Falcon Post-Quantum Signature Scheme Proposal

The inquiry from AdamISZ/waxwing delves into the intricacies and considerations surrounding the compatibility of cryptographic schemes with SNARKs, particularly in the context of quantum resistance. The discussion opens with a skepticism about the decisive importance of SNARK-friendly signature schemes, questioning the real implications beyond their literal definition. It acknowledges that most existing SNARKs, including those based on pairings and the discrete logarithm problem, lack quantum resistance, posing a significant challenge for future-proofing cryptographic applications.

The discourse then shifts to explore STARKs as a possible alternative, recognizing them as potentially the only viable option for quantum-resistant SNARKs. However, it raises concerns about the practicality of STARKs due to their large proof sizes, which could impede their implementation. Despite this drawback, the absence of any other known post-quantum SNARK scheme leaves a gap in the cryptographic landscape, highlighting a need for further exploration and development in this area.

Furthermore, the conversation touches upon the complexities involved in integrating such cryptographic proofs into blockchain technology. It points out the current lack of straightforward methods to translate STARK or SNARK proofs into actionable on-chain effects, hinting at a broader issue of how sophisticated cryptographic solutions can be effectively applied within existing frameworks. The email suggests that while advanced hash functions like Poseidon offer some advantages, they do not fully address the challenges of operationalizing these proofs on-chain without resorting to intricate mechanisms currently used in protocols like Glock and BABE.

AdamISZ/waxwing also contemplates the design philosophy behind implementing these cryptographic proofs, contrasting the elegance of a direct verification approach with the messier realities of fraud-proof systems that rely on penalties ("slashing") for security. The message underlines the complexity of making informed design decisions in this evolving field, especially when considering the potential for alternative, albeit less streamlined, solutions like HTLCs over PTLCs.

Overall, the email from AdamISZ/waxwing encapsulates a deep technical inquiry into the future of cryptographic schemes in the face of quantum computing challenges, emphasizing the need for innovative solutions that balance theoretical robustness with practical feasibility.