Hi Boris, Just to add to what Mike said: one of the most interesting questions is whether MPC considerations should inform parameter selection. As of right now, the generic MPC approach seems rather impractical, but that shouldn't discourage experimentation and further research. It's possible to imagine scenarios where 85-minute signing is acceptable.
Moreover, stateful signature schemes like SHRINCS [0] only require a few hashes in the best case, which would make MPC-based N/N multisig significantly more tractable than with full SPHINCS+. However, since SHRINCS signatures are already small, the absolute space savings are smaller. [0] https://delvingbitcoin.org/t/shrincs-324-byte-stateful-post-quantum-signatures-with-static-backups/2158 Jonas -- You received this message because you are subscribed to the Google Groups "Bitcoin Development Mailing List" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion visit https://groups.google.com/d/msgid/bitcoindev/34eaa8a5-69c1-4825-8f00-ff6de755ba09%40gmail.com.
