Bird of Prey 2: non-malleable Schnorr + PQ signatures

In the recent discussion on cryptographic methods in Bitcoin, particularly focusing on signature schemes, an important aspect highlighted is the differentiation between existential unforgeability (EUF) and strong unforgeability (SUF). Currently, the industry standard often employs a hybrid approach by concatenating different schemes. However, this method falls short when SUF is required, as seen in applications like Bitcoin where both robustness and security are paramount.

The analysis of various signature schemes reveals that merely nesting one scheme within another does not inherently confer SUF properties to the resultant scheme. For instance, even if the outer scheme possesses SUF characteristics, it doesn’t guarantee that the inner scheme will inherit these properties. This point is vividly illustrated using bip340 for the outer scheme and a post-quantum (PQ) scheme for the inner, demonstrating the challenges in achieving desired security attributes through simple combinations.

The paper under discussion introduces a nuanced approach termed BOP-2, which is one of three proposed constructions. Rather than treating the Schnorr signature scheme as a black-box component, it's approached as an identity scheme. This strategic manipulation of the challenge component in the Schnorr scheme enables the inheritance of the SUF property, regardless of whether the PQ scheme possesses it or not.

Moreover, the topic of batch verification in Bitcoin was explored, questioning its current relevance and feasibility, especially under the constraints posed by post-quantum cryptographic regimes. The email suggests that while certain approaches like isogenies may theoretically offer solutions, their practical performance might be inadequate for operational needs. Additionally, the conversation touches upon the publication strategies of signature components, indicating a predominant focus on the PQ scheme due to its significant role in the overall security framework.

This discourse underscores the complexity of integrating traditional cryptographic methods with emerging quantum-resistant techniques, highlighting the ongoing need for innovative solutions that can meet the stringent security requirements of systems like Bitcoin.