Replying to Avatar niftynei() ๐Ÿ‡บ๐Ÿ‡ธ๐Ÿ’ธ๐Ÿงก

As of right now, there's no post-quantum signatures that *don't* eat up a lot of blockspace. There's no getting around this fact. What's cool about SPHINCS+ is that you can tune it to have smaller signatures, depending on how many resigns you need.

Exactly how big those signatures are won't be known until the BIP parameters get proposed, but they'll very likely be on the order of 50-100x larger than existing sigs

Elliptic curves are *really* elegant in how densely you can get 128-bit security; unfortunately they're (theoretically) breakable.

SPHINCS+ is pretty complex and I was questioning whether we really needed all the complexity for sigs; unfortunately I think the answer is yes and we will either have to increase the block size, accept lower through put, or pick a different option entirely like zero-knowledge proofs.
c3
5Cacti 5mo ago

Thanks so much for explaining all this. I suppose it would be reasonable to think the cost of storage capacity should keep reducing non linearly, whereas the block chain only grows in size linearly, so in a few years maybe making each block 50x bigger might not matter much to node operators?

Reply to this note

Please Login to reply.

Discussion

No replies yet.