A path to Ethereum 2.0

(one guy’s current understanding)

2018-07-06

Ben Edgington

Background

• Scalability workshop, Taipei, 19-21 March 2018
• Client devs’ and scaling workshop, Berlin, 29 June - 1 July 2018
• Lots of activity on ethresear.ch and elsewhere
• Ethereum Core Devs calls

Disclaimer�None of this is set in stone; everything is subject to change. My understanding is likely to be faulty and/or incomplete. I am not party to any special knowledge: this is just an attempted synthesis of publicly available information.

Update 2018-07-08: I’ve added a (very) speculative delivery timeline expanding on some remarks from Justin Drake.

My nomenclature�Ethereum 1.0 is the current Mainnet, which continues as a PoW chain for the foreseeable future.�Ethereum 2.0 is features likely to be delivered “soon”, possibly in sub-stages.�Ethereum 2.x is loosely features possibly to be implemented later. Maybe 3.0.

Recent developments (last 3-4 weeks)

• Rather than upgrade the current Mainnet (Ethereum 1.0), innovation will happen on a separate Ethereum 2.0 blockchain (loosely coupled to Mainnet).
• Technical reasons:
• Capacity of Mainnet would limit scalability of sharding.
• EVM not well suited to managing sharding infrastructure efficiently (bit operations, etc.)
• Recent innovations in crypto enable much more ambitious design.
• Project reasons
• Huge inertia to making changes on Mainnet.
• Convergence of infrastructure for Proof of Stake and Sharding.
• Separate chain allows radical changes and side-steps technical debt.

Looking at 4096 now

PoW

PoS

Casper FFG

Source: What you can do for Ethereum 2.0

Differences and discontinuities 1.0 → 2.0

Changes are proposed to:

• Consensus algorithms
• Concurrency
• State transition
• Cryptoeconomics
• Cryptographic primitives
• P2P networking
• Contract programming model

​

(Implicit) Goals:

• Huge scalability
• Enhanced decentralisation
• Quantum security
• Protocol agility

Consensus

• Separating the beacon chain from Mainnet allows for vastly more validators.
• Individual validator stake can be reduced from 1500 Eth to 32 Eth
• 10% Eth staked => 300K validators
• Aiming for ~4096 shards
• PoS validator and sharding validator pools can be combined, providing higher security levels.

Concurrency

• O(c) is the processing power of a typical single laptop.
• Goal is to have no requirements that would prevent consumers on commodity hardware from participating in staking/validating. Promotes:
• Network security
• Decentralisation

State transition

Not yet decided: delayed state execution.

• Blockchain only records the history of transactions.
• State can be calculated later on-demand (“lazy evaluation”).
• May allow for alternative execution engines on the public chain.

Cryptoeconomics 1: slashing

• “Fraud proofs”/“fault proofs” become a thing. Participants are rewarded for reporting incorrect behaviour and perpetrators are slashed.

Cryptoeconomics 2: storage rent

• This is controversial and under much discussion.
• No other blockchain does this, but it seems inevitable in the long run.

Crypto 1: aggregate block signatures

• Looking at the BLS12-381 elliptic curve for the aggregate signatures.
• ZK-STARKS.
• It is expected that STARKs will play a big role in the future in a number of protocol aspects.

Crypto 2: randomness

Choice of implementations for the random beacon:

• BLS threshold signatures a la Dfinity
• Complex set up (DKG)
• Not quantum secure
• RANDAO (current proposal)
• Needs a VDF (verifiable delay function) to avoid “last actor” issue. Blergh.

Crypto 3: hash algorithm

Applications of hashing broaden in Ethereum 2.0:

• RANDAO hash onion for the beacon chain.
• Construction of proofs-of-custody of collation bodies.
• Provision of Merkle proofs in light and/or stateless clients.
• Quantum resistant transaction signatures?

Crypto 4: account abstraction

This was initially proposed for the Mainnet in April 2016.

• As of the last-but-one Core Devs’ it has now been iced until Ethereum 2.0
• An example of the difficulty of making disruptive changes to the current Mainnet.

Networking

Programming model

In general, introducing asynchrony is likely to make auditing the correctness of contract systems substantially more difficult.

Delivery Timeline�(Status: speculative. Based on utterances from the Ethereum Foundation)

Source: What you can do for Ethereum 2.0

Now

2019

2021

2020

EF Speculative timing

Phase 0: The PoS beacon chain (2019?)

• Implement PoS Beacon chain as a side chain
• Random number generation: RANDAO using verifiable delay function.
• Aggregate Signatures for validators
• BLS aggregate signatures likely using BLS12-381 elliptic curve
• Begin migration to new hash function(?)
• Keccak256 -> MiMC hash?
• 5s block time
• New p2p network layer
• Brings Casper FFG periodic finality to Mainnet
• 32 Eth stake per validator
• Slashing mechanism
• 80% Reduction in PoW mining reward (3 Eth→0.6 Eth?)

Phase 1: Sharded transaction handling (The data layer - 2020?)

• Add sharding infrastructure for transactions
• Each shard maintains an append-only log of transaction data.
• Implement block proposer, block attestor and block validator mechanisms.
• Implement proofs of custody.
• Implement cross links to beacon chain.
• Enhance p2p networking to handle all of this.
• No state execution!
• Test the mechanism design.

Phase 2: Sharded state handling (The execution layer - 2021?)

• Add state execution to shards
• eWASM engine to replace EVM(?)
• Delayed state execution(?)
• Synchronous or asynchronous intra-shard contract calls?
• Synchronous or asynchronous inter-shard contract calls?
• Light clients and/or stateless clients.
• A fully usable, O(c²) scaled infrastructure.
• O(c) is the compute power available to a consumer laptop or small VPS. The same speed as Mainnet today.

​

Phase X: Also under discussion...

• ZK-STARKs.
• Quantum resistant zero-knowledge proofs. Lots of use cases.
• Alternative execution engines.
• Storage rent.
• Full PoS: Casper CBC.
• Account abstraction.
• Mainnet becomes a side-chain to the beacon chain.
• Abandon PoW?

​