Scalability for Ethereum, at present, faces the problem of every node verifying and executing every transaction, which is an expensive process.
To achieve decentralization, blockchains must scale horizontally. ETH community members acknowledge that there are limitations to existing techniques, and they are developing new techniques to fix these problems.
A goal of Ethereum 2.0, also called Serenity, is for nodes to run on consumer hardware. The crucial point here is that scale improvement is on the minds of a lot of smart engineers, and there are solutions on the way. The resolution of these developments will determine exactly how well the field can grow in the future.
A. Why Consensus of ETH 2.0 is important for the security
Ethereum’s Beacon Chain is the heart of a system.
For details see: Eth1+eth2 client relationship by explained Danny Ryan
In order to Protect the Ethereum consensus-layer devs need to do a lot of crucial changes in the roadmap. ETH 2.0 mainly has three phases, Each phase is essential to the system and has a unique set of traits. You can find detailed specifications from Consensus-specs GitHub, which is great for follow-up.
Let’s deep dive into bullet points of cryptographic attacks and consensus solutions of ETH 2.0!
B. Cryptographic Attacks for the Security
- VDF (Verifiable Delay Function) Verifiable Random Functions (VRFs) play a key role in Proof-of-Stake blockchains to achieve highly scalable consensus. VRFs are commonly utilized in PoS blockchains to perform hidden cryptographic operations. These include electing block proposers and voting committee members as well as various applications in smart contracts such as the online lottery. The uniqueness, pseudorandomness, and provability properties of the VRF play crucial roles in preventing brute-force and bias attacks. Currently, Beacon Chain has no VDFs, attackers can bias the randomness and reveal their slots after they profit as much as they can.
- SLE (Single Secret Leader Election) Proposed by Dan Boneh Leader election is a question of fundamental importance in the distributed consensus literature. SSLE in the context of Proof of Stake (PoS) blockchains where the identity of a randomly chosen leader remains secret until she reveals herself as the leader. The added secrecy guarantee defends against several attacks that could otherwise compromise the liveness of the blockchain. Once a leader is selected, an attacker could mount a Denial of Service (DoS) attack on the chosen leader and prevent her from publishing a block. See Justin Drake tweet on SSLE. Also, the Beacon chain has no implementation of SSLE yet which means attackers can manipulate the slots of the chosen leader. Especially home validators can be targeted due to a lack of proper network equipment.
- BLS (BLS in ETH) Primary reason why BLS signatures are kind of a good match for the world of blockchains is that it’s very easy to aggregate. BLS signatures, once they’re produced so you can have a million people generates signatures on messages of their choice and then anyone can come in take those million signatures and push you can compress them into a single signature that can then be verified so that one single signature then basically provides a proof that all million signatures were valid. it’s really simple to aggregate all you do is just multiply all the signatures together that’s all. If you have a bunch of signatures in a block all the signatures on a block can be compressed into a single signature in the PoS systems. You have to have a lot of the stakers sign and sign the fact that they allow a certain state transition. That compressed single signature data that are actually stored in the blockchain is much smaller than it is than it was before and yet it still represents all of those signatures. Today, ETH can verify around 800 signatures per sec with BLS million signatures. which is crazy. The tricky side of BLS signatures, they are vulnerable to Reorgs Attacks. Short reorgs are not fatal, but they do still have some important detrimental consequences for the network. Recently ETH Beacon Chain suffers the longest reorgs attack.
- PoC (Proof of Capacity) is a consensus mechanism that uses a mining node’s hard drive space to decide the mining rights on the blockchain network.
The main goal of ETH 2.0 is to try and build a domain that is large enough for the whole world and at the back of the envelope calculation. They will get to a point where we’re doing 10 million transactions a second and that’s enough for the whole world. They plan to achieve this goal using rollups and sharding which each scaling solution gives a 100x faster mechanism and eliminates the computational bottleneck of blockchains.
DAS (Data Availability Sampling)
Rollup centric roadmap is inevitable. Rollup servers are centralized machines that can validate many transactions quickly. The idea here is to reduce the amount of computation and storage the L1 nodes must perform to check these transactions: rather than validating 10,000 individual transactions, the L1 nodes simply verify one short assertion posted by the rollup server. Fraud and data availability proofs are key to enabling the on-chain scaling of blockchains while maintaining a strong assurance that on-chain data is available and valid. In order to have shared security data availability is crucial. ETH 2.0’s long-term future as a single high-security execution shard that everyone processes, plus a scalable data availability layer.
- Optimistic Rollups use a “trust and punish” approach. The rollup server posts a financial bond to assure the world that it will correctly validate all of its transactions. In the unlikely event that the rollup server “cheats” and authorizes an invalid transaction, any third-party whistleblower can submit a “fraud-proof” that proves the rollup server’s failure. The L1 network can check these proofs, which will invalidate the bad transactions and pay the whistleblower a large reward.
- ZK rollups use cryptographic technology drawn from the field of zero-knowledge protocols, such as SNARK or STARK proofs, so the server can “prove” that all transactions were validated correctly before it posts the summary results to the chain. In principle, this means the L1 chain can verify a short “proof” that covers many thousand complicated transactions, with (essentially) no possibility of cheating.
Proposer/builder separation (PBS)(Commitment-reveal )
A major risk threatening the ongoing decentralization of consensus networks is the economics around miner extractable value (MEV ), sophisticated tricks to extract profit from the ability to choose the contents of the next block. A simple example of MEV is arbitraging all on-chain decentralized exchanges against price movements that have happened since the previous block. MEV emerges on the blockchain in a few ways. Such as DEX Arbitrage, Liquidations, Sandwich trading, and NFT MEV. You can think that MEV is an invisible tax that miners can collect from users. In the long run, it can harm Ethereum and its users.
