Ethereum Scalability and Decentralization Updates

Scalability is currently at the forefront of technical discussions in the cryptocurrency scene. The Bitcoin blockchain is currently over 12 GB in size and it takes several days for a new Bitcoin node to fully sync. The UTXO set that needs to be stored in RAM approaches 500 MB, making continuous software improvements in the source code easy. Not enough to alleviate this trend. Over the years, it has become increasingly difficult for regular users to run a fully functional Bitcoin node locally on their desktop, and Bitcoin’s price, merchant acceptance, and popularity have changed. Despite the rise, the number of complete nodes in the network has skyrocketed. Currently, the 1 MB block size limit puts a theoretical upper limit on this increase, but it comes at a high cost. The Bitcoin network cannot process more than 7 transactions per second. If Bitcoin’s popularity jumps 10x again, the restrictions will increase transaction fees to nearly $1, making Bitcoin less useful than PayPal. If there is one problem that needs to be solved to effectively implement Cryptocurrency 2.0, it is this.

The reason we in the cryptocurrency space have these problems and have made so little progress in finding solutions is because the design of all cryptocurrencies has fundamental problems that need to be addressed. Because there’s one problem. Among the various proof-of-work, proof-of-stake, and reputation consensus-based blockchain designs that have been proposed, every single full node must process every single transaction. None of them have been able to overcome the same core problem. It is also possible to have nodes that can process all transactions, up to thousands of transactions per second. Centralized systems like Paypal, Mastercard, and bank servers work fine. However, the problem is that setting up such a server requires a lot of resources, so there is no incentive for anyone but a few large companies to do it. When that happens, those few nodes become potentially vulnerable to profit motives and regulatory pressures, free to themselves and all other users who rely on those centralized nodes for security. could theoretically start making unauthorized changes to the state, such as giving away money. There is no way to prove that a block is invalid because we don’t have the resources to process the entire block.

Ethereum currently has no fundamental improvements beyond the principle that every full node must process every transaction. Creative ideas have been proposed by various Bitcoin developers, including multiple merged mining chains with protocols for moving funds from one chain to another, and these are part of our cryptocurrency research Although this will be a large part of our activities, research on how to implement it is currently underway. It is not yet optimally mature. However, with the introduction of block protocol 2.0 (BP2) does not overcome the fundamental scalability flaw in blockchains, but as long as there is at least one honest full node (for anti-spam reasons, as long as there are at least 0.01% of nodes) , there is a protocol that can get you halfway. A “light client” that only downloads a small amount of data from the blockchain (such as mining power or ownership of ether) can maintain the same level of security as a full node.

What is a light client?

The basic idea behind the light client is that Bitcoin (and modified format, Ethereum) Using something called a Merkle tree, it is possible to construct a proof that a particular transaction is in a block, which is much smaller than the block itself. Currently, the size of a Bitcoin block is approximately 150 KB. The Merkle proof of a transaction is approximately 0.5 kilobytes. When the Bitcoin block size reaches 2 GB, the proof can grow to 1 kilobyte. To construct a proof, we simply follow the “branches” of the tree from the transaction to the root, providing nodes for the sides of each step. This mechanism allows light clients to guarantee that transactions sent to them (or sent by them) actually entered the block.

This makes it much harder for malicious miners to trick light clients. In a virtual world where running a full node is completely impractical for normal users, if a user wants to claim that he sent 10 BTC to a seller who does not have enough resources to download the entire block, the seller is helpless. Not. They will request proof that the transaction sending them his 10 BTC is actually in the block. If the attacker is a miner, they may be more sophisticated and actually put such transactions into the block, but they may cause them to spend funds (such as UTXO) that don’t actually exist. However, there are defenses here as well. A light client can request a tree proof of his second markle indicating that there are also funds being spent by 10 BTC transactions, and this can continue to a safe block depth. From the perspective of a miner using a light client, this turns into a challenge/response protocol. A full node that validates transactions can issue a “challenge” to the network when it detects that a transaction has used an output that does not exist. Other nodes (perhaps miners of that block) must then publish a “response” consisting of a Merkle tree proof showing that the output in question is indeed present in some previous block. However, there is one drawback to this Bitcoin protocol: transaction fees. A malicious miner can reward himself with his 1000 BTC and publish a block, but other miners running the light client will have to collect all the fees from every transaction itself. There is no way to know that this block is invalid unless you do so. For all they know, someone else could have actually been crazy enough to add his 975 BTC worth of fees.


block protocol-20

In the previous block protocol 1.0, Ethereum was even worse. In the light client, there was no way to even verify whether a block’s state tree was a valid result of its parent state and transaction list. In fact, the only way to get any guarantees was for a node to execute all transactions and apply them sequentially to the parent state itself. However, BP2 adds even stronger guarantees.and BP2, each block now contains three trees. A state tree, a transaction tree, and a stack trace tree that provides an intermediate root for the state tree and transaction tree after each step. This allows for a challenge/response protocol that works in a simplified form as follows.

