What's New in Eth2 - 26 November 2018

Edition 8. Archive. Trouble viewing? Load original.

Ben Edgington (PegaSys, ConsenSys — but views expressed are all my own)

The No More TODO Edition

Tl;dr — a couple of big rocks have been put in place this week: the elliptic curve for BLS signatures has been specified, and the fork choice rule has been explicitly documented. Slot duration has been reduced to 6 seconds, and there's no more TODO (but only because the "to do" list is now maintained separately in GitHub issues).

Thank you so much to Chih Cheng Liang who made a lovely archive on the Ethereum.org server for these posts to live in 😍.

Any mistakes/typos/omissions in this edition are due to me trying to watch the world chess championships while preparing it. Sorry!

Specification updates

General

Reminder: take a look at the open issues marked RFC and get involved. Currently up for discussion:

• Proposal to use SSZ for consensus only. Don't miss the party.

Beacon chain specification

• There has been another stealthy update to SLOT_DURATION. A while ago, the beacon chain block interval (slot duration) was increased from 8 to 16 seconds. It's now been reduced to 6 seconds. This presumably reflects some optimism about the efficiency of BLS signature aggregation. It will likely be tuned as implementations get tested.
• The differing roles of proposer and attester are being clarified. Proposers can be slashed if they are proven to have signed two different proposals for the same slot.
• Speaking of slashing, there is now a mechanism for rewarding those reporting bad behaviour of attesters or proposers: the current proposer receives 1/512 of the offender's deposit. Thus, one of the duties of proposers is to check for bad behaviour by others. This is nice: since only the current proposer receives the reward, it side-steps the usual problem of fault-proofs being front-run by miners.
• The elliptic curve for BLS signature aggregation has been specified as BLS12-381 (it was previously alt_bn255). It is the same curve that ZCash is now using, and was proposed back in May. [Today's fun fact: the team behind BLS signatures (Boneh, Lynn, Shacham) is, mostly, different from the team behind the BLS curves (Barreto, Lynn, Scott).]
• In addition, a domain parameter has been added to signatures according to whether they are signatures related to beacon chain deposits, attestations, proposals or logout, or operating in shards. This parameter is also dual-purposed to distinguish activity on (planned) network forks. There's a draft spec showing how all this could be implemented.
• The beacon chain fork choice rule has now been properly specified: it is LMD GHOST. This is a significant step forward — the fork choice was one of the big gaps in previous versions.

I previously missed this as it lurks under the innocuous title "Miscellaneous beacon chain changes". There's lots of good discussion in there about possible beacon chain protocol changes.

Finally, the "TODO" list has been removed. Not because everything has been done, I guess, although much of it has. We also lose the completion estimate (was 65% before recent changes).

Shard chains specification

• Vitalik is very pleased with this commit that simplifies shard block handling by fixing the block size at 16KBytes. By comparison, the current PoW Mainnet block size is generally between 15 and 30KB; shards will produce blocks more than twice as rapidly, so a single shard's capacity ought to exceed current Mainnet capacity by a factor of at least two (all else being equal). Again, I expect this parameter to be tuned-up as implementations begin to get tested.

Simple Serialize

• The SSZ spec is explicitly now CC0 (Creative Commons).
• There have been some simplifications to the Merkle hash algorithm introduced last week. Recall that this algorithm takes a list of data items (of the same type) such as hashes and calculates a Merkle tree root hash for them. Each hash in the list could be the hash of a much larger blob of data. The eficiency comes from not having to recalculate a hash if its data blob has not changed. This is potentially much better than serialising the whole state and hashing across all of it every time.

Implementers' call

No call last week. Notes from the 15 November call are available.

Gitter

Most of the last week's noise has been on the All Core Devs Gitter 🙄.

Highlight of the week on the Sharding Gitter (no, the name can't be changed): an excellent clarifying conversation between Jacek and Danny on the work of proposers, and the sizes of committees.

Ethresear.ch

Not on Ethresear.ch, but a research theme nonetheless: my PegaSys colleagues have done some simulations of Sybil attacks on the p2p network with interesting conclusions:

Now, from Ethresear.ch:

• Some creative thinking on VDFs: use satellites!
• Encumberments: instant cross-shard payments over slow cross-shard base-layer communication as a layer 2.
• Discussion about the current protocol's resistance to adaptive attackers. Learn about the "cuckoo rule" defence against join–leave attacks.

In other news...

• If you haven't seen it yet, watch it immediately: A Blockchain Holiday Dinner! 😂 Equally applicable to Christmas (or insert appropriate local celebration here).
• Vitalik discusses where the 32 Eth number for staking comes from and other topics around Ethereum 2.0 design.
• The series of Ethereum 2.0 explainers from Status now includes an article on the beacon chain. It nicely complements my blog post from a few weeks ago.

Main sources:

• The specification documents
• • Pull requests
  • Commits
  • Issues
• Fortnightly Eth2.0 implementers' calls
• https://ethresear.ch/
• https://gitter.im/ethereum/sharding and https://gitter.im/ethereum/casper
• Updates to the Eth2.0 Handbook.
• Updates to https://github.com/ethereum/wiki/wiki/Sharding-roadmap
• Issues at https://github.com/ethereum/beacon_chain/issues
• https://github.com/ethresearch/p2p/issues

Follow me on Twitter to be notified of updates.