:
 
-* Early addresses (Satoshi's coins, CPU miners, starts with 04)
+* P2PK outputs (Satoshi's coins, CPU miners, starts with 04)
 * Reused addresses (any type, except P2QRH)
 * Taproot addresses (starts with bc1p)
 * Unhardened BIP-32 HD wallet keys
@@ -124,7 +124,7 @@ original owner.
 
 Coinbase outputs to P2PK keys go as far as block 200,000, so there are, at the time of writing, 1,723,848 coins that
 are vulnerable from the first epoch at the time of writing in P2PK outputs alone. The majority of these have a
-block reward of 50 coins each, and there are roughly 34,000 distinct P2PK addresses that are vulnerable. These coins
+block reward of 50 coins each, and there are roughly 34,000 distinct P2PK scripts that are vulnerable. These coins
 can be
 considered "Satoshi's Shield." Any addresses with a balance of less than the original block subsidy of 50 coins can be
 considered cryptoeconomically incentive incompatible to capture until all of these are mined, and these addresses serve
@@ -139,7 +139,7 @@ cryptography by this time.
 
 The Commercial National Security Algorithm Suite (CNSA) 2.0 has a timeline for software and networking equipment to be
 upgraded by 2030, with browsers and operating systems fully upgraded by 2033. According to NIST IR 8547, Elliptic Curve
-Cryptography is planned to be disallowed within the US Federal government after 2035. An exception is made for hybrid
+Cryptography is planned to be disallowed within the US federal government after 2035. An exception is made for hybrid
 cryptography, which is the use of ECC and post-quantum algorithms together.
 
 Although CRQCs could pose a threat to the signatures used in Bitcoin, a smaller threat is to Bitcoin's hash algorithms.
@@ -194,7 +194,7 @@ inscriptions would also have the scarcity of their non-monetary assets affected.
 while also increasing the discount is to have a completely separate witness—a "quantum witness." Because it is meant
 only for public keys and signatures, we call this section of the transaction the attestation.
 
-To address the risk of arbitrary data being stored using P2QRH (QuBit) addresses, very specific rules will be applied
+To address the risk of arbitrary data being stored using P2QRH (QuBit) outputs, very specific rules will be applied
 to spending from the witness stack in SegWit v3 outputs. A fixed signature size will be necessary for spending the
 output, and the output must be spendable to be considered valid within node consensus. A fixed signature size will also
 be helpful to disambiguate between signature types without an additional version byte, as SQIsign signatures are
@@ -224,7 +224,7 @@ Bitcoin, but their signatures are smaller and might be considered by some to be
 signatures. SQIsign is much smaller; however, it is based on a very novel form of cryptography known as supersingular
 elliptic curve quaternion isogeny, and at the time of writing, is not yet approved by NIST or the broader PQC community.
 
-In the distant future, following the implementation of the P2QRH address format in a QuBit soft fork, there will likely
+In the distant future, following the implementation of the P2QRH output type in a QuBit soft fork, there will likely
 be a need for Pay to Quantum Secure (P2QS) addresses. These will require specialized quantum hardware for signing,
 while still [https://quantum-journal.org/papers/q-2023-01-19-901/ using public keys that are verifiable via classical
 means]. Additional follow-on BIPs will be needed to implement P2QS. However, until specialized quantum cryptography
@@ -302,7 +302,7 @@ version of Taproot.
 
 === Transaction Serialization ===
 
-Following BIP-141, the transaction serialization is modified to include a new attestation field after the witness field:
+Following BIP-141, a new transaction serialization format is introduced to include an attestation field after the witness field:
 
   [nVersion][marker][flag][txins][txouts][witness][attestation][nLockTime]
 
@@ -532,7 +532,7 @@ chosen as Bitcoin's curve. Isogeny cryptography when it was first introduced was
 Ideally SQIsign also proves to be flexible enough to support
 [https://www.pierrickdartois.fr/homepage/wp-content/uploads/2022/04/Report_OSIDH_DARTOIS.pdf Isogeny Diffie-Hellman] to
 replace ECDH applications, and also provide methods for the key tweaking necessary to support TapScript for P2QR
-addresses. Additionally, isogeny-based post-quantum cryptography is based on higher-order elliptic curves, and so it
+outputs. Additionally, isogeny-based post-quantum cryptography is based on higher-order elliptic curves, and so it
 might be possible to implement Isogeny Schnorr signatures.
 
 Signature verification speed as it compares to Schnorr or ECDSA isn't seen as high a consideration as signature size
@@ -588,7 +588,7 @@ To help implementors understand updates to this BIP, we keep a list of substanti
 == Acknowledgements ==
 
 This document is inspired by [https://github.com/bitcoin/bips/blob/master/bip-0341.mediawiki BIP-341], which introduced
-the design of the P2TR (Taproot) address type using Schnorr signatures.
+the design of the P2TR (Taproot) output type using Schnorr signatures.
 
 Much gratitude to my co-founder, Kyle Crews for proofreading and editing, to David Croisant, who suggested the name
 "QuBit", and Guy Swann for pointing out the earlier name for the attestation, "quitness", was imperfect. Thank you as