SPHINCS+ Parameter Manip, Hybrid Pipelines & signing, Layered PQC containers for BCH

Hi everyone,

I’m not a well-known contributor and I struggle with social skills, but several people suggested I share what I’ve been working on. I’m a hobbyist who has been building custom hash functions since the late 90s. In 2018 I experimented with base64 media hashes for a portable mesh network, then moved to IBS and built a working portable hashnet (PvtPpr-Newschains). Since 2022 I’ve been developing SPX , a three-part system for hashing, transferring, and heavily compressing data on deterministic systems using generatable lookup tables.

More recently I started exploring NIST picks for Post-Quantum Cryptography (PQC), to use for my own projects (including self-verifying coins for a Python game). I’ve been building practical pipelines that move from classical cryptography → hybrid-PQC → full PQC, with the ability to increase the “entropy envelope” simply by changing parameters. My system was made for a game and is not hardened like what would be needed but the process and results are still valid and worth reviewing for implementation refrence.


Below are two main concepts I’ve implemented (using public code references), plus the design principles I follow.

These are the rules I try to follow when creating outputs intended to be quantum-resistant:

  1. Decouple input from seed , Keep the original seed isolated.
  2. Use semi-orchestrated, well-distributed seed field generation, the seed is very important to be well distributed.
  3. Handle checksums with domain-separated techniques (e.g., sideways projection via double-SHAKE256) instead of relying only on classical methods.
  4. Move transaction-style processing toward Pedersen commitment templates with batch return/change addressing via OP_RETURN across multiple layers, while still returning change cleanly.
  5. Use hybrid master key material to enable a smooth transition: classical → PQC → Quantum-Resistant Crypto → (hypothetically) higher-range QRC.
  6. Focus on processing, output lengths, and setup more than classical vs PQC math differences.
  7. Explore Bulletproof-style template handling for Pedersen commitments.
  8. Role-based key systems appear to be one of the stronger practical levers for quantum resistance. Variant roles + multi-role signing could enable cryptographic DRM-like controls and signature-activated permissions.
  9. View keys through roles and verify via byte offset (using unused portions of the PQC hybrid public string for checksum/proof verification), a lightweight way to get quick verification data without leaking private material.
  10. No-secret derived role keys could enable verifiable key points or view-key functionality.

Most of these are just different processes. The underlying math isn’t radically different, (to a degree) it’s the orchestration that matters.


1. Manipulating SPHINCS+: Usable Key Material

The process uses heavily reduced custom SPHINCS+ parameters (tree height H=1, D=1, minimal Winternitz parameters, etc.). This produces very small signatures (~105 bytes). We extract the first 105 bytes (using the first ~93 bytes) and treat that slice as key material.

We then run it through domain-separated SHAKE-256 reduction to produce a 20-byte payload, from which we derive:

  • Standard Bitcoin-style base58 addresses (double-SHA256 checksum)
  • “PQ-style” base58 addresses using double-SHAKE256 checksum instead

It also supports simple role-based derivation (roles 0-9) from the same master material without elliptic curves.

Important disclaimers:

  • This is not a cryptanalytic break of SPHINCS+. It is deliberate parameter reduction that significantly lowers the security level in exchange for tiny, embeddable outputs.
  • The repository explicitly states it is example/discussion code only , do not use it with real funds or keys.
  • The intent is to demonstrate migration patterns and hybrid derivation techniques that can later be upgraded by simply swapping in stronger parameter sets from custom_params.h.

This approach uses a hybrid signing flow (hybrid outer layer + PQC inner material) which can use an inverse (PQC putter Material + Hybrid or Classical inner layer). Both works conceptually with Kyber or Falcon as well.

Note: I have used the proposed system with the BCH Pipeline repo to generate bch addresses that can accept payments today but have a spend key that isn’t usable today. I do not recommend others doing this but perhaps playing with my hybrid signing method which attempts signing to PQC, maybe someone can find the best way.


