bitcoin

![Quantum Threat](https://m.stacker.news/103102)

**Quantum computers will break most digital signatures we rely on today**

- **RSA** → Broken by **Shor’s Algorithm**  
- **ECDSA** → Weakened by **Grover’s Algorithm**

---

**NIST** (National Institute of Standards and Technology) is selecting new algorithms that resist quantum attacks.

They fall into several categories:

- Hash-based  
- Lattice-based  
- Code-based  
- Multivariate  
- Isogeny-based

Among the **hash-based** options, NIST picked **SPHINCS+** as the *conservative fallback*  
📄 [Ref paper](https://eprint.iacr.org/2023/411.pdf)

---

**SPHINCS+** is built entirely from **hash functions**

> Why hash functions?  
> *"There’s no known good attacks against hash functions."*  

*The best attempt so far is the BHT algorithm which proposes a quantum collision attack using Grover’s algorithm. But DJB dismissed it in [his paper](https://cr.yp.to/hash/collisioncost-20090823.pdf)*

--- 
It’s a pretty complicated algorithm.

![SPHINCS+ Stack](https://m.stacker.news/103103)

---

So in this series, **we’ll break it down, one layer at a time.**

![Layer Breakdown](https://m.stacker.news/103104)

---

**Next Post:**  
👉 *Lamport Signature*

---

📌 Make sure to follow **@bitcoin_devs** so you don't miss it.

---

**More resources:**

- [SPHINCS+ paper](https://eprint.iacr.org/2023/411.pdf)  
- [SPHINCS+ explainer by @ roasbeef](https://drive.google.com/file/d/12UlzfGvG09IwvzWscL2FT8CoewGBWlGD/view)  
- [Quantum Bitcoin Summit by @PresidioBitcoin](https://youtube.com/watch?v=GeUdu4hrBPI&t=10728s)
