From mboxrd@z Thu Jan 1 00:00:00 1970 Delivery-date: Thu, 28 May 2026 10:27:34 -0700 Received: from mail-oa1-f58.google.com ([209.85.160.58]) by mail.fairlystable.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (Exim 4.94.2) (envelope-from ) id 1wSeW6-0003FZ-3t for bitcoindev@gnusha.org; Thu, 28 May 2026 10:27:34 -0700 Received: by mail-oa1-f58.google.com with SMTP id 586e51a60fabf-43b9486ea01sf6573462fac.0 for ; Thu, 28 May 2026 10:27:33 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1779989248; cv=pass; d=google.com; s=arc-20240605; b=LLfAdASmx/G3FBYTGzbVCpET5B7smJvUY9TMGI4Hj9a8Bq+2doDTOco4SxpY7dTy0g bj5gn7Hk/WOOdNVMT2a+UsBKntsBnoUBQF6SjPxGvktLPGmRUo7rI3m1XMlOqztgaZ2J pIWAzekXvfhdd1ZLB4lbnS7U2S5EtfY1gk514i9+SgLNokDsDRDNqIr2Fy2QNCSDPd2o cvwWczl+YeB4WYdRZmMeFXMBFsPCAvgLo+rfof9N4Q7xpvyHCEein7698F+qK35j3Spl QmlzLqd20K9s4CXqFrjmsnNIAQgNAGW7JTv4vkG//c5hnI36KYly4kBZf04RR5ExblU6 kjvA== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:content-transfer-encoding :in-reply-to:from:content-language:references:to:subject:user-agent :mime-version:date:message-id:sender:dkim-signature; bh=gdwOeXtvbMogj7lVeowdTWWQYwPC3qPVoN4+Ax5K7e8=; fh=7fTTN8XG1b2oTbQtrLTB+/Ctr6VfcUqg9JfAHZDWPXY=; b=C2ySUtvOWmCMhnBxrEnwyTtkL1xgtPUkPQphYwRjvk/T6E/18PX674jHuqVbmXPovI zG/mwE3G+b03KwMzAO7uScYCgyP3c2oX8SPOGBk9MBDi9gaYwlRrN9+tiyVRy83xYIAr FxtT1EYnLZusNpxEIvq8WdVfT8Z+zlRSr+hDFyUrlayZHdk3KHCZy5zi9CVrzE8TQ4hP 3xIUrYQ8kphdpoUYwc0n15DuUAoJthmZPOPatmXwkDZjfdj9266+iz0pLp265Vse1V1W QVdsBNUXEaHQl8eWeRjA91usFBY+Zwyg2LeHpTMWZZlnHCgHK0QIuSgmwOL4ZEi0Tf9s YcIA==; darn=gnusha.org ARC-Authentication-Results: i=2; gmr-mx.google.com; dkim=pass header.i=@murch.one header.s=uberspace header.b="I/tek9Ql"; spf=pass (google.com: domain of murch@murch.one designates 185.26.156.114 as permitted sender) smtp.mailfrom=murch@murch.one DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com; s=20251104; t=1779989248; x=1780594048; darn=gnusha.org; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:x-original-authentication-results :x-original-sender:content-transfer-encoding:in-reply-to:from :content-language:references:to:subject:user-agent:mime-version:date :message-id:sender:from:to:cc:subject:date:message-id:reply-to; bh=gdwOeXtvbMogj7lVeowdTWWQYwPC3qPVoN4+Ax5K7e8=; b=A45k6luYbvZ0icfZ9sNkHeUeAZ4bSSpYHmGJyk0tOYlT5oZsMNFRgKljh6a7iqXYVl ru98J/gpYEIZ7J4Q6vCw5QPVdiDG9pIOpbh5KhZi1I8tlrqPxXIhlP/iG4pId4FiubQ3 kmn6H0mtosPlETBWpttV3u5Zw+U8mGNvq+jquuylSlVnVOwaCOGyD7WWV8Cfmc2sovDD mRFm2S0kTD2SsWEvHcp/jfa31KDcp/Q796++mZRyVJIENSFu4PDGFuL1x/SwxfNQMn+T hmKhYa93FMX7n+HuwaU9w8DLdLQcHA7NpcbnVK7lxUb/63OvTwzxmjEhTOTlVNNsY3im LTUg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1779989248; x=1780594048; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:x-original-authentication-results :x-original-sender:content-transfer-encoding:in-reply-to:from :content-language:references:to:subject:user-agent:mime-version:date :message-id:x-beenthere:x-gm-message-state:sender:from:to:cc:subject :date:message-id:reply-to; bh=gdwOeXtvbMogj7lVeowdTWWQYwPC3qPVoN4+Ax5K7e8=; b=Qvaesjf4xI2fF6Bv3KaBZauwduwm8siGIJBoF5v4AGgjsok6mdcikfOWV0MVat3Fcg r42tHMwMJafVrQm+I14pBJRrceglqyCVuUTecNpltmRi9Zm3XHF+5CX7JcCxEtNXHP3N 43d9Wl9JAAVctOvVyZ/vW8/LHXd9acfMuopR3w5QrVLJdVNJCQSktTplNs8l8LpFlfaO XYkoc1i9PyeAltkk5FQR/mGTRIvxuD5yraEieecqZRKJCg3hsqfaNoTR50qN8uHlCwSx 9mB7rUaglMJ9vsQgzQ7TmtTClESRhGmgoD/M8LQImnIKFuACN20nM6f4qEt5DBp9qCz2 TUMQ== Sender: bitcoindev@googlegroups.com X-Forwarded-Encrypted: i=2; AFNElJ9S2fUd9iRhP756AGhHBnBokkJS3nnRCo5U67bkTn03laxzLZV+IxS3DmSCnPZ9HVr0orRBP+JgU5hO@gnusha.org X-Gm-Message-State: AOJu0YwQTgd5J7ypLqpSrGCQWbTcetu+8IncOVwk398+7Y2F0KTXTyPB 3q4KpaxtynYxmYSRk1JsCiylUB6+VHKqR4YkH8GxZUsTPWWRJO0PZ61o X-Received: by 2002:a05:6871:7d82:b0:43b:6eb9:46a5 with SMTP id 586e51a60fabf-43b6eb95fbbmr11225246fac.13.1779989247857; Thu, 28 May 2026 10:27:27 -0700 (PDT) X-BeenThere: bitcoindev@googlegroups.com; h="AUV6zMPixhDm2EYB/NAZLdN1oauWD5hqy/PidTDgGBSz1gx3mQ==" Received: by 2002:a05:6871:2712:b0:435:a654:4449 with SMTP id 586e51a60fabf-43c51b6e7b5ls605154fac.1.