Agenda
- Pruning Hypertrees for the Lax and Lazy - conduition
Meeting Time: Wednesday, May 13, 2026 at 13:00 UTC (60 minutes)
Meeting Summary:
The meeting focused on a presentation by Conduition about hypertree pruning, an optimization technique for the Sphinx post-quantum signature algorithm. Conduition explained how pruning can significantly improve key generation performance by reducing the number of Winternitz one-time signature keys that need to be generated, though it decreases the overall signature budget. The technique offers a trade-off between performance and security, with different pruning strategies affecting key generation and signing speeds differently. Antonio noted that the technique could be particularly useful for hardware wallets, where performance is crucial due to user interaction requirements. The discussion also touched on implementation considerations, including potential security concerns and the need for careful management of pruning across different key pairs.
Click to expand detailed summary
The meeting focused on a presentation by Conduition about hypertree pruning, an optimization technique for the Sphinx post-quantum signature algorithm. Conduition explained how the technique trades off signature budget for faster performance, particularly during key generation, by pruning unused Winternets keys from the XMSS tree structure. The presentation demonstrated significant performance improvements, showing that maximal root tree pruning could achieve approximately 500 times faster key generation with SLHDSA128S parameter set, though at the cost of reducing the signature budget from 2^64 to 2^55. Conduition also introduced balanced pruning as an approach to optimize signing performance, which could improve signing runtime by a factor of 2 while halving key generation performance.
Antonio thanked the presenter for their presentation and asked about implementing budget monitoring for pruned versions, to which the presenter explained that stateful schemes could be considered but noted the advantages of hypertree pruning with multiple layers. The presenter also mentioned not having implemented the masked version yet but outlined how performance gains could be estimated. Antonio briefly mentioned upcoming quantum computing presentations and panels, and the conversation ended with a few questions from participants about the implementation and benefits of the discussed techniques.
The meeting focused on cryptographic algorithms and their implementation. Alan asked whether EL and CL would use the same PQTS algorithm (SPHINCS), to which Antonio clarified that while consensus uses stateful signatures (XMSS), Yale does not, so they would not use the same algorithm. Condition discussed hypertroop pruning and its relevance depending on whether verifiers are flexible or fixed, noting that masking techniques could be applied equally to both Sphinx and pruned signers. The session concluded with participants expressing appreciation for the presentation and discussion.
Next Steps:
- Conduition: Follow up with Ledger and Trezor hardware wallet developers regarding the hypertree pruning optimization proposal, as no response has been received yet.
- Conduition: Implement hypertree pruning in a software wallet as a first step before pursuing hardware wallet integration.
- Meeting participants (interested): Watch the quantum computing presentations and panels by Justin Drake and Dan Boneh from TK Proof and TK Summit (videos available online).
- Antonio: Schedule the postponed presentation for the next meeting in two weeks.
Recording Access:
- Join Recording Session
- Download Transcript (Passcode:
1P#9yMZJ) - Download Chat (Passcode:
1P#9yMZJ) - Download Audio (Passcode:
1P#9yMZJ)
YouTube recording available: https://youtu.be/y2JQO17LgHk