Post-Quantum (PQ) Interop #37, April 29, 2026

Protocol Calls & happenings
1

Agenda

Resources

High-Level Documents

Overview

A. Devnet-4: Implementation & Specification Status
B. Devnet-5: Early Specification Discussion
C. Testing infrastructure: cross-client visualization tooling
D. leanSpec engineering: multi-fork architecture & validator sync-lag gate
E. Metrics & Observability

A. Devnet-4 — implementation & specification status

Latest devnet status (Apr 28)

  • Devnet-4 relaunched with 2 subnets.
  • Finality lost after slot 110. Heads of all clients continue to progress.
  • Both ream instances crashed.
  • qlean and lantern time out when responding to reqresp from zeam (acting as aggregator).
  • Operator coordination: teams should flag any pending client image release before the next restart so it can be held until the new image is ready.

Spec & test work

  • New test vectors added.
  • Interop debugging — bring root-cause progress on the items above.

B. Devnet-5 — early specification discussion

Reference: Devnet-5 proposal (HackMD).

Background

Lean consensus uses post-quantum (hash-based) signatures. They are large, and blocks are dominated by proofs. Recursive aggregation is the lever: fold two proofs into one short proof asserting that both signed, repeat until the block fits.

Devnet-4 applies this per attestation_data: each block carries one aggregated proof per distinct vote target, capped at MAX_ATTESTATION_DATA = 8. Worst case is 8 aggregated proofs plus 1 block signature. Better than per-validator, but proofs still dominate.

What Devnet-5 wants to add

Fold the 8 per-attestation_data aggregates and the block signature into a single block proof. Verifying a block becomes verifying one SNARK. This is the largest size reduction available without changing the signature scheme.

The catch — aggregation is one-way

Folding A and B into AB destroys A and B as separately verifiable objects. This breaks block production, not block validation:

  • The next proposer extends the previous block’s per-attestation_data aggregate with new votes (the known_aggregated_payloads cache amortises aggregation work across slots). Without the intermediate aggregates, there is nothing to extend.
  • Two concrete failure modes follow:
    1. Hidden payloads. A node receives Block N’s block proof but missed the standalone aggregates on gossip. Fork choice still works (it only needs justification claims from headers), but on Block N+1 the node has no leaves to fold.
    2. Justification drift. The local store learns of a new justified checkpoint from a block proof, while the head block’s state still references the old one (store.justified > head.justified). The node knows the truth but cannot prove it on-chain. The safe rule is to treat itself as not synced and abstain from proposing — a liveness cost paid for safety.

Mitigation — binary aggregation tree

Build a tree instead of folding to a single root:

  • Leaves — individual proofs.
  • Intermediates — pairwise aggregates (per attestation_data).
  • Root — block proof.

Publication granularity then becomes a knob, not a forced choice:

Published Block size Reusability
Root only smallest none
Root + per-attestation_data intermediates small proposers can extend
Whole tree large maximum

The middle row is the working assumption. A common message format keeps every node in the tree a valid aggregated payload, so peers can fetch the granularity they need.

Open questions for the call

  1. Propagation of intermediates. Side gossip channel? Req/resp from aggregators when a node is the next proposer and only received the root? Recommended scope for Devnet-5: lock the binary-tree publication choice and defer the propagation mechanism to the next devnet unless it becomes a blocker.

  2. Recursive proving cost. Recursive SNARK proving is slow. We need wall-clock numbers before locking the slot budget. One promising mitigation is to push folds off the proposer’s critical path and onto aggregator validators during the existing aggregation interval, in parallel waves: with 8 leaves, 4 → 2 → 1 reduces the proposer’s critical path from 7 merges to 1. Wall-clock saving is modest at this leaf count (≈2×); the real win is removing 6 merges from the proposer path. A pattern in production at Polygon zkEVM, Plonky2, and Mina; reuses role separation already present in the 3SF-mini slot pipeline.

  3. Fork-choice independence. The proposal assumes fork choice works without payloads. True today. Breaks if any future rule (slashing, surround votes) needs per-validator vote info now locked inside a recursive proof. Want explicit sign-off on this invariant before locking the design.

