Falcon Post-Quantum Signature Scheme Proposal

The initiative, accessible for review at this GitHub repository, underscores the lattice-based scheme's advantages in terms of smaller public key and signature sizes compared to other post-quantum cryptography candidates. This integration is particularly notable for its emphasis on efficiency, with Falcon offering improved signing and verification times crucial for maintaining transaction processing speed in Bitcoin's decentralized network.

Challenges associated with integrating post-quantum cryptographic schemes into blockchain technology, especially in terms of increased transaction sizes, are recognized. Solutions such as batched signing offer a potential avenue for addressing scalability concerns while simultaneously promoting privacy enhancements through economic incentives for techniques like coinjoin. However, preliminary investigations indicate that Falcon may not support batched signing, highlighting the necessity for further research into the capabilities of various cryptographic schemes in managing larger transactions efficiently.

Discussions within the Bitcoin Development Mailing List have also shed light on the complexities of implementing Falcon due to its reliance on discrete Gaussian sampling and the modest improvement it offers over existing schemes. As a result, Falcon has been excluded from the upcoming PQ signature opcode BIP. Alternative cryptographic methods and their compatibility with Schnorr signatures and Layer 2 solutions underscore the ongoing efforts to maintain efficiency and security in the face of quantum computing advancements. The exploration of options like LaBRADOR, a lattice-based SNARK for Zero-Knowledge rollups, highlights the innovative approaches being considered to overcome the limitations of post-quantum signature aggregation.

Mikhail Kudinov's email emphasizes the importance of deterministic modes in post-quantum cryptography, particularly for Falcon, to mitigate side-channel attack risks. This approach is viewed as compatible with SNARKs, despite the challenges presented by other schemes like SPHINCS+ and SHRINCS, which face significant hurdles in high-throughput environments and integration with Layer 2 solutions.

The discussion extends to the viability of leveraging SPHINCS+ as a fallback option, suggesting an upper limit on the number of signatures to manage signature size effectively. The conversation acknowledges the inefficiency of SHA-based schemes within SNARK settings and proposes future adaptations to incorporate SNARK-friendly hash functions. Questions about the SNARK-friendliness of Falcon and the potential of schemes like SQIsign reflect a cautious yet open stance toward exploring cryptographic innovations.

AdamISZ/waxwing's inquiry delves into the compatibility of cryptographic schemes with SNARKs amid quantum resistance challenges. The discourse explores STARKs as a quantum-resistant alternative, despite their large proof sizes, and highlights the broader issue of operationalizing advanced cryptographic proofs within blockchain technology. The conversation illustrates the complexity of integrating sophisticated solutions and the need for continued innovation in cryptographic practices to address the emergent challenges posed by quantum computing.

Finally, a study revealing a flaw in quantum key distribution (QKD) underscores the importance of rigorous evaluation in cryptographic security. This development, detailed at IEEE Xplore, serves as a critical reminder of the vulnerabilities that may arise within secure communication technologies, emphasizing the necessity for ongoing research and vigilance in the field of cryptography.