While pairing-based cryptography is not quantum resistant (yet? Can we mix in isogenies in there?), the signature, secret keys and public keys are really small, for example with a 256-bit prime we're looking at 256-bit secret keys and 256-bit or 512-bit public keys/signatures (you can choose which one is bigger/slower depending on what you want to prioritize).
It is also going into standardization right now:
and will be a standard adopted across several blockchains (Algorand, Chia Network, Dfinity, Ethereum 2.0, Filecoin, Zcash to name those I am aware of).
Of course other factors may dominate anyway.