For 1,000 signatures, THINCS produces signatures of 2,512 bytes compared to 7,856 for the SLH-DSA standard.
Current Bitcoin signatures are still up to 35 times lighter than with THINCS.
Conor Deegan, CTO of Project Eleven, announced on April 10 at
To approach his work, Deegan took as reference the post-quantum signature scheme SLH-DSAcreated by the United States National Institute of Standards and Technology (NIST). In his view, it is “the most conservative we have: its security is reduced entirely to properties of hash functions, without assumptions of lattices or algebraic structure.”
The problem, according to Deegan, is the size of the signatures that SLH-DSA generates: “the smallest fast variant produces signatures of 17,088 bytes and the smallest compact variant is still 7,856 bytes.” That’s because the standard is designed to support up to 2^64 signatures per key, a capability that, according to Deegan, most real systems will never need.
To size that figure, Deegan pointed out that if someone signed once per second, it would take 42 times the age of the universe to exhaust that capacity. In practice, most systems never need more than a few thousand signatures. The result is that everyone is saddled with heavier signatures than necessary, paying a size cost that they will never take advantage of.
THINCS aims to solve that by allowing the user to specify How many signatures do you need and what level of security do you require?and finding the smallest possible scheme that meets those conditions. According to an image shared by Deegan, for 1,000 signatures with 128-bit security, the optimal scheme produces signatures of 2,512 bytes, compared to 7,856 bytes for the compact SLH-DSA standard.
Signatures in Bitcoin
In Bitcoin, signature size is a critical factor. Current signatures, based on the system ECDSAthey weigh between 70 and 72 byteswhile any post-quantum scheme involves a significant jump. For example, the lightest signature that produces THINCS of 2,512 bytes It is about 35 times heavier.
With fixed size blocks, that translates directly to fewer transactions per block, higher fees and increased storage requirements for nodes. This problem has already been documented in other tests. As reported by CriptoNoticias, a Bitcoin testnet using the NIST ML-DSA standard required increasing the maximum block size from 4 MB to 64 MB to maintain network fluidity.
Both THINCS and another signature scheme called SHRIMPS, created by Blockstream, the company co-founded by Adam Back and which produces 2,564-byte signatures, aim to reduce this impact (considering that they are lighter than the signatures of the NIST schemes with 7,856 bytes) without sacrificing post-quantum security.
The limitations of THINCS
The THINCS repository is explicit about its limitations. The schematics it produces are neither SLH-DSA nor compatible with formal NIST standards, meaning they cannot be used where compliance with those standards is required.
They also did not undergo an independent security audit, a common requirement before entrusting any cryptographic system with sensitive data.
Finally, his own repository sums it up directly: “Don’t use this to protect anything that matters”. THINCS is a tool for researchers and developers who want to explore how small post-quantum signatures can be based on their specific needs, not a ready-made product to implement in real systems.