We emphasize that the on-chain classical mode (which verifies only the Schnorr component) provides compatibility but does not by itself guarantee post-quantum security unless one of the following holds: (i) the Schnorr component is instantiated over a group conjectured quantum-hard, or (ii) full Dilithium verification is enforced by archive/tier-2 nodes or on-chain anchors. Where unconditional post-quantum guarantees are required, the paper describes the full-hybrid mode that performs Dilithium verification. We present PQ-Derived Schnorr, a novel hybrid signature scheme that bridges post-quantum security with existing blockchain infrastructure through an innovative off-chain to on-chain protocol design. Our scheme employs a “Dilithium First, Schnorr Derived” philosophy where post-quantum security is established off-chain through CRYSTALS-Dilithium signature generation, while on-chain verification operates seamlessly through standard Schnorr signature protocols. This architectural separation enables quantum-resistant security guarantees while maintaining full compatibility with Bitcoin’s Taproot and other Schnorr-based systems. The complete signature follows Dilithium format specifications with approximately 4.4 KB total size, yet on-chain verification requires only a 64-byte Schnorr-compatible segment, enabling practical deployment without blockchain protocol modifications. Performance analysis demonstrates signing times of 0.02–0.04 seconds and efficient verification, making the scheme viable for real-world cryptocurrency applications. The protocol offers a modular migration path where existing blockchain infrastructure can achieve post-quantum security without fundamental architectural changes.
Shim et al. (Mon,) studied this question.