jpeg resistance of various post-quantum signature schemes

The discussion on the suitability of XMSS for distributed systems like Bitcoin highlights significant concerns due to its complex, stateful nature which may pose understanding and operational challenges among a global array of developers, implementers, and users. Given these risks, the alternative of employing ML-DSA is proposed as a favorable option. This choice is attributed to its capacity to balance between the increased block payload sizes resulting from larger signature and public key sizes against the safety and security it offers in anticipation of quantum computing threats capable of undermining classical cryptography.

Furthermore, to enhance security measures until quantum computers become a tangible threat to classical cryptographic methods, a hybrid approach combining ML-DSA with ed25519 or FN-DSA with ed25519 is recommended. This strategy, although increasing complexity and potential implementation risk, is considered a prudent safeguard. This hybrid method aims to offer a robust defense mechanism, ensuring the continued integrity and security of distributed systems such as Bitcoin in the face of evolving quantum computing capabilities.