To clarify, this proposal has been under active discussion on Delving Bitcoin for several weeks prior to this mailing list post. Including replies from Murch: 

https://delvingbitcoin.org/t/p2wots-post-quantum-utxo-winternitz-signatures/2530

A live signet with full P2WOTS support is live for testing and a wallet demo can be interacted with from my website. I will resubmit the BIP pull request once sufficient mailing list discussion has taken place here as well.

https://block_opuslux.ar.io

Happy to answer any technical questions!

Regards,
Opus Lux

On Monday, June 8th, 2026 at 4:07 PM, opus lux <opusluxofficial@proton.me> wrote:
Hi all,

I's like to officially propose P2WOTS (Pay-to-Winternitz-One-Time-Signature), a new native Bitcoin output type using witness version three. It provides post quantum security using only SHA-256 and contains no elliptic curve key material anywhere.

The 34 byte scriptPubKey commits to a Merkle Key Tree over 64 independent WOTS+ one time key pairs.
This construction directly solves the WOTS+ one time signing limitation, each spend consumes a fresh independent slot key, making address reuse safe without ever violating the one time property.

BIP draft PR:
https://github.com/bitcoin/bips/pull/2194

Looking forward to technical feedback from the community.

Regards,
Opus Lux

--
You received this message because you are subscribed to the Google Groups "Bitcoin Development Mailing List" group.
To unsubscribe from this group and stop receiving emails from it, send an email to bitcoindev+unsubscribe@googlegroups.com.
To view this discussion visit https://groups.google.com/d/msgid/bitcoindev/3fqrs3Vli-C23u7QSQM9h4xVBaow5h_I5YfiVyCY3ij5qMKKYgQ3gcYmhf1Fd1TIHRypfEquAOwkWfn6q-wBvOdzcJ1XfYMP0oduByPl-So%3D%40proton.me.