AI Generated Quiz
Primary 3 Chinese Writing Quiz
Free AI-Generated NVIDIA Nemotron 3 Ultra 550B A55B Free Primary 3 Chinese Writing quiz with questions and answers for Singapore students. This page is rendered as a direct URL so the questions and answers can be discovered without pressing in-page buttons.
These static practice materials are generated from the site's syllabus and paper-generation workflow, with source and model context shown so students and parents can evaluate the material before use.
Questions
Stage 5 Quiz: Advanced Topics & Future Directions
Section 1: Quantum Threats & Cryptographic Evolution (Questions 1-5)
Question 1: Quantum Computing Threats to ECDSA
Which cryptographic primitive used in Bitcoin is most vulnerable to quantum computing attacks?
A) SHA-256 hashing
B) ECDSA (Elliptic Curve Digital Signature Algorithm)
C) Merkle tree construction
D) Proof-of-Work difficulty adjustment
Question 2: Post-Quantum Signature Schemes
Which post-quantum signature scheme is a leading candidate for Bitcoin's future signature algorithm due to its small signature size and fast verification?
A) SPHINCS+ (stateless hash-based)
B) CRYSTALS-Dilithium (lattice-based)
C) Falcon (lattice-based)
D) XMSS (stateful hash-based)
Question 3: Quantum-Resistant Address Formats
What change would be required to Bitcoin's address format to support post-quantum signatures?
A) New Bech32m prefix (e.g., bc1q → bc1p)
B) Increase address length to 200+ characters
C) Switch from Base58 to Base64 encoding
D) No address format change needed
Question 4: Migration Strategy for Quantum Resistance
What is the most feasible migration path for existing UTXOs to quantum-resistant scripts?
A) Hard fork forcing all UTXOs to migrate within 6 months
B) Soft fork introducing new script version (e.g., Taproot v2) with PQ pubkeys; users migrate voluntarily
C) Miner-enforced expiration of all ECDSA-secured UTXOs
D) Automatic conversion via consensus rule change
Question 5: Hash Function Security Post-Quantum
How does Grover's algorithm affect SHA-256 security, and what is the effective security level?
A) Reduces 256-bit security to 64-bit (completely broken)
B) Reduces 256-bit preimage resistance to 128-bit (still secure)
C) No effect on hash functions
D) Reduces collision resistance to 80-bit
Section 2: Privacy, Scripting & Layer 2 Advances (Questions 6-10)
Question 6: Taproot & Schnorr Privacy Benefits
What is the primary privacy benefit of Taproot (BIP-341) combined with Schnorr signatures (BIP-340)?
A) Hides transaction amounts
B) Makes all transactions look identical on-chain regardless of script complexity
C) Encrypts sender/receiver addresses
D) Removes the need for public keys
Question 7: Cross-Input Signature Aggregation
What is the key advantage of Cross-Input Signature Aggregation (CISA) enabled by Schnorr signatures?
A) Allows merging multiple transactions into one
B) Reduces transaction size by aggregating multiple signatures into one
C) Enables signature verification without public keys
D) Allows spending UTXOs without signatures
Question 8: Lightning Network HTLC Security
In the Lightning Network, what mechanism prevents intermediate nodes from stealing funds during multi-hop payments?
A) Multi-signature escrow
B) Hash Time-Locked Contracts (HTLCs)
C) Atomic swaps
D) Watchtowers
Question 9: PTLCs vs HTLCs
What is the primary advantage of Point Time-Locked Contracts (PTLCs) over HTLCs in Lightning?
A) PTLCs use shorter timelocks
B) PTLCs use adaptor signatures, removing the on-chain hashlink and improving privacy
C) PTLCs allow larger payment amounts
D) PTLCs eliminate the need for watchtowers
Question 10: Ark (VTXOs) Scaling
What is the core trust assumption of Ark (VTXOs) compared to Lightning?
A) Ark requires trusting the Ark Service Provider (ASP) for liquidity but not custody
B) Ark requires trusting a federation of signers
C) Ark is fully trust-minimized like Lightning
D) Ark requires trusting miners to not reorganize blocks
Section 3: MEV, Consensus & Sidechains (Questions 11-15)
Question 11: Miner Extractable Value (MEV) in Bitcoin
Which of the following best describes MEV in the context of Bitcoin?
A) Miners extracting value by censoring transactions
B) Miners reordering/inserting transactions to maximize fee revenue beyond standard fees
C) Miners manipulating difficulty adjustment
D) Miners selling block space via off-chain agreements
Question 12: MEV Mitigation Strategies
What is a proposed mitigation for MEV in Bitcoin's mempool/consensus layer?
