Solana co-founder Anatoly Yakovenko warns AI might break post-quantum cryptography signature schemes, urging 2/3 multi-sig pockets assist or native PDA-level safety.
The thread began small. A developer posted a single line on X. Then Solana co-founder Anatoly Yakovenko stepped in, and it acquired critical quick.
Developer @shek_dev on X set the dialog off by noting that Solana was about to get quantum-mogged. The context was a reside pull request on GitHub, the place contributor abishekk92 had opened a proper verification suite for a Falcon-512 signature verifier constructed on Solana’s post-quantum cryptography stack.
The Actual Hazard No person Talks About
The pull request on GitHub was technical. Hundreds of traces of formal verification, adversarial check batteries, Lean proofs, Kani harnesses, and Miri reminiscence security checks on each unsafe code path within the Falcon-512 confirm pipeline. The work coated byte-level codec canonicality, NTT kernel correctness, and a fallible various to the prevailing key preparation operate that returns an error as a substitute of panicking on malformed enter.
That’s the place Yakovenko jumped in.
Posting on X, Toly wrote that he believed the largest present danger was AI breaking PQC signature schemes. Not a distant concern. Not a theoretical edge case. His phrases have been direct: the business doesn’t totally perceive the implementation vulnerabilities in these schemes, and the mathematical assault floor is even much less mapped. His name to motion was 2/3 multi-signature pockets assist for PQC, or native assist constructed immediately into the transaction processor via Program Derived Addresses.
It was not an extended put up. It landed anyway.
Toly, Syscalls, and a Developer Dialog Strikes Quick
Earlier in the identical thread, Yakovenko had requested on X whether or not the Falcon-512 implementation was utilizing Vlad’s harmonic. @shek_dev replied on X that it was not — the work was operating on Opus 4.7 and Codex 5.5, with plans to let Harmonic run on the Bertoni complement that developer @deanmlittle had added to the keccak implementation. @shek_dev then handed issues over on X to @HarmonicMath to choose up.
In a separate reply throughout the identical change, Yakovenko posted on X a proposed architectural repair: a syscall to carry PDA is_signer standing to the transaction processor stage, with charges charged to legitimate signers on the finish of every block. “Make it so, pls,” he wrote.
The Falcon-512 PR itself didn’t contact manufacturing compute. Benchmarks from the formal verification department confirmed zero change in compute models towards grasp — 195,786 CUs on each side. The brand new try_prepare_pubkey operate prices roughly the identical as the unique when known as, round 99k CUs, as a result of it runs the identical arithmetic with assertions rewritten as error returns as a substitute of panics.
The Downside Toly Is Really Pointing At
PQC schemes like Falcon-512 are being adopted partly as a result of they resist assaults from quantum computer systems utilizing Shor’s algorithm. The maths is sound. The query Yakovenko raised is completely different: what occurs when AI begins probing implementation gaps that formal verification doesn’t but cowl.
Formal verification can show that per-coefficient encoding is injective. It will possibly pin that byte-packing is canonical. The Lean proofs on this PR do precisely that — serializeFalcon_injective, packBytes_injective, zero-pad cancellation theorems. What formal verification doesn’t but cowl on this PR, and the workforce acknowledged it, is whole-pipeline NTT correctness as a proper assertion.
That’s not a criticism of the work. It’s the class of hole Yakovenko was describing.
The multi-sig proposal and the PDA-level syscall strategy usually are not fixes to the formal verification drawback. They’re structural fallbacks. If one signature scheme will get damaged — by AI, by a novel mathematical assault, by one thing nobody has named but — a 2-of-3 association means the community doesn’t collapse on a single level of failure.
The PR is open. The dialog is ongoing.