As Account Abstraction and post-quantum / hybrid signatures start to coexist on Ethereum,
I think we’re quietly accumulating a new class of failure modes.
Not cryptographic — semantic.
The same signature (or ZK proof verifying a signature) can be:
- cryptographically valid
- yet replayed or reinterpreted across verification surfaces
Examples:
ERC-1271 ↔ AA validation ↔ protocol-facing precompile ↔ ZK settlement.
If a ZK circuit verifies a PQ (or hybrid) signature without binding the verification surface
into a public input, the proof can be reused across contexts.
This is essentially replay-by-interpretation. I’ve been calling these “domain-separation wormholes”.
A minimal mitigation I’m exploring:
→ require a lane digest (hash of surface binding + algo/XOF + chain context)
to be exposed as a public input in ZK circuits that verify signatures.
That way:
- on-chain verifiers can check
lane_digest == H(envelope) - proofs fail if replayed across surfaces with different bindings
I’m not claiming this is novel cryptographically — it’s more about socially enforcing a minimum bar
for ZK + PQ verification patterns.
I wrote this up as a small research/benchmark repo:
Relevant bits:
- “explicit message lanes” as a security requirement
- ZK settlement surface (Groth16 / BN254) treated as a baseline
- a short discussion on whether lane digest must be a public input
Discussion here:
Open questions I’d love feedback on:
- Is exposing a single lane digest as a public input the right minimum bar?
- For AA: is EntryPoint address sufficient as verifier binding?
- For protocol precompiles: what’s the cleanest binding identity?
- Are there existing ZK patterns/standards that already do this well?
Curious how others are thinking about this, especially as PQ verification inside ZK becomes more common.