Most chains pick one signature scheme. The choice is usually Ed25519 if you want speed, BLS if you want aggregation, or Dilithium if you want to be post-quantum. The single-scheme bet is the default architecture.
I do not take that bet.
Single-scheme chains are simpler. Smaller signatures. Faster verification. Less code to audit. The cryptographic community has converged on a small set of well-vetted primitives, and using them is the norm.
The implicit assumption is that *well-vetted* means *will not break*. But it does not. ECDSA was well-vetted; Shor's algorithm breaks it given enough qubits. Dilithium is well-vetted; lattice cryptanalysis is an active research area. SLH-DSA is provably as secure as its hash function — but a hash break, however unlikely, takes it down.
The single-scheme bet is implicitly a bet that this specific scheme's specific failure mode never occurs. Fine for a five-year system. Not fine for a chain that aspires to outlive the people who built it.
When you sign with three independent primitives, the attack surface for forging an entry becomes the *intersection* of attacks on all three.
Lattice break? You still need to forge Ed25519 and SLH-DSA.
Quantum computer breaks Ed25519? You still need to forge lattice and hash signatures.
SHA-3 collision? You still need to forge lattice and elliptic-curve signatures.
Each of those attacks would be the result of decades of separate research. The chance that all three break in the same year is vanishingly small. The system stays safe even when one foundation falls.
You pay for this. Per-entry signature size goes from 64 bytes (Ed25519) to about 95 KB (the three-way hybrid, base64-encoded). A 1500x increase. Sign latency goes from 1 ms to 150 ms. Storage scales accordingly.
Storage is cheap. Cryptographic agility is irreplaceable. A single bad bet on a signature scheme wipes out the integrity of every entry ever written. Three independent bets — all of which would have to fail — is a posture worth paying 1500x for.
The reason no production chain ships triple-hybrid by default is mostly inertia. They were architected before FIPS 204 and 205 existed, and retrofitting a different signature scheme is a flag-day change for the whole ecosystem.
TreeChain has the advantage of being young. We did the flag day before there was an ecosystem to break.
When something I care about depends on cryptography, I do not buy insurance. I build redundancy directly into the security model. Three signatures. No single point of failure.