jpeg resistance of various post-quantum signature schemes

The development of BIP-360 is undergoing significant considerations, particularly with the role and implications of SLH-DSA in its architecture. The primary concern surrounds the introduction of novel security assumptions associated with lattice cryptography, which diverges from the confidence placed in hash-based signatures. This divergence has led to a decision against incorporating JPEG resistance capabilities within BIP-360, eliminating the necessity for attestations to discount Post-Quantum Cryptography (PQC) bytes separately.

In light of these considerations, the design of BIP-360 will be simplified significantly by drawing on aspects of BIP-341, specifically by disabling keypath spends for P2QRH. This approach aims to streamline the implementation process despite the complexities introduced by SLH-DSA's performance issues. Notably, SLH-DSA operates at a significantly higher computational cost compared to other cryptographic algorithms, such as FALCON and secp256k1 Schnorr, raising concerns about its potential as a Denial of Service (DoS) vector if discounts were increased to accommodate its use.

Despite these challenges, the inclusion of SLH-DSA remains under consideration due to its perceived benefits. Additionally, there's an ongoing discussion regarding the operational costs of various signature schemes, suggesting a quantification system based on QSigOps per block to compare their efficiencies—secp256k1 being the baseline at 1, FALCON at 10, and SPHINCS at 100. Concurrently, ML-DSA is set to be deprecated due to its similarities in performance and size with FALCON, highlighting a broader effort to streamline and optimize cryptographic practices within BIP-360.

Furthermore, the resolution of JPEG resistance and scaling issues is proposed to be addressed through alternative means. A notable proposition is BitZip, a concept introduced by Ethan for enhancing block-wide transaction compression and scaling PQC signatures via STARK proofs. These forthcoming adjustments to BIP-360 demonstrate a proactive and responsive approach to the evolving landscape of blockchain technology and cryptography, underscoring the importance of community feedback in this iterative development process.