  4. Multi-message scope. Multi-message means a single aggregated proof attests to more than one distinct message at once. Devnet-4’s per-attestation_data aggregates each cover only one message; a Devnet-5 block proof has to cover up to 9 messages (the 8 distinct attestation_data votes + the block signature). Every additional (message, slot) pair the proof has to recognise costs prover time and proof size, so the proposed scope caps the proof at messages spanning at most 3 distinct slots:

    • up to 2 slots worth of attestation_data — the 8 votes are required to come from no more than 2 distinct slots;
    • 1 slot reserved for the block signature, which is bound to the block’s own slot.

    To be confirmed.

  5. Message-level primitives. Today’s aggregation only handles a single (message, slot) pair per proof. Devnet-5 needs an interface that bundles several. Proposed two-tier model:

    • Type-1 — a proof aggregating any number of signatures over the same (message, slot). This is what we already have (per-attestation_data aggregate). Merging two type-1 proofs is commutative and idempotent, and signers can be removed without breaking soundness.
    • Type-2 — a proof bundling n type-1 proofs that each cover a different (message, slot). This is the new object Devnet-5 needs in order to combine the 8 per-attestation_data aggregates with the block signature into one block proof.
    • Split — decompose a type-2 back into its n underlying type-1 proofs. This is the property that keeps the binary aggregation tree useful: a future proposer extracts the per-attestation_data aggregate from the previous block’s bundle and extends it with new votes, instead of starting from scratch.

    Two questions for the call:

    • Is this interface realisable cryptographically — specifically, can type-2 be constructed in a way that supports splitting?
    • Does it cover every aggregation we need across Devnet-5 and the next devnet, or are there shapes that don’t fit either type?

  6. Tree arity. The tree does not need to be binary. Single-message/single-slot already permits aggregating an arbitrary number of previously aggregated multi-signatures in one step. n-ary trees mean fewer merges overall but each merge is bigger — needs a quantified comparison before we commit.

  7. Ephemeral intermediates. Treat intermediates as ephemeral, fetchable for a short window while signatures arrive. Under sustained non-finality the aggregator cache must enforce the justifiability schedule filter (which bounds aggregate diversity at O(√(T - F))). If the filter is enforced only at consensus-time, the gossip cache grows linearly regardless.

Spec & test-infrastructure work to start now

We do not need every detail locked to begin opening small spec issues. Concretely:

  • Define the type-1 / type-2 message containers and their (de)aggregation operations.
  • Specify the publication policy (root + per-attestation_data intermediates).
  • Fix the proposer/aggregator wave assignment if we adopt parallel folding.
  • Test runtime. The spec test-vector CI currently runs ~50 min for production configurations and ~20 min for test configurations. Devnet-5 will compound this. We need a mocking or scheme-substitution strategy to bring it back to a tractable budget before merging Devnet-5 changes — otherwise each iteration costs an hour.

The HackMD does not yet reflect this discussion. The doc should be updated so the spec issues open against an aligned reference.

C. Testing infrastructure — cross-client visualization tooling

The Ream team has stood up a cross-client visualization at https://hive.leanroadmap.org/, hosted on a shared VPS, with the underlying simulators contributed upstream into ethereum/hive (neutral ground). They are actively driving the effort and have offered to keep the lead.

Status

Already covered (full list: https://pastebin.com/N89vmn8a):

  • Checkpoint sync with leanSpec nodes.
  • Finalization matrix against other clients.
  • Block validation.
  • Gossip and req/resp.

leanSpec test-vector integration is in progress. A formal announcement and walkthrough will land in a subsequent PQ Interop call once it ships.

Action for client teams

The integration requires each client to expose a test-vector consumer — an entry point that loads a fixture and runs it against the client’s internal functions. Ream already has this; the earlier other clients land theirs, the earlier they show up as rows in the matrix.

Make sure your client consumes test vectors against its internal functions in any reasonable form. That is the prerequisite for being included.

On this call

  • Demo. Ream will walk through what running the tool against a client looks like, so other teams can see the consumer shape they need to provide.
  • Feedback. Look at https://hive.leanroadmap.org/ before the call and flag anything missing or wrong — additions and criticisms are welcome.
  • Open question. Execution-side simulators already live in ethereum/hive. Should the dashboard also be pushed into ethpandaops/hive-ui (so it sits alongside the other Hive dashboards), or is the standalone instance the right home?

