SHRINCS: 324-byte stateful post-quantum signatures with static backups

The issue of wallet software not being able to confirm with absolute certainty whether its seed is in use across multiple devices poses significant security challenges. This uncertainty arises from users' ability to copy wallet data files between computers, a practice that can sometimes occur accidentally, such as during the cloning of an operating system for backup recovery purposes. A pertinent example of the risks involved is highlighted by individuals who have lost cryptocurrency due to "punishment transactions" after restoring outdated lightning channel states.

In contrast to the issues faced with lightning networks, SHRINCS wallets may offer a partial solution by providing some indications of potential state loss or corruption. For instance, if a wallet detects new outgoing transactions that were not present the last time it was accessed, it could signal the need for caution before proceeding with further transactions. This mechanism suggests a proactive approach to preventing errors related to state mismanagement.

State management concerns are particularly relevant for keys that have been used to issue XMSS signatures. In scenarios where the state may be corrupted or a seed imported, hot-wallets could employ heuristics to make educated guesses about the safety of using XMSS keys for certain addresses. For example, if an address has never received coins, it might be assumed safe to use for XMSS signatures if it later acquires UTXOs. However, this approach relies on assumptions about user behavior, introducing potential risks.

To address these concerns, one proposed solution is to replace the OP_WOTS opcode with OP_XMSS, utilizing NIST-1 length hashes for the XMSS protocol. This adjustment aims to encourage practices that reduce the risk of address reuse, although its effectiveness and efficiency remain subjects of debate. The preference for OP_XMSS over combining opcodes for unbalanced XMSS and sphincs keys stems from an aesthetic and organizational standpoint, emphasizing the availability of existing tools to manage binary logic for payment conditions without introducing unnecessary complexity.