SHRINCS: 324-byte stateful post-quantum signatures with static backups

The proposed SHRINCS functionality emphasizes a unique approach towards handling wallet seeds in blockchain technology. It mandates that only the device which originally generated the seed can utilize the stateful signing path, while any device importing the wallet seed must adhere to a stateless signing path. This constraint, although necessary for security reasons, limits the possibility of fully offline seed generation, highlighting a significant area that requires further exploration and potential relaxation of restrictions.

In the discourse, there's an acknowledgment of the challenges involved in maintaining secure state on hardware wallets, pointing towards a curiosity about the practicality of such implementations among hardware developers. The conversation introduces the idea of integrating OP_SPHINCS and OP_WOTS as separate operations rather than a unified OP_SHRINCS. This separation proposes a modular approach allowing wallets to implement the SHRINCS scheme via the Taproot tree, catering to those that might prefer a hash-based signature scheme without the capability or desire to maintain state.

However, this modularity raises concerns regarding privacy and efficiency. Allowing wallets to determine their tree structure could inadvertently generate identifiable patterns on the blockchain, compromising user anonymity. Additionally, it is noted that this method might be less efficient - utilizing 16 byte hashes at NIST level one instead of the 32 byte hashes found in the Taproot tree, thereby potentially affecting transaction speed and cost. These insights reflect a thoughtful consideration of the balance between innovation in cryptographic protocols and the practical implications they hold for privacy, security, and usability within the ecosystem.