Contacts for anything related to this effort: the Ream team and Kolby, or the #testing thread on the PQ Interop Telegram.

D. leanSpec engineering — multi-fork architecture & validator sync-lag gate

Two pieces of leanSpec engineering work that are ready to be discussed and picked up.

D.1 Multi-fork architecture

References: PR #638, tracking issue #686, design notes.

What PR #638 lands (skeleton).

  • ForkProtocol(ABC) + ForkRegistry for multi-fork dispatch.
  • State and Store move from subspecs/ into forks/lstar/ (fork-specific).
  • subspecs/ becomes fork-agnostic shared libraries.
  • Construction routes through the fork (fork.generate_genesis(), fork.create_store()).

D.2 Validator sync-lag duty gate (#689)

Problem. subspecs/validator/service.py has no sync-lag check. A node 800 slots behind continues to attest and propose against its stale head. Stale-head attestations deposit LMD-GHOST weight on the wrong subtree and slow convergence. A node can be SyncState.SYNCED per the state machine and still be many slots behind wall clock during a brief network hiccup, validator restart, or partition — so the binary sync-state flag is the wrong signal. This bites lean harder than beacon because faster finality leaves less time for fork choice to absorb the noise.

Proposed gate. Skip both attestation and proposal when local head trails wall clock by more than SYNC_LAG_THRESHOLD = 4 slots. Decision uses store.head (not justified or finalized) — the gate is about whether the validator’s view of current head is fresh. wall_clock_slot < head_slot (clock skew) does not gate; trust the chain in that direction.

Companion to #688 (BlocksByRange), which addresses catch-up speed itself. The two are independent and can land in either order; together they unblock devnet stalls.

E. Metrics & Observability

Standing item. Updates from teams running Devnet-3 / Devnet-4 telemetry.

Meeting Time: Wednesday, April 29, 2026 at 14:00 UTC (60 minutes)

GitHub Issue

2

Meeting Summary:

The meeting focused on updates and discussions regarding Post-Quantum Interop number 37, with particular emphasis on client updates, testing infrastructure, and future developments for DevNet 5. Client teams, including Zim, DevNet, Kolin, Lantern, and Lighthouse, shared progress on optimization efforts, testing improvements, and bug fixes. The team discussed a new solution for handling proof aggregation in DevNet 5, where Emil confirmed that disintegrated proofs could be recovered, eliminating the need for a complex binary tree approach. The group also addressed the potential addition of a PQ heartbeat feature in DevNet 5, which would serve as an availability protocol and simplify consensus operations. Updates were provided on the testing infrastructure, including a new visualization tool and Grafana dashboard for monitoring metrics across different DevNets. The conversation ended with agreement to use Grafana logs for daily monitoring rather than sharing zip files through Telegram groups.

Click to expand detailed summary

The team discussed updates on Post-Quantum Interop number 37, focusing on client updates and testing progress. Gajinder reported on multiple subnet testing and optimization efforts for Zoom, while Shariq shared updates on the retirement of DevNet 3 code and the addition of attestation committee accounts into the CLI. Shariq also presented test results showing client interop capabilities, highlighting which clients successfully interrupt with each other, and noted that the testing framework is now available for team contribution and review.

Kolby discussed various test suites available, including request-response, gossip sub, client interop, and checkpoint sync tests, noting that lower-level suites might be more helpful for debugging. Kolby mentioned that a new lean spec test assets integration would be implemented later in the week, requiring clients to implement a harness for easier testing and visualization. Ruslan reported on integrating Kolin into Hive, making Docker integration easier, and creating a fork of Lin Multisik with a debug feature that allows controlling aggregation and proof size for resource-efficient testing.

Ruslan explained his implementation of a multi-seek feature that patches aggregation functions for testing purposes to improve performance. Mihir reported progress on rewriting the SSC and LibP2P libraries, implementing optimizations for aggregation verification, and submitted a PR to add test vectors. Pablo shared their PR on LinkSpec that improves checkpoint sync safety and safe target computation. Mercy updated the team on debugging an out-of-memory issue caused by CPU-intensive tasks, with plans to switch to a dedicated executor by the end of the day or tomorrow.

