Often, I skim most of the quantum stuff because the explanations trend heavily towards the technical and I don't see how spending a ton of time trying understand the math is really that useful for a layman like myself.
Still, it's nice to have a general sense of things, and here we have both @niftynei (the linked article) and @bitcoin_devs (#1064943, #1065841) giving us more accessible explanation of a new signature scheme proposed by roasbeef.
Tl;dr - quantum resistant signatures are bigger than the signatures currently used by Bitcoin. "A Segwit v1 Schnorr signature is 64-bytes of onchain data; comparable SPHINCS+ benchmark sigs are 3-7k bytes." But unlike some other hash based signature schemes, SPHINCS+ can safely sign multiple times.
The real reason I like nifty's article is that she does a great job of explaining some of the obstacles we are dealing with in developing and adopting a QR scheme.
Wow the data usage skyrocketed
🙌🙏
Really appreciated this post and nifty’s breakdown. SPHINCS+ has always felt like one of those “important but intimidating” topics, and this article made it way more digestible. The comparison between Schnorr and SPHINCS+ signature sizes puts things into perspective—3–7kB per signature is no joke when thinking about scalability on-chain. But it’s fascinating that SPHINCS+ can handle multiple signatures securely, unlike other hash-based schemes. That alone makes it worth watching. Definitely agree that the real value here is in understanding the trade-offs we’ll face in post-quantum Bitcoin, not just the raw math. Props to nifty for making QR cryptography approachable without dumbing it down