SHRINCS: 324-byte stateful post-quantum signatures with static backups

The discussion revolves around the innovative balance between stateful and stateless hash-based signing introduced by SHRINCS. This approach notably discourages address reuse by incrementally increasing transaction costs for repeated use of the same address, potentially encouraging users to adopt this model despite the fallback to a costly stateless SPHINCS signature in cases where wallet state is lost. However, the scheme is not without vulnerabilities, particularly to fault injection attacks that could lead to disastrous outcomes such as message forgery due to the accidental reset of a hardware wallet's state or duplication of wallet seeds across devices leading to the unintentional reuse of XMSS leaves.

Moreover, the suggestion to incorporate both SPHINCS (or its variants) and WOTS within tapscript, allowing wallets the flexibility to choose between them, presents an alternative framework. This proposition leverages the similarity between XMSS tree structures and taproot's script trees, differing mainly in their node sorting and context-specific hash-tweaking. Although adopting a dual-scheme approach might lack the elegance of a unified signing mechanism, it offers modularity and ease of standardization as Bitcoin Improvement Proposals (BIPs). This method suggests a gradual integration strategy that does not require an outright commitment to both schemes simultaneously, but rather allows for their individual adoption and adaptation through opcode redefinitions.