Ethereum Research Update | Ethereum Foundation Blog
The fourth hard fork was completed this week. fake dragonand follow-up State cleanup processThe final stages of two recent hard fork solutions for Ethereum denial of service attack This resulted in slow network speeds in September and October. The gas limit is in the process of being increased to 4 million as the network normalizes, and will be further increased once additional optimizations are completed for the client to allow faster reading of state data.
During these events, we saw great progress from our C++ and Go development teams, including: Solidity tool improvements And the release of Geth light clientAnd Parity, EthereumJ, and other external development teams have continued to push technologies like Parity forward on their own. warp synchronization; Many of these innovations are already in the hands of everyday users. still other people Coming soon. But at the same time, a lot of quiet progress has been made on the research side, and in many cases that progress has been somewhat blue sky in nature, and low-level protocol improvements inevitably take time. We expect the results of our work to come to fruition soon as we participate in the main Ethereum network.
center
Metropolis is the next major planned hard fork of Ethereum. Metropolis is not as ambitious as Serenity and does not include proof-of-stake, sharding, or other similar large-scale changes to how Ethereum works, but it is expected to include a series of small improvements to the protocol. This is much more important overall. Key improvements over Homestead include:
- EIP 86 (Account Security Abstraction) – Move the logic for verifying signatures and nonces into contracts, allowing developers to experiment with new signature schemes, privacy techniques, and modifications to parts of the protocol without requiring additional hard forks or protocol-level support. You can also pay for gas through a contract.
- EIP 96 (Change Block Hash and State Root) – Simplifies protocol and client implementation and upgrades to light client and fast sync protocol, making them much more secure.
- Precompiled/native contracts for elliptic curve operations and large integer operations enable efficient implementation of ring signature or RSA encryption based applications.
- Various efficiency improvements that enable faster transaction processing
Much of this work is part of a long-term plan to move the protocol in what we call a direction. extraction. Instead of essentially having complex protocol rules that govern contract creation, transaction validation, mining, and various other aspects of system behavior, we put as much of the logic of the Ethereum protocol into the EVM itself and simply store the protocol logic in a set of contracts. This reduces client complexity, reduces the long-term risk of consensus failure, and makes hard forks easier and more secure. Potentially a hard fork could simply be specified with a configuration file that changes the code of a few contracts. By reducing the number of “moving parts” at the lowest level of the protocol in this way, we can significantly reduce Ethereum’s attack surface and open up more parts of the protocol to user experimentation. At the same time, the new signature scheme gives users the freedom to experiment and implement their own methods.
Proof of Stake, Sharding and Cryptoeconomics
Research into Proof-of-Stake and Sharding has been quietly underway over the past year. Casper, the consensus algorithm we have been working with, has gone through several iterations and proof-of-concept releases, each of which has taught us important things about combining economics and distributed consensus. PoC Release 2 This approach has now been abandoned, as it has become clear that requiring every validator to send a message every block, or even every 10 blocks, would require too much overhead to be sustainable. More traditional chain-based PoC3As described in mauve paper, was more successful. There are imperfections in the way incentives are structured, but in their nature the flaws are much less serious.
Me, Vlad and many volunteers from the Ethereum research team IC3’s Boot Camp Last July we discussed proof-of-stake, sharding, privacy, and other issues with university academics, Zcash developers, and others, and discussed the gap between our approach to proof-of-stake and the approaches of others who have been solving similar problems. Significant progress has been made in resolving . . A newer, simpler version of Casper began to solidify, and me and Vlad continued down two separate paths. I aimed to create a simple proof-of-stake protocol that provides the desired properties with as few changes as possible in proof-of-work, and Vlad is a “modify-by-construction” approach to rebuilding consensus from scratch. Both were announced at Devcon2 in Shanghai in September, and we were there two weeks ago.
Research team at the end of November (Loi Luu joins temporarily) Verifier’s Dilemma fame), together with long-time volunteers and friends, led a two-week research workshop in Singapore aimed at gathering thoughts on a variety of issues related to Casper, scalability, consensus incentives, and state size control.
