The Question of Mining | Ethereum Foundation Blog

There are many interesting changes underway in the Ethereum protocol. This is expected to increase the power of the system and add further features such as the convenience of a lightweight client and high extensibility, making it easier to code Ethereum contracts. . In theory, none of these changes are necessary. The Ethereum protocol is fine as is and could theoretically be released as is once more clients are built. Rather, the changes are there to make Ethereum better. However, there is one design goal for Ethereum that makes the light at the end of the tunnel a little further down the road. That is the decentralization of mining. Although there is always a backup option to simply continue using Dagger, slasher It is completely unclear whether any of these algorithms, such as SHA3 or SHA3, can be truly decentralized over the long term and remain mining pool and ASIC resistant (Slasher is proof of stake, so decentralization is not guaranteed). However, it has some problematic flaws).

The basic idea behind the mining algorithm we want to use is basically in place. But, as with many things, the devil is in the details.

This version of the Ethereum mining algorithm is a Hashcash-based implementation similar to Bitcoin’s SHA256 and Litecoin’s cryptography. The idea is that the miner repeatedly computes a pseudo-random function on blocks and nonces, trying different nonces each time, and eventually producing a result where some nonces start with a large number of zeros. The only room for innovation in this kind of implementation is to change the function. For Ethereum, a high-level overview of the function considering the state of the blockchain (defined as the header, current state tree, and all data from the last 16 blocks) is as follows:

  1. Let me h[i] = sha3(sha3(block_header) ++ nonce ++ i) for 0 <= i <= 15

  2. Let me S The state of the blockchain will be 16 blocks ago.

  3. Let me C[i] This is the number of transactions in the block. I Before the block.Let me T[i] become (h[i] Mod C[i])th transaction from block I Before the block.

  4. apply T[0], T[1]T[15] sequentially S. However, each time a contract is processed by a transaction, small (pseudo-)random changes are made to the code of all affected contracts.

  5. Let me S’ The resulting state will be:Let me r will be the root sha3 of S’.

if r <= 2^256 / differenceafter that nonce is a valid nonce.

To summarize in a non-programming language, the mining algorithm involves a miner taking some random transactions from the last 16 blocks and performing calculations that apply them to the state 16 blocks ago with some random changes. and then you need to get the following hash: result. This process has to be repeated many times, each time the miner tries a new nonce, each time using a new set of random transactions and changes.

The benefits of this are:

  1. Mining requires the entire state of the blockchain, essentially requiring all miners to be full nodes. This helps decentralize the network as there are a large number of complete nodes.

  2. The usefulness of mining pools is greatly reduced because all miners must be full nodes. In the Bitcoin world, mining pools serve two important purposes. First, the pool equalizes mining rewards. Rather than every block offering the miner her 0.0001% chance of mining, 16,000bIahck,bemeterInercbenmeterIneIntahthepahahIbendthepahahIgIvesthemeterInerbe116,000 blocks, miners can mine into a pool, and the pool gives miners a chance to receive a 1% dividend.

  3. Almost by definition, it is ASIC-resistant. Since the EVM language is Turing-complete, he can encode into EVM code any kind of computation that can be done in a regular programming language. Therefore, the ASIC that can do everything in EVM will necessarily be his ASIC for general purpose calculations, i.e. the CPU. This also has social benefits like Primecoin. The effort that goes into building an EVM ASIC also has the side benefit of building hardware to speed up the network.

  4. Although this algorithm can be verified computationally relatively quickly, there is no “good” verification formula that can be executed within the EVM code.

However, some major challenges still remain. First, it is not entirely clear that a system that selects random transactions will actually require miners to use the entire blockchain. Ideally, access to the blockchain is random. In such a setup, a miner with half a blockchain will only succeed with about 216 nonces. But in reality, his 95% of all transactions may use his 5% of the blockchain. In such a system, a node with 5% of its memory will only suffer a slowdown penalty of about 2x.

However, secondly, and more importantly, it is difficult to say how well EVM miners can optimize. The algorithm definition above requires miners to “make random minor changes” to the contract. This part is very important. Here’s why: Most transactions have outcomes that are independent of each other. Transactions are of the form “A sends to B,” “C sends to D,” “E sends to contract F that affects G and H,” and so on, with no duplication. Therefore, without random changes, EVM miners don’t really need to do much computation. The calculation is done once, and the miner precomputes the delta, stores it, and applies it immediately. Random changes mean that the miner actually needs to do a new EVM calculation every time the algorithm is run. However, this solution itself is incomplete in two ways. First of all, random changes can simply cause very complex and convoluted calculations to terminate prematurely, or at the very least result in calculations that are very different from the optimizations applied to standard transactions. There is a possibility. Second, mining algorithms may intentionally skip complex contracts in favor of simple contracts or contracts that can be easily optimized. There are heuristic tricks to deal with both problems, but it’s completely unclear what exactly those heuristics will be.

Another interesting argument in favor of this type of mining is that even if optimized hardware miners emerge, the community will work together to essentially change the mining algorithm by “polluting” the transaction pool. It means you have the ability. An engineer can analyze an existing ASIC, determine what its optimizations are, and dump transactions to the blockchain where such optimizations do not work at all. ASIC cannot achieve more than 20x speedup if his 5% of all transactions are effectively contaminated. The good thing is that there is a reason why people pay transaction fees to do this. Individual his ASIC companies have an incentive to pollute wells for their competitors.

These are all things our focus will be on in the coming months.

Related Article


Leave a Comment