What's New in Eth2 - 31 August 2019

Edition 25. Archive. Trouble viewing? Load original.

Ben Edgington (PegaSys, ConsenSys — but views expressed are all my own)

🔍 The Under Scrutiny Edition 🔍

I've been hiding within an Ethereum 2.0 bubble for well over a year now—the intensity of the Eth2 effort kind of demands it. So it was wonderful to surface for a while at EthBerlin and take a look around at the wider landscape. My takeaway: the level of activity across the Ethereum ecosystem is astonishing 🤯 Ethereum today, with all the constraints and limitations we know about, is wonderfully alive and creative and vigorous! Just imagine how things are going to be when we finally unleash the full power of Eth2 🚀

This edition's top pick: take the time to listen to Danny Ryan's Into The Ether podcast. A great overview of where we've been, where we are, and where we're going. (Direct link to MP3.)

Oh, and read to the bottom to find out how to help me win a T-shirt 😆

Phase 0 specification

Version 0.8.3 is out. This is the selected spec release target for client interop work going on in September. There are no substantive changes to the core specification, only updates to tests, some clarifications, and an update to the networking spec.

Protolambda has created a very useful summary of the various optimisations that clients have made in implementing the specification.

Feedback on the spec

Since the Phase 0 and Phase 1 specifications are no longer such moving targets, it's now the season of close scrutiny and evaluation. We've already seen the results of Runtime Verification's audit of the deposit contract. I am really delighted to see more of this happening: the more eyes on all this, the better.

This week, people have been looking at the Ph0 fork choice rule and the Ph1 proof of custody construction.

Fork choice rule

Ryuya Nakamura (a Casper CBC researcher) described a flip-flop attack on LMD GHOST. This is by no means fatal, but under some circumstances an attacker could prevent the beacon chain from finalising blocks for a few hours. As I understand it, the attacker (who needs to control a significant fraction of the network, but less than one third) can "save up" attestations during a network outage and then use those attestations later to prevent the network agreeing to finalise blocks for a period of time after the outage.

A possible defence may be to modify the rule to FMD (fresh message driven) GHOST: attestations would be valid only for a limited time, so couldn't be saved up by an attacker.

Proof of custody

Meanwhile, Dmitry Khovratovich was commissioned to do an audit of the proposed mechanism for generating proofs of custody using the Legendre PRF. For an excellent introduction and background to the proof of custody problem, see the first page of his proposed fix document.

In his audit document, Khovratovich finds several issues with the originally proposed construction, and a possibly improved attack on the Legendre PRF itself. He proposes a new protocol, still using the Legendre PRF, and there is a PR to incorporate this into the Phase 1 specification.

The Ethereum Foundation has funded some bounties for attacks on the Legendre PRF, and even for the most interesting paper on it.

Open Issues

Here are some open issues in the specifications repo that caught my eye recently.

• Economic calculator for Ph0: a plan to create a "visual calculator" for rewards and penalties to make the incentives and risks more transparent for those wishing to stake. I was privileged to enjoy a nice lunch yesterday with Collin Myers who has done some work on this previously. Vitalik recently updated Collin's spreadsheet.
• Inactivity penalty for participating validators might be too high. As it currently stands, it is possible even for correctly behaving validators to lose stake while the inactivity leak is operative (i.e. when blocks are not being finalised). There may be a rework of incentives in general which would also fix this.
• Edge case: crosslinks de-finalizing. Epoch transitions make dealing with crosslinks complicated. Some ideas on how to improve this.
• Choose signature aggregation dissemination strategy for mainnet. How best to efficiently aggregate shard committee signatures? One candidate is the Handel protocol from my PegaSys colleagues.

Implementers' call

Call #24 took place on the 29th of August.

• Agenda
• Video
• Initial quick notes from Mamy and myself.

Lots of good updates. I won't repeat everything here, my notes cover things fairly succinctly. A couple of things — links to the results of the Protocol Labs' EthBerlin bounties (some great work emerged!) and planning for the rapidly approaching Interop retreat (see below).

Research

Some topics from ethresear.ch.

Something that is increasingly gaining attention is how to maintain validator privacy/anonymity. This is important for a couple of reasons. First, since validators need to keep their private keys always available for signing block proposals and attestations, we can expect that they might become targets for attack. Second, if block proposers are known too far in advance, then it is easier to target them for bribery or denial-of-service attack.

