Ethereum Foundation advanced two cryptographic EIPs this week: EIP-7932 now supports public key/signature separation, and EIP-8164 swaps Ed25519 for the post-quantum ML-DSA-44 (FIPS 204) signature scheme.

> impact

**What changed.** Two significant updates landed in the Ethereum Foundation's EIP repository. First, EIP-7932 received a commit from SirSpudlington that introduces explicit support for public key and signature separation — decoupling the key material used for identity from the signature blob attached to transactions and messages. Second, EIP-8164 was updated by James Prestwich to replace Ed25519 with ML-DSA-44, the lattice-based digital signature algorithm standardized under NIST FIPS 204 (formerly known as CRYSTALS-Dilithium). Together, these commits represent a meaningful evolution in how Ethereum thinks about on-chain cryptographic primitives. **Why it matters.** EIP-7932's separation of public keys and signatures gives wallet developers, smart-contract authors, and protocol engineers cleaner abstractions for signature verification. Instead of tightly coupling key formats to signature encoding, implementations can now handle each independently — opening the door to multi-algorithm support, hardware wallet flexibility, and future-proof account abstraction flows. EIP-8164's migration to ML-DSA-44 is even more consequential: it is the first concrete step toward quantum-resistant signature verification at the protocol specification level. With NIST finalizing FIPS 204 and quantum computing timelines shrinking, this change gives the ecosystem a head start on post-quantum readiness. **Impact for builders.** If you maintain a wallet, signer library, or any code that touches EIP-7932 flows, audit your key and signature parsing logic — the data structures are now explicitly separated and your deserialization must handle them independently. For EIP-8164 integrators, the cryptographic surface area changes dramatically: ML-DSA-44 signatures are roughly 2,420 bytes and public keys are 1,312 bytes, compared to Ed25519's 64-byte signatures and 32-byte keys. This will affect gas estimation, calldata costs, storage patterns, and any off-chain verification pipelines. Start evaluating ML-DSA-44 libraries now — the reference implementations from NIST's `pqcrypto` project and the `pqc` Rust crate are good starting points.

> Try this now

try this

# -----------------------------------------------------------
# Walkthrough: Verify an ML-DSA-44 signature (Python / pqcrypto)
# -----------------------------------------------------------
# ML-DSA-44 (FIPS 204) replaces Ed25519 in EIP-8164.
# Below is a minimal key-gen → sign → verify flow so you can
# start experimenting locally.
#
# Prerequisites:
#   pip install pqcrypto  # or use the oqs-python wrapper
#   Python 3.10+
# -----------------------------------------------------------

# Step 1 – Import the ML-DSA-44 module
# The 'dilithium' family was renamed ML-DSA in the FIPS 204 standard.
from pqcrypto.sign.dilithium2 import generate_keypair, sign, verify

# Step 2 – Generate a keypair
# ML-DSA-44 public keys are 1,312 bytes; secret keys are 2,560 bytes.
public_key, secret_key = generate_keypair()
print(f"Public key length : {len(public_key)} bytes")   # 1312
print(f"Secret key length : {len(secret_key)} bytes")   # 2560

# Step 3 – Sign an arbitrary message (e.g. an EIP-8164 transaction hash)
message = b"EIP-8164 post-quantum transaction payload"
signature = sign(message, secret_key)
print(f"Signature length  : {len(signature)} bytes")     # ~2420

# Step 4 – Verify the signature
# This is the on-chain-equivalent path: only public_key + signature + message.
try:
    verify(message, signature, public_key)
    print("✅ Signature valid under ML-DSA-44 (FIPS 204)")
except Exception as e:
    print(f"❌ Verification failed: {e}")

# -----------------------------------------------------------
# EIP-7932 note: public key / signature separation
# -----------------------------------------------------------
# Under the updated EIP-7932 spec, you should treat `public_key`
# and `signature` as independent fields during serialization:
#
#   tx_envelope = {
#       "payload":    message,
#       "pub_key":    public_key,   # separated field (1,312 bytes)
#       "signature":  signature,    # separated field (~2,420 bytes)
#   }
#
# Do NOT concatenate them into a single blob as older Ed25519
# implementations sometimes did.  Deserialization logic must
# parse each field by its known, fixed length.
# -----------------------------------------------------------