Ethereum Daily

Ethereum Daily ~ October 18, 2025 Presented by @inflynce 💎 Huobi Founder Launching ETH DAT 💼 Dankrad Leaves for Tempo 🔥 BETH Builder Grants 💎 Earn ETH by reading today's issue in the mini app below!

@tkstanczak @0xValentinesXBT @DeanEigenmann We do not intend to move slowly.🫡

EF, last year: Hey, we want to listen to you users to make Ethereum better. EF, now: Jk, we looked at the real world. We don't like building for it after all, we'll go back to building cypherpunk stuff only. This is the EF going back to its old ways, undoing the changes from last year. I have feared this would happen because Vitalik clearly wasn't in with his heart. But whatever they say about the "ecosystem" being able to take care of this, the fundamental problems remain: - there are very few voices in ACD caring about real world Ethereum usage - there is nobody doing Ethereum BD (everyone else who is doing this also has their own separate interests)

0/ Privacy in the Ethereum ecosystem is undergoing an evolution. A Renaissance, even, to sound a bit fancy. What exactly is behind these changes and how might neo-Cypherpunk be involved? A guest thread by @post_polar_ and @nicksvyaznoy.

How will vitalik.eth@base resolve once apps support interoperable addresses? The ENS name resolves the account, while the chain suffix resolves the execution environment through the on.eth chain registry. Both combine into a single interoperable address.

If you need more details on the features/EIPs for strawmap, check out eth2030.com and github.com/jiayaoqijia/et…. Apart from the impl, more docs and refs can be found there for better understanding of @ethereum roadmap. cc @VitalikButerin @tkstanczak @hwwonx @drakefjustin @rudolf6_ @DavideCrapis @barnabemonnot @GiulioRebuffo @ralexstokes @trent_vanepps @adietrichs @austingriffith

Now, the quantum resistance roadmap. Today, four things in Ethereum are quantum-vulnerable: * consensus-layer BLS signatures * data availability (KZG commitments+proofs) * EOA signatures (ECDSA) * Application-layer ZK proofs (KZG or groth16) We can tackle these step by step: ## Consensus-layer signatures Lean consensus includes fully replacing BLS signatures with hash-based signatures (some variant of Winternitz), and using STARKs to do aggregation. Before lean finality, we stand a good chance of getting the Lean available chain. This also involves hash-based signatures, but there are much fewer signatures (eg. 256-1024 per slot), so we do not need STARKs for aggregation. One important thing upstream of this is choosing the hash function. This may be "Ethereum's last hash function", so it's important to choose wisely. Conventional hashes are too slow, and the most aggressive forms of Poseidon have taken hits on their security analysis recently. Likely options are: * Poseidon2 plus extra rounds, potentially non-arithmetic layers (eg. Monolith) mixed in * Poseidon1 (the older version of Poseidon, not vulnerable to any of the recent attacks on Poseidon2, but 2x slower) * BLAKE3 or similar (take the most efficient conventional hash we know) ## Data availability Today, we rely pretty heavily on KZG for erasure coding. We could move to STARKs, but this has two problems: 1. If we want to do 2D DAS, then our current setup for this relies on the "linearity" property of KZG commitments; with STARKs we don't have that. However, our current thinking is that it should be sufficient given our scale targets to just max out 1D DAS (ie. PeerDAS). Ethereum is taking a more conservative posture, it's not trying to be a high-scale data layer for the world. 2. We need proofs that erasure coded blobs are correctly constructed. KZG does this "for free". STARKs can substitute, but a STARK is ... bigger than a blob. So you need recursive starks (though there's also alternative techniques, that have their own tradeoffs). This is okay, but the logistics of this get harder if you want to support distributed blob selection. Summary: it's manageable, but there's a lot of engineering work to do. ## EOA signatures Here, the answer is clear: we add native AA (see eips.ethereum.org/EIPS/eip-8141 ), so that we get first-class accounts that can use any signature algorithm. However, to make this work, we also need quantum-resistant signature algorithms to actually be viable. ECDSA signature verification costs 3000 gas. Quantum-resistant signatures are ... much much larger and heavier to verify. We know of quantum-resistant hash-based signatures that are in the ~200k gas range to verify. We also know of lattice-based quantum-resistant signatures. Today, these are extremely inefficient to verify. However, there is work on vectorized math precompiles, that let you perform operations (+, *, %, dot product, also NTT / butterfly permutations) that are at the core of lattice math, and also STARKs. This could greatly reduce the gas cost of lattice-based signatures to a similar range, and potentially go even lower. The long-term fix is protocol-layer recursive signature and proof aggregation, which could reduce these gas overheads to near-zero. ## Proofs Today, a ZK-SNARK costs ~300-500k gas. A quantum-resistant STARK is more like 10m gas. The latter is unacceptable for privacy protocols, L2s, and other users of proofs. The solution again is protocol-layer recursive signature and proof aggregation. So let's talk about what this is. In EIP-8141, transactions have the ability to include a "validation frame", during which signature verifications and similar operations are supposed to happen. Validation frames cannot access the outside world, they can only look at their calldata and return a value, and nothing else can look at their calldata. This is designed so that it's possible to replace any validation frame (and its calldata) with a STARK that verifies it (potentially a single STARK for all the validation frames in a block). This way, a block could "contain" a thousand validation frames, each of which contains either a 3 kB signature or even a 256 kB proof, but that 3-256 MB (and the computation needed to verify it) would never come onchain. Instead, it would all get replaced by a proof verifying that the computation is correct. Potentially, this proving does not even need to be done by the block builder. Instead, I envision that it happens at mempool layer: every 500ms, each node could pass along the new valid transactions that it has seen, along with a proof verifying that they are all valid (including having validation frames that match their stated effects). The overhead is static: only one proof per 500ms. Here's a post where I talk about this: ethresear.ch/t/recursive-st… firefly.social/post/farcaster…

