Hash-Based Signatures for Bitcoin's Post-Quantum Future

In recent discussions within the Bitcoin development community, innovative strategies for enhancing Bitcoin's security in the face of potential quantum computing threats have been proposed. One noteworthy approach involves the introduction of two new opcodes: OP_CTV (Commit to Transaction Version) and OP_CHECKTXIDDEPTHVERIFY. These opcodes facilitate a method where a secret is committed in one block and revealed in a subsequent block, effectively leveraging time asymmetry to address information asymmetry issues without necessitating comprehensive signature schemes. This technique, which relies on anchor-gated, template-bound spending, aims to provide a simpler, yet effective alternative to complex quantum-resistant signature mechanisms. For further technical insights, a detailed explanation can be found at this link.

Parallelly, another segment of the community spearheaded by Blockstream Research has delved into hash-based signatures, particularly examining their viability as a post-quantum solution for Bitcoin. Their investigation, summarized in a detailed report available at eprint.iacr.org/2025/2203.pdf, evaluates various aspects such as parameter selections, security analysis, and implementation considerations of hash-based schemes like SPHINCS+. The accompanying scripts supporting this research are accessible at BlockstreamResearch/SPHINCS-Parameters on GitHub. Hash-based signatures emerge as a compelling choice due to their reliance on the well-established security of hash functions, simplicity, and the extensive cryptanalysis they've undergone. Despite concerns regarding their larger signature sizes, optimizations and adjustments in signature bounds are suggested to mitigate these drawbacks while maintaining reasonable signing times and adhering to desired security levels.

The discourse around implementing these solutions includes critical considerations on whether to adopt exclusively stateless schemes or incorporate stateful options, recognizing the operational complexities the latter might introduce. The ramifications on Hierarchical Deterministic Wallets and the efficiency of multi-signature approaches under these new schemes were also scrutinized, highlighting both challenges and opportunities for innovation in key management and signature validation processes. The community is called upon to provide feedback, especially on performance requirements across varied hardware and the potential standardization of multiple schemes to accommodate different signature limits. Such dialogue underscores a collective endeavor to bolster Bitcoin’s resilience against quantum computational advances, ensuring its security and reliability for future generations.