Thanks for sharing this. As a non technical person, I read near the start that it will take up way too much block space but then at the end the author is a fan. I couldn't see anything in between that explained how the block space issue would be addressed. What did I miss? Sorry for the dumb question.
NEW FROM THE INSIDER EDITION: SPHINCS+ was introduced as a proposal to add a post-quantum signature scheme to bitcoin.
There's rough consensus, that at some point, we'll need to transition to post-quantum signatures. SPHINCS+ is a promising path forward.
In our latest post, nostr:npub1e0z776cpe0gllgktjk54fuzv8pdfxmq6smsmh8xd7t8s7n474n9smk0txy breaks down the proposal and analyzes its various components.
Full post here 👇
https://insider.btcpp.dev/p/sphincs
Discussion
As of right now, there's no post-quantum signatures that *don't* eat up a lot of blockspace. There's no getting around this fact. What's cool about SPHINCS+ is that you can tune it to have smaller signatures, depending on how many resigns you need.
Exactly how big those signatures are won't be known until the BIP parameters get proposed, but they'll very likely be on the order of 50-100x larger than existing sigs
Elliptic curves are *really* elegant in how densely you can get 128-bit security; unfortunately they're (theoretically) breakable.
SPHINCS+ is pretty complex and I was questioning whether we really needed all the complexity for sigs; unfortunately I think the answer is yes and we will either have to increase the block size, accept lower through put, or pick a different option entirely like zero-knowledge proofs.
notes like this make me happy.
thankful some are drawn to working on important things in advance of when they’re needed.
Thanks so much for explaining all this. I suppose it would be reasonable to think the cost of storage capacity should keep reducing non linearly, whereas the block chain only grows in size linearly, so in a few years maybe making each block 50x bigger might not matter much to node operators?