Signature Schemes Explained
Tidecoin uses post-quantum signatures to authorize spends. A signature proves that the spender controls the private key for an output, without revealing that private key.
This page is a plain-language guide. The normative scheme registry lives in Protocol / Scheme Registry.
The Five Schemes
| Scheme | Family | NIST category | Signature size | Mainnet status |
|---|---|---|---|---|
| Falcon-512 | NTRU lattice | 1 | 666 bytes padded | Live from genesis |
| Falcon-1024 | NTRU lattice | 5 | 1,280 bytes padded | Built, gated by AuxPoW |
| ML-DSA-44 | Module lattice | 2 | 2,420 bytes | Built, gated by AuxPoW |
| ML-DSA-65 | Module lattice | 3 | 3,309 bytes | Built, gated by AuxPoW |
| ML-DSA-87 | Module lattice | 5 | 4,627 bytes | Built, gated by AuxPoW |
Only Falcon-512 is mainnet-active before AuxPoW. Wallet policy cannot override consensus activation.
Why Falcon-512 First
Falcon-512 is compact for a post-quantum signature. Compactness matters on a blockchain because every full node validates and stores transaction data.
That is why Falcon-512 is the practical mainnet baseline: it gives post-quantum signature security with much smaller transactions than ML-DSA at similar user workflows.
Why Keep More Than One Family
Cryptographic agility is the reason Tidecoin implements Falcon and ML-DSA. Both are lattice-based, but they use different constructions and have different implementation tradeoffs.
| Choice | Benefit | Tradeoff |
|---|---|---|
| Falcon | Compact signatures | More complex signing implementation because Falcon uses Gaussian sampling and FFT-style math |
| ML-DSA | Simpler integer-only design and final FIPS 204 standard | Larger signatures and transactions |
If future research weakens one construction or implementation family, having more than one activation-ready family gives the protocol a clearer response path.
Security Categories Are Not Rankings of Coins
NIST categories compare security strength against reference attack costs. A higher category usually means larger keys or signatures. It does not automatically mean “better for every transaction.”
For everyday blockchain use, size matters because larger signatures raise fees, bandwidth, mempool pressure, and block storage. Tidecoin therefore treats scheme choice as a consensus and wallet policy decision, not a marketing label.
When To Use Which
| Situation | Practical choice |
|---|---|
| Current mainnet wallet | Falcon-512 |
| Testnet or regtest scheme testing | Any scheme allowed by that network’s activation rules |
| High-security experiments after activation | Falcon-1024 or ML-DSA-87, with fee impact measured |
| Implementation diversity testing | ML-DSA-44/65/87 |
| Production service integration | Follow current activation status and test transaction sizes |
What Is Prefixed
Tidecoin serialized public keys carry a one-byte scheme prefix. The prefix tells consensus which verifier to use. Signatures themselves are parsed according to the selected scheme and the active verification mode.
For wallet users, that detail is invisible. For integrators, it is critical: address generation, script construction, fee estimation, and verification must use the scheme-tagged public key bytes.
See also: Protocol / Scheme Registry, Protocol / Falcon, Protocol / ML-DSA, Transaction Size and Fees.