-pod-prod-05-us; Thu, 28 May 2026 10:27:22 -0700 (PDT) X-Received: by 2002:a05:6808:23cd:b0:485:48da:132e with SMTP id 5614622812f47-485e3eb575dmr77826b6e.27.1779989242110; Thu, 28 May 2026 10:27:22 -0700 (PDT) Received: by 2002:ab3:795a:0:b0:2e5:dca6:8eb2 with SMTP id a1c4a302cd1d6-3023219ad16msc7a; Thu, 28 May 2026 10:25:57 -0700 (PDT) X-Received: by 2002:a05:6512:3da4:b0:5a8:80ce:ba55 with SMTP id 2adb3069b0e04-5aa57daaacfmr39857e87.11.1779989155900; Thu, 28 May 2026 10:25:55 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1779989155; cv=none; d=google.com; s=arc-20240605; b=Mh9/h1oB1DE711olQnMAedgzwkTJ/SHyYyW1DpCIogKfziOBtx+z9lUzO8GIzQZVBr GGdjrd5oZ2Wb3EPZOzaSGuRENPV12izPhaz5mUh+WMNNPUeLC1jramdAliJ8NPk2iO7f 2XZ8IU+G6lz4iG4Th1r89qzBIpEN9nx/ERaxPekj7k/d3YMjw7kmESxv1Om8hnF7ppNp 9BG+F1X2xJGZ4WCWOLeInMGlPvk0qLAv9jltUhyRUhVzTvSFJ68jKMNVbraFqaZzZJLF LIAk3zke7Vsv9UKnLD5Sy2aTMGKvQ8/0kcMiOLB3tWCfDN9+LLYXSfKAWXCrNjD4+X8l IwWQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=dkim-signature:content-transfer-encoding:in-reply-to:from :content-language:references:to:subject:user-agent:mime-version:date :message-id; bh=Ji0vgfHOgK6lHifeQiuzgEI+SroBPL9gr6HwrywuX+o=; fh=VcGcg+Zjs9gw1uDcHbxsAILhBAcecnbJzZRdxgKVDIc=; b=cwBfCb3WvLOiZPfXThz3eTYfPqsbU7FttINOZ+g+LSFWvVLK9CFxg6aTLnCwEFuB+t +QLBRykq4a86V3ZoJLuNZzPJ7dNa1GQR1WUkcOZmYjA01GS7SGBpNzni3xK/6wqPqUek PirY0dzrnvvycYZA7xXd8uS0W/rcMKyPGGSGrK+egErRcnPbYeUHlXL4IqpB2WzVRIWT IgvrogjiseEwPu1xgNhjhi7FNWP4DUowurV0NSBeaqjXCfiSuvvXf94PYGsnZMO008xJ vxyqasTwM9Z6u8sUHNUdtobWaPh5n4Gh9p2tqIv5ce+jgDkNfIYtK1i942MyoSa6ykB3 gTXg==; dara=google.com ARC-Authentication-Results: i=1; gmr-mx.google.com; dkim=pass header.i=@murch.one header.s=uberspace header.b="I/tek9Ql"; spf=pass (google.com: domain of murch@murch.one designates 185.26.156.114 as permitted sender) smtp.mailfrom=murch@murch.one Received: from mailgate02.uberspace.is (mailgate02.uberspace.is. [185.26.156.114]) by gmr-mx.google.com with ESMTPS id 38308e7fff4ca-395dc92eeacsi4148411fa.1.2026.05.28.10.25.55 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 28 May 2026 10:25:55 -0700 (PDT) Received-SPF: pass (google.com: domain of murch@murch.one designates 185.26.156.114 as permitted sender) client-ip=185.26.156.114; Received: from farbauti.uberspace.de (farbauti.uberspace.de [185.26.156.235]) by mailgate02.uberspace.is (Postfix) with ESMTPS id 09A3917FF8F for ; Thu, 28 May 2026 19:25:55 +0200 (CEST) Received: (qmail 18522 invoked by uid 989); 28 May 2026 17:25:54 -0000 Received: from unknown (HELO unknown) (::1) by farbauti.uberspace.de (Haraka/3.1.1) with ESMTPSA; Thu, 28 May 2026 19:25:54 +0200 Message-ID: Date: Thu, 28 May 2026 10:25:51 -0700 MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: Re: [bitcoindev] One Time Signatures as an Advantage? To: bitcoindev@googlegroups.com References: Content-Language: en-US From: Murch In-Reply-To: Content-Type: text/plain; charset="UTF-8"; format=flowed Content-Transfer-Encoding: quoted-printable X-Rspamd-Bar: -- X-Rspamd-Report: BAYES_HAM(-2.999999) XM_UA_NO_VERSION(0.01) SUBJECT_ENDS_QUESTION(1) MIME_GOOD(-0.1) X-Rspamd-Score: -2.089999 X-Original-Sender: murch@murch.one X-Original-Authentication-Results: gmr-mx.google.com; dkim=pass