Conor Deegan, CTO of Project 11, announced on April 10th:
To approach his research, Deegan referenced the SLH-DSA post-quantum signature scheme created by the National Institute of Standards and Technology (NIST). In his view, this is “the most conservative one we have, and its security is completely reduced to the properties of the hash function; there are no assumptions about lattices or algebraic structures.”
According to Deegan, the issue is the size of the signatures that SLH-DSA generates. “The smallest fast variant produces a signature of 17,088 bytes, while the smallest compact variant is still 7,856 bytes.” This is because the standard is designed to support up to 2^64 signatures per key, and according to Deegan, this feature: Not required in most real systems.
To measure this number, Deegan pointed out that if someone were to sign once every second, it would take 42 times the age of the universe to exhaust their power. In reality, most systems will never require more than a few thousand signatures. As a result, everyone ends up shouldering a heavier signature than necessary and paying a size cost that they will never be able to take advantage of.
THINCS aims to solve this problem by allowing users to specify. How many signatures do I need and what level of security do I need?and find the minimal scheme that satisfies those conditions. According to the image shared by Deegan, for 1,000 signatures with 128-bit security, the optimal scheme produces a signature of 2,512 bytes, compared to 7,856 bytes for the compact SLH-DSA standard.
bitcoin signature
In Bitcoin, signature size is an important factor. Current signatures based on ECDSA systems weigh between 70 and 72 bytes, while post-quantum schemes involve a significant jump. For example, the lightest signature that produces 2,512 bytes of THINCS Approximately 35 times heavier.
For fixed size blocks, this would be: Fewer transactions per block, higher fees And the storage requirements for the nodes also increase. This issue has already been documented in other tests. As reported by CriptoNoticias, the Bitcoin testnet, which uses the NIST ML-DSA standard, had to increase the maximum block size from 4 MB to 64 MB to maintain network liquidity.
Both THINCS and another signature scheme called SHRIMPS, which was created by Blockstream, a company co-founded by Adam Back, and which produces a 2,564-byte signature, aim to reduce this effect without sacrificing post-quantum security (considering it is lighter than the 7,856-byte NIST scheme signature).
Limits of THINCS
The THINCS repository is explicit about its limitations. The generated schematics are not SLH-DSA and are not compatible with official NIST standards. This means that it cannot be used where compliance with these standards is required.
It also hasn’t undergone an independent security audit, which is a common requirement before entrusting sensitive data to an encryption system.
Finally, the repository itself sums it up directly. “Don’t use this to protect anything important.”. THINCS is not an off-the-shelf product for implementation in real systems, but rather a tool for researchers and developers who want to explore how post-quantum signatures can be made smaller based on their specific needs.
(Tag Translation) Bitcoin (BTC)
