Olivia
Online
lean Ethereum
@leanEthereum
fort mode 🤝 beast mode
world computer
Joined June 2025
46 Following
5K Followers
102 Posts
Pinned Tweet
The drums of quantum computing are getting louder.
An ambitious roadmap backed by concrete designs and 30+ years of cryptographic research is already underway.
Learn more at leanroadmap[.]org."
did yall think we weren’t gonna cook an EthCC storm?
dropping soon…
ft. beast + fort mode event
https://t.co/dXG7OaAgfc
The drums of quantum computing are getting louder.
An ambitious roadmap backed by concrete designs and 30+ years of cryptographic research is already underway.
Learn more at leanroadmap[.]org."
We must take this seriously. It’s non-negotiable.
https://t.co/dXG7OaAgfc
Today is a monumentous day for quantum computing and cryptography. Two breakthrough papers just landed (links in next tweet). Both papers improve Shor's algorithm, infamous for cracking RSA and elliptic curve cryptography. The two results compound, optimising separate layers of the quantum stack. The results are shocking. I expect a narrative shift and a further R&D boost toward post-quantum cryptography.
The first paper is by Google Quantum AI. They tackle the (logical) Shor algorithm, tailoring it to crack Bitcoin and Ethereum signatures. The algorithm runs on ~1K logical qubits for the 256-bit elliptic curve secp256k1. Due to the low circuit depth, a fast superconducting computer would recover private keys in minutes. I'm grateful to have joined as a late paper co-author, in large part for the chance to interact with experts and the alpha gleaned from internal discussions.
The second paper is by a stealthy startup called Oratomic, with ex-Google and prominent Caltech faculty. Their starting point is Google's improvements to the logical quantum circuit. They then apply improvements at the physical layer, with tricks specific to neutral atom quantum computers. The result estimates that 26,000 atomic qubits are sufficient to break 256-bit elliptic curve signatures. This would be roughly a 40x improvement in physical qubit count over previous state-of-the-art. On the flip side, a single Shor run would take ~10 days due to the relatively slow speed of neutral atoms.
Below are my key takeaways. As a disclaimer, I am not a quantum expert. Time is needed for the results to be properly vetted. Based on my interactions with the team, I have faith the Google Quantum AI results are conservative. The Oratomic paper is much harder for me to assess, especially because of the use of more exotic qLDPC codes. I will take it with a grain of salt until the dust settles.
→ q-day: My confidence in q-day by 2032 has shot up significantly. IMO there's at least a 10% chance that by 2032 a quantum computer recovers a secp256k1 ECDSA private key from an exposed public key. While a cryptographically-relevant quantum computer (CRQC) before 2030 still feels unlikely, now is undoubtedly the time to start preparing.
→ censorship: The Google paper uses a zero-knowledge (ZK) proof to demonstrate the algorithm's existence without leaking actual optimisations. From now on, assume state-of-the-art algorithms will be censored. There may be self-censorship for moral or commercial reasons, or because of government pressure. A blackout in academic publications would be a tell-tale sign.
→ cracking time: A superconducting quantum computer, the type Google is building, could crack keys in minutes. This is because the optimised quantum circuit is just 100M Toffoli gates, which is surprisingly shallow. (Toffoli gates are hard because they require production of so-called "magic states".) Toffoli gates would consume ~10 microseconds on a superconducting platform, totalling ~1,000 sec of Shor runtime.
→ latency optimisations: Two latency optimisations bring key cracking time to single-digit minutes. The first parallelises computation across quantum devices. The second involves feeding the pubkey to the quantum computer mid-flight, after a generic setup phase.
→ fast- and slow-clock: At first approximation there are two families of quantum computers. The fast-clock flavour, which includes superconducting and photonic architectures, runs at roughly 100 kHz. The slow-clock flavour, which includes trapped ion and neutral atom architectures, runs roughly 1,000x slower (~100 Hz, or ~1 week to crack a single key).
→ qubit count: The size-optimised variant of the algorithm runs on 1,200 logical qubits. On a superconducting computer with surface code error correction that's roughly 500K physical qubits, a 400:1 physical-to-logical ratio. The surface code is conservative, assuming only four-way nearest-neighbour grid connectivity. It was demonstrated last year by Google on a real quantum computer.
→ future gains: Low-hanging fruit is still being picked, with at least one of the Google optimisations resulting from a surprisingly simple observation. Interestingly, AI was not (yet!) tasked to find optimisations. This was also the first time authors such as Craig Gidney attacked elliptic curves (as opposed to RSA). Shor logical qubit count could plausibly go under 1K soonish.
→ error correction: The physical-to-logical ratio for superconducting computers could go under 100:1. For superconducting computers that would be mean ~100K physical qubits for a CRQC, two orders of magnitude away from state of the art. Neutral atoms quantum computers are amenable to error correcting codes other than the surface code. While much slower to run, they can bring down the physical to logical qubit ratio closer to 10:1.
