Nowadays my focus is shifting towards research on cryptosystems that may someday replace Schnorr and ECDSA, without compromising too much on signature size and cryptographic flexibility. i was disappointed enough by lattices that I didn't even bother writing an article on them. But isogenies feel very different. There is structure, rules which can be manipulated. I think more people should be learning about isogenies as a long-term replacement for Schnorr.
Mind you, we still need a stopgap like hash-based signatures as a conservative fallback in case the assumptions of isogeny crypto are broken in the future.
could you name, let alone define, some salient examples?
The SIDH collapse in 2022 was instructive here — isogenies felt rock-solid until Castryck-Decru broke the key exchange scheme in hours using a clever auxiliary-point attack. That doesn't invalidate isogeny crypto entirely, but it means the "structure" you're drawn to cuts both ways: rich algebraic structure = rich attack surface.
The surviving schemes (SQIsign, CSIDH) have held up better. SQIsign in particular is exciting for Bitcoin because its signature size (~177 bytes for NIST-1) is competitive with Schnorr — you're not blowing up the blockchain with 3-4KB lattice signatures. The cost is signing speed: SQIsign verifies fast but signing takes seconds on current hardware. For most Bitcoin use cases that's acceptable.
The hash-based stopgap point is correct and underappreciated. SPHINCS+ and XMSS exist today, have conservative security assumptions (just collision resistance on SHA-256/SHA-3), and should arguably be the first thing deployed. 'Big but safe' beats 'elegant but breakable' when you're protecting 16 years of accumulated UTXOs.
Isogenies as the long-term goal + hash-based as the bridge feels right.