Episode 392 - lean Ethereum Part 2: PQ Signatures and Poseidon with Dmitry and Benedikt

Description

Episode 392. Aired on Feb 25, 2026 See full episode on https://zeroknowledge.fm/podcast/392/ zkMesh+ is live! Subscribe for zkMesh+ and catch the latest State of ZK 2025 report (https://zkmesh.substack.com/subscribe) ----------- In this episode, Nico Mohnblatt speaks with Benedikt Wagner and Dmitry Khovratovich, cryptography researchers at the Ethereum Foundation, for the second instalment of the leanEthereum miniseries. They explore leanSig, a hash-based multi-signature scheme designed as a post-quantum replacement for BLS in Ethereum consensus. The conversation walks through how one-time signatures and Merkle trees can be combined to support long-lived validators, and why SNARK-based aggregation is needed in a post-quantum setting. The talk touches on key tradeoffs like signature size versus verification speed, encoding challenges behind their ‘Top of the Hypercube’ work, and the role of Poseidon as the core hash function. Related Links * zkSummit14 applications are open! (www.zksummit.com) * lean Ethereum Part 1: Introduction with Justin Drake (https://zeroknowledge.fm/podcast/391/) * lean Ethereum (https://blog.ethereum.org/2025/07/31/lean-ethereum) * Lean Consensus R&D Progress (https://leanroadmap.org/) * leanSig Implementation (https://github.com/leanEthereum/leanSig) * Poseidon2: A Faster Version of the Poseidon Hash Function (https://eprint.iacr.org/2023/323.pdf) * At the Top of the Hypercube – Better Size-Time Tradeoffs for Hash-Based Signatures (https://eprint.iacr.org/2025/889.pdf) * Hash-Based Multi-Signatures for Post-Quantum Ethereum (https://eprint.iacr.org/2025/055) * Technical Note: LeanSig for Post-Quantum Ethereum (https://eprint.iacr.org/2025/1332.pdf) * Aborting Random Oracles: How to Build them, How to Use them (https://eprint.iacr.org/2026/016.pdf) * The Billion Dollar Merkle Tree (https://eprint.iacr.org/2026/089.pdf) * Poseidon: A New Hash Function for Zero-Knowledge Proof Systems (https://www.usenix.org/conference/usenixsecurity21/presentation/grassi) * Poseidon Cryptanalysis Initiative (https://www.poseidon-initiative.info/) ----------- **If you like what we do:** * Find all our links here! @ZeroKnowledge | Linktree (https://linktr.ee/zeroknowledge) * Subscribe to our podcast newsletter (https://zeroknowledge.substack.com) * Follow us on Twitter @zeroknowledgefm (https://twitter.com/zeroknowledgefm) * Join us on Telegram (https://t.me/+taXrPJIp_30zZTNi) * Catch us on YouTube (http://www.youtube.com/channel/UCYWsYz5cKw4wZ9Mpe4kuM_g) **Support the show:** * Patreon (https://www.patreon.com/zeroknowledge) * ETH - Donation address (https://etherscan.io/address/0xE2C080047213C1d8cDf2099E0B07479C5D9cee8a) * BTC - Donation address (https://www.blockchain.com/explorer/addresses/btc/bc1q9mrh34n6mvses59r3hq9dz6j3vxm3tlwlg8ws2) * SOL - Donation address (https://explorer.solana.com/address/Eqfm4maSDUN3ikjDfSgDeJ1mh3iC8tr69eHB5iTHz35x) * ZEC - Donation address (https://mainnet.zcashexplorer.app/address/t1gmdc8jKj4EXfYnNvwkToZUahx78GrQ2zv) 2:32 Post-quantum signatures 3:47 Why replace BLS 4:51 Hash-based signatures (LeanSig design) 9:24 Size vs performance trade-off 10:05 SNARK-based aggregation 12:37 Circuit constraints & encoding 16:52 Aborting Random Oracle 18:11 Signature size & tight security 20:18 Random Oracle vs Standard Model 25:23 Poseidon hash function 27:45 Poseidon Initiative 29:12 Billion-Dollar Merkle Tree 32:22 Conclusions / Wrap-up