Satoshi Scoop Weekly, 19 December 2025
🍨 Your weekly bite of the latest updates from the Bitcoin tech ecosystem!
Blockstream: Research on Hash-Based Post-Quantum Cryptographic Solutions
Blockstream Research recently published the paper Hash-based Signature Schemes for Bitcoin. Hash-based signature schemes are considered a promising post-quantum alternative for Bitcoin, as their security relies entirely on hash function assumptions—consistent with the security foundation of Bitcoin’s existing design.
This paper comprehensively introduces these schemes, from fundamental principles to SPHINCS+ and its variants, and explores parameter selection tailored to Bitcoin’s specific needs. By applying latest optimizations such as SPHINCS+C, TL-WOTS-TW, and PORS+FP, and reducing the number of signatures allowed per public key, significant size improvements are achieved compared to the standardized SPHINCS+ (SLH-DSA) implementation. The research provides reproducible public scripts and discusses limitations of key derivation, multisignatures, and threshold signatures.
Additionally, Blockstream has built the SPHINCS-Parameters library, a set of scripts for exploring SPHINCS+ parameter trade-offs, computational security levels, signature sizes, and signature/verification costs.
DustSweep: A Lightweight UTXO Dust Cleanup Solution
To reduce the growth of the UTXO set, enable economical dust consolidation, and avoid introducing dust carriers or distorting the fee market, Defenwycke has proposed DustSweep (GitHub). It is policy-only, allowing nodes and miners to relay and include strictly monetary UTXO-compaction transactions with 1 satoshi per input under tightly controlled conditions.
BitMEX: Bitcoin Transaction Security Vulnerability—Risks of 64-Byte Transactions
This research by BitMEX focuses on the issue of 64-byte transactions. The authors note that the data in the inner nodes in the Merkle trees are 64 bytes. The hash of a Bitcoin transaction, the TXID, is 32 bytes. The inner branches of the second lowest row of the Merkle tree hashes two Bitcoin TXIDs concatenated together, totaling 64 bytes. A 64-byte Bitcoin transaction could thus be mistaken for an intermediate hashing step in the Bitcoin Merkle tree. This creates a security vulnerability that can be used to deceive Simplified Payment Verification (SPV) clients into believing they have received payment.
While executing such attacks is highly complex and the vulnerability is not severe, there is a relatively simple fix: BIP 54—which prohibits all transactions with a witness-stripped byte size of 64 via a soft fork.
Time to Consensus: Analyzing Bitcoin’s 6-Block Confirmation Rule
This study examines the time to reach consensus in Nakamoto blockchains, modeling the system as a competitive growth process between “honest” and “adversarial”, and identifying the point in time when an honest process permanently overtakes the adversarial process.
Using queueing theory, the paper derives the Laplace transform and tail distribution decay characteristics of consensus time for a stylized Bitcoin model, and proves that the number of cycles required to reach consensus has an exponential tail bound in a more general framework. The research shows that Bitcoin’s "6-block confirmation rule" is likely based on relatively conservative system parameters, while providing a new time-based security interpretation for blockchain protocols when accounting for block propagation delays.
Payment-Failure Times for Random Lightning Paths: Channel Capacity is Key
This paper studies a random process on graphs inspired by the Lightning Network, analyzing the time until payment failure considering graph topology and channel capacity.
For complete graphs, the paper proves that payment failure times are nearly tight in terms of upper and lower bounds as a function of the number of nodes and edge capacity. It then demonstrates the relationship between this random process and edge-betweenness centrality, deriving upper and lower bounds for payment failure times on arbitrary graphs based on edge-betweenness and capacity. Extensive simulation experiments validate the theoretical results across multiple graph types, including snapshot data from the real Lightning Network, and reveal the significant impact of channel capacity distribution on payment failure rates.
Cardinal: Achieving Ownership Preservation for Bitcoin Cross-Chain Bridges
Cardano has proposed Cardinal, a Bitcoin cross-chain bridge based on BitVM that solves the problem of ownership preservation—ensuring users always withdraw the exact coins they deposited, a capability not achievable with attribute-based multisignatures or previous BitVM-based bridges. Cardinal extends the BitVM model with a universal execution layer called ChainVM, and the paper demonstrates how to implement this framework using BitVMX.
This minimal-trust design has been implemented on Bitcoin and Cardano, avoiding operator fund pre-funding and supporting bidirectional cross-chain transfer of assets including Bitcoin Ordinal NFTs. Cardinal’s security is formally proven under a rigorous modeling framework, using HTLCs, Bitcoin Covenants signature committees, and a new ChainVM abstraction for BitVM-agnostic implementations.
Extending the SPHINCS+ Framework: Design with Variable Tree Heights and Chain Lengths
The SPHINCS+ framework is the foundational architecture for modern post-quantum, stateless, hash-based digital signature schemes, including the NIST standard SLH-DSA and variants such as SPHINCS+ and SPHINCS+C. This research extends the hypertree structure used by SPHINCS+, allowing Merkle trees of different heights at different layers and introducing one-time hash signature schemes with varying chain lengths. As long as the encoding functions used by the underlying one-time signatures are injective and non-comparable, these structural changes do not compromise the original security proof of SPHINCS+. Meanwhile, this extension significantly expands the design space, enabling more fine-grained trade-offs between signature size, signing speed, and verification speed. Through systematic parameter space search combined with rigorous theoretical cost analysis, the research identifies multiple parameter configurations that outperform existing stateless hash signature schemes. In some cases, significant improvements can be achieved without optimizing all performance metrics simultaneously. For example, a set of 128-bit security parameter configurations proposed in the research has a signature size 8.1% smaller than SPHINCS+C-128s, 26.2% smaller than SPHINCS+-128s, and 16.7% smaller than SPHINCS-128s. This scheme offers faster verification speed but slightly slower signing speed. Further sacrificing speed can yield even smaller signature sizes. Additionally, the research provides implementation code and benchmark results for representative parameter configurations.
Golden: A Lightweight Non-Interactive Distributed Key Generation (DKG) Protocol
This paper presents Golden, a new non-interactive Distributed Key Generation (DKG) protocol. Unlike previous schemes, Golden achieves public verifiability in a lightweight manner, enabling all participants to verify whether others have correctly executed the protocol without interaction—thus achieving lightweight public verifiability in a single round. This is particularly important for distributed systems, where participants may go offline at any time; reducing communication rounds can significantly enhance system robustness. As a foundational component of Golden, the research defines an exponential Verifiable Random Function (eVRF). This eVRF uses Non-Interactive Key Exchange (NIKE) to generate a Diffie–Hellman shared key and provides a public proof of the key’s correctness. In Golden, participants use the eVRF to generate one-time keys for each other, which are used to encrypt Shamir secret shares while maintaining public verifiability. Golden thus avoids the use of public key encryption schemes such as ElGamal, Paillier, or group-based cryptography. Furthermore, the eVRF itself can be independently used in other scenarios requiring publicly verifiable encryption.