→ Bitcoin PoW: Commercially-viable Bitcoin PoW via Grover's algorithm is not happening any time soon. We're talking decades, possibly centuries away. This observation should help focus the discussion on ECDSA and Schnorr. (Side note: as unofficial Bitcoin security researcher, I still believe Bitcoin PoW is cooked due to the dwindling security budget.)
→ team quality: The folks at Google Quantum AI are the real deal. Craig Gidney (@CraigGidney) is arguably the world's top quantum circuit optimisooor. Just last year he squeezed 10x out of Shor for RSA, bringing the physical qubit count down from 10M to 1M. Special thanks to the Google team for patiently answering all my newb questions with detailed, fact-based answers. I was expecting some hype, but found none.
FORT MODE was a blast! Thanks to all of the speakers! We hope to post links to presentations and a YouTube playlist next week-ish.
Final session of the day:
Make Ethereum Post Quantum secure
Big day in Cannes tomorrow if you care about crypto surviving.
@corcoranwill and the @leanEthereum team are hosting a full day dedicated to post quantum cryptography.
@lou3ee & I will be there to get some alpha to share and we will try to explain things here.
🏰 FORT MODE
(sunday, sunday, sunday)
excited to share the schedule for BEAST MODE + FORT MODE in cannes!
hope to see you there — links to register in 🧵
> ETH people have already figured this out. Everyone else seems to be petrified in fear.
not petrified. in my lane. moisturized. leaning in.
Elliptic curve cryptography is on the brink of obsolescence. Whether it’s 3 or 10 years; it’s over and we need to accept that
The only thing that matters is how quickly blockchain developers recognize that they need to bake in cryptographic mutability into their networks
This of course requires an entire reimagining of how these systems work. Today the crypto is hardcoded in. That will have to change
ETH people have already figured this out. Everyone else seems to be petrified in fear. Unless something changes quickly ETHBTC will start to reflect the divergence in prioritisation
thanks again to @nico_mnbl @AnnaRRose and the @zeroknowledgefm for featuring lean Ethereum over the last 6 episodes.
we made a playlist—you can see them all here!
https://t.co/Ci7fZMogaN
Wrapping up @nico_mnbl's series on the @zeroknowledgefm pod all about @leanEthereum !
Check out the full series over on our Youtube channel https://t.co/zX9a8BAauo
the 6th and final installment of the @zeroknowledgefm mini-series focused on lean Ethereum. this one is a deep dive into formal verification with protocol snarkification team lead @alexanderlhicks .
How do you actually formally verify the code underpinning Ethereum's future?
In this episode (the finale of the @leanEthereum miniseries), @nico_mnbl sits down with Alex Hicks (@alexanderlhicks), lead of Protocol Snarkification at the @ethereumfndn, to break down formal verification from first principles.
They cover:
– What formal verification actually is and the trust boundaries between proof assistants, SMT solvers, and kernels
– The full verification stack for RISC-V ZKVMs: from SAIL specs to constraint extraction to soundness proofs
– Why writing constraints directly in Lean makes proofs 10–100x more ergonomic
– How AI is now proving hard theorems in hours for $200 — and what that unlocks for the whole pipeline
They also explore the boundaries problem, why specs can have bugs too, and the end goal of a full Lean stack that bypasses Rust and LLVM entirely.
Listen to the full episode
------------------------------------------------------------
TIMECODES:
09:16 – What is formal verification? Proof assistants vs SMT solvers
18:33 – Formal verification of code: specs, semantics, and trust boundaries
29:30 – Formally verifying the Lean Ethereum stack: RISC-V ZKVMs in focus
33:02 – Extracting ZKVM constraints into Lean and proving soundness
36:35 – Writing constraints directly in Lean: 10–100x better proof ergonomics
44:02 – Proving Polishchuk–Spielman in 8 hours for $200 with AI
51:01 – The end goal: a full Lean stack bypassing Rust and LLVM
Quantum computing (Q-day) is shifting from a theoretical hurdle to an imminent threat for blockchains potentially by ~2032 following @drakefjustin hot take for @Bankless podcast.
How do Bitcoin and Ethereum plan to survive the transition to post-quantum cryptography? 🧵👇
Ansgar knows a thing or two
Ethereum is leading the way in quantum preparedness.
To learn more, check out https://t.co/EjjjydGotF - it's a beautiful website!
Today, several teams at the EF are launching https://t.co/MtJ95Ah4z6, a dedicated resource for Ethereum's post-quantum security effort.
What started with early STARK-based signature aggregation research in 2018 has grown into a coordinated, multi-team effort, all open source.
The Post-Quantum team and Cryptography teams, with help from the Protocol Architecture and Protocol Coordination teams, have been working on this body of work for 8+ years.
At https://t.co/MtJ95Ah4z6 you'll find:
- How PQ impacts each protocol layer
- The full PQ roadmap (https://t.co/gPl9StdPSp)
- Open resources: repos, specs, papers, EIPs
- FAQ: 14 questions across 5 categories, written by the PQ team
- A 6-part lean Ethereum interview series (@zeroknowledgefm)
- Interest form for the 2nd Annual PQ Research Retreat (Cambridge, UK, Oct 2026)
- 10+ client teams are already building and shipping devnets weekly through PQ Interop.