The second issue could be addressed by using "secret single leader election". In each slot a validator can discover that it is the sole proposer for that slot, and can prove later it acted correctly as block proposer, but it cannot be worked out ahead of time. My PegaSys colleagues proposed such a scheme a few months ago. Justin Drake has managed to improve the efficiency of the scheme such that it may now be practical to implement: Low-overhead secret single-leader election.

With respect to the first issue, the PegaSys team is back with, Anonymity: a ZKP to remove the mapping ip address / wallet’s public key of a validator, and Mikerah is also working on Privacy-Preserving Casper FFG using Traceable Ring Signatures.

On another topic, there is an interesting discussion about differing Ether issuance rates on the Eth1 chain and the Eth2 beacon chain, and possible consequences of this: Where will reward money on Beacon chain come from?

On the Gitter

Highlights from two weeks of Gitter channel.

• Protolambda is making a repo of Eth2 repos.
• Discussion of the keystore format for Eth2.
• LMD GHOST flip-flop attack (described above).
• Shared validator. This looks like a smart contract system for managing staking pools. I didn't have time for a close look, and the docs are sparse.
• The Validator API has moved to a new repo.
• Stakes won't be portable in Phase 0.
• But transfers should be available at or before Phase 1.
• Discussion of when validators are rewarded. (I'm halfway through writing an explainer on this - must finish 😅)
• Protolambda's notes on merkle trees and client optimisations.
• Danny sets Some expectations for BLS signature handling performance.
• A non-impactful bug in the Genesis state for v0.8.3 tests.

Interop retreat

Way back in May this year, during the NYC Eth2 meetup, Joseph Delong proposed holding an Interoperability "lock-in". The plan being for all the client teams to try plugging their implementations together, seeing what works, and fixing what doesn't. Joe Lubin kindly offered to fund most of the expenses for this.

For the past three months, all the teams have been working diligently towards this Interop retreat: implementing and passing the common reference tests, collaborating on networking specifications, implementing tooling to quickly get test nets up and running. The spec freeze in June has been a huge help, giving us all something stable to target.

Well, the time is upon us! In a week's time, forty-five of us will be gathering in a lakeside cabin in remote Ontario, including all the client teams, some EF people, some Whiteblock people, the Phase 2 Quilt team, and the EF Ewasm team. Antoine Toulme, CTO of Whiteblock, is the appointed technical director, ensuring that we make orderly progress, and resolve our differences effectively. And perhaps, even, amicably.

I won't be publishing another edition of What's New in Eth2 until it's all over, but watch this space for a full report in three weeks or so. And, meanwhile, look out for plenty of exciting memes on Twitter 😱

Here's a teaser for what's to come: Nimbus talks to Lighthouse.

Wish us luck!

In other news

• The Ethereum Foundation has announce a round of grants totalling over $2M, all aimed at supporting Ethereum 2.0 research and development. I'm especially pleased to see co-funding from ConsenSys for Lighthouse and Whiteblock.
• Client development updates are out for Lighthouse (Fuzzing Update 1 — finding bugs by throwing creatively broken input at the client), Prysm, Lodestar, and Nimbus. Nimbus also did a video AMA session.
• A super accessible Eth2 overview article from bitrates.
• Protolambda is planning to make a visualisation of the development of all the GitHub Eth2-related repos, similar to the one that Prysmatic Labs did for their GitHub repo (there's now a higher res version of that)
• Vitalik enumerates things that might break when/if we fold the Ethereum 1 chain into Eth2. Don't panic! We've likely got a few years to work this stuff out.
• Rocket Pool is launching a Beta of its Eth2 staking infrastructure service. Initially (v1) with a mocked beacon chain; later (v2) with some real beacon chain clients.
• 👕 Help me win a T-shirt! 👕 Since Hyperledger voted to adopt our Ethereum Mainnet client, Besu (fka Pantheon), we're having an internal social media competition to get the news out. Please help me win by taking a moment to like/retweet/click through on my tweets here and here. [I largely end up writing all this stuff here in my own time—it's Saturday morning now—which I'm fine with, but it would be even better if I were wearing an exclusive PegaSys T-shirt 😂]

Follow me on Twitter and/or Peepeth to hear when the next edition is out 🙌.

We also have an RSS feed.