2. PQCAssets: Layered Signed Containers (“PQC Folders")

PQCAssets wraps files or entire folders into signed .pqcasset containers. It supports Falcon , SPHINCS+ , or hybrid signatures. You can optionally add password-based encryption (strong KDF + symmetric cipher).

Key features:

  • Nested manifests that can store references to derivation material (including the SPHINCS+ 93/105-byte slice) for controlled unlocking of later layers.
  • Clean separation between the “unlock/derivation material” and the actual signing keys.
  • Support for splitting containers, verification, and extraction.
  • The SPHINCS+ slice can act as a portable derivation source or unlock token for nested layers without weakening the underlying Falcon or full SPHINCS+ keys (when used correctly [I say this because there’s a way to intentionally break Falcon with the SPHINCS+ 93-Material).

Potential uses:

  • Contracts or layered data packages where base consensus rules live in one layer and extended rules live in outer layers.
  • Passing private or access-controlled data over public channels via manifests.
  • Split-consensus systems or cryptographic permission structures using role-based signing.

Security note: When using the SPHINCS+ slice for derivation, do not use the exact same material both as an unlock token and for key derivation in the same container. Proper key separation is maintained in the current implementation.

Relevance to Bitcoin Cash

These experiments may be useful to the current PQC discussions:

  • Hybrid address derivation examples (base58 with alternative checksums) that could be adapted toward CashAddr-style or future PQC address formats.
  • Role-based key hierarchies that don’t rely solely on elliptic curve math, potentially interesting alongside covenant/script-based approaches.
  • Manifest + OP_RETURN patterns for embedding PQC metadata, derivation references, or layered proofs.
  • Lightweight verification tricks (byte-offset proofs, role views) that might complement heavier on-chain PQC signatures.
  • Concrete code showing a clean pipeline from today’s cryptography to future PQC that could help with transition planning (complements work like CHIP-2026-06 on hybrid/PQ signatures and Quantumroot-style vaults).

The heavy compression and deterministic generation aspects might also help keep on-chain data sizes manageable when PQC signatures are eventually used.

Repositories

All code is public:


Thank you for reading, I may not have the skills to explain things but I am going to still try to answer questions you may have. Keep In Mind: My public versions are reference code for reference material. My versions are intended to use real public keys to prove value for video game play and not real spending so there are techniques in the repos I reference (my repos by the way) that seem odd becasue they are intended to be odd. I really look forward to hearing from you all on this input even if improper and unusual.

 --3D (DigiMancer3D)
4 Likes

Since you’re likely to be more informed on PQC scene than most of us reading this: I understand that SPHINCS+ is one of the finalists in the NIST standardization process, but do you see it likely to be widely adopted across all of crypto? How’s the performance/size/capabilities compared to other PQC schemes? Is there combinatorial capabilities comparable to what we have in Schnorr/ECDSA’s linearity?

Asking because I see it as the biggest roadblock to actually adopting a sensible PQC plan right now - a lot of us don’t quite understand the algos on the plate even from a high level, me included. Running ahead with the “wrong one” risks a lot of headache down the line.

4 Likes

Yes, SPHINCS+ is one of the NIST finalists. My opinion is I see FALCON & Kyber being looked at for adoption while SPHINCS+ is closer to classical cryptography compared to the rest of the PQC NIST picks but being overlooked since it’s a stateless process (similar to script generating keys). I love SPHINCS+ over all other PQCs (besides my own). SPHINCS+ normally uses very large sizes just like everyone else, but SPHINCS+ has a really big flaw everyone can lean into so to speak to nearly directly control its output size.

To be honest, all PQC relies on technically random processes that are singular to complex math structures to create the randomized processes. PQC needs a very well distributed field to do the cryptographic work, which is why people use Gaussian sampling. The problem, proper true random Gaussian sampling cannot be done by binary machines, so everyone is scraping techniques to ensure that the faux-sampling doesn’t hurt the end process. Like binary Gaussian sampling exists but it is only theoretically a Gaussian sample.