A) Encrypted mempool (threshold encryption)
B) Increasing block size to 100MB
C) Removing transaction fees entirely
D) Mandatory transaction ordering by txid
Question 13: Drivechains vs Federated Sidechains
What is the key trust assumption difference between a federated sidechain (like Liquid) and a drivechain (BIP-300)?
A) Drivechains require a federation; federated sidechains use miner voting
B) Federated sidechains trust a fixed set of functionaries; drivechains trust Bitcoin miners via hashrate escrow
C) Drivechains use SPV proofs; federated sidechains use ZK-proofs
D) There is no difference in trust assumptions
Question 14: Consensus Upgrade Activation - Taproot
What was the activation method used for Taproot (BIP-341)?
A) BIP-9 version bits with 95% threshold
B) BIP-8 (LOT=true) - Lock-in on Timeout
C) Speedy Trial (BIP-9 with 90% threshold over shorter period)
D) Flag day activation
Question 15: Future Soft Fork Proposals
Which of the following is a proposed soft fork to enable trust-minimized bridges and rollups on Bitcoin?
A) OP_CAT (BIP-347)
B) OP_CHECKSIGFROMSTACK (BIP-118)
C) OP_ZKVERIFY (hypothetical)
D) All of the above are real proposals
Section 4: Scaling, State Management & Future Directions (Questions 16-20)
Question 16: UTXO Set Growth Solutions
Which proposal aims to reduce UTXO set growth by allowing users to pay for "state rent" or expire unused UTXOs?
A) Utreexo (accumulators)
B) AssumeUTXO
C) UTXO expiration / state rent proposals (e.g., via consensus change)
D) Taproot
Question 17: Utreexo & AssumeUTXO
What is the primary difference between Utreexo and AssumeUTXO?
A) Utreexo uses ZK-proofs; AssumeUTXO uses fraud proofs
B) Utreexo is a dynamic accumulator for UTXO set; AssumeUTXO is a snapshot-based sync assumption
C) Utreexo requires a soft fork; AssumeUTXO is a client-side optimization
D) Both are consensus changes
Question 18: PayJoin (BIP-78) Privacy
What does PayJoin (BIP-78) achieve that standard CoinJoin does not?
A) Requires a central coordinator
B) Breaks the common-input-ownership heuristic by having the receiver contribute an input
C) Uses zero-knowledge proofs
D) Only works on Lightning Network
Question 19: Cross-Chain Interoperability Limitation
What is the fundamental limitation of trust-minimized two-way pegs between Bitcoin and other chains without a soft fork?
A) Bitcoin's scripting language cannot verify other chains' consensus rules
B) Bitcoin blocks are too slow
C) Other chains lack sufficient hashrate
D) Transaction fees make it uneconomical
Question 20: Base Layer Sharding
Which of the following is NOT a proposed Layer 2 or off-chain scaling solution for Bitcoin?
A) Ark (VTXOs)
B) Statechains
C) Rollups (validity/optimistic) on Bitcoin
D) Sharding the base layer
Answers
Stage 5 Quiz Answers & Explanations
Section 1: Quantum Threats & Cryptographic Evolution (Questions 1-5)
1. B) ECDSA (Elliptic Curve Digital Signature Algorithm)
Explanation: Shor's algorithm on a sufficiently powerful quantum computer can break the elliptic curve discrete logarithm problem (ECDLP), compromising ECDSA private keys. SHA-256 is only weakened by Grover's algorithm (quadratic speedup), requiring doubling hash length for equivalent security. Merkle trees and PoW are hash-based and similarly only face Grover's speedup.
New Student Explanation: Bitcoin uses elliptic curve cryptography (ECDSA) for signatures. A quantum computer running Shor's algorithm could mathematically reverse the public key to find the private key, allowing theft. Hash functions like SHA-256 are much more resistant—quantum computers only get a square-root speedup (Grover's algorithm), so 256-bit hashes remain secure.
Marking Notes: 1 mark for correct answer. Accept explanation mentioning Shor's algorithm vs Grover's algorithm distinction.
2. C) Falcon (lattice-based)
Explanation: Falcon (Fast-Fourier Lattice-based Compact Signatures over NTRU) is a lattice-based signature scheme selected by NIST for standardization (FIPS 206). It offers very small signatures (~666 bytes) and fast verification, making it suitable for Bitcoin's resource-constrained environment. Dilithium has larger signatures (~2.4 KB). SPHINCS+ and XMSS are hash-based with larger signatures or statefulness issues.
