0age pfp
0age
@0age
imagine ECDSA is demonstrated to be broken by quantum computing tomorrow now everyone’s scrambling to move funds into a smart wallet with quantum-resistant signature verification ASAP what’s the best implementation of this currently out there? does one even exist?
11 replies
44 recasts
173 reactions
Dan Romero pfp
Dan Romero
@dwr.eth
curious if @vitalik.eth has thought about this
4 replies
31 recasts
99 reactions
EulerLagrange.eth pfp
EulerLagrange.eth
@eulerlagrange.eth
Sha256 and similar hash functions are considered quantum safe. STARKs use hash functions heavily and so are also considered quantum safe. So in a pinch you could hard fork an upgrade where everyone switches to a new key, and a zk proof of knowledge is used for the new private key instead of normal signatures.
3 replies
0 recast
10 reactions
0age pfp
0age
@0age
i'm thinking no time for hard fork, like literally being blindsided and seeing coins start moving out of big accounts granted, everything likely goes to zero in this scenario but my point is what could one individual do to protect themselves from falling victim before social coordination can step in
3 replies
0 recast
2 reactions
Dean Pierce πŸ‘¨β€πŸ’»πŸŒŽπŸŒ pfp
Dean Pierce πŸ‘¨β€πŸ’»πŸŒŽπŸŒ
@deanpierce.eth
I don't think there's anything ready off the shelf, but maybe build something that requires a kyber signature, and verified with a snark in /risc-zero so you don't need to verify the pq signature itself in the EVM. https://github.com/Argyle-Software/kyber
1 reply
0 recast
3 reactions
Dean Pierce πŸ‘¨β€πŸ’»πŸŒŽπŸŒ pfp
Dean Pierce πŸ‘¨β€πŸ’»πŸŒŽπŸŒ
@deanpierce.eth
Actually Falcon probably makes more sense πŸ˜… https://blog.cloudflare.com/another-look-at-pq-signatures/ https://github.com/aszepieniec/falcon-rust
1 reply
0 recast
2 reactions
Dean Pierce πŸ‘¨β€πŸ’»πŸŒŽπŸŒ pfp
Dean Pierce πŸ‘¨β€πŸ’»πŸŒŽπŸŒ
@deanpierce.eth
An EIP to add a Falcon pre-compile has been discussed, but until that exists, the risc zero approach lets you do it for the cost of a snark verification, which I believe risc zero provides for most major chains. https://ethereum-magicians.org/t/eip-7592-falcon-signature-verification-pre-compile/18053
1 reply
0 recast
0 reaction
EulerLagrange.eth pfp
EulerLagrange.eth
@eulerlagrange.eth
Admittedly I’m not up to date on the nist post quantum signature methods. I remember within a couple years a scheme was proposed that was broken soon after. Not saying that is the case for Falcon, but usually you can’t prove something is secure directly. You build it from some key assumptions, and then time will tell if the assumptions hold. 1000 byte lattice based public key? I need to read up on the short integer solution stuff with rings
1 reply
0 recast
2 reactions