Signatures in Bitcoin have, already for a long time, supported advanced key derivation, e.g. BIP32 wallets with hierarchical derivation.
The Taproot softfork with support for Schnorr signature verification made it significantly easier to use further advanced signing functionality, e.g., Taproot itself, compatible Schnorr multi-signatures (using MuSig2), compatible Schnorr threshold signatures (using FROST), and adaptor signatures. (“Compatibility” here means that the resulting signatures can be verified like ordinary single-signer signatures and thus are understood by the Bitcoin network.)
This raises the question if the same or similar functionality is possible in a post-quantum world. That is, is it possible to construct a post-quantum signature scheme that supports (as many as possible) the following features?
While there has been research achieving some of these features individually (hierarchical derivation12, multi-signatures34, threshold signatures5), the big picture remains unexplored.
Deterministic Wallets in a Quantum World. Nabil Alkeilani Alkadri, Poulami Das, Andreas Erwig, Sebastian Faust, Juliane Krämer, Siavash Riahi, Patrick Struck. ACM CCS 2020 ↩
Post-Quantum Secure Deterministic Wallet: Stateless, Hot/Cold Setting, and More Secure. Mingxing Hu. Preprint ↩
Two-round n-out-of-n and Multi-Signatures and Trapdoor Commitment from Lattices. Ivan Damgård, Claudio Orlandi, Akira Takahashi, and Mehdi Tibouchi. JoC 2022 ↩
DualMS: Efficient Lattice-Based Two-Round Multi-Signature with Trapdoor-Free Simulation. Yanbo Chen. CRYPTO 2023 ↩
Sharing the LUOV: Threshold Post-Quantum Signatures. Daniele Cozzo and Nigel P. Smart. IMA CC 2019 ↩