New Student Explanation: When Bitcoin eventually upgrades to quantum-resistant signatures, it needs a scheme with small signatures (to keep blocks small) and fast verification (so nodes can sync quickly). Falcon fits these requirements best among the NIST finalists.
Marking Notes: 1 mark. Accept Dilithium if justified by "NIST primary standard" but Falcon is better for Bitcoin's constraints.
3. A) New Bech32m prefix (e.g., bc1q → bc1p)
Explanation: New script versions in Taproot use Bech32m encoding with version bytes. A post-quantum script version (e.g., Taproot v2) would use a new version byte, resulting in a new address prefix (e.g., bc1p... for version 2). Address length increases due to larger public keys/signatures but encoding remains Bech32m.
New Student Explanation: Bitcoin addresses encode the script version and program. A new quantum-resistant script version would just increment the version number, changing the prefix slightly (like bc1q for v0 SegWit, bc1p for v1 Taproot). The format stays the same.
Marking Notes: 1 mark. Key concept: script versioning via Bech32m.
4. B) Soft fork introducing new script version (e.g., Taproot v2) with PQ pubkeys; users migrate voluntarily
Explanation: Bitcoin upgrades via soft forks. A new script version (e.g., OP_CHECKSIG for PQ keys) allows voluntary migration. Users move funds to new PQ-secured scripts at their own pace. Hard forks, forced expiration, or automatic conversion violate Bitcoin's consensus principles and user sovereignty.
New Student Explanation: Bitcoin changes rules only via soft forks (backward compatible). A new "script version" lets people create quantum-safe addresses. Nobody is forced to move; you migrate when ready. This preserves user control.
Marking Notes: 1 mark. Emphasize voluntary migration and soft fork mechanism.
5. B) Reduces 256-bit preimage resistance to 128-bit (still secure)
Explanation: Grover's algorithm provides a quadratic speedup for brute-force search. For a 256-bit hash, preimage resistance drops from 2^256 to 2^128 operations. 128-bit security is considered computationally infeasible for the foreseeable future. Collision resistance drops to 2^85 (birthday bound + Grover), but Bitcoin primarily relies on preimage resistance.
New Student Explanation: Quantum computers can search unsorted databases faster (Grover's algorithm). For SHA-256, this means the effective security is cut in half: 256 bits → 128 bits. 128-bit security is still astronomically strong—no foreseeable computer can break it.
Marking Notes: 1 mark. Must distinguish preimage vs collision resistance and note 128-bit is still secure.
Section 2: Privacy, Scripting & Layer 2 Advances (Questions 6-10)
6. B) Makes all transactions look identical on-chain regardless of script complexity
Explanation: Taproot uses MAST (Merkleized Abstract Syntax Trees) and key-path spending. Complex scripts (multi-sig, timelocks, HTLCs) can be spent via a single aggregated public key (key path), making them indistinguishable from simple single-sig spends. Only if key-path fails is the script revealed (script path).
New Student Explanation: Before Taproot, a 2-of-3 multisig looked different from a single-sig on-chain. With Taproot, both can look like a single public key spend. The complex script is hidden inside a Merkle tree and only revealed if there's a dispute.
Marking Notes: 1 mark. Key terms: MAST, key-path spending, script-path spending.
7. B) Reduces transaction size by aggregating multiple signatures into one
Explanation: Schnorr signatures allow linear aggregation: multiple signatures (s1, s2, ...) on the same message can be combined into a single signature (s = s1 + s2 + ...). CISA applies this across inputs in a transaction, replacing n signatures with 1, saving ~64 bytes per additional input.
New Student Explanation: Normally each input needs its own signature. With Schnorr, if you're spending multiple inputs in one transaction, you can mathematically combine all signatures into one. This makes transactions smaller and cheaper.
Marking Notes: 1 mark. Mention linear aggregation property and byte savings.
8. B) Hash Time-Locked Contracts (HTLCs)
Explanation: HTLCs use a hashlock (preimage reveal) and timelock (refund path). The payment either succeeds atomically (preimage propagates back) or fails (timelocks expire, funds return). Intermediate nodes cannot steal because they must reveal the preimage to claim incoming funds, which simultaneously allows them to claim outgoing funds.
