Hash-Based Signatures: The Most Conservative Path to Post-Quantum (opens in new tab)

Nearly every digital signature in use today — RSA, ECDSA, Ed25519 — rests on a number-theory problem that a large quantum computer would solve efficiently. Hash-based signatures take a radically narrower bet: they assume only that a secure hash function exists. That single assumption makes them the most conservative quantum-resistant signatures we have, and the story of how they're built is one of the most elegant in cryptography. A digital signature scheme rests on some hard problem. RSA res...