Justin Drake

But in the case of hash-based signatures, there isn't this additional hardness assumption.

It's just hash functions.

So if your hash function is secure, then you're good.

And so in that sense,

I expect to be an improvement versus the status quo.

Now there's two caveats that I want to highlight.

Caveat number one is that we're dealing with more complex objects.

And the solution that we have here is what we call deep end-to-end formal verification.

So we have our cryptographic object and we want to basically prove mathematically that it is sound, that it is impossible to forge a signature.

Not only do we want to do this for the mathematics, but we also want to do this for the code.

And had you asked me two, three years ago, is this something that would be doable?

I would have said yes, but it was extremely laborious, extremely expensive.

But what we're seeing with the advent of AI is that this very laborious and expensive work can be done a hundred times faster and a hundred times cheaper.

we're starting to see bleeding edge world-class mathematics.

For example, a recent result that won the Fields Medal, which is the equivalent of the Nobel Prize for Mathematics, that result has been formally verified by an AI in five days.

They produce half a million lines of code proving mathematically that machine checkable proof that this is indeed a valid theorem.

And the process, finding all sorts of typos,

in the proof of the human written paper.

So that's the kind of due diligence that we want to have in order to avoid the bugs.

Now there is another thing that I want to highlight, which is the hash function itself.