Bird of Prey 2: non-malleable Schnorr + PQ signatures

The discussion revolves around the challenges and considerations in selecting appropriate cryptographic schemes under the post-quantum (PQ) regime. Notably, there's a focus on whether existing methods such as isogenies, hash-based systems, and lattices are viable for PQ cryptography. Isogenies, despite being theoretically sound, may not offer the necessary performance efficiencies required for practical applications. Similarly, hash-based systems and lattices each have inherent issues that potentially disqualify them from effective use in PQ environments.

Another significant point of consideration is the batch-verifiability of signatures in post-quantum cryptographic (PQC) schemes compared to Schnorr signatures. The importance of batch verifiability comes into play particularly if the PQC signatures prove to be more costly per signature—even if not necessarily more so per byte—than Schnorr signatures. This suggests that the practicality and cost-effectiveness of implementing PQC schemes could hinge significantly on their capacity for batch verification.

Additionally, there's a query regarding the inclusion of specific components in the publication of cryptographic signatures, specifically \sigma_{sch} and \sigma_{pq}. The conversation hints at a scenario where \sigma_{pq} might be the more dominant element, leading to questions about the necessity of including other elements like R in the published outputs. This aspect underscores the need to consider what information is critical to publish in order to maintain security without compromising efficiency.