Justin Drake

So historically, blockchains have been built on either Shatu in the case of Bitcoin or a hash function called Ketchak in the case of Ethereum.

And the proposal that we have for post-quantum Ethereum is to introduce another hash function called Poseidon.

which in some sense is a different type of hash function because it's snark-friendly.

Now, by the time we launch Poseidon, it should be pretty safe in the sense that it will have been analyzed for a whole 10 years.

It will have been securing many billions of dollars through the L2s.

And it will have gone through cryptanalysis by all of the top experts in the field.

And also, recently, we just announced a $1 million prize to try and break Poseidon.

But it is indeed possible that Poseidon, which is a new thing, would break.

Now, the way, unfortunately, that you design hash functions is that you can't just prove that they're secure.

The best that you can do is the lack of an attack that proves that they are insecure.

And so there's basically this baking time.

And the order of magnitude that I have in mind is eight years.

Why eight years?

Because when Satoshi picked SHA-256, it was eight years old.

When Vitalik picked Ketchak, it was eight years old, coincidentally.

And so, you know, I would want Poseidon to be at least eight years old, which it will be when we do deploy it on Ethereum.

So let me start with the consensus layer because it's a simpler answer.

At first approximation is basically a copy paste.

So we have a similar concept where we have actors making signatures and there's a lot of signatures and, you know, they take up a lot of space and we want to, we want to compress them.

The issue with the consensus layer is that we have way more signatures than at the execution layer.