All the work is public and all of it is open.
https://t.co/MtJ95Ah4z6
Fair warning. This post is bullish on Ethereum.
Yesterday, the Ethereum Foundation Enterprise team ran the Institutional Ethereum Forum in New York City.
Broad Adoption Activated.
Invitation only. 100's of Banks, asset managers, and infrastructure providers representing around $250 trillion in assets under management.
feedback so far
"Absolute banger tbh."
"People won't stop talking and networking and the content has all been great."
"Your institutional team did an amazing job. I was there. Kudos."
BlackRock. Western Union. Robinhood. Moody's. Baillie Gifford. Securitize. All on panels. Not as guests. As participants building on Ethereum.
This is what adoption actually looks like. EF also presents its post-quantum security strategy and launches https://t.co/1fPpbCRIcY.
EF also presented its post-quantum security strategy and launched https://t.co/1fPpbCRIcY. This is not just leading blockchain. No major technology platform has a published, open-source post-quantum migration roadmap at this level of detail. Ethereum is doing it before it is required, not after.
Proud of the Enterprise team for putting this together.
Choose Ethereum.
https://t.co/6AsAwc2tnC
Today I had the opportunity to present Ethereum's post-quantum security strategy at the Institutional Ethereum Forum in NYC.
15 minutes to explain why every proof-of-stake blockchain faces the same signature aggregation problem — and what the EF is doing about it.
We also launched https://t.co/Wz0gMP1v9A — a dedicated resource that brings together everything the PQ/Crypto teams have been working on:
→ How PQ impacts each protocol layer
→ The full PQ roadmap
→ Open resources — repos, specs, papers
→ FAQ — 14 questions we keep getting from institutions, now open-sourced
→ Interest form for the 2nd Annual PQ Research Retreat (Cambridge, Oct 2026)
Huge thanks to @drakefjustin @tcoratger @asanso and the entire PQ team, the @leanEthereum client teams shipping devnets every week.
Next week: Fort Mode in Cannes.
https://t.co/Wz0gMP1v9A
Ethproofs call #8 covered the (proposed) Poseidon2 → Poseidon1 switch for lean consensus.
10 yrs of Lindyness, ~2x plain-text slowdown, ~30% end-to-end in leanVM.
$1.15M in bounties targeting Poseidon1 security, soonTM
Full call here:
https://t.co/f1foAoljkw
Justin Drake thinks post-quantum is an opportunity for Ethereum — not a hurdle.
“It’s an opportunity for Ethereum to stand out as the very first global financial system that is post-quantum secure.”
“Not just relative to its competitors... but also relative to fiat and tradfi.”
“It would send a very strong message... a very natural security starting point for the world to migrate over to Ethereum.”
📆 Out on Monday, March 23 w/ @drakefjustin
👀
Justin Drake joins Bankless.
Q-Day is no longer a sci-fi thought experiment.
We get into:
- When quantum becomes a real crypto threat
- Bitcoin’s hardest post-quantum tradeoffs
- Ethereum’s roadmap to survive it
- Why Justin thinks quantum is also an opportunity
- What AI changes about the cryptography race
📅 Monday, March 23 w/ @drakefjustin
@eth_proofs looking good here
https://t.co/EG6oz0BFsZ
Ethproofs v3.2 is live 🚀
If proving is part of Ethereum’s future, the ecosystem needs a public way to see what is real:
- not just speed,
- but security,
- reliability,
- cost,
- hard blocks,
- and who is actually making progress.
That’s what this upgrade is about.
Once @leanethereum is fully deployed, Ethereum will be the only major chain that simultaneously has (i) theoretically optimal security properties under synchrony [requires 51% of online validators honest], and (ii) strong economic finality under asynchrony. Most "semi-centralized fast chains" pick (ii) only, PoW chains pick (i) only, Ethereum gets both.
Last Seen Users on Sotwe
past AE
Seen from Malaysia
ชอบเยสคนแก่ สูงวัย
Seen from Thailand
Hanan Sosi
Seen from Netherlands
Türk Porno İfşa 1.5 K
Seen from Turkey
Single Mazate
Seen from United States
Caller Tune
Seen from Italy
lllllld
Seen from United States
🔞Muay So Hot
Seen from Thailand
Nyari apa ngab?
Seen from Indonesia
erni
Seen from Indonesia
Most Popular Users
Elon Musk
@elonmusk
240.1M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
108.8M followers
Narendra Modi
@narendramodi
106.9M followers
Rihanna
@rihanna
97.2M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.5M followers
KATY PERRY
@katyperry
86.7M followers
Taylor Swift
@taylorswift13
80.5M followers
Lady Gaga
@ladygaga
72.1M followers
Kim Kardashian
@kimkardashian
69.3M followers
YouTube
@youtube
68.6M followers
Virat Kohli
@imvkohli
68.4M followers
Bill Gates
@billgates
63.4M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
60.9M followers
X
@x
60.9M followers
CNN Breaking News
@cnnbrk
59.9M followers