Post-Quantum Signatures on Liquid

Blockstream deploys quantum-resistant spending via Simplicity — no consensus changes

WHAT HAPPENED

Blockstream Research demonstrated quantum-resistant transaction signing on the Liquid sidechain using Simplicity smart contracts. Users can protect their L-BTC, stablecoins, and tokenized securities with post-quantum signatures — without any changes to Liquid's consensus rules.

THE SIGNATURE SCHEME: SHRINCS

SHRINCS is a compact hash-based post-quantum signature scheme developed by Blockstream Research specifically for blockchain use cases. It operates in two modes:

Stateful mode — typical usage with compact 324-byte signatures. Requires tracking which one-time keys have been used.

Stateless fallback — recovery scenario mode. Larger signatures but no state tracking required.

WHY THIS MATTERS

This is the first live deployment of post-quantum signatures on a Bitcoin sidechain. While Bitcoin mainnet proposals like BIP-360 (which defines the P2MR output type, but not PQ signature algorithms) require a soft fork, Liquid's Simplicity scripting language allowed Blockstream to deploy actual PQ signature verification immediately — proving the cryptographic approach works in production.

How Simplicity Enables This

SIMPLICITY: PROGRAMMABLE SPENDING CONDITIONS

Simplicity is Blockstream's smart contract language for Liquid (and eventually Elements-based sidechains). Unlike Bitcoin Script, Simplicity allows users to express arbitrary spending conditions — including custom cryptographic signature verification. This means you can implement an entirely new signature scheme without touching consensus code.

User locks assets to a Simplicity contract

L-BTC, stablecoins, or tokenized securities are sent to an output with a Simplicity program that requires a SHRINCS post-quantum signature to spend.

Simplicity verifier checks the PQ signature

The Simplicity program contains a complete cryptographic signature verifier for SHRINCS. When spending, the user provides a post-quantum signature that the program validates.

No consensus changes needed

Liquid nodes don't need to know about SHRINCS. They execute the Simplicity program, which internally verifies the PQ signature. The spending condition is entirely user-defined.

THE WHITEPAPER EASTER EGG

Liquid requires transaction sizes to be proportional to the computational budget consumed. Rather than padding extra space with zeros, Blockstream filled it with the Bitcoin whitepaper — a nod to the community and a demonstration of the format's flexibility.

What This Means for Bitcoin

LIQUID AS TESTBED

Liquid serves as a proving ground for solutions that Bitcoin could eventually adopt. PQ signatures working on Liquid validates the approach before Bitcoin mainnet deployment.

SHRINCS vs NIST PQC

SHRINCS is purpose-built for blockchains with 324-byte stateful signatures. Compare to NIST's SPHINCS+ (~7-49KB) or ML-DSA/Dilithium (~2.5KB). Compact signatures matter on-chain.

CONNECTION TO BIP-360

BIP-360 (Pay to Merkle Root) proposes a new output type for Bitcoin mainnet that removes the key-path spend, protecting against long-exposure quantum attacks. It does not itself introduce PQ signature algorithms -- those would come via future companion BIPs. The Liquid SHRINCS deployment validates the PQ cryptographic primitives in production, providing real-world experience that can inform future PQ opcode design for Bitcoin. See the Quantum Resistance topic for BIP-360 details.

THE BIGGER PICTURE

This demonstrates the power of programmable spending conditions. With sufficiently expressive scripting (Simplicity on Liquid, or theoretically OP_CAT on Bitcoin), new cryptographic schemes can be deployed without protocol changes. This is the same pattern as:

• Binohash — transaction introspection without new opcodes
• PIPEs v2 — covenants without consensus changes
• BitVM — arbitrary computation without protocol modifications

Blockstream blog: PQ signatures on Liquid → Perth BitDevs: BIP-360 & Quantum Resistance →