Quantum security of subset cover problems. (arXiv:2210.15396v1 [quant-ph])

The subset cover problem for $k \geq 1$ hash functions, which can be seen as
an extension of the collision problem, was introduced in 2002 by Reyzin and
Reyzin to analyse the security of their hash-function based signature scheme
HORS.

The security of many hash-based signature schemes relies on this problem or a
variant of this problem (e.g. HORS, SPHINCS, SPHINCS+, \dots).

Recently, Yuan, Tibouchi and Abe (2022) introduced a variant to the subset
cover problem, called restricted subset cover, …

problems quantum quantum security security