Hash-based signature is to be standardized by NIST. So it is a natural question to study whether the currently being standarized algorithm SPHINCS+ is indeed optimal.
Towards this end, we discovered that the constant-sum encoding method that appear previously in the literature, is encoding-size-optimal among all tree-based one-time signature schemes. Moreover, by refuting a DAG-based construction [BM96] our scheme appears to be the optimal among all existing constructions.
This work is published as Revisiting the Constant-Sum Winternitz One-Time Signature with Applications to and XMSS. In: Handschuh, H., Lysyanskaya, A. (eds) Advances in Cryptology – CRYPTO 2023. CRYPTO 2023. Lecture Notes in Computer Science, vol 14085. Springer, Cham. PDF