Falcon Post-Quantum Signature Scheme Proposal

In a recent development shared on the Bitcoin Development Mailing List, a technical demonstration integrating the Falcon post-quantum signature scheme into Bitcoin Core has been undertaken. This integration, implemented as a soft fork within the classic Pay to Witness Public Key Hash (P2WPKH) mode, serves as a practical reference for future consideration of Falcon's adoption, especially with its nearing status of FIPS standardization. The project is accessible for review at this GitHub repository.

Falcon stands out as a lattice-based, post-quantum digital signature scheme that promises security against quantum computer attacks. It is noted for its smaller public key and signature sizes compared to other post-quantum cryptography (PQC) candidates such as SPHINCS+ and ML-DSA. Additionally, Falcon boasts efficient signing and verification times without requiring external dependencies, implemented purely in C.

Benchmarking results reveal Falcon's performance efficiency over ECDSA, which is currently employed in Bitcoin. Specifically, Falcon significantly reduces public key and signature sizes while also improving verification times—a critical factor in Bitcoin transactions where verification speed is paramount due to the verification process being handled by nodes rather than by client-side wallets.

The integration process involved incorporating Falcon directly from its original GitHub repository into the Bitcoin Core codebase, updating the build system to support Falcon, and enabling soft-fork activation through a new script verification flag. These steps underline the feasibility and benefits of adopting Falcon within Bitcoin, showcasing potential improvements in transaction processing efficiency and post-quantum security.

Looking forward, this project aims to serve as a benchmark and reference for the Bitcoin community as it contemplates the integration of post-quantum cryptographic algorithms like Falcon. As Falcon moves closer to FIPS standardization, its adoption could address significant concerns regarding quantum computing threats, while also offering practical advantages in terms of performance and efficiency over existing cryptographic methods used within Bitcoin.