My previous article presenting Ethereum 2.0 script Was welcomed by a certain number of responses, some very favorable, others suggesting that we go to their own favorite battery paradigms based on the battery / based on assembly / and to offer various specific criticisms that we examine carefully. Maybe the strongest criticism this time came Sergio Damian LernerBitcoin security researcher, Qixcoin developer and to whom we are grateful to his Handle analysis. Sergio criticizes particularly two aspects of change: the cost system, which is modified from a simple design to a variable where everything is a fixed multiple Dufee, and the loss of crypto opodes.
Crypto opcodes are the most important part of Sergio’s argument, and I will manage this problem first. In Ethereum Script 1.0, the Opcode ensemble had a collection of OPCODES which specialize around certain cryptographic functions – for example, there was a SHA3 OPCODE, which would take a length and an index of starting memory out of the battery, then push the SHA3 of the chain drawn from the desired number of blocks in memory from the starting index. There were similar opcodes for SHA256 and RIMEMD160 and there were also cryptographic opcodes oriented around the Elliptical COURBE Operations SECP256K1. In ES2, these opcodes have disappeared. Instead, they are replaced by a fluid system where people will have to write SHA256 in ES manually (in practice, we would offer a commission or generosity for this), then later, intelligent interpreters can replace the SHA256 ES SH256 script with an old machine code (or even the equipment) of SH256 of the type you use when you call Sha256 in C ++. Outdoor views, Sha256 and the Sha256 machine code are indistinguishable; They both calculate the same function and therefore do the same transformations to the battery, the only difference is that the latter is hundreds of times faster, which gives us the same efficiency as if the SHA256 was an opcode. A flexible fee system can then also be implemented to make the SHA256 cheaper to adapt to its reduced calculation time, which makes it ideally as cheap as an OPCODE is now.
Sergio, however, prefers a different approach: come with many cryptographic opcodes outside the box, and use changes in the endangerment protocol to add new ones if necessary further. He writes:
First of all, after 3 years of close Bitcoin gaze, I came to understand that A cryptocurrency is not a protocol, a contract, nor a computer network. A cryptocurrency is a community. With the exception of a very few constants, such as the monetary mass function and the world balance, everything can be changed in the future, as long as the change is announced in advance. The Bitcoin protocol has worked well so far, but we know that in the long term, it will be faced with evolution problems and it will have to change accordingly. The short -term advantages, such as the simplicity of the protocol and the basis of code, helped Bitcoin to obtain global acceptance and the network effect. Is the Bitcoin reference code version 0.8 as simple as version 0.3? no way. Now there are caches and optimizations everywhere to reach maximum performance and higher back safety, but no one cares (and no one should). A cryptocurrency is started starting with a simple value proposal that works in the short / midfielder.
This is a point that is often raised with regard to Bitcoin. However, the more I look at what is really going on in the development of bitcoin, the firmly I become in my position which, with the exception of cryptographic protocols at very early at an early stage which are in their infancy and which see a very low practical use, the argument is absolutely false. There are currently many bitcoin defects that can be changed if only we had the collective will. To take some examples:
- The block size limit of 1 MB. Currently, there is a difficult limit that a Bitcoin block cannot contain more than 1 MB of transactions – a ceiling of approximately seven transactions per second. We are starting to refresh this limit already, with around 250 KB in each block, and this already exerts pressure on the transaction costs. In most of the history of Bitcoin, the costs were about $ 0.01, and each time the price increased, the default fees labeled in BTC that minors accept have been adjusted. Now, however, the costs are glued to $ 0.08, and the developers do not adjust it without doubt because the adjustment of the costs to $ 0.01 would cause brushing of the number of transactions against the limit of 1 MB. The abolition of this limit, or at least define it on a more appropriate value like 32 MB, is a trivial change; This is only one number in the source code, and it would clearly do a lot of good to ensure that bitcoin continues to be used in the medium term. And yet, Bitcoin developers did not completely manage to do so.
