Analysis of the Ethereum protocol technology upgrade prospects (1): The Merge

Since October of this year, Vitalik Buterin, co-founder of Ethereum, has released a series of articles on the future possibilities of the Ethereum protocol. The content covers six parts of the Ethereum development roadmap: The Merge, The Surge, The Scourge, The Verge, The Purge, and The Splurge. This article will interpret the first part of the roadmap (The Merge), explore what other technological designs can improve the PoS Proof of Stake, and the ways to implement these improvements.

Vitalik believes that ‘merging’ refers to the most important event in the history of the Ethereum protocol since its launch: the transition from PoW (Proof of Work) to PoS (Proof of Stake). Today, Ethereum has become a stable PoS system for almost two years, and this Proof of Stake has performed extremely well in terms of stability, performance, and avoiding centralization risks. However, there are still some important areas that need improvement in Proof of Stake.

The 2023 roadmap for Ethereum will be divided into several parts: improving technical features (such as stability, performance, and accessibility to smaller validators), as well as economic changes to address centralization risks. According to Vitalik, this article is not a comprehensive list of improvements to Proof of Stake, but rather a collection of actively considered ideas.

The main objectives of the merger are as follows:

1. Single Slot Determinism (SSF): Typically, it takes about 15 minutes for an ETH Block to be finally confirmed. However, by improving the efficiency of the Consensus Mechanism that verifies Blocks on the ETH network, the time needed for final confirmation can be significantly reduced. Blocks can be proposed and finally confirmed within the same time slot without waiting for 15 minutes.

2. Confirm and complete transactions at the fastest speed while maintaining Decentralization

3. Improve the feasibility of individual stakers’ stake

4. Improve stability

5. Improve Ethereum’s resistance and recovery capabilities against 51% attacks (including finality reversal, finality prevention, and review)

Deterministic Time Slot and Stake Democratization

Currently, it takes 2-3 epochs (about 15 minutes) to complete a Block, and 32 ETH is required to become a staker. This was initially a compromise to strike a balance among three goals:

• maximize the number of validators participating in stake (minimize the ETH required for stake);

• Minimizing the finality time;

• Minimize the cost of running Node.

These three goals are conflicting with each other: to achieve economic finality (i.e., attackers need to destroy a large amount of ETH to restore the final determined Block), each time the final determination is made, each validators needs to sign two messages. Therefore, if there are many validators, either it will take a long time to process all the signatures, or extremely powerful Nodes are needed to process all the signatures at the same time.

It all depends on a key goal of the Ethereum network: to ensure that even successful attacks come with a high cost for the attacker. This is the meaning of the term ‘economic finality’.

There are also counterexamples. The practice of blockchain (such as Algorand) that does not have ‘economic finality’ is to solve this problem by randomly selecting a committee to finally determine each time slot. However, the problem with this method is that if the attacker does control 51% of validators, the cost of the attack is very low: only a few nodes in the committee will be detected as participating in the attack and punished. This means that attackers can repeatedly attack the chain.

Therefore, if Ethereum wants to achieve economic finality, a simple committee-based approach won’t work, but it requires the participation of a full set of validators.

Ideally, Ethereum hopes to improve the current situation in two aspects while maintaining economic finality.

1. Finish a block within a time slot (ideally maintaining or even reducing the current 12-second length) instead of 15 minutes.

2. Allow validators to stake 1 ETH (reduced from 32 ETH)

The first point can ensure that all Ethereum users can benefit from a higher level of security achieved through the finality mechanism. Today, most users are unable to enjoy this security because they are unwilling to wait for 15 minutes; with the single-slot determinism mechanism, users can almost immediately see the final confirmation of transactions after the transaction is confirmed. Secondly, if users and applications do not have to worry about the possibility of chain Rollback, it simplifies the protocol and the surrounding infrastructure.

The second point is to support individual stakers. According to multiple surveys, the main factor preventing individual staking is the minimum requirement of 32 ETH. Lowering the minimum requirement to 1 ETH will solve this problem.

There is currently a challenge: the faster determinacy and more democratic stake goals conflict with the goal of minimizing expenses. In fact, this is the reason why Ethereum did not adopt single-slot determinacy at the beginning. However, recent research has proposed some possible methods to solve this problem.

Principle of operation:

Deterministic slot involves using a ConsensusAlgorithm to finally determine the Block within a slot. This is not a difficult goal in itself, and many Algorithms (such as Tendermint Consensus) have already achieved this.

One unique ideal property of Ethereum (i.e., inactivity leaks) is that even if more than 1/3 of validators are offline, this property allows the blockchain to continue running and eventually recover.

Deterministic Single Slot Proposal

For how to make single-slot determinism work in a situation where the number of validators is very high, without causing excessive Node operator expenses, there are several leading solutions:

Option one is Brute Force Attack, which implements a better signature aggregation protocol and may use ZK-SNARKs, making it possible to process millions of validators’ signatures in a single time slot. For example, Horn is one of the proposals put forward for designing a better aggregation protocol.