New Student Explanation: HTLC is a smart contract: "I'll pay you if you show me the secret (preimage) within 24 hours, otherwise I get my money back." In a multi-hop payment, each node uses the same secret. To get paid, a node must reveal the secret, which lets the previous node get paid too. Atomic—all or nothing.
Marking Notes: 1 mark. Key mechanism: hashlock + timelock, atomicity.
9. B) PTLCs use adaptor signatures, removing the on-chain hashlink and improving privacy
Explanation: HTLCs reveal the same hash preimage on-chain for all hops, linking them. PTLCs (Point Time-Locked Contracts) use adaptor signatures (scriptless scripts) where the "secret" is a scalar offset to a signature. No hash appears on-chain; each hop uses a different point, breaking the linkability.
New Student Explanation: HTLCs leave a fingerprint—the same hash appears in every hop's contract. PTLCs replace the hash with cryptographic magic (adaptor signatures) so nothing links the hops on-chain. Better privacy, same security.
Marking Notes: 1 mark. Key terms: adaptor signatures, scriptless scripts, on-chain linkability.
10. A) Ark requires trusting the Ark Service Provider (ASP) for liquidity but not custody
Explanation: Ark uses an ASP to coordinate VTXO (Virtual UTXO) creation and redemption. Users trust the ASP for liquidity (always available to swap VTXOs) and timely boarding/exiting, but the ASP never has unilateral custody—funds are in a shared UTXO with time-locked exit paths. Unlike Lightning, no inbound liquidity management by user.
New Student Explanation: Ark is like a "Lightning-lite" where a service provider (ASP) manages the complex channel stuff. You trust them to be online and process your exits, but they can't run away with your money—Bitcoin's time-locks protect you.
Marking Notes: 1 mark. Distinguish: liquidity trust vs custody trust. ASP cannot steal (non-custodial).
Section 3: MEV, Consensus & Sidechains (Questions 11-15)
11. B) Miners reordering/inserting transactions to maximize fee revenue beyond standard fees
Explanation: MEV (Miner/Maximal Extractable Value) refers to value extractable by block producers through arbitrary transaction ordering, insertion, or censorship within blocks they produce. In Bitcoin, this primarily manifests as fee sniping, replacement cycling, or potential future DeFi-like MEV on layers (e.g., DEX arbitrage on Rootstock/Stacks).
New Student Explanation: Miners choose which transactions go in a block and in what order. They can "front-run" (insert their own transaction before yours) or "sandwich" (buy before you, sell after) to profit. This is MEV—extra profit beyond normal fees.
Marking Notes: 1 mark. Core concept: transaction ordering power → extra revenue.
12. A) Encrypted mempool (threshold encryption)
Explanation: Encrypted mempool (using threshold encryption or PVSS) hides transaction contents until inclusion, preventing frontrunning/sandwiching. Transactions are encrypted to a committee; decryption shares released only after block commitment. Other options are nonsensical (block size increase doesn't help, removing fees breaks incentives, txid ordering is predictable).
New Student Explanation: If miners can't see transaction details before committing to a block, they can't front-run. Encrypted mempool = transactions are sealed until the block is finalized.
Marking Notes: 1 mark. Threshold encryption / PVSS (Publicly Verifiable Secret Sharing) is the technical approach.
13. B) Federated sidechains trust a fixed set of functionaries; drivechains trust Bitcoin miners via hashrate escrow
Explanation: Liquid/Rootstock trust a federation of known entities (functionaries) to custody BTC. Drivechains (BIP-300/301) propose using Bitcoin miners as the custodians via a "hashrate escrow" mechanism where miners vote on withdrawal bundles over months, trusting the majority hashrate honesty.
New Student Explanation: Liquid: "Trust these 15 companies." Drivechains: "Trust Bitcoin miners (who already secure Bitcoin) to also secure the sidechain." Different trust models—known entities vs. anonymous hashrate majority.
Marking Notes: 1 mark. Key terms: functionaries, hashrate escrow, withdrawal voting.
14. C) Speedy Trial (BIP-9 with 90% threshold over shorter period)
Explanation: Taproot used "Speedy Trial" (BIP-9 variant): 90% signaling threshold over 2016-block periods (approx 2 weeks), with a timeout height. Activated at block 709,632 (Nov 2021). LOT=true (BIP-8) was debated but not used. BIP-9 original had 95% threshold.
New Student Explanation: Taproot activation was a "trial run" with lower threshold (90% vs 95%) and shorter windows (2 weeks vs ~3 months). Miners signaled support quickly, and it locked in within 3 months.
