Post Quantum transaction signature (PQTS) Breakout #6

Antonio opened the meeting and introduced the topic of TestNet Zero, which Giulio was scheduled to present. He shared two updates: the removal of frame transactions and native AAs as headliners for Agota, and additional parameters set for limited signature use cases in Sphinx. Antonio also mentioned a positive development involving a new tool that several team members, including Conor, have been working with. The meeting was set to continue with Giulio’s presentation on Daisugi and TestNet, followed by a potential update from Conor.

Giulio presented his work on implementing post-quantum cryptography in a live client, specifically focusing on NTT and Falcon contracts. He demonstrated a dev node that implements entity pre-compiles and direct pre-compiles, showing the difference between direct signature verification and the LEGO-like approach with multiple entity pre-compiles. Giulio also introduced ephemeral SCDSA as a new feature and explained that direct pre-compiles are more gas-efficient than entity pre-compiles, particularly for Lithium, due to memory requirements.

Giulio presented his work on post-quantum signature pre-compiles, sharing insights from his experiments with Falcon and Dilithium algorithms. He explained that while he initially attempted to create a framework for abstracting post-quantum signatures, he found that this approach didn’t work well due to the unique requirements of each verification algorithm. Giulio agreed to add links to the explorer on his homepage and shared his repository containing the experimental pre-compiles, which he confirmed is publicly accessible. The discussion also covered gas costs associated with the pre-compiles, with Giulio clarifying that most of the cost comes from call data rather than the execution itself.

The team discussed standardization efforts for different ERC and PQC implementations, with Oleg raising questions about standardizing IP and making provider solutions more accessible. Antonio clarified that the team is too early in their exploration phase to consider standardization yet, expecting more stable candidates to emerge in a few months. Conor then presented on NIST’s new SLHDSA signature scheme, which reduces signature size significantly while maintaining security, and introduced a new research tool he created to help implement and test the scheme.

The team discussed the impact of reduced signature size on signing time, particularly on constrained devices. Conor explained that while smaller schemes improve size, they increase signing time, though some optimizations like caching could help. Yannick confirmed that improving both signature size and signing time simultaneously is challenging, requiring trade-offs between these parameters.

The team discussed trade-offs between different parameters for post-quantum signature schemes, particularly focusing on signing time and key generation performance. Yannick shared that key generation takes around 50 seconds for SLH-DSA-128s, while signing takes approximately 6 minutes, leading to a discussion about whether to use ephemeral keys for low-value transactions versus more secure post-quantum algorithms like Lattice for higher-value transactions. Nico presented new parameters that offer improved performance with 100-1000x reduction in signing time compared to NIST’s recent publication, though still not suitable for hardware wallets due to verification constraints. The group also discussed the importance of formally verified Solidity contracts for post-quantum implementations and the need for better user experience design, with pbark mentioning their work on a test wallet with QR code integration.