Zero Knowledge lean Ethereum Part 2: PQ Signatures and Poseidon with Dmitry and Benedikt
Feb 25, 2026
Benedikt Wagner, a PhD and cryptography researcher at the Ethereum Foundation focused on post-quantum signatures and Merkle constructions. Dmitry Khovratovich, a symmetric-crypto researcher at the Ethereum Foundation who works on Poseidon and hash-based designs. They discuss leanSig as a post-quantum BLS replacement. Topics include one-time signatures with Merkle trees, size versus verification tradeoffs, SNARK-based aggregation, hypercube encodings, and Poseidon’s role.
AI Snips
Chapters
Transcript
Episode notes
Merkle Trees Turn One-Time Keys Into Long-Lived Validators
- Hash-based signatures paired with Merkle trees convert one-time keys into long-lived validators without relying on elliptic-curve algebra.
- Benedikt explains signing a Merkle leaf with a one-time key and including a Merkle path gives an L-time signature suitable for one slot per use.
Signature Size Versus Verifier Work Trade-Off
- Signature schemes face a size versus verification-work trade-off: more chains (bigger proofs) reduce per-chain length (less work) and vice versa.
- Dmitry frames it as rectangle trade-offs where longer chains speed size but increase verifier work, impacting SNARK circuit cost.
Aggregate Hash Signatures By Proving Knowledge In A SNARK
- Use a SNARK to aggregate hash-based signatures by proving knowledge of many valid signatures as the NP witness.
- Benedikt notes the SNARK-proof becomes the compact aggregate since hash schemes lack native algebraic aggregation.