The existing Shmueli–Zhandry one-time signature (OTS) scheme suffers from poor efficiency: its signing key requires Θ(λ⁴) qubits, signatures are Θ(λ³) bits long, and it only supports bit-by-bit signing of polynomial-length messages. This work introduces a novel direct construction achieving the first efficient OTS supporting arbitrary polynomial-length messages, based on either the classical random oracle model or the combination of LWE and quantum-resistant indistinguishability obfuscation (iO). The scheme achieves perfect correctness and strong signature incompressibility—correcting a critical flaw in prior constructions. It reduces the signing key size to Θ(λ²) qubits and signature length to Θ(λ²) bits, yielding substantial improvements in key/signature size and computational efficiency while preserving rigorous security guarantees.

One-shot signatures (OSS) are a powerful and uniquely quantum cryptographic primitive which allows anyone, given common reference string, to come up with a public verification key $mathsf{pk}$ and a secret signing state $|mathsf{sk} angle$. With the secret signing state, one can produce the signature of any one message, but no more. In a recent breakthrough work, Shmueli and Zhandry (CRYPTO 2025) constructed one-shot signatures, either unconditionally in a classical oracle model or assuming post-quantum indistinguishability obfuscation and the hardness of Learning with Errors (LWE) in the plain model. In this work, we address the inefficiency of the Shmueli-Zhandry construction which signs messages bit-by-bit, resulting in signing keys of $Θ(λ^4)$ qubits and signatures of size $Θ(λ^3)$ bits for polynomially long messages, where $λ$ is the security parameter. We construct a new, simple, direct, and efficient one-shot signature scheme which can sign messages of any polynomial length using signing keys of $Θ(λ^2)$ qubits and signatures of size $Θ(λ^2)$ bits. We achieve corresponding savings in runtimes, in both the oracle model and the plain model. In addition, unlike the Shmueli-Zhandry construction, our scheme achieves perfect correctness. Our scheme also achieves strong signature incompressibility, which implies a public-key quantum fire scheme with perfect correctness among other applications, correcting an error in a recent work of Çakan, Goyal and Shmueli (QCrypt 2025) and recovering their applications.