A large part of quantum outputs rely on pattern stretching where a pattern noticed can be stretched/manipulated/projected outward to get all possibilities of that pattern (including injections and other techniques to form those same patterns across various values/structures/data/outputs). So, we want a sample with nearly no pattern, this will remove the base of what quantum outputs will be able to abuse. I am not using proper terms in any of this, just trying to explain the best I can. So, this may seem like word salad but please try to see the concept (that is what I do).

Try to imagine this: big maths peoples like that math function that defines the spread when you look at a wave function because, “we’ll we don’t know to which of the three - five slots our spread ends in,” so that makes wave function collapse “quantum secure” but that’s not actually proven. In my opinion if it can have a pattern quantum will determine it, i.g.: just because we don’t know where it lands doesn’t mean we can’t model a quick way to show the various spreads it could have landed at. And we if we can do that, then quantum can do it faster. So then, big cryptographic people say, ‘up the numbers and make it take longer.’ Quantum needs only so many QuBits before it can fake the rest, and there is a form of synthetic quantum bits which is what people are really afraid of. So if quantum can fake it and end-point multiply the possible results, it’s just a supercomputer away to process all that data (the real choke-point is quantum output gives a ton of garbage so humans have to shift it [via AI]).

SPHINCS+ kinda says, we will just use the same model as quantum and choose what goes inside but not what gets picked, layer this and you can piece together a hash (this is kinda like script hashing but with more steps). So if you choose to disrupt what is inside that is deterministic but not pattern filled, that should still be quantum resistant. SPHINCS+ does this in a kinda nice way: trees in a building, up you go floor by floor until you find the top. That’s the normal SPHINCS+ methodology so to speak. So, what if we did 1 floor at a time and decided on which end result we wanted by projecting this across instances to use the exact styled end-result and did this for every floor by having buildings with only 1 floor…this is how I manipulate it. So that is in simplest terms SPHINCS+ and how I manipulate that design to get cryptographic seeds for modern cryptography (classic crypto) & PQC. Like if the distribution is so important and sphincs+ does that well, use sphincs+ for seeding. Seeding SPHINCS+ into SPHINCS+ will only increase your “resistance” (so to speak) but decouples what master secret you had down to just verifiable proofs by double-wrapping with PQC.

Falcon is the next big look, most people want falcon because it’s designed around ARM processors. Falcon uses trapdoor passing and Gaussian sampling for it’s security and just messing up those two processes to generate keys from falcon equals disaster, like I have a method to completely break FALCON to where it nearly opens itself by simple attacks. That is a major issue, setting up PQC is harder to get right and most normal people wouldn’t be able to setup without faults on binary machines.

So what does PQC actually offer? Roles. The world that wants to encrypt wants to control by cryptography. So roles in cryptography allows you to separate your deviation keys to not be directly likable to each other but only in the cryptography to their master (so to speak). This does mean you can setup role1 deviations can unlock some hashings but role5 deviations wouldn’t be able to. So like the further away a deviation is form another the less they share together for cryptograhic maths to output with correct results. It’s simple but effective. So right now, when you derive a key from a master, 1 master can control all keys derived but each key made from that master has some linking to each other and enough of these keys in public view shows the secrets they hide which is the singular master value. 2 signs on a chain produce enough evidence of a master key pattern that it can be extrapolated by quantum machines. Might take 10-100 years per master to obtain but it’s possible. Synthetic Qubits are expected to drop that down to 1-9 years or something but hasn’t yet. Keep in mind we have algorithms that can determine the weight of percentage of possible master pattern (not even the secret but the pattern it may have) based on the number of signs that derived keys signed (HD Keys). So yeah, quantum will be able to extrapolate what the other parts of that pattern could be. Now with roles, 1 master can create any multitude of key pairs that have no technical return to each other but this master can spend all these. The roles cannot cross spend nor cross tell on each other, there is a way to do multi-role signing as well to further muddy up the waters of possibility. It is what makes people so grab-bag for PQC, imagine being able to tell your output that you cannot see the results because of a role mismatch. That is the idea. If we can use role specific functions we can do more with less and roles gives you seemingly unlimited possibility for HD wallet systems again.

