Ethereum protocol technology upgrade prospect analysis (1): The Merge

Author: Ebunker

Since October this year, Vitalik Buterin, co-founder of Ethereum, has released a series of articles on the future possibilities of the Ethereum protocol, covering six parts of the Ethereum development roadmap: The Merge, The Surge, The Scourge, The Verge, The Purge, and The Splurge. This article will interpret the first part of the roadmap (The Merge), explore what other technological designs can improve PoS Proof of Stake, and the ways to implement these improvements.

Vitalik believes that the ‘merge’ refers to the most important event in the history of the Ethereum protocol since its launch: the transition from PoW (Proof of Work) to PoS (Proof of Stake). Today, Ethereum has been running as a stable PoS system for almost two years, and this PoS has performed exceptionally well in terms of stability, performance, and mitigating centralization risks. However, there are still some important areas that need improvement in PoS.

The roadmap for Ethereum 2023 divides it into several parts: improving technical features (such as stability, performance, and accessibility to smaller validators), as well as economic changes to address centralization risks. According to Vitalik, this article is not a comprehensive list of improvements to Proof of Stake, but more of actively considered ideas.

The main objectives of the merger are as follows:

1. Single Slot Deterministic (SSF): The Ethereum Block usually takes about 15 minutes to finalize. However, by improving the efficiency of the Ethereum Consensus Mechanism to validate Blocks, the time required for finalization can be significantly reduced. Blocks can be proposed and finalized in the same slot without waiting for 15 minutes.

2. Confirm and complete transactions at the fastest speed while maintaining Decentralization

3. Improve the feasibility of individual stakers’ stakes

4. Improve stability

5. Improve Ethereum’s resistance and recovery capabilities against 51% attacks (including finality reversals, finality stops, and reviews)

Deterministic Single Slot and Stake Decentralization

Currently, it takes 2-3 epochs (about 15 minutes) to complete a Block, and 32 ETH is required to become a validator. This was initially a compromise to strike a balance between three objectives:

• Maximize the number of validators participating in stake (minimize the amount of ETH required for stake);
• Minimize finality time;
• Minimize the running cost of the Node.

These three goals are conflicting with each other: in order to achieve economic finality (i.e., attackers need to destroy a large amount of ETH to recover the finally determined Block), each time the final determination is made, each validators needs to sign two messages. Therefore, if there are many validators, either it will take a long time to process all the signatures, or very powerful Node are needed to process all signatures at the same time.

All of this depends on a key goal of Ethereum: to ensure that even successful attacks come at a high cost to the attacker. This is what is meant by the term ‘economic finality’.

There are also counterexamples. The practice of blockchain that does not have ‘economic finality’ (such as Algorand) is to solve this problem by randomly selecting a committee to finally determine each time slot. However, the problem with this method is that if the attacker does control 51% of the validators, the cost of the attack is very low: only some nodes in the committee will be detected as participating in the attack and be punished. This means that the attacker can repeatedly attack the chain.

Therefore, if Ethereum wants to achieve economic finality, the simple method based on committees is not feasible, and it requires the participation of a full set of validators.

Ideally, Ethereum hopes to improve the current situation in two aspects while retaining economic finality.

1. End the block within a time slot (slot) (ideally, maintain or even reduce the current length of 12 seconds), instead of 15 minutes

2. Allow validators to stake 1 ETH (reduced from 32 ETH)

The first point can ensure that all Ethereum users can benefit from a higher level of security achieved through the finality mechanism. Today, most users are unable to enjoy this security because they are unwilling to wait 15 minutes; with a single-slot determinism mechanism, users can almost immediately see the final confirmation of transactions after they are confirmed. Secondly, if users and applications do not have to worry about the possibility of chain Rollback, it simplifies the protocol and the surrounding infrastructure.

The second point is to support individual stakers. According to multiple surveys, the main factor hindering individual staking is the minimum limit of 32 ETH. Lowering the minimum limit to 1 ETH will solve this problem.

There is currently a challenge: the faster determinism and more democratic stake goals are in conflict with the goal of minimizing expenses. In fact, this is the reason why Ethereum did not adopt single-slot determinism at the beginning. However, recent research has proposed some possible solutions to this problem.

Principle of operation:

Deterministic slot involves using a Consensus Algorithm to finally determine the Block within a slot. This is not a difficult goal in itself, and many algorithms (such as Tendermint Consensus) have already achieved this.

One unique ideal property of Ethereum (i.e., inactivity leaks) is that even if more than 1/3 of validators go offline, this property allows the Blockchain to continue running and eventually recover.

Single Time Slot Deterministic Proposal

There are several leading solutions to how to make single-slot determinism work in the case of a very high number of validators without causing excessive operating expenses for Node operators:

Option one is Brute Force Attack, which implements a better signature aggregation protocol, possibly using ZK-SNARKs. This would make it possible to process the signatures of millions of validators in a single time slot. For example, Horn is one of the proposed designs for a better aggregation protocol.

Option two is the Orbit Committee, which is a new mechanism that allows a randomly selected medium-sized committee to be responsible for the final determinism of the chain, but retains the attack cost characteristics. Orbit utilizes the heterogeneity existing in the deposit scale of validators to achieve maximum economic finality while still giving small validators a matching role.