Ethereum will be post-quantum resistant.

If you don’t get Ethereum, you don’t get crypto. 
 100% recommend watching if you haven’t already.

zkEVMs crushed the 2025 boss: real-time proving ✅ 2026 boss: 128-bit provable security👾 New blog post on the next level for Ethereum zkEVMs: three milestones, paving the path to mainnet-grade L1 zkEVMs. blog.ethereum.org/2025/12/18/zke… Game on.

No newsletter today, back tomorrow!

Get your share of $28 in ETH rewards in the mini app below! farcaster.xyz/miniapps/jOTHn…

✨ Today's issue of Ethereum Daily is Presented by @primev_xyz Watch a demo below of a FAST Ethereum mainnet tx from @primev_xyz, and add the FAST RPC to your wallet to make Ethereum FAST.

Ethereum Daily: Weekly Edition October 12 - 19, 2025 Presented by @primev_xyz 💎 Earn ETH by reading today's issue in the mini app below!

@donnoh_eth @Mudit__Gupta @l2beat @VitalikButerin Copy that, good to know! Idk why but I thought stage 0 meant no proofs Thx as always ser

@EthereumDaily_ @Mudit__Gupta @l2beat @VitalikButerin lighter, abstract and katana do have proofs. all projects you see under “rollups” or “validiums and optimiums” do have a proof system

I’ve been vocal about my disagreements with much of the EF leadership in the past. This letter from Peter outlines some of the reasons why. To be fair, I think Tomasz is now steering things in the right direction, but there’s only so much he can do.

@donnoh_eth @Mudit__Gupta @l2beat @VitalikButerin Ahh, very valid. I'm guessing posting call data to mainnet wouldn't fix this?

@Mudit__Gupta @EthereumDaily_ @l2beat @VitalikButerin last month funds have been stolen from a Polygon PoS fork because validators keys were compromised + attacker used a loan to join the validator set to reach quorum, and then proposed an invalid state root. this is exactly the attack a proof system would have prevented

@donnoh_eth @Mudit__Gupta @l2beat @VitalikButerin Appreciate the info Donnoh! I guess my follow up would be why Polygon wouldn't just be a Stage 0 L2 like others without proofs (like Lighter, Abstract, Katana, etc.)

@Mudit__Gupta @EthereumDaily_ @l2beat @VitalikButerin no because we consider your DA guarantees good enough given your large validator set. the thing missing to move out from “others” is a proof system

@Jrag0x What charts?

The secret is that I simply do not look at the charts when they go down.

@Mudit__Gupta @l2beat @VitalikButerin

@EthereumDaily_ Hey @l2beat @VitalikButerin will you consider Polygon PoS chain an L2 of we start posting call data to eth blobs?

@laurashin @TrustlessState It’s not just that. No one talked about solana when tempo was first announced. It’s all ethereum x.com/ethereumdaily_…

@TrustlessState … uh, I think also the fact that they poached Dankrad had something to do with it

The only reason why anyone thinks Tempo is uniquely bearish Ethereum is because of how uniquely large Ethereum’s TAM is Other ecosystems just not registering