Blockstream Researchers Publish New Analysis on Hash-Based Post-Quantum Signatures for Bitcoin

Blockstream Research has released a new technical paper examining how hash-based digital signature schemes could be adapted for use in Bitcoin as a potential defense against future quantum computing threats.

We just published "Hash-based signatures for Bitcoin," a new analysis of post-quantum schemes by @kudinov_mikhail and myself at @blksresearch.

This paper serves as a gentle intro to hash-based schemes and explores how to optimize them specifically for application in Bitcoin. 🧵 pic.twitter.com/Ge701QCnun
— ncklr (@n1ckler) December 9, 2025

The study, authored by Mikhail Kudinov and Jonas Nick, provides a detailed evaluation of post-quantum cryptographic approaches that rely solely on hash functions rather than number-theoretic assumptions.

The paper focuses on hash-based signatures as a candidate for long-term Bitcoin security because their security model depends only on cryptographic hash functions, primitives already foundational to Bitcoin’s existing design through SHA-256.

While the U.S. National Institute of Standards and Technology (NIST) has already standardized SLH-DSA (SPHINCS+) as a post-quantum signature scheme, the authors analyze alternative constructions that may be better aligned with Bitcoin’s performance, size, and integration constraints.

A central contribution of the research is its examination of how parameter choices and new optimizations affect signature size and computational efficiency.

The authors report that, using recent techniques such as SPHINCS+C, TL-WOTS-TW, and PORS+FP, signature sizes could be reduced to approximately 3–4 kilobytes, placing them in a range comparable to lattice-based post-quantum schemes like ML-DSA.

Beyond raw performance metrics, the paper also addresses broader system-level considerations that would affect any potential deployment in Bitcoin.

These include the trade-offs between stateful and stateless signature schemes, compatibility with hierarchical deterministic (HD) wallets, practical limits for multi-signature and threshold-signature constructions, and concrete security targets under quantum attack models.

The researchers have also released scripts used to generate the parameter and performance analysis to allow others to reproduce and evaluate the results independently.

They specifically invited feedback on hardware performance requirements and on how standardization choices could shape future implementations.

Although the authors emphasize that large-scale quantum computers capable of breaking today’s elliptic-curve signatures remain speculative, the paper frames post-quantum preparedness as a long-term engineering challenge rather than a near-term emergency.

Their analysis adds to a growing body of research exploring how Bitcoin could evolve cryptographically over the coming decades without departing from its existing trust assumptions.