On May 18, Blockstream, co-founded by Adam Back, published a comparative analysis of four post-quantum signature paradigms applicable to Bitcoin, concluding that a lattice-based scheme is the most promising.
The central argument is that they You can build the same advanced tools that exist in Bitcoinmulti-signature, where multiple parties authorize a transaction with a single signature without sacrificing quantum resistance.
Three of the four families evaluated have limitations that Blockstream considers critical.
- Based on hash functions: Although these are the most secure, they are not compatible with multi-signatures or threshold signatures because signatures cannot be combined, allowing a group to decide that a signature by some of its members is sufficient to verify an operation. The signature weight can be between 3,500 and 8,000 bytes depending on the scheme.
- Based on error correction code: According to the report, they generate signatures that are over 10,000 bytes (compared to Schnorr’s 64 bytes and ECDSA’s 70-72 bytes), making them too heavy for Bitcoin’s block space limitations.
- Based on homogeneous gestures: These produce compact signatures of 200 to 300 bytes, but the document warns that their mathematical complexity makes them difficult to implement securely. According to Blockstream, there will be a “significant period of battle testing” before considering the adoption of Bitcoin.
Advantages and challenges of reticles
The Blockstream article points out that Lattice generates signatures between 1,600 and 4,000 bytes and retains mathematical properties that allow key combinations and multi-signature construction. “The lattice could open the door to advanced modifications such as post-quantum multiple signatures, zero-knowledge proofs, and sensitive assets,” the team noted.
The reticle is the basis of ML-DSA (previously known as dilithium), a post-quantum signature standard that was officially approved by the National Institute of Standards and Technology (NIST) in 2024. This is not an experimental bet, but a family that has already gone through years of international crypto review. This data determines the block stream selection. Verifiable and external to the companyHowever, the team at the company Buck co-founded did not include a formal proposal or implementation schedule for Bitcoin.
However, according to the report, implementation difficulties include: Most relevant pending restrictions for this family.
In the case of crosshairs, this is a significant increase in size compared to the current scheme used in Bitcoin. The lattice signature is 22 to 55 times heavier than the ECDSA elliptic curve scheme signature and 25 to 62 times heavier than the Schnorr signature (included in Taproot 2021). Both would be vulnerable to sufficiently powerful quantum computers.
In Bitcoin, each transaction contains at least one signature, and blocks have a fixed space limit. The heavier the signature, the fewer transactions per block and the more competition for that space. High user fees. This impact on networks is one of the central challenges that must be resolved in the post-quantum transition.
What Blockstream has already tried
As explained by CriptoNoticias, in March Blockstream broadcast the first transaction signed with SHRINCS, a proprietary post-quantum scheme based on hash functions, on Liquid Network, the Bitcoin sidechain it operates. SHRINCS belongs to the hash family rather than the lattice family, which indicates that the company is testing different research areas.
The May 18 report therefore focuses on: Aiming for a long-term bet against Bitcoin’s base layerOn the other hand, hashing methods continue to be explored for environments where algebraic flexibility is not a priority. Introducing these developments to Bitcoin will require a consensus process between developers, miners, and node operators, but no formal proposal or date has been set.
(Tag translation) Bitcoin (BTC)