Normally PQC just generates a string, how people use that string is what makes each consideration of use with PQC different. I use my own method of using PQC with modern cryptography but using higher mathematics we can help reduce the secret slipping process from signing. Then if we always use a new role, we technically are not leaving cross-telling evidence in the public space. For example, when I say that 105-byte key material I can get from SPHINCS+ well, that’s just the first part of a larger but still dramatically reduced string that is what we call the quantum hash. By dividing the hash string (I do not know if it’s asymmetrical or symmetrical because I do not know the difference between the two mathematically so I couldn’t tell you but I think It’s asymmetrical division so there’ more in the private side then public so you would need public + data to equal the private half for symmetrical sides for processing). So cutting it gives you two parts that you can sign with. Imbuing something with the first part (the hash front), there’s enough there to verify stuff and have cryptographic signatures work as we expect them to but you need the back or end of the string to get data that actually allows you to open the front part stuff. And just doing this division can be controversial cause it’s like how much do you cut off, how much is enough VS too much. Sometimes there’s no clear way to do this. Hince why we all have sub-processes and such to help all the flaws around PQC and how we do handle this.

So just updating to higher cryptographic forms like shake VS sha, sponge VS schorrs, things like this for secret verifying and secret share reduction; helps dramatically. Like a double-shake256 checksum has higher value ranges to expect compared to double-sha256 but is a fast way to derive keys that are linked to each other (same role, same key, more like what we call deriving a key form another key). Sponge VS schorr for secret storing/sharing is based on maths that are very solid. Like schorr, I do not know how to spell his name, was like a nice way to handle sharing but we can take that a step further by using sponge for the schorr secret share so there’s even less technical data inside.

Being cryptographically secure from quantum is semi-equivalent to bulletproofs + pederson commitments + larger entropy, but not. It’s just another way to derive to the same result. I will say SPHINCS+ and FALCON are better suited by size to handle very complex commitments & even pederson commitments with templates and such. Basically the longer the hash, the more room you have for: entropy & data.

The biggest road blocks are the process, handling, data-is-inside. So like getting actually distributed random seeds, ensuring secure processing points, having a pipeline and setup that doesn’t hurt the out come. Eventually you will have to start to remove data and use hash-to-hash process (where signing with 2+ hashes outputs a mathematical processed result) so there is nothing within the secret for quantum to use against us. If we are using different roles every time, different key masters per transaction, using higher cryptographic maths, have no secrets except the results of that process from signing; well then there’s nothing there for the quantum break to matter; no cross-telling, no secret to use because the signing did the processing 100% with no real secrets in the first place. Being secure after post-quantum machine breaks is like bulletproofs + pederson commitments with larger entropy envelopes and since SPHINCS+ and PQC can handle bigger data inside…bigger pederson commitments are possible…bigger contracts…bigger everything including the entropy.

A ton of PQC is updatable quite simply: change parts now without changing the base58 signing scheme body. Like change checksum to double-shake256 and just shake new keys out; change the secret type and the maths used to handle the processing. Then everyone overtime there will have 500 billion ways to do PQC so eventually there should be like a dynamically considerable range for key structures. If there’s no 1 one structure to use, there’s now multiple pockets the quantum has to break differently per structure type on chain. Layer the walls the bad actors have to break, so to speak.

Something many people don’t realize, you can today, use PQC maths (higher cryptographic mathematics) to generate BCH keys right now with the only caveat is you need double-sha256 checksum. These are non-classical non-elliptical non-script generated keys that are technically more cryptographically sound compared to the classical cryptographic versions but is fully compatible to the chain (for send at least). Spendable, IDK fully yet. I know this is long winded but I am not really good with my words. Normally I would use AI to clean up my words/reduce but this is just raw me responding hoping it can help many people understand what’s going on.

PQC has control factors like no other, PQC hides like no other, PQC allows hash-to-hash processing like no other, PQC offers new revenue venues like no other (special quantum seeding machines), PQC is just a different form of math that isn’t actually proven yet. There’s a bunch of bad and a bunch of opportunity but how one uses it will make the difference.

 -- 3D (DigiMancer3D)
2 Likes