Matteo Vena

The post-quantum signature FORS+C verifier behind NiceTry now has a WIP formal verification path: math proofs in Lean, compiled down to an EVM artifact, tested against an independent vector. Excited to be testing Verity by @Fricoben for our work at @riva_labs!

@satoshicata @LightningNewsX PastaRun in Siracusa

@LightningNewsX 💪💪💪 where is this place in sicily?

NEW: 🇮🇹 Paying for BEER with Bitcoin in Sicily, Italy 👀

@Lyskey Still work in progress but works on Sepolia already :)

@matteovena oh noice I didn't know 👀

Few people know this, but post-quantum-secure wallets are already live on Starknet. S2morrow is a post-quantum-secure wallet using Falcon-512, a lattice-based, NIST-selected post-quantum signature scheme, instead of elliptic-curve signatures, and it can already sign real transactions on Starknet Mainnet. Ready, Braavos, and Xverse have not migrated to this architecture yet, because they do not need to yet. But when the time comes, they will be able to. And the beauty? > No need for the chain to fork: this is already live on Mainnet! > In time, Ready, Braavos, and Xverse users will be able to migrate their wallet architecture to a post-quantum-secure one in a single tx!! All of this comes on top of the fact that Starknet’s proving system is already post-quantum secure, as recently highlighted by… Google. Just pivot to Starknet.

@giacomozucco Square's extremely large scale integration

Sentiment check: what do you think the most relevant news/developments/innovations about the Lightning Network have been IN THE LAST 12 MONTH?

NiceTry - Quantum-Safe Ethereum Wallet A quick overview of our wallet implementing the Ephemeral Keys Protocol with FORS signatures: swapping on @CoWSwap, staking on @LidoFinance and showcasing the (very reasonable) gas consumption.

@TacBuild Very cool concept

Today we’re putting one of TAC’s core theses into a live test mode. The idea: Telegram Mini Apps can generate revenue without users spending directly - through user-owned deposits routed into infrastructure-level DeFi strategies. Users connect a TON wallet, deposit, and unlock real in-game utility. Over the classical pay2win and pay2play, this is 'free' subscriptions, or stake2win. Funds stay user-owned and withdrawable. Yield powers app-side revenue under the hood, with @LucidlyFI as the yield infrastructure partner. A new monetization rail for Mini Apps. More onchain activity on @ton_blockchain. Real utility for users without direct spend. Retails (millions) come for the game, the channel, whatever. DeFi yield pay the developers bills. Win win for all. Huge thanks to Acid Labs, the top grossing Telegram Miniapp, for being the first to run this experiment with us, and to @LucidlyFI for powering the yield layer.

NiceTry: post-quantum Ethereum wallet (alpha version) The video shows our onboarding UX and a DeFi interaction: staking ETH on @LidoFinance's testnet, with the UserOp authorized by a post-quantum signature. Users can pick between two ephemeral key modes from our latest protocol design. We presented our latest protocol design today during the EF PQ call (thanks @asanso). Check GitHub for the spec: github.com/RivaLabs-Core/… Shoutout to @conordeegan for substantial contributions and security analysis. Lots more coming at both protocol and wallet level.

We just shared our design for a Bitcoin vault that works as a quantum delay mechanism. The experimental design described in this paper allows a BTC holder sensitive to the quantum threat to manage their UTXOs so they remain safe at rest and much harder to attack during spend, even in the (still hypothetical) case that a cryptographically relevant quantum computer becomes available. Imposing a time cost on potential attacks without touching the protocol covers both scenarios: if the threat manifests, it buys more time; if it doesn't, the protocol didn't undergo changes before they were needed. The design is obviously not a solution for coins sitting on vulnerable addresses at rest, but we believe the design surface is still large and we are happy to continue research in this field.

@gumsays Celebrating BTC at every price, happy 79K!

I have seen exactly 0 tweets about Bitcoin being at $79K Where did everyone go?

@retiredchaddev Trying to grow the primitive without full capture is interesting imho, a lot of room to improve structures and design. Main problem are the tokens

@matteovena Not really.. I came from the ethereum world and Aave was the last straw that threw me off. Having wider adoption is not the problem. Becoming just another bank in the process is.

I'm struggling with my existential identity in crypto. Everybody has different reasons and beliefs for their stay in this space. Mine has always been defi. I believed and wondered in how it can revolutionalize day to day finance, as well as powering a plethora of new primitives. I sort of don't believe in it anymore, unless a lot changes. Losing this belief made me question my entire duration of association with crypto. What are you in crypto for? What's your core belief?

@ImmutableLawyer @axisgroupxyz To be fair posts like his and discussion at every level seems to be working at least of a minimum, so let them road all of the EU if that gives us back a bit of sanity

Bill is incorrect. I have been historically very Bearish Europe (to the point where I considered moving to another jurisdiction seriously - outside EU - to better position @axisgroupxyz ). For the first time in what feels like decades however, Europe; its founders, venture capitalists & talent pool - are not only voicing their concerns, but voicing them through the right channels (and it’s working). MEGA 🇪🇺

This has been a pretty insane @EthCC for our team. We learned a ton!

