Justin Drake

And, you know, if you look in more recent past, you know, in 2024, there was the lean consensus chain that was announced, formerly known as the beam chain.

We've had, for example, the post-quantum workshops in Cambridge last year.

We now have a dedicated post-quantum team with Thomas and Emil.

And, you know, we have this straw map, which really details some of the key milestones to making these upgrades.

you know cryptography like a tool and we have something that can replace it what's what's the process for that yeah so first of all let me just highlight that this is a very big task fundamentally we're changing the pillars of blockchains the the base cryptography and swapping it out with with something new with completely different properties

Now, if you were kind of a lay person, your answer might be, it's simple.

We have a standard body called NIST, the National Institute of Standards and Technology.

They've basically come up with this post-quantum signature competition, and they've selected a few, namely Falcon, Dilithium, and Sphinx Plus.

And so we just need to pick one or several of these options.

The problem is that NIST has not designed for the blockchain use case.

They've designed for a use case where you have individual signatures for individual messages that are used on the internet.

In the context of blockchains, you have batches of transactions.

For example, for Bitcoin, you have thousands of transactions per block.

And again, we have the size problem with the post-quantum signatures.

They're at least 10 times larger, if not 100 times larger.

And so in my opinion, it's a total non-starter to consider these individual signatures that we're just naively packing and concatenating in the blocks.

The only solution that I see is called signature aggregation, where you take multiple signatures and then you squish them into one multi-signature, if you will,

And then verifying this master multi-signature is the same as verifying all of the individual constituents.

Now, when you do your homework, looking at the design space for aggregatable post-quantum signatures, there's just not that many options.

There's essentially one option that is viable, in my opinion, at least with the technology that we have today, which is to make use of SNOCs, specifically post-quantum SNOCs.