Why bother mentioning install pqcrypto when your shared code never use that library?

you are right, I mentioned pqcrypto in the introduction but didn’t actually use it in the code. The idea was to suggest a quantum-safe library in case anyone wanted to expand the script or experiment with post-quantum cryptography. In this particular example, though, I only used hashlib and didn’t directly incorporate pqcrypto



Do you imply that you need to reveal specific part of the public key? I can't imagine it's secure to be used many times.



I see how that could be confusing. what I meant is that in certain quantum-resistant algorithms like XMSS, you use different parts of the private key for each signature, which prevents it from being reused. Revealing part of the private key each time can make the system more secure as it limits the exposure of the full key, but it must be carefully managed to avoid compromising security.



How should we install this xmss library? I searched that library on https://pypi.org/search/?q=xmss, but there's no relevant result.


the specific xmss library I mentioned is not available on PyPI. sorry for the confusion. I shouldve clarified that you would need to use an XMSS implementation from either a cryptographic library that supports post-quantum algorithms (like oqs-python) or implement your own. I’ll update the post to reference a more accessible option for quantum-safe key generation



IMO OP's code is too vague to be helpful for those who learn programming.