Today is a monumentous day for quantum computing and cryptography. Two breakthrough papers just landed (links in next tweet). Both papers improve Shor's algorithm, infamous for cracking RSA and elliptic curve cryptography. The two results compound, optimising separate layers of the quantum stack. The results are shocking. I expect a narrative shift and a further R&D boost toward post-quantum cryptography. The first paper is by Google Quantum AI. They tackle the (logical) Shor algorithm, tailoring it to crack Bitcoin and Ethereum signatures. The algorithm runs on ~1K logical qubits for the 256-bit elliptic curve secp256k1. Due to the low circuit depth, a fast superconducting computer would recover private keys in minutes. I'm grateful to have joined as a late paper co-author, in large part for the chance to interact with experts and the alpha gleaned from internal discussions. The second paper is by a stealthy startup called Oratomic, with ex-Google and prominent Caltech faculty. Their starting point is Google's improvements to the logical quantum circuit. They then apply improvements at the physical layer, with tricks specific to neutral atom quantum computers. The result estimates that 26,000 atomic qubits are sufficient to break 256-bit elliptic curve signatures. This would be roughly a 40x improvement in physical qubit count over previous state-of-the-art. On the flip side, a single Shor run would take ~10 days due to the relatively slow speed of neutral atoms. Below are my key takeaways. As a disclaimer, I am not a quantum expert. Time is needed for the results to be properly vetted. Based on my interactions with the team, I have faith the Google Quantum AI results are conservative. The Oratomic paper is much harder for me to assess, especially because of the use of more exotic qLDPC codes. I will take it with a grain of salt until the dust settles. → q-day: My confidence in q-day by 2032 has shot up significantly. IMO there's at least a 10% chance that by 2032 a quantum computer recovers a secp256k1 ECDSA private key from an exposed public key. While a cryptographically-relevant quantum computer (CRQC) before 2030 still feels unlikely, now is undoubtedly the time to start preparing. → censorship: The Google paper uses a zero-knowledge (ZK) proof to demonstrate the algorithm's existence without leaking actual optimisations. From now on, assume state-of-the-art algorithms will be censored. There may be self-censorship for moral or commercial reasons, or because of government pressure. A blackout in academic publications would be a tell-tale sign. → cracking time: A superconducting quantum computer, the type Google is building, could crack keys in minutes. This is because the optimised quantum circuit is just 100M Toffoli gates, which is surprisingly shallow. (Toffoli gates are hard because they require production of so-called "magic states".) Toffoli gates would consume ~10 microseconds on a superconducting platform, totalling ~1,000 sec of Shor runtime. → latency optimisations: Two latency optimisations bring key cracking time to single-digit minutes. The first parallelises computation across quantum devices. The second involves feeding the pubkey to the quantum computer mid-flight, after a generic setup phase. → fast- and slow-clock: At first approximation there are two families of quantum computers. The fast-clock flavour, which includes superconducting and photonic architectures, runs at roughly 100 kHz. The slow-clock flavour, which includes trapped ion and neutral atom architectures, runs roughly 1,000x slower (~100 Hz, or ~1 week to crack a single key). → qubit count: The size-optimised variant of the algorithm runs on 1,200 logical qubits. On a superconducting computer with surface code error correction that's roughly 500K physical qubits, a 400:1 physical-to-logical ratio. The surface code is conservative, assuming only four-way nearest-neighbour grid connectivity. It was demonstrated last year by Google on a real quantum computer. → future gains: Low-hanging fruit is still being picked, with at least one of the Google optimisations resulting from a surprisingly simple observation. Interestingly, AI was not (yet!) tasked to find optimisations. This was also the first time authors such as Craig Gidney attacked elliptic curves (as opposed to RSA). Shor logical qubit count could plausibly go under 1K soonish. → error correction: The physical-to-logical ratio for superconducting computers could go under 100:1. For superconducting computers that would be mean ~100K physical qubits for a CRQC, two orders of magnitude away from state of the art. Neutral atoms quantum computers are amenable to error correcting codes other than the surface code. While much slower to run, they can bring down the physical to logical qubit ratio closer to 10:1. → Bitcoin PoW: Commercially-viable Bitcoin PoW via Grover's algorithm is not happening any time soon. We're talking decades, possibly centuries away. This observation should help focus the discussion on ECDSA and Schnorr. (Side note: as unofficial Bitcoin security researcher, I still believe Bitcoin PoW is cooked due to the dwindling security budget.) → team quality: The folks at Google Quantum AI are the real deal. Craig Gidney (@CraigGidney) is arguably the world's top quantum circuit optimisooor. Just last year he squeezed 10x out of Shor for RSA, bringing the physical qubit count down from 10M to 1M. Special thanks to the Google team for patiently answering all my newb questions with detailed, fact-based answers. I was expecting some hype, but found none.

@binji_x @lou3ee @drakefjustin @corcoranwill @leanEthereum Ahaha that would be @matteVicari

@lou3ee @drakefjustin @corcoranwill @leanEthereum Whoever has that platinum cut, legend.

Final session of the day: Make Ethereum Post Quantum secure

Very excited to share my post on ethresearch regarding the integration of Ephemeral ECDSA keys and Frame Transactions. ethresear.ch/t/native-ephem… This article is a continuation of our work on Ephemeral keys at @riva_labs with @matteVicari.

Our ephemeral key design is now on the strawmap by EF Protocol. The strawmap is an invitation to view L1 protocol upgrades as a connected system rather than isolated proposals. We use ephemeral keys for our short-term quantum safe wallet design that leverages account abstraction and makes each ECDSA key pair single-use. Seeing our design added to the roadmap is incredibly exciting and through @nicetry_xyz we are planning to push it much further with frame transactions. I will cover all the new research results in an upcoming post. The strawmap is maintained by @adietrichs, @barnabemonnot, @fradamt, @drakefjustin and accessible at strawmap.org. I highly recommend anyone interested in the future of Ethereum to read through it.