The main topic of discussion was to come up with a rigorous and generalizable strategy for determining optimal incentives in a consensus protocol. Whether it’s creating a chain-based protocol, a scalable sharding protocol, or an incentivized version of PBFT, can we come up with one? Is there a generalized way to correctly assign the correct rewards and punishments to all participants in a way that uses only verifiable evidence that can be put as input into a blockchain and has optimal game-theoretic properties? We had a few ideas. One of them, when applied to proof-of-work as an experiment, immediately led to a new path to solving selfish mining attacks and proved to be very promising in solving long-standing problems in proof-of-stake.
The main goal of our approach to cryptoeconomics is to ensure as much incentive compatibility as possible, even in models with multiple collusions. Even if an attacker controls 90% of the network, is there any way to ensure that if the attacker deviates from the following rules? Would changing the protocol in some harmful way cause the attacker to lose money? The answer seems to be yes, at least in some cases such as short forks. In other cases, such as censorship, this goal is much more difficult to achieve.
The second goal is to limit “frustration factors.” This means ensuring that there is no way for an attacker to cause another player to lose money without losing close to the same amount of money. The third goal is to ensure that the protocol continues to work as much as possible under different kinds of extreme conditions. For example, what happens if 60% of the validator nodes go offline at the same time? Traditional consensus protocols such as PBFT and proof-of-stake protocols inspired by these approaches simply stop in this case. Our goal for Casper is to keep the chain going. The protocol should try to do as much as possible, even if the chain cannot provide all the guarantees it would normally do under such conditions.
One of the key beneficial outcomes of the workshop was bridging the gap between Casper’s current “exponential growth” approach to transaction/block finality. This increases the confidence of validators, rewarding them for betting and penalizing them if their bets are wrong. Vlad’s “fix by composition” approach emphasizes penalizing verifiers only in cases of ambiguity (e.g. signing two incompatible messages). By the end of the workshop, we had started working together on a strategy that combined the best of both approaches, and we had already started using these insights to improve the Casper protocol.
In the meantime, I’ve written a few articles and FAQs detailing the current state of thinking around proof-of-stake, sharding, and Casper to help anyone interested get up to speed.
https://github.com/ethereum/wiki/wiki/Proof-of-Stake-FAQ
https://github.com/ethereum/wiki/wiki/Sharding-FAQ
https://docs.google.com/document/d/1maFT3cpHvwn29gLvtY4WcQiI6kRbN_nbCf3JlgR3m_8 (Mauve Paper; a bit out of date now, but will be updated soon)
State size control
Another important area of protocol design is state size control. In other words, how can we reduce the amount of state information that an entire node must track? The current state is about a gigabyte in size (the remaining data that a geth or parity node currently stores is transaction history, which could theoretically be cleaned up if there was a powerful light client protocol to retrieve it). We have already seen how the availability of protocols degrades in a number of ways when they become much more available. Additionally, sharded blockchains make sharding much more difficult because nodes must be able to quickly download parts of the state as part of the process to act as validators.
Some of the suggestions raised relate to: Delete old non-contractual accounts If you do not have enough Ether to send the transaction and send it safely To prevent replay attacks. Other proposals include making it much more expensive to simply create new accounts or store data, and further decoupling it from paying other kinds of costs inside the EVM. Other suggestions include placing a time limit on the length of the contract, charging more to create an account or contract with a longer time limit (the time limit here would be generous, perhaps over several years). It would still be cheaper to create a lasting contract). There is currently an ongoing debate in the developer community about how best to achieve the goal of keeping the state size small while keeping the core protocol as user and developer friendly as possible.
miscellaneous
Other areas where low-level protocol improvements are expected include:
- several “EVM 1.5” proposed Promotes compatibility with WASM by making the EVM more friendly to static analysis.
- Incorporating zero-knowledge proofs via (i) explicit ZKP opcodes/native contracts or (ii) opcodes or native contracts for key computationally intensive elements of ZKP, especially elliptic curve pair computation.
- Additional levels of abstraction and protocol simplification
We look forward to more detailed documentation and conversation on all of these topics in the coming months, especially as work continues to transform the Casper specification into a viable proof-of-concept release ready to run testnets.