<c​haser:monero.social> the SPHINCS+ paper cites ~8 kB signatures for the the "128s" parameter set (NIST's adoption as FIPS 205 cites the same). is that something different?

<c​haser:monero.social> FWIW, there's a project called Quantum Resistant Ledger. Kayaba mentioned them as well in his December 2024 Monerotalk interview (a nice listen BTW, inv.nadeko.net/watch?v=jxPulIjhXwg, switch backend at top if vid won't load).

<c​haser:monero.social> it's quite an old chain, currently with pre-NIST-PQ primitives. they're using a signature scheme called XMSS, with something called "one-time signatures" (docs.theqrl.org/build/fundamentals/ots-keys). the address lengths and signature sizes seem to be tractable. the whole scheme looks quirky though, but food for thought.

<c​haser:monero.social> AFAIU they're rehauling the chain ("Project Zond"), which, among others, promises to introduce a NIST-y Dilithium 5 sig scheme. I failed to find any spec or documentation for any of the Zond stuff, but there is an active code base (github.com/theQRL/go-zond).