tcoratger:
Standard Model vs. ROM for XMSS: There is an ongoing debate about shifting XMSS parameters from the standard model to the Random Oracle Model (ROM). While relying on the ROM is less conservative cryptographically, it would shrink the signature size below the IPv6 MTU limit and eliminate the need for multiple Poseidon widths (16 and 24). Furthermore, since the SNARK aggregator already relies on the ROM, standard-model XMSS might be unnecessarily strict. Should we lean into a stronger (more rounds) Poseidon and embrace the ROM to simplify the scheme?
I want to share some more insights regarding this question. The main discussion here is not standard model vs ROM. It is if we can get signature sizes below one MTU. With the parameters presented here, we can’t, but with more optimistic parameters, we can.
I have summarized all pros and cons of such a sub-MTU parameter set in this note.
In general, I would always vote for a conservative choice of parameters, especially if we use Poseidon.
| # | Наименование новости | Тональность | Информативность | Дата публикации |
|---|---|---|---|---|
| 1 | Exploring ownership fragmentation as a privacy primitive for the post-Pectra EVM | 0 | 0 | 23-06-2026 |
| 2 | Scaling in Hegota: using the ETH transfer to anchor execution and bandwidth | 0 | 0 | 19-06-2026 |
| 3 | Repurposing FOCIL as an L2 forced transaction mechanism | 0 | 0 | 19-06-2026 |
| 4 | A Criticism of LUCID and Encryption-Scheme-Agnostic Encrypted Mempool Designs | 0 | 0 | 22-06-2026 |
| 5 | A native zkEVM scales bandwidth, not just execution | 0 | 0 | 22-06-2026 |
| 6 | Validator Redirected Revenue | 0 | 0 | 23-06-2026 |
| 7 | Relationship-Anchored Money: Separating Symbolization from Securitization | 0 | 0 | 22-06-2026 |
| 8 | ETH needs a supply cap at 128 million | 0 | 0 | 21-06-2026 |
| 9 | Comment on Dynamic RAM from First Principles by Chris Maple | 0 | 0 | 23-06-2026 |
| 10 | Cooperative Capitalism Is the Last Coherent Economic Path Crypto Has Left | 0 | 0 | 23-06-2026 |
