Adam Pospisil

My small piece on quantum computers and Solana helius.dev/blog/solana-po…

@deanmlittle @toly Wouldn’t it be worth just sending them over the wire anyway?

@toly probably falcon-512. in actual qday i'd recommend using existing system account addresses as a 32 byte placeholder that links to its respective quantum key as it's too large to send over the wire each time.

Of course ethereum would use big endian. Jfc. They are gonna come up with some convoluted pqc format that we will all be cursed to support. @deanmlittle what is the least worst pqc signature format that would work with 4ktx?

Multicast, explained by @Austin_Federa 👌

@bw_solana Happy Birthday! 🎉

he’s only sweet talking me because it’s my birthday

💯💯💯

Solana surpassed 500 billion total transactions a week ago and nobody noticed Ethereum + Bitcoin + BNB Chain + Tron + Polygon + Base + NEAR + Sui + Arbitrum + Aptos + TON + Avalanche + Optimism: 62.1 billion

@toly @dallairedemers I wish Falcon or Hawk would make it all the way to the NIST standard.

@PospisilAdam @dallairedemers Yea, that is the closest thing so far. Sucks as a standard. Smallest sig is 2.4kb.

An incredible mind blowing human engineering leap would be if we could reliably add 1 bit to the length of arbitrary number that a QC computer could factor without any cheats every 2 years. We are at a questionable 5 bits now. Why can’t it be much much faster? Well, the irony is that because it’s been at 5 bits for so long, the uncertainty about any rate is extremely high. It feeeeeeels like a breakthrough is eminent even though there is no evidence to support that an near term breakthrough will actually add 20 bits, let alone 100

@toly @dallairedemers Google has chosen ML-DSA blog.google/innovation-and…

Yea, this is speculation that can’t be disproven. There is no NIST pqc baseline like rsa that Apple/Google/MS are supporting across their OSs and browsers. If they have this secret hardware, maybe they can hurry the f’ up and add it so then we can all use the same standard across all systems and save us poor ICs a whole bunch of work.

if you're ever getting hacked, deploy this as a circuit breaker. github.com/deanmlittle/sb…

@Sam0xSol @miyuki__eto SHA256 is safe enough

@miyuki__eto SHA512 is PQ safe up to NIST category 5 which is pretty much the highest you can be

have we considered sha512? sha1024?

@toly @trentdotsol Wouldn’t this create a DoS vector if arbitrary programs could determine is_signer before fees are charged?

@toly @trentdotsol I assume there would be a whitelist of supported sig schemes, since the signer is checked before the fee is charged?

Can we get a prediction market to pick which pqc scheme will be supported by Google/MS/Apple in 5 years.

@trentdotsol @toly So what would be the way: have the address as a hash of pubkey, signature scheme identifier and bump seed (if ed25519 ones remain valid)?

@toly try three and one make disambiguation of any of them impossible

@joaomendoncaaaa Migrating from PQC back to ECC for its efficient parameters!

it's 2045 we're all sitting at a bar laughing about NFTs and someone goes "remember when people were freaking out about that quantum thing?" *beer sip* "yeah man, crazy times" *beer sip*

@qkniep @toly @tamgros @vitorpy @mert @MrShrubs @deanmlittle But the leader would broadcast the slice signatures via the relays? Sending them directly (for each slice) to all validators would consume a lot of bandwidth.

@PospisilAdam @toly @tamgros @vitorpy @mert @MrShrubs @deanmlittle Yes, one angle for Rotor could be to have the leader broadcast the signature for each slice directly to the validators, with shreds containing the Merkle path but not the signature.

@PospisilAdam @vitorpy @toly @mert @MrShrubs @deanmlittle @qkniep had some thoughts on this

@DavidRhodus @toly @bw_solana 👏👏👏

@PospisilAdam @toly @bw_solana Or just do the code and call it a day. No website required github.com/davidrhodus/ag…

Would be nice to have a Solana equivalent. pq.ethereum.org @toly @bw_solana

Post-quantum tx auth prototype for @solana 🧵 Agave v3.1.11-qc with scheme-tagged proofs on TransactionV1: ✓ Ed25519 ✓ ML-DSA ✓ FN-DSA ✓ SLH-DSA

@toly @LoganJastremski There would still need to be a signature over the vector commitment of every slice/batch. AES alone isn't sufficient for a multi-hop shred fanout, no?

4kb txs is kind of the big step forward. Then you can control your assets with a fuse wallet triggered by whatever pqc scheme you want. Then we need to figure out how to migrate consensus. Any links between validators are epoch persistent so they can use aes, which is really lightweight

@nic_carter is over panicking for everyone else except for bitcoin. They might be so ossified that he is severely under panicking.

@trentdotsol @toly Start with versioned wire data structures i guess 😀 the scheme can be added later.

@toly we don't need to pick anything today. it'll be enough work to prepare the protocol for migration