SHRINCS: 324-byte stateful post-quantum signatures with static backups

By leveraging an unbalanced XMSS tree for stateful operations and a variant of SPHINCS+ for stateless operations, SHRINCS achieves a high level of operational efficiency under typical conditions while ensuring reliability through a fallback mechanism in case of state loss or corruption. This dual-mode functionality is supported by a public key derived from both the stateful and stateless public keys, allowing seamless operation across modes depending on the state's integrity.

The scheme addresses the primary challenge of managing the state securely, mitigating risks associated with mismanagement through its ability to switch to stateless signatures when necessary. The innovative use of WOTS+C within the stateful path enhances both efficiency and security. Furthermore, the paper "Hash-based Signatures for Bitcoin," co-authored by Mikhail Kudinov, provides detailed insights into SHRINCS' architecture and potential applications, highlighting its significance in the field of post-quantum cryptography (PQC).

The adequacy of a 128-bit security level in PQC is critically evaluated, revealing that such a level effectively offers only a 64-bit security level against quantum attacks facilitated by Grover's algorithm. This analysis underscores the importance of considering cryptographic strength through the lens of quantum-resistant metrics, emphasizing the necessity for ongoing evolution in cryptographic practices to address the challenges posed by quantum computing advancements.

In addition to security considerations, the discussion explores the Winternitz One-Time Signature Scheme (WOTS) and its checksum mechanism's role in preventing specific types of attacks. This mechanism ensures the authenticity of messages by invalidating attempts to impersonate or replace the original message during the verification process. The exploration also touches upon efficient checksum strategies using modulo negated values, offering a compact alternative to traditional methods.

Concerns are raised about the vulnerability of WOTS to specialized hardware capable of generating alternative signatures, suggesting the enlargement of envelope and signature sizes as potential solutions. However, this idea was later retracted, indicating ongoing deliberations for more viable solutions.

SHRINCS' approach to managing wallet seeds introduces constraints to enhance security but raises questions regarding the practicality and flexibility of seed generation and state management across devices. The discourse also covers the implications of user behavior and device interactions on security, suggesting mechanisms to detect potential state loss or corruption. Moreover, the integration of TPM technology for secure state management on non-dedicated devices is discussed, highlighting the potential to improve software wallets' usability and security.

Lastly, the conversation delves into advanced security measures, including the use of state commitments and the exploration of various technologies for securing cryptographic operations. The dialogue encapsulates a broad perspective on securing cryptographic operations, advocating for flexibility, creativity, and thorough consideration in developing and implementing security measures against quantum computing threats and other vulnerabilities.