I think this would be a non viable options. The throughput of bitcoin blockchain would be severely impacted, and migrating all the possible UTXO would be impossible.
It’s nice to see theoretical improvement on every proposal, but we need something more.
We definitely need something more, but then again, this was never meant to be the final solution. It's just a theoretical scenario and a possible option for those who would want to take matters in their own hands if a necessary protocol change isn't adopted in a future where and if quantum threats become a reality. It's on the experts to research and debate how feasible this scheme is for Bitcoin.
All these intermediary solutions are great, they show that research is being done and all kinds of options are being explored. This is the kind of approach that we need, and not panicking or "community involvement". One would not want to fly on airplane that was built by the "community", would they? As you can also see, a similar thing was done with this proposal in the quotes by d5000 below. The stateful version of it, while technically doable, is very impractical but it was an intermediary step until they figured out and published a stateless version. It is important to publish ideas because some other researchers may not be aware that certain avenues of methods are even possibilities as solution, and as such they could be missing out on key things that could help them solve their own ideas.
I read a bit more and there is actually a problem with the SHRINCS proposal that would make it unpractical to use for Bitcoin: It is a "stateful" method.
Each time you sign a transaction, the "state" of the cryptosystem changes. The private key doesn't consist of a single number but of a tree of numbers. In each signature, other leaves of the tree are used.
The big problem is: If you use one of the leaves twice by accident, this can give an attacker enough information to get the whole key "tree" and then they can steal your coins. So this must be avoided at all cost.
This means that each time you sign a transaction you need to update all your backups with the "state" of the key tree. Effectively this would make it very unpractical to use on more than a single device, and saving the key isn't as simple as simply storing a seed phrase because you need the state too.
Thus Blockstream Research im March came up with an updated proposal called SHRIMPS which doesn't have that problem. It has smaller signatures than SPHINCS+ but much larger than the original SHRINCS (about 2500 bytes) which again would severely restrict the blockchain.
Regarding verification speed, some short info from Google confirms that the "stateless" SPHINCS+ is the most expensive and validation costs almost 20x more than for the "stateful" SHRINCS. SHRIMPS is on a middle ground (about 7x less validation
Yes but my concern is how to make something like this user friendly enough that even the non technical holders will be able to use. if it requires manual scripting or complex multi step processes, I think uptake might just too low to matter.
You are worrying to far ahead. The method that was posted may not be the "final" solution to this quantum situation, and as such putting large efforts into making it extremely user friendly could end up being a mistake. Let's not rush towards latter steps before we figure out the basics.
