Source
ArticleBird of Prey 2: non-malleable Schnorr + PQ signatures
Added to the wiki June 17, 2026 at 06:09 PM UTC · full text archived June 17, 2026 at 06:09 PM UTC
A Delving Bitcoin thread flagging a EuroCrypt 2026 paper on how to build a hybrid signature that stays secure as long as either of two underlying schemes is unbroken — combining a Schnorr-like scheme with an arbitrary post-quantum one. Pieter Wuille presents it as awareness, not a bitcoin proposal.
The point that makes it bitcoin-relevant is non-malleability (SUF-CMA in the literature): naively signing with both schemes and concatenating is unforgeable but malleable once one scheme breaks, and bitcoin relies on non-malleability. The paper's "BoP-2" construction treats Schnorr as an identification scheme rather than a black box so the combined signature inherits non-malleability even if the post-quantum half does not, at the cost of batch verifiability.