The best-known solution is proposer/block-builder separation. Instead of the block proposer trying to produce a revenue-maximizing block by themselves, they rely on a market where outside actors that we call block-builders to produce bundles consisting of complete block contents and a fee for the proposer, and the proposer chooses the bundle with the highest fee. The proposer’s choice is reduced to picking the highest-fee bundle, an algorithm so simple that in a decentralized pool it can even be done inside an MPC to prevent cheating.
Here are the current Total Extracted MEV metrics of miners.
For a deeper exploration into Eth 2.0 metrics, explore these sites: CryptoQuant, Dune Analytics, Glassnode, and MEV- Explore v1.
The cryptography of the Serenity
Why is ETH obsessed with Cryptography? Why Not? Our Digital World, especially transactions, is unsafe. ETH 2.0 is not just a simple update on the blockchain, mostly it’s an innovation challenge. It prevents attackers from forging transactions or other dapp activities on your behalf. To keep your credentials safe, you approve dapp operations using your Ethereum account — often via your wallet.
Encryption
Perfect encryption is desirable but does not exist yet. ETH 2.0 has a long-term goal to build a fully encrypted network. We can see details of design challenges here:
Guaranteed Decryption:
- Threshold ( A committee can force decrypt the ciphertext with threshold signatures )
- Delay decryption allows verifiers to decrypt the message when the delay happens and use the VDFs.
- Witness decryption is very impactful, in order to decrypt the message verifiers need a witness like ZK-Snarks.
Guaranteed decryption is possible with an honest minority( at least one honest verifier ) and it has a very bad liveliness and brings latency and early decryption problems which makes the chain vulnerable to MEV attacks. ETH team plan to overcome these complications with best-applied encryption.
Metadata ( use case of Anti-scam protection ):
- IP (Tor browser as an example )
- sender, nonce ( transaction validity and sender privacy is secured by ZKP)
- gas limit ( on-chain transaction cost-based encryption around 21000 units, EIP1559 improves the transaction fee market, especially for wallets builders and users )
- size (padding makes transaction encrypt the same size but rounding transactions size to power 2 is costly and pays more for the data availability)
FHE (Fully homophobic encryption) Explorations
Homomorphic encryption is a form of encryption that permits users to perform computations on encrypted data without first decrypting it. ( see Lattices ) In order to achieve extreme encryption and avoiding front running computations, FHE is the most desirable solution for ETH 2.0 :
- Transaction clipping ( used for avoiding front running, clip the padding with 0 helps to achieve fixed size transactions )
- Bundle selection ( optimal bundle selection without privilege to encrypted access list and building decentralized blocks are desired outcomes. Currently Arbitrum model of first come first serve is an example of bundle selection but it introduces centralization for the private transaction)
- State diffing ( depth of the circuit creates extreme problems. Compressing transactions of a smaller size creates higher fees for users who want to donate to the same address. Once again Data Availability is a key solution and cost can be lower with zk rollups to compare optimistic rollups)
zkEVM is under development. Currently, FHE is more expensive than ZK. Most of the roadmap heavily invests in ZKP solutions for the next 10 years. In the long run, Exploring FHE has huge potential and ongoing deep research by ETH Research and DARPA ( Especially building hardware ASIC to accelerate FHE )
Security
Security is a wide subject that may cover spam/scam prevention, wallet security, hardware security, crypto-economic security, bug hunting and testing of apps and client software, and key management. Contributing to information in these areas will aid in promoting mainstream adoption.
Ethereum 2.0’s vision is to be more scalable and secure, but also to remain decentralized. It’s decentralization that gives Ethereum censorship resistance, openness, data privacy, and near-unbreakable security.
The proposed updates increase Ethereum’s protection against organized cyberattacks, such as a %51 attack. This kind of attack allows for the forced implementation of fraudulent updates if the attacker has control over the majority of the network. Because of the switch to proof-of-stake, the Ethereum protocol now has more disincentives to be attacked. This is because the validators that protect the network under proof-of-stake must stake huge sums of ETH into the protocol. If they attempt to hack the network, the protocol will destroy their ETH. Staking also eliminates the need to invest in high-end technology in order to participate directly in consensus. This should incentivize more individuals to become validators, further decentralizing the network and reducing the attack surface area. See the PoS details
The use of sharding required a change in Ethereum’s security paradigm as well. Every validator who must verify that all data has been made public will be coordinated by the Beacon Chain, but it will no longer be necessary for every node to store the chain’s whole history as we mentioned before. In order to produce blocks quickly and safely, a new position known as a specialized block builder will collaborate with block proposers (validators).
Takeaways
Ethereum merge is crucial for the future of the chain. Application-layer complexity and MEV of Ethereum are still increasing dramatically. Within the year, the known lower bound on MEV income may be higher than the cost of the security incentives for ETH miners.
The “tax” on Ethereum users could become unfeasible if MEV extraction becomes widespread and effective. The cost of using Ethereum might increase due to congestion. The platform’s user experience (UX) would be compromised, which would prevent Ethereum’s network effects and momentum.
These solutions all have significant effects on the Ethereum security and ecosystem. Many require modifications to the core protocol, and their implementation can take years. The majority of the ecosystem will probably need to be rebuilt and transferred to different environments for those that could only be done at the application layer, according to developers.
Please feel free to contact at info@silencelaboratories.com for further details and discussion.