SHRINCS achieves very small hash-based signatures using a stateful signer while still allowing for static backups. However, its efficient stateful path requires transferring state to any new device, which is error-prone, so in practice any restored or secondary device will typically fall back to large stateless signatures. SHRIMPS removes this single-device constraint. In settings where each key is used for only a small number of signatures (as is typical in Bitcoin), a static seed backup can be loaded into many independent stateful signing devices, each producing a ~2564-byte signature at 128-bit security. The construction requires an upper bound on the number of device initializations; with a conservative bound of 𝑛dev =210, SHRIMPS signatures are up to three times smaller than SLH-DSA (7872 bytes). SHRIMPS can be combined with SHRINCS: the primary device produces ~324-byte signatures, while any backup device produces signatures under 3 KB.

Seems like the main downside is that you cannot install the same side on a large number of devices.

The compact path requires per-key state: the device stores a counter of compact-path signatures made

With key derivation (similar to BIP-32) from a single seed, each derived key is a separate SHRIMPS instance. The device must maintain this state for every derived key, or store a single bit per key indicating that the fallback path should be used.

Post quantum signatures all seem to come with tradeoffs, but its pretty neat to see people working on new variations. I wonder if someone should tell Nic Carter before he has another panic attack...