Beyond Bitcoin, note that there is no final W3C standard (draft from March 2026) for safe PQ crypto in the browser yet, causing the rise of rust/webassembly for cryptographic solutions, which has a much higher risk profile than builtins.
This is one of my major headaches at the moment and if I had to make an implementation choice today (must implement now, can't wait) then I'd go with rust+wasm too, which is wayyyy too risky for my taste in terms of other security considerations than PQ.
Beyond Bitcoin, note that there is no final W3C standard (draft from March 2026) for safe PQ crypto in the browser yet, causing the rise of rust/webassembly for cryptographic solutions, which has a much higher risk profile than builtins.
This is one of my major headaches at the moment and if I had to make an implementation choice today (must implement now, can't wait) then I'd go with rust+wasm too, which is wayyyy too risky for my taste in terms of other security considerations than PQ.