The first day after the merger: quick review of PoS Ethereum design
Source: @ stonecoldpat0
By Patrick McCorry
The combined energy consumption will be reduced by 99.8%. This can be publicly verified. After all reasonable doubts are eliminated, it can be said that the use/operation of Ethereum will not have an impact on the environment. No, no, not at all. This reduces the problem of persuading novices to try, adopt and use cryptocurrencies.
The transformation of PoS will not affect scalability. PoW and PoS are consensus mechanisms against witch attacks. Its goal is to limit the people who can participate in the block generation process. It will only find participants who share risks and therefore act rationally.
Quoted tweets: https://twitter.com/el33th4xor/status/1006931658338177024
Slot, epoch and committee
An epoch has 32 slots. In an epoch, the entire set of verifiers will be averaged to each slot, so the size of the committee is equal to all verifiers divided by 32. In a slot, one committee member proposes a block, and the remaining members vote on it. (BLS generates random beacon)
Synchronization and voting
A slot is a 12 second time slot:
0 - 4 seconds: proposed block
4 - 12 seconds: voting and counting
In the best case, block proposal and voting will be conducted normally. Sometimes, the proposer may go offline, so no blocks will be proposed.
Processing skipped blocks
If the block proposer is offline, then:
Committee members (slot 96) will vote for the previous block
The next committee will continue to function normally
Like all blockchains, this can promote the formation of an authoritative chain, because blockchain producers/verifiers must extend a parent block.
Latest block and fork processing
It is possible to branch at the top of the chain:
The block proposer has proposed two or more blocks (confiscation, but blocks still exist)
A delay occurs and the block reaches the next slot.
At this time, the committee members of the slot need to select a block.
The Importance of Bifurcation Selection Rules
Committee members should select the "heaviest chain" based on the same set of rules:
Select the fork with the most votes
Select the block with the lowest hash when the votes are tied
Proposer boost: If the block is proposed in this slot, select the block with 70% additional votes
Quoted tweets: https://twitter.com/hasufl/status/1570316069306503170
If the majority of committee members vote for the same block, then:
The future committee will continue the winning block
The competing fork blocks will become "bad" or "discarded"
Fork selection rule: follow the chain with the most votes.
Due to the nature of "voting" and "long-range attack", we cannot receive a copy of the blockchain from an untrusted source and verify whether it is a "real" chain, but must rely on social consensus and well-known checkpoints: [blog link]
Cited article: Proof of Stack: How I Learned to Love Weak Subjectivity | Ethereum Foundation Blog
We can understand the following guarantee: "Once the block is finalized, it will never be reversed".
Verification: After 1 epoch, the next candidate block will be finalized.
Final determination: after two epochs, the absolute majority has voted for it (twice).
Two block trees
The charm of PoS Ethereum is that it has two components:
Realize activity through LMD Ghost mechanism (follow the heaviest block branch)
Security is implemented through Casper's FFG (select a block and finalize it).
The epoch chain gives us confidence, while the top of the slot chain is the "pending world state"
Attackers: more than 1/3 of pledged deposits
Attackers cannot control the ordering of transactions, but they can attack the final certainty. It can only be finalized when more than 2/3 of the verifiers vote for a block. If it only gets less than 2/3 of the votes, it cannot be verified or finalized.
Penalty for omission
The honest verifier will continue to produce blocks in the slot, and slowly exclude those who do not follow the fork selection rules. In the end, those who do not vote will lose enough pledge deposits, so that honest verifiers can account for more than 2/3 of the pledge.
Two parallel chains
If the punishment of omission occurs, it is because:
A verifier set wants to review a transaction
Another verifier set wants to package transactions
Each verifier set will impose a "penalty of omission" on the other verifier set. This led to the birth of two chains. This is a peaceful bifurcation.
Attackers: accounting for more than 1/2 of pledged deposits
They controlled the "fork selection rule" and decided to ignore the blocks that packaged the review transaction. For example, in the PoW mechanism, they cannot change the consensus rules, but can only control the ordering of transactions. But as far as I know, in this case, "inactivity leak" will not be activated.
Guard of Ethereum
What can we do in the face of censorship? The answer is a user activated soft fork! In general, we can force an exit (and potentially) to seize an attacker through forked code. This is a targeted attack and will not harm the interests of honest verifiers.
Quoted tweets: https://twitter.com/stonecoldpat0/status/1560040361447260163
Multi client theme
Objective: To avoid zero day attacks that will allow block/invalid transactions to be finalized forever. But how many clients does this require? Well, another problem that arises is the punishment for inaction. If two 50% clients diverge, they will eventually become two parallel worlds.
No single client can activate vulnerability
When the proportion of pledged deposits of the verifier running a client portfolio is more than 33%, the penalty of omission will become meaningful. By running a client that is used by a few people, you can minimize all the damage caused by software vulnerabilities. Read more here: https://dankradfeist.de/ethereum/2022/03/24/run-the-majority-client-at-your-own-peril.html
Punishment is not equal to confiscation
Penalty: It is only a small problem and will not cause damage to the network
Confiscation: the verifier has committed publicly detectable and malicious acts
If the verifier triggers the forfeiture condition, they will be forcibly removed from the network. Read more:
Cited article: https://eth2book.info/altair/part2/incentives/slashing/
Two kinds of forfeiture
1. Vote/propose two or more blocks in the same slot (enforce the rule of one vote per slot)
2. Propose to "include" a fork that you have voted for (to resist long-range attacks)
I made a visual diagram based on the formula on the diagram to help you understand.
Anyway, I hope you like this tweet. Ethereum has changed its consensus agreement from workload proof mechanism to equity proof mechanism, which is a great achievement. This is why Ethereum, its roadmap/technology and community are very good.
Ethereum is a paradise for experiments.