Falcon Post-Quantum Signature Scheme Proposal

In the ongoing discussion about potential fallback options for the SHRINCS protocol, one proposed solution includes leveraging SPHINCS+ as an alternative. This approach suggests setting a significant upper limit on the number of signatures, specifically around 2^30 to 2^40, to minimize signature size. This would make SPHINCS+ a viable option primarily in rare situations, primarily to facilitate the transfer of assets to a new address in the case of a fallback event. Such a mechanism aims to address concerns without imposing undue burden under normal operational circumstances.

The conversation also touches upon the inherent challenges associated with statefulness in cryptographic schemes. The inefficiency of SHA-based schemes like SPHINCS+ within SNARK settings is acknowledged, alongside the proposal that future adaptations could incorporate SNARK-friendly hash functions such as Poseidon. This adaptation is suggested as a means to significantly enhance efficiency, though it raises the question of prioritizing explicitly SNARK-compatible signature schemes. While recognizing the benefits of such compatibility, the debate remains open regarding its criticality in decision-making processes.

Moreover, there's a curiosity about the SNARK-friendliness of Falcon and whether any research or benchmarks exist that evaluate its performance in SNARK environments. This inquiry underscores a broader interest in understanding and possibly integrating SNARK-compatible technologies.

Lastly, the email briefly mentions SQIsign, noting its promisingly small signature sizes. However, it conveys a cautious stance on immediate adoption, suggesting that more time is needed for the scheme to develop and prove its reliability and viability in practical applications. This reflects a prudent approach to adopting cryptographic innovations, emphasizing the importance of maturity and thorough vetting before integration into existing systems.