BIP-XXX: Hybrid SPHINCS+ / secp256k1 Key Derivation for Quantum-Resistant Bitcoin Wallets #2176

This proposes a new wallet-layer BIP for a practical hybrid post-quantum key derivation scheme.

Reference implementation: https://github.com/DigiMancer3D/bip-xxx-sphincs-hybrid

The BIP and code have been written to be immediately usable by wallet developers and advanced users building quantum-resistant paper wallets / cold storage today. It requires no consensus changes and works with existing tools (Electrum, bitaddress.org, Taproot, etc.).

Awaiting BIP editor assignment of a real number (replacing XXX).

@DigiMancer3D Thank you for your proposal, but if I am not mistaken it appears to have been opened here prematurely before submission and discussion on the mail list? Happy to re-open if that is incorrect. See the README and BIP 3 for the process (thanks!)

I was unaware the process had changed. Thanks for the information.

After looking at the readme given.Sent the email

This proposal makes no sense. It doesn’t matter how you generate the private keys, if you continue using the same output scheme: once the public key is revealed the mythical CRQC could calculate the private key from it. Without a consensus change you cannot introduce a new output type, and all currently existing output types are not safe against shortrange attack.

The third program just shows the hybrid signature is usable in current cryptography. This shows I can manipulate the sphincs+ process to get usable keys that can be used as seeds for current cryptography. I got help writing the text cause I don't have good communication skills and they still miss-understood me so the text is not aligned correctly. I don't have the social skills nor communication skills to explain it well. The custom Gaussian sample method just allows really small form factor devices to perform seeding. The setup works on most RPi 3 and newer, i.e. common BTC nodes.

On Tue, May 26, 2026, 7:54 PM Murch @.***> wrote:

murchandamus left a comment (bitcoin/bips#2176) https://github.com/bitcoin/bips/pull/2176#issuecomment-4550297318

This proposal makes no sense. It doesn’t matter how you generate the private keys, if you continue using the same output scheme: once the public key is revealed the mythical CRQC could calculate the private key from it. Without a consensus change you cannot introduce a new output type, and all currently existing output types are not safe against shortrange attack.

— Reply to this email directly, view it on GitHub https://github.com/bitcoin/bips/pull/2176?email_source=notifications&email_token=AENOXME4I5YDMMHS6IUN5P344Y4EHA5CNFSNUABFM5UWIORPF5TWS5BNNB2WEL2JONZXKZKDN5WW2ZLOOQXTINJVGAZDSNZTGE4KM4TFMFZW63VHNVSW45DJN5XKKZLWMVXHJLDGN5XXIZLSL5RWY2LDNM#issuecomment-4550297318, or unsubscribe https://github.com/notifications/unsubscribe-auth/AENOXMEPRVBYSYFPR2TO3GD44Y4EHAVCNFSM6AAAAACZOL4X7SVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHM2DKNJQGI4TOMZRHA . You are receiving this because you were mentioned.Message ID: @.***>

Regardless of the tools you use, it’s your responsibility that your submission reflects your intent. If you are not even going to proofread the LLM-generated documents you’re submitting in your name here, please spare us.