Thomas discussed the findings from the DevNet 4 channel, where new subnets and debugging tools were launched. He requested that team members submit issues directly on the spec with relevant logs if they encounter bugs or lack of test coverage. Thomas then outlined plans for DevNet 5, which aims to reduce proof size by folding multiple per-attestation data aggregates into a single proof posted on-chain. He explained the trade-offs of this approach, including the loss of information and the need for a tree structure to maintain some historical data. The discussion touched on handling intermediates through side gossip channels and potential recursion costs, with Mercy suggesting a parallel processing mitigation.

The team discussed a design issue related to proof recovery and aggregation. Anshal explained that based on recent discussions, it’s now possible to disintegrate aggregated multi-message proofs, allowing recovery of individual proofs without needing the previously proposed binary tree solution. Thomas confirmed with Emil that this recovery capability was verified, and Anshal clarified that this approach eliminates the need for the previously considered partial formation and binary solution, avoiding potential propagation issues.

The team discussed implementing a new solution that eliminates the need for a tree structure and allows for an arbitrary number of slot and message pairs. They also addressed the addition of a PQ (Post-Quantum) heartbeat feature in DevNet 5, which aims to simplify the consensus protocol and improve availability. Gajinder and Yann explained that the PQ heartbeat would serve as an independent vote type, not requiring aggregation, and would help in calculating the safe target. Thomas proposed working on both the Goldfish implementation and meta-aggregating proofs into single proofs for the block in parallel for DevNet 5.

The team discussed updates on testing infrastructure and metrics visualization. Thomas announced that the multi-fork architecture PR is ready for review and that two new issues related to service duty and missing block range features are in progress. Katya reported updates to the Grafana dashboard and plans to add new metrics for interval monitoring. Parthasarathy shared progress on DevNet testing, including issues discovered during subnet testing and updates to the lean point for reporting client status. The team agreed to use the metrics.leanroadmap.org Grafana instance for daily log checking instead of sharing zip files on Telegram, and Thomas confirmed that the proposed multi-signature approach for type1/type2 in leanMultisig is acceptable in terms of performance.

Next Steps:

  • Zim team: Continue optimization of aggregator flows and gossip/interval flows to minimize shared locking and maximize parallelization
  • Reem team: Move internal DevNet testing with multiple subnets from Mac to VPS
  • All client teams: Check client setup in Hive tests and report any issues with test configuration
  • Kolby/Reem team: Complete lean spec test assets integration later this week, requiring teams to implement harness in their clients
  • Kulin team: Investigate and fix issues identified in Hive test results
  • Lantern team: Address test failures shown in Hive tool and improve test coverage
  • Lantern team: Continue work on rewriting SSC library and Lib P2P library with better design
  • Mihir/Lantern: Rebase PR for test vectors if PR638 is merged, or adjust based on feedback
  • Lighthouse team: Complete debugging of out-of-memory issue and switch to dedicated executor by end of today or tomorrow
  • All client teams: Submit issues directly on lean spec with bug reports or logs when finding issues due to lack of test coverage or spec bugs
  • Thomas: Merge Mihir’s PR on LinkSpec for test vectors before other PRs about multi-fork
  • Thomas: Create small sub-issues in the spec for DevNet 5 features (PQ heartbeat with Goldfish and meta-aggregating proofs)
  • All client teams: Review and approve multi-fork architecture PR on lean spec
  • Thomas: Merge multi-fork PR after team approvals
  • Steel team/Thomas: Start work on tracking issue for fully generic implementation after multi-fork PR is merged
  • Katya: Share Grafana dashboard screen in chat after the call
  • Katya: Share draft PR for new interval monitoring metric in tooling channel for discussion
  • Katya: Test and notify teams when Grafana update allows log downloads
  • Parthasarathy: Continue testing and reporting issues on Telegram channel as clients switch between validator and aggregator roles
  • All client teams: Check Grafana Loki logs daily for DevNet runs instead of relying on zip files shared in Telegram

Recording Access:

3

YouTube recording available: https://youtu.be/9LdIXqck0DQ