Satoshi Scoop Weekly, 12 December 2025
🍨 Your weekly bite of the latest updates from the Bitcoin tech ecosystem!
SPHINCS Post-Quantum Signatures Achieve Major Speedups, Approaching Elliptic Curve Performance
The post-quantum signature algorithm SLH-DSA (a stateless hash-based digital signature algorithm, formerly known as SPHINCS+) is being considered as a candidate for Bitcoin’s quantum-resistant soft fork upgrade, referenced in BIP360. However, a naive implementation of SLH-DSA is extremely slow and produces large signatures.
Developer conduition has been experimenting with various performance optimizations aimed at minimizing signature size and accelerating signing, verification, and key generation. Recently, he released a new round of optimizations that can speed up SLH-DSA by 10x–100x. Currently, SLH-DSA verification performance is approaching pre-quantum elliptic curve levels, though signing costs remain about two orders of magnitude higher than those of elliptic curve signatures. Since signing and key generation require several megabytes of RAM, SLH-DSA is unsuitable for resource-constrained environments like hardware wallets, and is better suited for dedicated hash-accelerator chips or FPGAs.
More details can be found in the survey article.
MuSig2 + Zero-Knowledge Proofs: Halseth Releases Bitcoin Vault-Like Security Prototype
Halseth published blind-vault, a prototype for Bitcoin vault-like security solution based on blinded co-signers and MuSig2 multi-sig protocols. It uses zero-knowledge proofs to safeguard on-chain fund transfers. Blind-vault can be tested on regtest and signet, demonstrating its potential for enhanced transaction security. The project will focus on optimizing ZK proof generation time to improve practicality. More details can be found in its GitHub.
Short-Term Gains and Long-Term Efficiency of Three Bitcoin Incentive Attacks
This study provides a systematic analysis of incentive attacks under Bitcoin’s Difficulty Adjustment Algorithm (DAA), including selfish mining, block withholding, and coin hopping strategies. The authors examine short-term gains per unit of hashpower for attackers and honest miners, and introduce a new efficiency metric for long-term impact: the ratio of reward to cost per unit of hashpower per unit of time for both attackers and honest miners.
Key findings:
- In the short term, intermittent mining yields negligible gains; long-term, selfish mining is more efficient.
- Coin hopping provides similar short-term rewards for loyal miners and coin hoppers.
- For block withholding, honest miners outside the attacking pool may benefit, often earning more than the attacker in both short and long term. Moreover, withholding attackers that adjust hashpower may not experience delayed gains in the short term. Long-standing assumptions that selfish mining’s delayed rewards prevent real-world adoption do not apply to hashpower-adjusted attacks; smaller mining pools may face immediate threats.
Fake Keys, Real Lessons: Understanding Bitcoin Consensus vs Policy Through Counterparty’s Fake-Pubkey Grinding
Counterparty once encoded arbitrary data into 1/3 bare multisig outputs (1-of-3 bare multisig outputs) using fake public keys, bypassing OP_RETURN storage limits.
This analysis reviews that method, highlighting the key distinction between Bitcoin’s consensus and policy layer:
- Consensus Layer: strict logic, wide permission
- Policy Layer: pragmatic, local, protective
The consensus layer ensures transactions are valid and theoretically spendable, while the policy layer governs node propagation and network health. In other words, Bitcoin allows technically feasible “abuse,” but the policy layer may limit its spread through mempool rules.
The author notes that recent debates on OP_RETURN policy changes, Ordinals, BitVM anchoring, and knothole discussions all stem from confusion between consensus rules (what is allowed) and policy rules (what is relayed or encouraged). The Counterparty event remains instructive for understanding ongoing discussions about Ordinals, BitVM, and Bitcoin protocol evolution.
Vanadium: A RISC-V Virtual Machine for Embedded Development on Hardware Signing Devices
Team Salvatoshi launched a RISC-V virtual machine called Vanadium for firmware applications in hardware signing devices. Vanadium runs applications (V-Apps) in a secure isolated environment, offloading most memory demands to a controlled space and reinforcing security with encrypted page swaps, significantly reducing development complexity. While an important step for crypto hardware, the team notes that further optimization of memory access patterns and full security audits are still needed. More details can be found in its GitHub.
