21:26:48 <midipoet> this was shared recently on another channel regarding PQC and DLT. Not sure how much we care about other networks, but interesting to see the status, regardless:
21:26:53 <midipoet> https://usercontent.irccloud-cdn.com/file/0aEeSNi8/Screenshot%202025-06-03%20at%2022.24.54.png
21:27:32 <midipoet> have not verified all the info on it, mind you. 
21:48:28 <m-relay> <s​yntheticbird:monero.social> never heard of Winternitz One Time Signature
21:54:22 <m-relay> <s​yntheticbird:monero.social> 8192 bit public key unfortunately
21:58:04 <midipoet> what's the issue? Addresses are too short these days anyway
22:05:58 <m-relay> <s​yntheticbird:monero.social> I mean, i'm not too excited about >174 characters long addresses but you do you
22:07:49 <midipoet> whatevs, my copy and paste can handle more.
22:12:59 <m-relay> <s​yntheticbird:monero.social> not particularly wrong
22:21:22 <m-relay> <s​yntheticbird:monero.social> jeffro256, carrot farmer and full chain bender, do you think it would be possible to use Winternitz One Time Signature for creating ephemeral PQ addresses ?
22:23:25 <midipoet> https://www.geeksforgeeks.org/winternitz-one-time-signature-scheme/
22:24:28 <midipoet> wouldn't that mean that wallet scanning times would be insanely high (from my limited understanding of the matter)?
22:25:03 <m-relay> <s​yntheticbird:monero.social> without view tags yes.
22:25:36 <midipoet> i don't really know what view tags are, so i'll just leave it to the experts
22:26:56 <m-relay> <s​yntheticbird:monero.social> in a nutshell, view tags are extra bytes included within a transaction that only your wallet is interested in. So it can skip a large portion of transactions that it knows for sure would not be of interest.
22:27:14 <m-relay> <s​yntheticbird:monero.social> I don't think the scanning time would be insanely high, but the CPU consumption would be
23:11:56 <m-relay> <j​effro256:monero.social> Possible? Yeah probably. I think it would probably break Monero addressing schemes where you can send to an address (or subaddress) multiple times non-interactively
23:13:47 <m-relay> <j​effro256:monero.social> With a cryptonote-style addressing scheme, you mutate/"extend" an address pubkey in such a way that the receiver can spend from it, but the sender can't. I don't know how you would do that without letting the sender spend all your money if you try to spend from your account more than once
23:15:04 <m-relay> <j​effro256:monero.social> re: Winternitz one-time signatures
23:16:40 <m-relay> <j​effro256:monero.social> If anything, since you're giving up the non-interactive aspect of Monero addressing, you could store a map of finalized enote information in your wallet, and the CPU time for scanning would drop to almost nothing w/ WOTS
23:20:50 <m-relay> <j​effro256:monero.social> I would have to think about how it would work with FCMPs, if that's even possible ...
23:21:09 <m-relay> <j​effro256:monero.social> At the very least, it would mean an anonymity pool migration
23:21:40 <m-relay> <j​effro256:monero.social> You definitely can't use cryptonote-style key image composition on WOTS keys