Hey Jonas,

I've been busy over the holidays but just got around to reading your delving post on SHRINCS. Big +1 from me, perhaps not in the exact form you propose - i suspect a more modular approach would make standardization easier - But in principle  this would be awesome to have as an option. It has pitfalls, but until more size-efficient stateless schemes like SQIsign mature, stateful HBS schemes are the smallest signatures available. Full thoughts on delving here  

regards,
conduition

On Tuesday, December 16, 2025 at 3:30:58 AM UTC-5 Jonas Nick wrote:
Hi Boris,

Just to add to what Mike said: one of the most interesting questions is whether
MPC considerations should inform parameter selection. As of right now, the
generic MPC approach seems rather impractical, but that shouldn't discourage
experimentation and further research. It's possible to imagine scenarios where
85-minute signing is acceptable.

Moreover, stateful signature schemes like SHRINCS [0] only require a few hashes
in the best case, which would make MPC-based N/N multisig significantly more
tractable than with full SPHINCS+. However, since SHRINCS signatures are already
small, the absolute space savings are smaller.

[0] https://delvingbitcoin.org/t/shrincs-324-byte-stateful-post-quantum-signatures-with-static-backups/2158

Jonas

--
You received this message because you are subscribed to the Google Groups "Bitcoin Development Mailing List" group.
To unsubscribe from this group and stop receiving emails from it, send an email to bitcoindev+unsubscribe@googlegroups.com.
To view this discussion visit https://groups.google.com/d/msgid/bitcoindev/58e6a5e3-8705-43f5-8187-724b8e3a62den%40googlegroups.com.