EIPsInsight

Loading Experience

Preparing your insights...

Loading0%
PQTS2026-06-10_010

PQ Transaction Signatures #010

2026-06-10 1 decision 424 transcript lines

Transcript

Ask about this call

Answered from this call's summary and transcript only.

AI-generated — verify against the recording.

Call summary

Targets
  • Riva Labs hash-based MPC working demo — ~1 month — 00:24:08
  • Silence Laboratories MLDSA-MPC academic paper — expected April (to be confirmed) — 00:37:29
Decisions
  • MLDSA precompile for execution layer is not ruled out; door remains open alongside hash-based approach — 00:51:18
Highlights
  • Presentations Overview:
    • ·Two demos: Riva Labs (post-quantum multisig via SAFE) and Silence Laboratories (threshold MLDSA MPC) — 00:08:51
  • Silence Labs Mldsa Mpc:
    • ·Threshold MLDSA (Dilithium) MPC: 2-of-3 cloud-hosted T-share wallet demo; ~150ms signing; scales to ~10 parties before blow-up — 00:30:57
    • ·On-chain verification uses ZKnox Dilithium smart contract (EIP-7702 / ERC-4337); signature indistinguishable from single-signer MLDSA on-chain — 00:32:47
    • ·Protocol adds optional Signer Reveal feature; 3 rounds of off-chain communication required; paper and open-source code pending audit — 00:36:11
    • ·7702 revert-to-ECDSA attack vector acknowledged; mitigated by EIP-7851 (EOA deactivation) once adopted — 00:43:19
  • Riva Labs Ephemeral Keys:
    • ·Ephemeral Keys Protocol: rotation every tx, next-signer stored on-chain, SPHINCS+ backup, ERC-4337 AA; multi-chain and multisig now supported — 00:11:10
    • ·SAFE multisig demo on Sepolia: 2-of-3 setup mixing post-quantum (Riva) and ECDSA signers; no SAFE changes required — 00:15:29
    • ·Protocol targets ERC standardization; team to draft ERC and share with this call series for community comment — 00:20:19
  • Gas And Precompile Discussion:
    • ·SHAKE-based MLDSA smart contract costs ~5M+ gas; Keccak variant drops to ~3M; MLDSA precompile estimated at ~6,000 gas — not ruled out for execution layer — 00:41:46
    • ·Reno (ZKnox): MLDSA is already in TLS; hash-based-only path risks non-compliance with HSMs and Web2 infrastructure; challenges consensus-driven direction — 00:46:08
Action Items
  • Riva Labs (Antonio Sanso as potential co-author) — Draft ERC for Ephemeral Keys Protocol; share with call series for community review — 00:21:55
  • Silence Laboratories (Jay) — Share e-print links for MLDSA-MPC paper and hash-based MPC impossibility result paper — 00:37:29

Meeting chat29

  • Reno - ZKNOX

    basically as no linearity exist, solution is garbled circuits, but highly inefficient

  • Ooia oo [OKX]

    Is there an alternative from garbled circuits?

  • Matteo Vena | Riva Labs

    Replying to "basically as no line..." Hey Reno any reading materials that you suggest?

  • Reno - ZKNOX

    Basically we are trying to preserve aggregation, which is why we use hash based, and will tweak everything else to have this fit in. Maybe tweaking consensus to be compliant with the industry for all the rest would make everything else easier. We are going fully non compliant with any hardware/actor/vendor.

  • Reno - ZKNOX

    Will the MLDSA-MPC algorithm used under the hood be published soon ? How does it compare to other proposals ?

  • Conor Deegan

    What is the upper limit for number of parties with this MPC?

  • Conor Deegan

    Thank you

  • Jay || Silence Laboratories

    https://sepolia.basescan.org/address/0x092c5d82069de997e34ce2505ca7d5042f3721ef#code

  • Reno - ZKNOX

    How many rounds of offchain communication is required ?

  • Matteo Vena | Riva Labs

    So does this MPC expose the signers?

  • Matteo Vena | Riva Labs

    Thanks

  • Benedikt Wagner

    Is this MPC against semi-honest or malicious adversaries?

  • Benedikt Wagner

    Ok thanks

  • Jay || Silence Laboratories

    3

  • Reno - ZKNOX

    thx

  • Benedikt Wagner

    Security with abort or with guaranteed output delivery? Under which corruption thresholds?

  • Benedikt Wagner

    I was referring to this https://eprint.iacr.org/2023/1381

  • Matteo Vena | Riva Labs

    What’s the size of the signature onchain?

  • Reno - ZKNOX

    Mainly the SHAKE

  • Reno - ZKNOX

    This is a SC.

  • Matteo Vicari

    https://sepolia.basescan.org/address/0x3d88a6b1a995842b687630d1b959f48d1e61a1ca

  • Matteo Vena | Riva Labs

    So does this use 7702? And if yes, can it be attacked by reverting authority to ECDSA?

  • Matteo Vena | Riva Labs

    Thank you, but I mean today

  • Oleg Lodygensky

    couldn’t replacing CHECK by keccak to solve gas utilization issue reopen a security hole? since keccak is ECDSA based afaIk

  • Reno - ZKNOX

    this has been done

  • Reno - ZKNOX

    there is a MLDSA-ETH version already

  • Ooia oo [OKX]

    Would love to hear ppl thoughts on about voleith-based schemes like faest in future sessions. Feels like an in-between lattice and hash-based paradigms

  • Reno - ZKNOX

    Thanks for the demo !

  • Oleg Lodygensky

    thansk you it is always very intereting

Key decisions

  • MLDSA precompile for execution layer is not ruled out; door remains open alongside hash-based approach

    The decision to keep the door open for MLDSA precompile alongside the hash-based approach.