SHRINCS: 324-byte stateful post-quantum signatures with static backups

The primary concern raised revolves around the security of WOTS (Winternitz One-Time Signature) scheme against the development of specialized hardware, such as ASICs, that could potentially generate alternative signatures by modifying the message in a way that still produces a valid signature. This issue stems from the fear that it might not be too challenging for such technology to find a collision, given the significant resources dedicated to similar tasks in cryptocurrency mining operations. The effectiveness of small checksums in mitigating this risk is also questioned, suggesting they may only slightly increase the difficulty of finding a collision without offering a robust solution.

A proposed method to enhance the immutability of WOTS signatures involves doubling the size of both the envelope and the signature. This approach entails pairing each byte of the message digest with its modulo negated value, creating a scenario where advancing one part of the hash chain necessitates reversing another part. Despite the increased data and computational demands, this solution is considered more efficient than transitioning to alternatives like the Lamport signature scheme, which would entail even greater resource requirements. However, this idea was eventually retracted, indicating a reconsideration or potential discovery of a more viable solution.