Abstract

Hash-based signature schemes offer a promising post-quantum alternative for Bitcoin, as their security relies solely on hash function assumptions similar to those already underpinning Bitcoin’s design. We provide a comprehensive overview of these schemes, from basic primitives to SPHINCS+ and its variants, and investigate parameter selection tailored to Bitcoin’s specific requirements. By applying recent optimizations such as SPHINCS+C, TL-WOTS-TW, and PORS+FP, and by reducing the allowed number of signatures per public key, we achieve significant size improvements over the standardized SPHINCS+ (SLHDSA). We provide public scripts for reproducibility and discuss limitations regarding key derivation, multi-signatures, and threshold signatures.