This week marks the completion of our fourth hard fork, Parasitic dragonand the following State compensation processThe latest stages of the two -mourning solution to the recent Ethereum Department of service attacks This slowed down the network in September and October. The gas limits are being increased to 4 million as the network returns to normal, and will be further increased because additional optimizations for customers are completed to allow faster reading of state data.
In the midst of these events, we have seen great progress from the C ++ and Go development teams, in particular Improvements in solidity tools and the release of GETH LIGHT customerand parity, Ethereumj and other external development teams have continued to advance by themselves with technologies such as parity chain synchronization; Many of these innovations have already made their way in the hands of the average user, and Still others are soon to come. At the same time, however, a large quantity of silent progress took place on the side of research, and although this progress has in many cases of the nature of the blue sky and the improvements of low -level protocol necessarily take a certain time to go to the main Ethereum network, we expect the results of the work to start fruit very soon.
Metropolis
Metropolis is the next major planned for Ethereum. Although the metropolis is not as ambitious as serenity and will not include proof of participation, the fragment or any other scanning change similar to what Ethereum works, it should include a series of small improvements in the protocol, which are quite much more substantial than property. Major improvements include:
- EIP 86 (account security abstraction) – Move the logic to verify signatures and nonces in contracts, allowing developers to experiment with new signature patterns, technologies and modifications preserving confidentiality towards certain parts of the protocol without requiring additional forks or support or support at the level of the protocol. Also allows contracts to pay gas.
- EIP 96 (Blockhash and state root changes) – simplifies the implementations of the protocol and customers, and allows upgrades to light the customer and rapid synchronization protocols which make them much more secure.
- Precompounded / native contracts for elliptical curve operations and large whole arithmetic, allowing applications based on annular signatures or RSA cryptography
- Various improvements in efficiency that allow faster transactions
A large part of this work is part of a long -term plan to move the protocol to what we call abstraction. Essentially, instead of having complex protocol rules governing contracts, validation of transactions, mining and various other aspects of system behavior, we try to put as much logic of the logic of Ethereum protocol in the EVM itself, and we simply have a set of contracts. This reduces the customer’s complexity, reduces the long -term risk of consensus failures and makes the forks difficult easier and safer – potentially, a hard fork could be specified simply as a configuration file which modifies the code of some contracts. By reducing the number of “mobile parts” at the lower level of the protocol in this way, we can considerably reduce the attack surface of Ethereum and open more parts of the protocol to the experimentation of users: for example, instead of upgrading the protocol to a new signature scheme at the same time, users are free to experiment and implement their own.
Proof of stake, rupture and cryptocurrency
During the last year, research on proof of stake and rupture was quietly advanced. The consensus algorithm on which we work, Casper, has undergone several iterations and versions of proof of concept, each has taught us important things on the combination of the economy and decentralized consensus. POC version 2 At the beginning of this year, although this approach has now been abandoned because it has become obvious that requiring that each validator sends a message to each block, or even all ten blocks, requires far too many general costs to be durable. The most traditional chain POC3As described in the Purple paperwas more successful; Although there are imperfections in the way in which the incentives are structured, defects are much less serious by nature.
I myself, Vlad and many volunteers from the Ethereum research team gathered at Bootcamp in IC3 In July, with university academics, ZCASH developers and others to discuss proof of participation, rupture, privacy and other challenges, and substantial progress has been made to fill the gap between our approach to the proof of participation and that of others who worked on similar problems. A more recent and simpler version of Casper began to solidify, and I and Vlad continued on two distinct paths: myself aimed at creating a simple proof protocol of stake which would provide desirable properties with the least changes in the evidence of work as possible, and Vlad would adopt a “correct construction” approach to reconstruct the soil consensus. The two were presented at Devcon2 in Shanghai in September, and that’s where we were two weeks ago.
At the end of November, the research team (temporarily joined by Luu law, of Validator dilemma Fame), with some of our long -standing volunteers and friends, gathered for two weeks for a research workshop in Singapore, aimed at bringing together our reflections on various questions related to Casper, scalability, consensual incentives and state size control.