Gossip Observer: New Lightning Network P2P Monitor
Developer jonhbit created gossip_observer to monitor the Lightning Network gossip layer. Recently, he reported several findings:
- With more default P2P connections in LN, message propagation convergence delay significantly decreased: 75% of messages propagated in ~200 seconds instead of ~500 seconds.
- Many messages are only sent by a few nodes to observer nodes, possibly due to an incoherent P2P link graph or filtering strategies in LN implementations.
channel_updatemessages account for 60% of total messages, with roughly 20% of channels sending more than 144 messages.node_announcementmessages constitute 30% of total messages, with 2.5% of nodes announced more than 144 times.
Future work will gather gossip data from different regions and P2P graphs to study propagation more deeply. Discussions mention LN could borrow methods from Erlay and BIP to reduce latency and propagation delay.
LND v0.20 Released: Channel Graph Migrated to SQL, 57× Throughput Increase
LND team recently released v0.20-beta, bringing significant performance improvements and greater control to nodes. Key updates include:
- Faster node startup and payment handling: Migration of the channel graph to SQL (sqlite/postgres) increased startup and query speed by up to 99%.
- Network sync optimization: Improved gossip mechanism increased node synchronization speed ~57×, with DNS announcements for more stable connections.
- User experience improvements: Node personalization no longer resets;
PendingChannelprovides clearer confirmations; new RPC supports deleting canceled invoices and querying detailed forwarding history. - Enhanced liquidity control: The
blindfeature allows specifying an inbound channel for blinded invoices, improving liquidity management and privacy.
Stealth Address Lock Script Introduced in CKB
Stealth addresses is a technique for obscuring public blockchain transactions by generating one-time addresses for each transaction. The CKB community recently introduced a Stealth Address Lock Script with a wallet demo. This implementation follows early Bitcoin stealth address proposals, offering:
- Payment addresses are unlinkable
- The recipient’s real public key is not exposed on-chain
- No interaction required between sender and recipient
The Lock Script uses ckb-auth and standard CKB secp256k1 verification, and is compatible with existing tools.
Quantum Computing and Blockchains: Aligning Urgency with Actual Threats
a16zcrypto researcher Justin Thaler clarifies common misconceptions about quantum threats to cryptography in this article. He points out that timelines for quantum computers breaking cryptography are often overstated, leading to calls for urgent, full-scale transition to post-quantum cryptography. Such calls neglect the cost and risk of premature migration, as well as the differing threat profiles of cryptographic primitives. Hasty upgrades may create greater real-world risk. Currently, many post-quantum algorithms impose substantial performance costs, complexity, and even vulnerabilities (side-channel attacks, floating-point bugs, or parameter errors causing key leaks). For example, popular post-quantum signatures like ML-DSA and Falcon are tens to hundreds of times larger than current signatures and may even be vulnerable to classical attacks.
He emphasizes that the real challenge in adopting post-quantum cryptography is aligning urgency with actual threat. Blockchains should not migrate blindly; a staged, multi-track, and replaceable architecture is recommended:
- Deploy hybrid cryptography immediately—use post-quantum and current schemes concurrently
- Adopt hash-based signatures when size and performance are acceptable
- For privacy-focused chains with encryption or hidden transactions, prioritize transition if performance allows
- In the near term, focus on security rather than mitigating quantum threats prematurely
Elliptic JS Library Vulnerabilities: Missing Module Reduction and Length Checks Poses Risks
The security team Trail of Bits recently disclosed two vulnerabilities in the JavaScript library elliptic. These stem from missing module reductions and absent length checks, potentially allowing attackers to forge signatures or prevent valid signatures from verifying. Elliptic is widely used, with over 10 million weekly downloads and adoption by nearly 3,000 projects.
The vulnerabilities were discovered using the Wycheproof test vector suite. This article explains how Wycheproof tests the elliptic library and how these vulnerabilities enable signature forgery or verification failure.