header.i=@murch.one header.s=uberspace header.b="I/tek9Ql"; spf=pass (google.com: domain of murch@murch.one designates 185.26.156.114 as permitted sender) smtp.mailfrom=murch@murch.one Precedence: list Mailing-list: list bitcoindev@googlegroups.com; contact bitcoindev+owners@googlegroups.com List-ID: X-Google-Group-Id: 786775582512 List-Post: , List-Help: , List-Archive: , List-Unsubscribe: , X-Spam-Score: -0.8 (/) One-time signature schemes are not well-suited for Bitcoin because they: - cannot be used to participate in multi-user transaction (as another=20 participant could fail the process and force a second signature) - incur lost funds or lost keys upon address reuse (as every node would=20 need to track every output script to prevent duplicates, and the=20 recipient has no say in their output script being sent to another time) - are incompatible with transaction replacement (zero-conf enthusiasts=20 rejoice!) =C2=A0Murch On 2026-05-20 10:41, Jason Resch wrote: > NIST is standardizing SLH-DSA as a stateless, post-quantum-secure=20 > hash-based signature scheme. However, to achieve the stateless feature=20 > of being able to sign multiple messages, requires a significant size=20 > overhead. > > SLH-DSA (for parameters n=3D16, w=3D16) results in signatures that are=20 > 7,888 bytes long. > > However, if statelessness isn't required, and this can be reduced to=20 > 900 bytes for something like XMSS using the same parameters. > > Furthermore, if multiple signings per key are dropped as a=20 > requirement, and "one time signatures" are used (e.g. WOTS+) then this=20 > size reduces further to 560 bytes. > > This is a ~14=C3=97 reduction in signature size for a feature that Bitcoi= n=20 > transactions not only don't need, but are strongly discouraged if not=20 > harmful. Using the same key more than once is only required if one is=20 > reusing the same address (discouraged), or if one is attempting some=20 > kind of double-spend attack. > > This could be seen as a sort of advantage: if one attempts to=20 > double-spend, they may expose their private key. This same property=20 > was an element of Chaum's digital cash: attempting to double-spend=20 > exposed you. > > Is there any advocacy for NIST to standardize stateful or one-time-use=20 > signature algorithms? They seem well-suited to the block-chain use=20 > case, where there is always global and persistent state, and keys=20 > ought not be re-used. Though this needs to be carefully managed by=20 > wallet software: to only expose a one-time-use address to handle a=20 > single transaction with a single payer, and never use a OTS address=20 > for any kind of public-facing or long-term donation address. Perhaps=20 > this complication makes OTS not worth introducing generally, but their=20 > space saving properties are attractive. > > Jason > --=20 > You received this message because you are subscribed to the Google=20 > Groups "Bitcoin Development Mailing List" group. > To unsubscribe from this group and stop receiving emails from it, send=20 > an email to bitcoindev+unsubscribe@googlegroups.com. > To view this discussion visit=20 > https://groups.google.com/d/msgid/bitcoindev/d3648bd4-03d3-4b98-92bf-d845= 302be349n%40googlegroups.com=20 > . --=20 You received this message because you are subscribed to the Google Groups "= Bitcoin Development Mailing List" group. To unsubscribe from this group and stop receiving emails from it, send an e= mail to bitcoindev+unsubscribe@googlegroups.com. To view this discussion visit https://groups.google.com/d/msgid/bitcoindev/= ec83d322-c7e7-4d12-a1ac-2768db4515a3%40murch.one.