  1. Miner M publishes block B. Perhaps the miner is malicious, in which case the block will incorrectly update its state at some point.

  2. Light node L receives block B and performs basic proof-of-work and structural validation of the header. If these checks pass, L starts treating the block as legitimate, albeit unverified.

  3. Full node F receives block B and begins a complete validation process, applying each transaction to its parent state and ensuring that each intermediate state matches the intermediate state provided by the miner. Suppose F discovers a mismatch at point k. F then broadcasts a “challenge” consisting of B’s ​​hash and the value k to the network.

  4. L accepts the challenge and temporarily flags B as untrustworthy.

  5. If F’s claim is false and the block is valid at that time, then M is a local You can generate proof of integrity. The number of Merkle tree nodes in the state and transaction tree that changed during the update process from k to k+1. Then L receives M’s word about the validity of the block up to point k, manually performs the update from k to k+1 (this consists of processing a single transaction), and the root hash is We can verify the proof by checking that it matches the value of M. Served at the end. Of course, L also checks whether the Merkle tree proof is valid for the values ​​of states k and k+1.

  6. If F’s claim were true, M would be unable to come up with a response, and after a certain amount of time, L would discard B completely.

Note that the weaknesses of Bitcoin’s light client protocol do not currently apply to this model, as transaction fees are burned rather than distributed to miners. However, if you decide to change this, you can easily adapt the protocol to handle it. The stack trace also maintains a running counter for transaction fees, along with the state and transaction list. As an anti-spam measure, for F’s challenge to be effective, F must mine one of the last 10000 blocks or at least hold onto his 0.01% of the total supply of Ether for a certain period of time. If a full node sends a fake challenge, meaning the miner successfully responds to it, the light node can blacklist the node’s public key.

So, what this means is that even if there are only a small number of complete nodes, Ethereum, unlike Bitcoin, is likely to be completely secure, including against fraudulent issuance attacks. . As long as at least one complete node is honest, it will validate the block and publish a challenge if necessary, allowing light clients to point out which blocks are defective. Note that this protocol has one weakness. The block generation process requires a prior knowledge of all transactions before processing the block, and adding new transactions requires significant effort to recompute intermediate stack trace values. becomes more inefficient. . However, it is likely possible to patch the protocol to avoid this, and if so, BP2.1 will include such a fix.

Blockchain-based mining

Although the details have not yet been finalized, Ethereum is likely to use the following mining algorithms:

  1. Let’s make it H[i] = sha3(sha3(block header without nonce) ++ nonce ++ i) for i in [0 …16]

  2. Let N be the number of transactions in a block.

  3. Let’s make it T.[i] (H[i] mod N)th transaction in the block.

  4. Let S be the state of the parent block.

  5. Apply T[0] …T[15] Convert to S and let the resulting state be S’.

  6. Let x = sha3(S’.root).

  7. Block is valid if x * difficulty <= 2^256.

It has the following characteristics:

  1. This is very taxing on memory. daggerThis is because mining requires access to virtually the entire blockchain. However, because it can be parallelized on shared disk space, Dagger may become GPU-driven rather than CPU-driven as originally hoped.

  2. The validity proof consists of only a relatively small subset of Patricia nodes used during the processing of T, making the verification more memorable.[0] …T[15]

  3. All miners essentially need to be full nodes. Requesting block data from the network for each nonce would be prohibitively time consuming. Therefore, Ethereum has more full nodes than Bitcoin.

  4. As a result of (3), one of the main motivations for using centralized mining pools, the fact that miners can manipulate the entire blockchain without downloading it, is negated. Another main reason for using mining pools is the fact that they level out payout rates, but they can be easily combined with decentralized p2pools (eventually with development resources to support them). ).

  5. The ASIC for this mining algorithm is at the same time an ASIC for transaction processing, so the Ethereum ASIC helps solve the scalability problem.

From here, only one optimization can actually be performed. The idea is to find some way to overcome the obstacle of requiring every full node to process every transaction. This is a difficult question. Developing truly scalable and effective solutions takes time. However, it is a strong start and may even end up being one of the key ingredients to the final solution.

Related Article


Leave a Comment