Size optimized, security level 1: 7.8kb (schnorr 64 bytes)

Since standardization, some optimizations have happened:

Sphincs+C (extra 700-1000 hashes to grind during signing, but verification is better): 6.3kb signature sizes

https://btctranscripts.com/bitcoin-core-dev-tech/2025-10/breaking-secp256k1

Shows you how huge Quantum resistant signatures are. For the same security level, signatures would have to be around 100x larger than today with ECDSA. This would be a big waste of precious block space.

 from being practical anyway. They can just about break 21 into its prime factors: 21=3*7. Easily solvable in my head.

bitcoin

📝 Transcripts - Bitcoin Core Dev meetup (Oct 2025)

bitcoin_devs

> Sphincs+
> 
> Size optimized, security level 1: 7.8kb (schnorr 64 bytes)
> 
> Since standardization, some optimizations have happened:
> 
> Sphincs+C (extra 700-1000 hashes to grind during signing, but verification is better): 6.3kb signature sizes

Source: https://btctranscripts.com/bitcoin-core-dev-tech/2025-10/breaking-secp256k1

Shows you how huge Quantum resistant signatures are. For the same security level, signatures would have to be around 100x larger than today with ECDSA. This would be a big waste of precious block space.

Also quantum computers are **far** from being practical anyway. They can just about break 21 into its prime factors: 21=3*7. Easily solvable in my head.