EIPsInsight

Loading Experience

Preparing your insights...

Loading0%
PQTS2026-04-29_007

PQ Transaction Signatures #007

2026-04-29 412 transcript lines

Transcript

Ask about this call

Answered from this call's summary and transcript only.

AI-generated — verify against the recording.

Call summary

Targets
  • Next PQTS breakout call in two weeks — 01:09:10
Highlights
  • Jardin Design:
    • ·JARDIN: Hybrid stateless/stateful design combining SPHINCS- with FORS few-time signatures — 00:44:51
    • ·Type 1 (stateless): 400K gas, 6KB signature; Type 2 (stateful): 170K gas, 128 transactions per lane — 00:46:53
    • ·Ledger implementation working: 3-second compact signing, 45-second stateful signing — 00:53:19
    • ·FORS prevents catastrophic key reuse from fault injection/state rollback attacks — 00:49:22
  • Sphinx Variants:
    • ·NIST published SPHINCS- variant (2^24 signatures) two weeks ago for firmware signing — 00:39:16
    • ·SPHINCS- SHA-2 variant: 142K gas pure verify, FIPS-compliant path for institutions — 00:41:27
    • ·Hardware constraint: SPHINCS- requires HSM (1-2 min signing), not hardware wallet compatible — 00:42:59
  • Zk Proof Approach:
    • ·Longfow ZK proving: 87ms client-side, hides public key via zero-knowledge ECDSA proof — 01:01:11
    • ·Current implementation: ~2M gas, 20KB proofs; optimizations in progress (column reduction, designated verifier) — 01:03:41
    • ·EIP-7702 delegation protects assets post-key-exposure by requiring ZK proof for withdrawals — 01:04:43
  • Ephemeral Keys Implementation:
    • ·Riva Labs demo: NiceTry wallet supports ECDSA and WOTS modes with rotation — 00:17:04
    • ·WOTS mode: 93K gas validation, 460-byte signatures, quantum-safe by design — 00:24:41
    • ·Live demo: DeFi interaction (Lido staking) working on testnet with key rotation — 00:28:19
    • ·WOTS backup signers address transaction failure scenarios (wrong nonce, gas limits) — 00:31:25
Action Items
  • Nico C — Publish ETH Research posts for SPHINCS- and JARDIN designs — 00:59:03
  • All teams — Provide feedback on Mahdi's ZK proof approach via ETH Research thread — 01:08:44

Meeting chat27

  • alan xu

    https://github.com/firedancer-io/firedancer/pull/9446 Looks like Solana has chosen falcon for PQTS, what about ethereum?

  • Nico C

    I will do less than 15 all good !

  • Antonio Sanso

    Reacted to "I will do less than ..." with 👍

  • Jeevan Siddharth

    In ECDSA mode what happens if a txn got reverted , do we rotate the key as first step regardless ? , since now we have txn history of that key right ?

  • Matteo Vena | Riva Labs

    https://github.com/RivaLabs-Core/Ephemeral-Keys

  • alan xu

    Reacted to "https://github.com/R..." with 👍

  • Ooia oo [OKX]

    Reacted to https://github.com/R... with "👍"

  • Benedikt Wagner

    @Nico C for security proofs in the context of grinding, you may look into our aborting RO framework (designed for the XMSS signatures on the CL): https://eprint.iacr.org/2026/016.pdf

  • Miha Stopar

    Did you perhaps think about what could be a (PQ) SNARK to be used for this signature scheme?

  • Benedikt Wagner

    Replying to "Did you perhaps thin..." I think this is for the EL, so why do we need a SNARK for it?

  • Miha Stopar

    Replying to "Did you perhaps thin..." In general, I am looking for a PQ signature scheme with PQ snark with efficient on-chain verifier for a PSE project.

  • Nico C

    https://sphincsminus.org/

  • Nico C

    https://github.com/nconsigny/SPHINCs-

  • Nico C

    https://github.com/nconsigny/sphincs-ethereum-app/tree/sphincs-c11

  • Nico C

    Reacted to "@Nico C for securi..." with 👍

  • Nico C

    https://github.com/nconsigny/JARDIN

  • Nico C

    I will open two ethresearch blogpost (one for SPHINCS- and one for JARDIN). Just waiting on some feedback but most of it are already available in the repos

  • Antonio Sanso

    Reacted to "I will open two ethr..." with ❤️

  • Ooia oo [OKX]

    Replying to "Did you perhaps thin..." I guess there is another use case for high value wallets. Where signature is ideally multisig/mpc-ish (or anyways where u can separate the storage key material completely)

  • Ooia oo [OKX]

    Reacted to I will open two ethr... with "❤️"

  • Ankita Virani

    Reacted to "I will open two ethr..." with ❤️

  • Antonio Sanso

    Replying to "https://github.com/f..." It seems the direction is going toward hash based and dilithium

  • Matteo Vena | Riva Labs

    Once the EOA's classical key is recovered by a CRQC, what stops the attacker from signing a fresh EIP-7702 authorization with it and re-delegating the EOA to a contract they control?

  • Ottie | Wonderland

    Reacted to "I will open two et..." with ❤️

  • Ooia oo [OKX]

    Multi-proving technqiues might be able to reduce computation required for the zkproof But then u need techniques to prevent collusion 😭

  • Lumi | Wonderland

    ty everyone!

  • Ottie | Wonderland

    Thanks everyone!

Key decisions

No key decisions recorded for this call.