- The bug op_checkmultisig. There is a well -known bug in the operator OP_Checkmultisig, used to implement multisig transactions in Bitcoin, where it requires an additional fake zero as a argument that is simply out of the battery and not used. It is very uninstated and confusing; When I worked personally in the implementation of the multisig for pybitcointoolsI was stuck for days trying to determine if the zero dummy was supposed to be at the front or replace the missing public key in a multi-3 out of 3, and if there are supposed to have two dummy zeros in a multi-3 multi-3. Finally, I understood it, but I would have understood it much more quickly if the operation of the operator of Theop_checkmultisig had been more intuitive. And yet the bug has not been corrected.
- The Bitcoind client. The Bitcoind client is well known to be a very heavy and non -modular machine; In fact, the problem is so serious that all the people seeking to build a Bitcoind alternative which is more evolving and adapted to the company does not use Bitcooind at all, from zero. This is not a basic protocol problem, and the theoretically modification of the Bitcoind client does not need to involve lasting changes, but the necessary reforms are still not made.
All these problems are not there because Bitcoin developers are incompetent. They are not; In fact, they are highly qualified programmers with in-depth knowledge of cryptography and the database and networking problems inherent in the design of the cryptocurrency client. The problems are there because Bitcoin developers realize that Bitcoin is a train of $ 10 billion which rushes at 400 kilometers per hour, and if they try to change the engine halfway and even the smallest bolt stands out, everything could stop. A change as simple as to exchange the database in March 2011 almost done. This is why in my opinion, it is irresponsible to leave a poorly designed and non-future protocol, and simply to say that the protocol can be updated in due course. On the contrary, the protocol must be designed to have an appropriate degree of flexibility from the start, so that the modifications can be made by consensus to automatically without the need to update software.
Now, to resolve the second issue of Sergio, his main scruples with modifiable costs: if the costs can increase and descend, it becomes very difficult for contracts to set its own costs, and if costs increase unexpectedly, this can open a vulnerability through which an attacker can even be able to force a contract to go bankrupt. I must thank Sergio for having made this point; This is something that I had not yet considered enough, and we will have to think carefully during our conception. However, its solution, updates to the manual protocol, is probably not better; Updates of the protocol that change the costs of costs can also expose new economic vulnerabilities in contracts, and they are undoubtedly even more difficult to compensate because there is absolutely no restriction on the updates of the manual content protocol.
So what can we do? First of all, there are many intermediate solutions between Sergio’s approach – with a limited fixed set of OPCODES which can only be added with a change of lasting protocol – and the idea that I provided in the ES2 blog to have minors vote on change costs in a fluid way for each script. An approach could be to make the voting system more discreet, so that there is a hard line between a script having to pay 100% of costs and a “promoted” script to be an OPCODE which only needs to pay a 20x cryptocurrency. This could be done via a combination of user counting, voting for minors, voting for Ether holders or other mechanisms. It is essentially an integrated mechanism to make hard forks that technically require any source code update to apply, which makes it much more fluid and not disruptive than a manual approach of the hard charge. Second, it is important to emphasize once again that the ability to effectively make the strong crypto has not disappeared, even from the Genesis block; When we launch Ethereum, we will create a SHA256 contract, a Sha3 contract, etc. And the “premin” in pseudo-opcode status from the start. Ethereum will therefore come with batteries included; The difference is that the batteries will be included in a way that allows the inclusion of more batteries in the future.
But it is important to note that I consider this ability to add effective optimized cryptographic operations in the future to be compulsory. Theoretically, it is possible to have a “zerocoin” contract within Ethereum, or a contract using cryptographic evidence (SCIP) and completely homomorphic encryption so that you can really use Ethereum as “the Amazon EC2 decentralized instance” for cloud computing that many people are now incorrectly. Once the computer is quantum, we may have to go to contracts that rest on NTRT; A SHA4 or SHA5 come out, we may need to move on to contracts that rely on them. Once Obscure technology Matres, contracts will want to count on this to store private data. But for all this to be possible with something less than $ 30 per transaction, the underlying cryptography should be implemented in C ++ or in a machine code, and it would take a cost structure that would reduce the costs appropriately once the optimizations. This is a challenge to which I do not see any easy answer, and the comments and suggestions are very welcome.