A major subject of discussion consisted in proposing a rigorous and generalizable strategy in determining optimal incentives in consensus protocols – whether you create a chain protocol, a evolutionary fragment protocol, or even an incentive version of PBFT, can we offer a generalized way to correctly assign the good rewards and penalties for all participants, using optimal theoretics? We had some ideas; One of them, when applied to proof of work as an experience, immediately led to a new path to the resolution of selfish mining attacks, and has also proved to be extremely promising to solve long -standing problems in proof of participation.
A key objective of our approach to cryptocurrency is to ensure as much incentive compatibility as possible even under a model with majority collusion: even if a 90% control attacker, is there a way to ensure that, if the attacker deviates from the protocol in a harmful way, the attacker loses money? At least in some cases, like short -range forks, the answer seems to be yes. In other cases, such as censorship, achieving this goal is much more difficult.
A second objective is to delimit the “sorrow factors”-that is to say, ensuring that there is no way for an attacker to make other players lose without losing the same amount of money. A third objective is to ensure that the protocol continues to work as well as possible in other types of extreme conditions: for example, what happens if 60% of the validators’ nodes are simultaneously disconnected? Traditional consensus protocols such as PBFT and stake proof protocols inspired by such approaches, simply stop in this case; Our goal with Casper is that the chain continues, and even if the chain cannot provide all the guarantees that it normally makes in such conditions, the protocol should always try to do as much as possible.
One of the main beneficial results of the workshop was to fill the gap between my current approach to the purpose of transactions / blocks of exponential power in casper, which rewards validators to make betting with growing confidence and penalizes them if their bets are wrong, and a correct approach by construction “of Vlad, which does not reduce the penalty validators. At the end of the workshop. To work together on strategies to combine the best of two approaches, and we have already started using these ideas to improve the Casper protocol.
In the meantime, I have written documents and FAQs which detail the current state of thought concerning proof of participation, sharding and casper to help update any interested person:
https://docs.google.com/document/d/1maft3cphvwn29glvty4wcqii6krbn_nbcf3jlgr3m_8 (Purple paper; now slightly obsolete but will soon be updated)
State size control
Another important area of the design of the protocol is control of state size-that is to say how to reduce the amount of state information whose complete nodes must follow? Currently, the State concerns a GigaCtet of GigaCtet (the rest of the data that a Geth or parity node is currently storing is the history of transactions; these data can theoretically be cut once there is a robust light clining protocol to recover it), and we have already seen how the usability of the protocol degrades in several ways if it increases; In addition, the rupture becomes much more difficult because the Shardée blockchains require that the nodes can quickly download parts of the State within the framework of the Validators service process.
Certain proposals that have been raised have to be seen with Deletion of old non -contractual accounts With not enough ether to send a transaction and do it safely In order to avoid rereading attacks. Other proposals simply involve making much more expensive to create new accounts or store data, and do it in a more decoupled manner in the way we pay for other types of costs inside the EVM. Other proposals still include the deadline for delays on the duration of contracts and more invoicing to create accounts or contracts with longer deadlines (deadlines here would be generous; it would always be affordable to create a contract that lasts several years). There is currently an underway debate in the developer community on the best way to reach the objective of keeping the size of the small state, while keeping the main protocol of users and developers.
Miscellanea
Other low-proteocol improvement areas on the horizon include:
- Several Proposals “EVM 1.5” which make the EVM more friendly for static analysis, facilitating compatibility with Wasm
- Integration of zero knowledge of knowledge, probably via (i) an explicit ZKP OPCODE / Native contract, or (ii) an OPCODE or native contract for key ingredients with high calculation intensity in ZKPs, in particular the Elliptical Curve torque calculations
- Other degrees of abstraction and simplification of the protocol
Expect more detailed documents and conversations on all these subjects in the coming months, in particular as work on the transformation of the Casper specification into a viable concept proof version that could run a continuous test to move forward.
