2020.07.23 18:15:07 (1286334036781101061) from Daniel J. Bernstein:
The "ultra-short" signatures in https://eprint.iacr.org/2020/914.pdf do not reach their claimed security level: consider an attacker who simply sends random strings as forgery attempts. The user pays the verification cost, while the authors incorrectly attribute this cost to the attacker.