Post-Quantum HD-Wallets, Silent Payments, Key Aggregation, and Threshold Signatures

The discussion centers around the evaluation of a cryptographic paper titled "A Secure Hierarchical Deterministic Wallet with Stealth Address from Lattices" and its implications for blockchain systems, particularly in the context of post-quantum cryptography. The critique highlights the authors' acknowledgment of the impractical size of signatures and keys for blockchain application, pointing out that their design leads to significantly large signature and key sizes, which may not be feasible for practical use within cryptocurrency systems. This issue is attributed to the necessity of including a full matrix in the public key, as opposed to a pseudorandom seed, to add the required algebraic structure for security, drawing a parallel to challenges faced by other researchers in the field.

Further analysis raises concerns about the complexity and additional security demands introduced by the need for Public Key Encryption (PKE) schemes to ensure unlinkability between transactions, where the extended public key information remains confidential between the payee and payer through shared secret information. This aspect introduces a higher level of complexity and security requirements beyond what is standard.

The paper's lack of concrete parameters leaves room for speculation regarding the actual size of keys and signatures, suggesting that without specific details, the size could be considerably larger than current standards, making reference to mathematical notation to estimate the potential size implications for key and signature infrastructure within this scheme.

Additionally, the role of a trusted third party in generating the public parameter set, including a public matrix A, is mentioned without detailed justification or exploration of the risks associated with collusion or misbehavior by such an entity. This oversight raises questions about the trust model and its suitability for decentralized systems like blockchain.

Comparative analysis with existing schemes such as ML-DSA reveals that while the proposed solution boasts comparable signature sizes, the public key sizes are significantly larger, which could undermine the practicality and efficiency of the scheme despite its innovative approach to achieving stealth addresses and enhancing privacy in cryptocurrency transactions.