Marking Notes: 1 mark. Specifics: 90%, 2016 blocks, timeout height, Nov 2021 activation.
15. D) All of the above are real proposals
Explanation: OP_CAT (BIP-347) concatenates stack items, enabling covenants and vaults. OP_CHECKSIGFROMSTACK (BIP-118, APO) enables delegation and eltoo. OP_ZKVERIFY is hypothetical but represents the class of ZK-verification opcodes (e.g., BitVM-style verification) actively researched. All are real soft fork proposals to enhance Bitcoin's expressivity for trust-minimized bridges/rollups.
New Student Explanation: Bitcoin's scripting language is intentionally limited. These proposals add new "words" (opcodes) to let scripts do more: verify ZK proofs, check signatures on arbitrary data, concatenate data. This enables trust-minimized bridges and rollups.
Marking Notes: 1 mark. Recognize all three as active research/proposal areas.
Section 4: Scaling, State Management & Future Directions (Questions 16-20)
16. C) UTXO expiration / state rent proposals (e.g., via consensus change)
Explanation: Utreexo and AssumeUTXO improve validation efficiency (sync speed, memory) but don't remove UTXOs. State rent/expiration proposals (controversial, not activated) would actually remove/expire unused UTXOs to bound state growth.
New Student Explanation: Utreexo = "compress the UTXO set with math (accumulators)." AssumeUTXO = "assume a recent UTXO snapshot is valid to sync faster." State rent = "pay to keep your UTXO alive, or it gets deleted." Only the last one actually reduces the number of UTXOs.
Marking Notes: 1 mark. Distinguish: efficiency improvements vs. state growth reduction.
17. B) Utreexo is a dynamic accumulator for UTXO set; AssumeUTXO is a snapshot-based sync assumption
Explanation: Utreexo uses a forest of Merkle trees (dynamic accumulator) to represent the UTXO set with O(log n) proofs, enabling stateless validation. AssumeUTXO lets nodes assume a historical UTXO snapshot is valid, deferring full validation. Utreexo requires consensus change (new proof format); AssumeUTXO is client-side (no consensus change).
New Student Explanation: Utreexo: "Prove a UTXO exists without storing all UTXOs—math magic (accumulators)." AssumeUTXO: "Trust a snapshot from 10,000 blocks ago, verify the rest." Different problems: Utreexo = storage; AssumeUTXO = sync time.
Marking Notes: 1 mark. Key distinction: accumulator vs snapshot, consensus vs client-side.
18. B) Breaks the common-input-ownership heuristic by having the receiver contribute an input
Explanation: Standard CoinJoin: multiple senders mix. PayJoin (P2EP): Sender + Receiver collaborate. Receiver adds an input, breaking the heuristic that all inputs belong to sender. Looks like a normal payment on-chain (2 inputs, 2 outputs).
New Student Explanation: Chain analysis assumes all inputs in a transaction belong to the same person. PayJoin breaks this: the receiver adds an input, so it looks like Alice paid Bob, but actually they collaborated to confuse analysts.
Marking Notes: 1 mark. Key term: common-input-ownership heuristic (CIOH). P2EP = Pay-to-End-Point.
19. A) Bitcoin's scripting language cannot verify other chains' consensus rules
Explanation: Bitcoin Script lacks the expressive power (no SPV verification opcodes for arbitrary chains, no light client support) to trustlessly verify another chain's state/consensus. This requires either trusted bridges (federations) or a Bitcoin soft fork (e.g., drivechains, ZK-verify opcodes, OP_CAT for covenants).
New Student Explanation: Bitcoin can't "read" Ethereum or Solana. To move BTC trustlessly to another chain, Bitcoin needs to verify that chain's consensus. Current Script can't do that. Need new opcodes (soft fork) or trust a federation.
Marking Notes: 1 mark. Core limitation: Script expressivity / lack of SPV verification opcodes.
20. D) Sharding the base layer
Explanation: Sharding splits the base layer consensus/state. Bitcoin explicitly avoids base-layer sharding to preserve decentralization/verifiability (every node validates everything). Ark, Statechains, and Rollups (on Bitcoin via validity proofs or optimistic challenges on layers like BitVM) are Layer 2/off-chain proposals.
New Student Explanation: Sharding = different nodes validate different parts. Bitcoin rejects this—every node must validate everything for maximum decentralization. Ark, Statechains, Rollups are "Layer 2": they build on top without changing base layer rules.
Marking Notes: 1 mark. Bitcoin's design philosophy: no base-layer sharding. L2 solutions preserve base layer properties.