Great article! The PRISM signature scheme sounds quite promising while being only ~5x the size of existing PK + schnorr signature.
I'm not a mathematician/cryptographer and I didn't quite follow it all, but I appreciate how you applied the signature schemes to existing bitcoin features like HD wallet derivation and key tweaks. (Mostly it made me appreciate all of the cool features we have now in Schnorr sigs and taproot.) This isn't perfect, but it's impressive how much can be replicated with isogeny cryptography.
I feel like we have a moving target, where we need to upgrade to quantum resistant signatures with an unknown deadline, but meanwhile, the cryptographic state of the art is advancing too. The verification times for PRISM are a little concerning, but maybe that won't be the case 10 years from now. I see this as an argument for allowing quantum resistant signature scheme research to cook a while longer before we push an upgrade path. It's all a little fraught when it's urgent but not imminent.
Great article! The PRISM signature scheme sounds quite promising while being only ~5x the size of existing PK + schnorr signature.
I'm not a mathematician/cryptographer and I didn't quite follow it all, but I appreciate how you applied the signature schemes to existing bitcoin features like HD wallet derivation and key tweaks. (Mostly it made me appreciate all of the cool features we have now in Schnorr sigs and taproot.) This isn't perfect, but it's impressive how much can be replicated with isogeny cryptography.
I feel like we have a moving target, where we need to upgrade to quantum resistant signatures with an unknown deadline, but meanwhile, the cryptographic state of the art is advancing too. The verification times for PRISM are a little concerning, but maybe that won't be the case 10 years from now. I see this as an argument for allowing quantum resistant signature scheme research to cook a while longer before we push an upgrade path. It's all a little fraught when it's urgent but not imminent.