Falcon Post-Quantum Signature Scheme Proposal

This integration, implemented as a soft fork within the classic Pay to Witness Public Key Hash (P2WPKH) mode, serves as a practical reference for future consideration of Falcon's adoption, especially as it nears FIPS standardization. The project is accessible for review at a GitHub repository. Falcon is a lattice-based, post-quantum digital signature scheme that promises security against quantum computer attacks. It is noted for its smaller public key and signature sizes compared to other post-quantum cryptography candidates and boasts efficient signing and verification times without requiring external dependencies, implemented purely in C.

The discussion further explores the challenges related to increasing transaction sizes due to post-quantum cryptographic schemes. It acknowledges efforts to address these issues by selecting plausible schemes but notes the significant size increase—20 times larger than current standards. The potential solution of batched signing within various PQ schemes is explored for its ability to manage transactions more efficiently in a future where keys and signatures are expected to be much larger. However, an initial investigation into Falcon indicates it may not support batched signing, underscoring the need for further research.

Further discussions highlight significant aspects of post-quantum cryptography implementations for Bitcoin, focusing on the Falcon signature scheme's deterministic mode. This mode is emphasized due to its software floating-point emulation, which mitigates side-channel attack risks. Despite performance trade-offs, this approach is suitable for Bitcoin, where verification processes are critical. Additionally, limitations of other schemes like SPHINCS+ are discussed, noting their unsuitability for Bitcoin-like applications due to substantial signature overhead and incompatibility with Trusted Platform Module-based state management systems.

In the ongoing exploration of cryptographic schemes compatible with SNARKs, particularly regarding quantum resistance, the necessity and implications of SNARK-friendly signature schemes are questioned. The discussion points toward STARKs as a viable option for quantum-resistant SNARKs despite concerns about their large proof sizes. Furthermore, the conversation touches upon the practicality of integrating such cryptographic proofs into blockchain technology and the complexities involved in translating these proofs into actionable on-chain effects.

Lastly, the discussion turns to the challenges and considerations surrounding the implementation of post-quantum cryptographic schemes within Bitcoin. It emphasizes the need for careful consideration of both theoretical ideals and operational realities in integrating these new technologies. The discourse suggests a balanced perspective, valuing innovative approaches while critically assessing their impact on the broader ecosystem. This includes skepticism about prioritizing arithmetic circuit optimization for SNARKs, suggesting ZK-STARKs as a more viable option due to their quantum security and scalability benefits.