My journey as a researcher began with a PhD in applied math for the automotive & aeronautic industries! . Every day now, I'm amazed by the parallels between solving physics problems and building eth future. Blockchain draws from so many fields — an often underappreciated fact!.

It seems we're seeing a trend these weeks toward mobile proving emerging:.- CairoM by @KakarotZkEvm .- IMP1 by @Ingo_zk .- Couple of [REDACTED] projects. Nice to see companies pushing the boundaries on constrained devices.

One of the best resources I found about FRI (simple text, drawings, code snippets):. Fast Reed-Solomon IOP (FRI) Proximity Test:.

To discover more about this ambitious roadmap, full link for the talk:

12/ In short, researchers are currently laying the groundwork for post-quantum security:. ✔ XMSS signatures.✔ Compact, fast aggregation proofs.✔ Recursive proof composition.✔ On-chain feasibility.

11/ Next steps to make this real:.- A Python spec to onboard contributors and guide client teams. - Specs for PCS, PIOP, ZKVM, hash function, and signature model. A full testnet integrating these components to validate end-to-end.

10/ Minimal ZKVM approach: purpose-built, not general-purpose. It focuses on signature aggregation only, using a very simple instruction set and memory model. Inspired by general ZKVMs, but much simpler and specialized.

9/ Recursion is crucial: it lets us combine multiple proofs, even proofs of previous aggregations. Two paths here:.- Long-term: folding and accumulation schemes (mathematically elegant, but still experimental). - Short-term: minimal ZKVM tailored for signature aggregation.

8/ Ongoing work includes:.- Transforming XMSS signatures into arithmetic constraint systems ("XMSS AIR"). - A PIOP tightly coupled with WHIR PCS. - Recursion research: aggregating proofs of proofs for scalable signature trees.

7/ With WHIR PCS, Ethereum can achieve:.- Proof sizes around 100 KB. - Microsecond-level verification. - ~1 million hashes/sec throughput on high-end GPUs; - ~100k on consumer CPUs, with plans to scale further. This enables practical post-quantum aggregation.

6/ Enter the WHIR polynomial commitment scheme (PCS). It uses recursive folding (similar to STIR and FRI protocols) and sumcheck techniques to compress large polynomial claims into smaller, verifiable chunks.

5/ Key challenges for on-chain aggregation proofs:.- Prover speed: proofs must be generated fast enough. - Proof size: target around ~128 KB (vs MB-scale proofs). - Verification efficiency: crucial for on-chain verification. Poseidon2 and recursive techniques help here.

4/ The Ethereum Foundation has explored various hash functions for XMSS and signature proofs. After benchmarking, Poseidon2 (a SNARK-friendly hash) emerged as the best choice, offering fast proving and reasonable proof sizes when used in SNARKs.

3/ XMSS is robust against quantum attacks, but its signatures are much larger (~2.5–3 KB vs 96 bytes for BLS) and harder to aggregate efficiently.

2/ Quantum computers pose a real risk to cryptographic primitives like BLS signatures, which Ethereum currently uses. To stay secure, Ethereum needs to adopt post-quantum-safe signatures. One candidate: XMSS (hash-based signature). But there's a catch. .

🧵1/ Post-quantum Ethereum: preparing for quantum threats to signatures and consensus. A deep dive into the latest research on signature aggregation, new hash functions, and ZK-based aggregation proofs. Recap from a talk I gave last week during the beam day in Cannes. 👇.

RT @corcoranwill: Beam Day at EthCC[8] 2025 was a blast! 🚀 . Huge thanks to all speakers & attendees for pushing Ethereum's beam chain forw….

Full talk about this by @theyisun at EthCC[8]:

13/ What's next for OpenVM?. - GPU prover (coming soon), reducing latency even further. - Support for new ISAs like RISC-V 64 and WebAssembly. - Program-specific circuit synthesis for further optimization. - Distributed GPU proving via Axiom's hosted API.

12/ OpenVM supports Ethereum mainnet today, with impressive results:.- ~8 minutes proof time on single CPU. - Under 90 seconds with parallelization. - Cost: ~$0.0004 per transaction on test blocks. - Deployed to verify @Scroll_ZKP mainnet.

11/ Memory design is also rethought. Physical CPUs have fixed word sizes; ZK doesn't need this. OpenVM uses offline memory checking and variable word sizes. This allows reading/writing large memory blocks more efficiently, reducing cost and latency.