Option two is the Orbit committee, which is a new mechanism that allows a randomly selected medium-sized committee to be responsible for the final determinism of the chain, but it needs to retain the feature of attack cost. Orbit utilizes the existing heterogeneity in the scale of validators’ deposits to achieve as much economic finality as possible while still giving small validators a matching role.

As shown in the figure below, Orbit SSF opened up an intermediate zone between the range x= 0 (Algorand committee, no economic finality) and x= 1 (the current state of Ethereum).

1. The cost of wrongdoing is still high, ensuring extreme safety;

2. However, at the same time, only a moderately sized random sample of validators needs to participate in each time slot to reduce the burden on nodes.

Option 3 is dual-layer stake, a mechanism with two types of stakeholders, one with higher deposit requirements and the other with lower deposit requirements. Only the higher-level deposit requirements will directly participate in the process of providing economic finality. As for the rights and responsibilities of lower-level deposits, various proposals have been made, including:

• The right to delegate stake to a higher-level stakeholder.

• Randomly select low-level stakers to prove and ultimately determine each Block;

• The right to be included in the list.

For the security experience of Ethereum and the centralization attribute of stake, each solution has its advantages, disadvantages, and trade-offs: Although Brute Force Attack can solve the problem, it requires aggregating a large number of signatures in a short period of time, which is extremely difficult; The Orbit committee needs to verify its security and characteristics, and formalize and implement it; The dual-layer stake mechanism faces centralization risks, which largely depend on the specific rights obtained by the lower stake layer.

In addition to single-slot determinism, the single-secret leader election is also an important issue in the Ethereum Proof of Stake system. Now, which validators will propose the next Block can be known in advance, which will create a security vulnerability. Attackers can monitor the network, determine which validators correspond to which IP Addresses, and launch DoS attacks on them when the validators are about to propose a Block.

The best way to solve this problem is to hide which validators will generate the information for the next Block, at least until the Block is actually generated.

Single Secret Leader Election

Currently, which validators will propose the next Block can be known in advance, which creates a security vulnerability: attackers can monitor the network, determine which validators correspond to which IP addresses, and launch a DoS attack on them when the validators are about to propose a Block.

The Single Secret Leader Election protocol creates a ‘blind’ validators ID for each validator by using some encryption techniques, and then allows many proposers the opportunity to reorganize and re-blind the blind ID pool to solve this problem.

However, implementing a simple and single secret leader election protocol is not easy.

The simplicity of the Ethereum protocol is crucial, and we do not want to further increase its complexity. The simplified SSLE using ring signatures only uses a few hundred lines of code, introducing new assumptions in complex encryption.

How to achieve sufficiently effective resistance to quantum SSLE is also a problem. In the end, it may be the case that the ‘marginal additional complexity’ of SSLE only decreases to a low enough level when we boldly attempt and introduce a mechanism for executing general Zero-Knowledge Proofs in the ETH blockchain protocol of L1 for other reasons.

In addition, faster transaction confirmation is also one of the issues that the Ethereum Proof of Stake system needs to address.

It is valuable to further reduce the transaction confirmation time of Ethereum (from 12 seconds to 4 seconds). Doing so will significantly improve the user experience of L1 and rollups-based, while making Decentralized Finance protocol more efficient. It will also make L2 more Decentralization, as it will allow a large number of L2 applications to operate on rollups, thereby reducing the need for L2 to build their own committee-based Decentralization sorting.

There are roughly two techniques: reducing the slot time to 8 seconds or 4 seconds; allowing the proposer to issue pre-confirmation during a single time slot period. However, it is currently unclear whether it is feasible to shorten the slot time.

Even today, it is difficult for many regions in the world for stakers to obtain proof at a fast enough speed. Attempting a 4-second slot time carries the risk of validator centralization, and it is impractical to become validators outside a few geographically advantageous areas due to latency.

The weakness of the proposer pre-confirmation method is that it can greatly improve the inclusion time under average conditions, but cannot improve the worst case. In addition, there is a problem that needs to be solved, which is how to incentivize pre-confirmation.

In the face of the potential threat of Quantum Computing in the future, Ethereum needs to actively develop alternative solutions to resist quantum attacks. Each part of the Ethereum protocol that currently relies on elliptic curves needs to have some alternative solutions based on hash or other quantum-resistant methods. This proves that the conservatism in the performance assumptions designed around Proof of Stake is reasonable and also the reason for actively developing alternative solutions to resist quantum attacks.

Summary

The Ethereum Proof of Stake system is full of challenges on the road of technological evolution. Due to the high threshold for staking in Ethereum, stake service providers led by Lido have become the preferred choice for Ethereum Node staking, and the dual-layer staking solution also carries a certain degree of centralization risk. To address these challenges, important issues that Ethereum needs to address include single-slot finality and stake decentralization, single secret leader election, faster transaction confirmation, and alternative solutions to resist quantum attacks.

Vitalik has thoroughly considered ‘The Merge’ upgrade and proposed as many technical solution combinations as possible, discussing the design potential of ETH 2.0’s PoS (Proof of Stake) technology, as well as the current potential upgrade paths.

In the process of technological upgrading, Ethereum is still working hard to explore and innovate, weighing and choosing between different technical solutions to find the most suitable development path, and achieve higher security, performance, and Decentralization level.