this was shared recently on another channel regarding PQC and DLT. Not sure how much we care about other networks, but interesting to see the status, regardless:

have not verified all the info on it, mind you.

<s​yntheticbird:monero.social> never heard of Winternitz One Time Signature

<s​yntheticbird:monero.social> 8192 bit public key unfortunately

what's the issue? Addresses are too short these days anyway

<s​yntheticbird:monero.social> I mean, i'm not too excited about >174 characters long addresses but you do you

whatevs, my copy and paste can handle more.

<s​yntheticbird:monero.social> not particularly wrong

<s​yntheticbird:monero.social> jeffro256, carrot farmer and full chain bender, do you think it would be possible to use Winternitz One Time Signature for creating ephemeral PQ addresses ?

wouldn't that mean that wallet scanning times would be insanely high (from my limited understanding of the matter)?

<s​yntheticbird:monero.social> without view tags yes.

i don't really know what view tags are, so i'll just leave it to the experts

<s​yntheticbird:monero.social> in a nutshell, view tags are extra bytes included within a transaction that only your wallet is interested in. So it can skip a large portion of transactions that it knows for sure would not be of interest.

<s​yntheticbird:monero.social> I don't think the scanning time would be insanely high, but the CPU consumption would be

<j​effro256:monero.social> Possible? Yeah probably. I think it would probably break Monero addressing schemes where you can send to an address (or subaddress) multiple times non-interactively

<j​effro256:monero.social> With a cryptonote-style addressing scheme, you mutate/"extend" an address pubkey in such a way that the receiver can spend from it, but the sender can't. I don't know how you would do that without letting the sender spend all your money if you try to spend from your account more than once

<j​effro256:monero.social> re: Winternitz one-time signatures

<j​effro256:monero.social> If anything, since you're giving up the non-interactive aspect of Monero addressing, you could store a map of finalized enote information in your wallet, and the CPU time for scanning would drop to almost nothing w/ WOTS

<j​effro256:monero.social> I would have to think about how it would work with FCMPs, if that's even possible ...

<j​effro256:monero.social> At the very least, it would mean an anonymity pool migration

<j​effro256:monero.social> You definitely can't use cryptonote-style key image composition on WOTS keys