I just looked through your article and have been doing some research and thought towards which algorithms we should develop with and include, and I tend to agree that we shouldn’t rush into introducing what’s available now into, as Adam Back puts it, high assurance products.
I’m not yet sure how I’ll update BIP-360 to reflect this thinking, but I’m definitely flexible and open to different approaches. I like your idea of starting with WOTS, and I think we should choose one other algorithm for testing attestation disambiguation.
As for DASK, that looks really interesting. One modification I might suggest is to not ever deprecate secp256k1 keys, but instead, expect them to be included along with other signature types, an approach known as hybrid cryptography.
One question… In HBS, if signatures are validated in clients, how will nodes validate signatures for inclusion in a block? I would assume the same way clients do, except clients would have their own secrets.
Great work on your article btw, very well-researched.
Also, here’s a link to the latest iteration of the BIP:
Would you be interested in writing a BIP for DASK, and do you think it might be a good idea to narrow down BIP-360 to work with DASK?