02:14:25 chaser: Not without adding a hash. 02:14:42 Eh. A switch commitment could work? 02:18:30 If we decide a PQ scheme now, we could embed a PQ KEM into a switch commitment. In the future, a public registry of PQ keys could exist and it'd be verifiable as belonging to the address. 02:19:47 But it'd require making a bad decision now a public registry in the future 02:55:18 thanks. deciding on the PQ scheme now sounds unrealistic for sure. and do I understand correctly that the public registry would require some liveness from the owner of the address, which isn't guaranteed to be the case? 03:00:35 in the case of adding a hash, what would you hash? 09:10:23 How many legit PQ candidate schemes are there at the moment? 09:11:51 WIKI says there are 7. 09:12:29 With 8 alternate schemes. 09:13:29 https://usercontent.irccloud-cdn.com/file/o4fmvO3E/1000011692.png 09:13:39 https://usercontent.irccloud-cdn.com/file/99FVm5Lh/1000011693.png 11:29:00 we only need signature algorithms (last column). of the many finalists, three were selected as winners / standardization targets (https://en.wikipedia.org/wiki/NIST_Post-Quantum_Cryptography_Standardization#Selected_Algorithms_2022). in "Zero-cost post-quantum mitigations for Seraphis" (https://gist.github.com/tevador/23a84444df2419dd658cba804bf57f1a#5-post-quantum-signature-algor 11:29:00 ithms), tevador outlined that Falcon is patented, which leaves Sphincs+ and Crystals-Dilithium