As shown in the figure below, Orbit SSF has opened up a middle zone between the range of x=0 (Algorand committee, no economic finality) and x=1 (the current state of Ethereum).

1. The cost of wrongdoing is still very high to ensure extreme safety;

2. However, at the same time, only a medium-sized random sample of validators participates in each time slot, reducing the burden on nodes.

Option three is dual-layer stake, a mechanism with two types of stakeholders, one type of stakeholder has higher deposit requirements, and the other type of stakeholder has lower deposit requirements. Only the higher-level deposit requirements will directly participate in the process of providing economic finality. As for the rights and responsibilities of lower-level deposits, various proposals have been made, including:

• The right to delegate stake to a higher-level stakeholder.
• Randomly select low-level stakers to prove and ultimately determine each Block;
• The right to be included in the list.

For the security experience and centralization properties of Ethereum’s stake, each solution has its advantages and disadvantages that need to be weighed: brute force attack can solve the problem, but it requires aggregating a large number of signatures in a very short time, with extremely high technical difficulty; Orbit committee needs to verify its security and characteristics, and formalize and implement them; the dual-layer stake mechanism faces centralization risks, which largely depend on the specific rights acquired by the low-stake layer.

In addition to single-slot determinism, the election of a single secret leader is also an important issue in the Ethereum Proof of Stake system. Nowadays, it is possible to know in advance which validators will propose the next Block, which creates a security vulnerability. Attackers can monitor the network, determine which validators correspond to which IP Addresses, and launch DoS attacks against them when the validators are about to propose a Block.

The best way to solve this problem is to hide the information of which validators will generate the next Block, at least until the Block is actually generated.

Single Secret Leader Election

Currently, which validators will propose the next Block can be known in advance, which will create a security vulnerability: attackers can monitor the network, determine which validators correspond to which IP Address, and launch a DoS attack on them when the validators are about to propose a Block.

The protocol for single secret leader election creates a ‘blind’ validators ID for each validators using some encryption techniques, and then allows many proposers the opportunity to reorganize and re-blind the blind ID pool to address this issue.

However, implementing a simple enough single secret leader election protocol is not easy.

The simplicity of the Ethereum protocol is crucial, and we do not want to further increase its complexity. The Simplified SSLE (Simplified SSLE using ring signatures) that uses Ring Signature only uses a few hundred lines of specification code and introduces new assumptions in complex encryption.

How to achieve sufficiently effective resistance to quantum SSLE is also a problem. In the end, it may be the case that the ‘marginal additional complexity’ of SSLE will only decrease to a low enough level when we boldly attempt for other reasons and introduce a mechanism for executing general Zero-Knowledge Proofs in the L1 Ethereum protocol.

In addition, faster transaction confirmation is also one of the issues that the Ethereum Proof of Stake system needs to solve.

It is valuable to further shorten the transaction confirmation time of Ethereum (from 12 seconds to 4 seconds). Doing so will significantly improve the user experience of L1 and rollups-based, while making Decentralized Finance protocol more efficient. It will also make L2 more Decentralization, as it will allow a large number of L2 applications to operate on rollups, reducing the need for L2 to build their own committee-based Decentralization rankings.

There are roughly two technologies: reducing the slot time to 8 seconds or 4 seconds; allowing proposers to issue pre-confirmation during a single slot period. However, it is currently unclear whether it is feasible to shorten the slot time.

Even today, many regions in the world find it difficult for stakers to obtain proof at a fast enough speed. Attempting a 4-second slot time carries the risk of centralized validators, and it is impractical for validators to be located outside a few geographically advantageous areas due to latency.

The weakness of the proposer pre-confirmation method is that it can greatly improve the inclusion time in the average case, but cannot improve the worst case. In addition, there is an unsolved problem of how to motivate pre-confirmation.

In the face of potential Quantum Computing threats in the future, Ethereum needs to actively develop anti-quantum attack alternative solutions. Each part of the Ethereum protocol that currently relies on elliptic curves needs to have some alternative solutions based on hash or other anti-quantum methods. This attestation proves that the conservatism in the performance assumptions surrounding the design of Proof of Stake is reasonable, and is also the reason for more actively developing alternative solutions to resist quantum attacks.

Summary

The Ethereum Proof of Stake system faces challenges on the path of technological evolution. Due to the high threshold for staking on Ethereum, stake service providers led by Lido have become the preferred choice for Ethereum Node stakeholders. The dual-layer staking scheme also has a certain degree of centralization risk. To address these challenges, the development of single-slot finality, stake democratization, single secret leader election, faster transaction confirmation, and alternative solutions for quantum attacks are all important issues that Ethereum needs to address.

Vitalik has conducted a comprehensive analysis of the ‘The Merge’ upgrade and proposed as many technical solution combinations as possible, discussing the design potential of ETH Ethereum PoS Proof of Stake technology, and the current potential feasible technical upgrade paths.

During the process of technological upgrade, Ethereum is still striving to explore and innovate, weighing and selecting among different technical solutions to find the most suitable development path, and achieve higher security, performance, and level of Decentralization.