The first day after the merger: quick review of PoS Ethereum design

Source: @ stonecoldpat0

By Patrick McCorry

energy consumption

The combined energy consumption will be reduced by 99.8%. This can be publicly verified. After all reasonable doubts are eliminated, it can be said that the use/operation of Ethereum will not have an impact on the environment. No, no, not at all. This reduces the problem of persuading novices to try, adopt and use cryptocurrencies.

Scalability

The transformation of PoS will not affect scalability. PoW and PoS are consensus mechanisms against witch attacks. Its goal is to limit the people who can participate in the block generation process. It will only find participants who share risks and therefore act rationally.

Quoted tweets: https://twitter.com/el33th4xor/status/1006931658338177024

Slot, epoch and committee

An epoch has 32 slots. In an epoch, the entire set of verifiers will be averaged to each slot, so the size of the committee is equal to all verifiers divided by 32. In a slot, one committee member proposes a block, and the remaining members vote on it. (BLS generates random beacon)

Synchronization and voting

A slot is a 12 second time slot:

  • 0 - 4 seconds: proposed block

  • 4 - 12 seconds: voting and counting

In the best case, block proposal and voting will be conducted normally. Sometimes, the proposer may go offline, so no blocks will be proposed.

Processing skipped blocks

If the block proposer is offline, then:

  • Committee members (slot 96) will vote for the previous block

  • The next committee will continue to function normally

Like all blockchains, this can promote the formation of an authoritative chain, because blockchain producers/verifiers must extend a parent block.

Latest block and fork processing

It is possible to branch at the top of the chain:

  • The block proposer has proposed two or more blocks (confiscation, but blocks still exist)

  • A delay occurs and the block reaches the next slot.

At this time, the committee members of the slot need to select a block.

The Importance of Bifurcation Selection Rules

Committee members should select the "heaviest chain" based on the same set of rules:

  • Select the fork with the most votes

  • Select the block with the lowest hash when the votes are tied

  • Proposer boost: If the block is proposed in this slot, select the block with 70% additional votes

Quoted tweets: https://twitter.com/hasufl/status/1570316069306503170

Block deterioration

If the majority of committee members vote for the same block, then:

  • The future committee will continue the winning block

  • The competing fork blocks will become "bad" or "discarded"

Fork selection rule: follow the chain with the most votes.

Weak subjectivity

Due to the nature of "voting" and "long-range attack", we cannot receive a copy of the blockchain from an untrusted source and verify whether it is a "real" chain, but must rely on social consensus and well-known checkpoints: [blog link]

Cited article: Proof of Stack: How I Learned to Love Weak Subjectivity | Ethereum Foundation Blog

Final certainty

We can understand the following guarantee: "Once the block is finalized, it will never be reversed".

Two stages:

  • Verification: After 1 epoch, the next candidate block will be finalized.

  • Final determination: after two epochs, the absolute majority has voted for it (twice).

Two block trees

The charm of PoS Ethereum is that it has two components:

  • Realize activity through LMD Ghost mechanism (follow the heaviest block branch)

  • Security is implemented through Casper's FFG (select a block and finalize it).

The epoch chain gives us confidence, while the top of the slot chain is the "pending world state"

Attackers: more than 1/3 of pledged deposits

Attackers cannot control the ordering of transactions, but they can attack the final certainty. It can only be finalized when more than 2/3 of the verifiers vote for a block. If it only gets less than 2/3 of the votes, it cannot be verified or finalized.

Penalty for omission

The honest verifier will continue to produce blocks in the slot, and slowly exclude those who do not follow the fork selection rules. In the end, those who do not vote will lose enough pledge deposits, so that honest verifiers can account for more than 2/3 of the pledge.

Two parallel chains

If the punishment of omission occurs, it is because:

  • A verifier set wants to review a transaction

  • Another verifier set wants to package transactions

Each verifier set will impose a "penalty of omission" on the other verifier set. This led to the birth of two chains. This is a peaceful bifurcation.

Attackers: accounting for more than 1/2 of pledged deposits

They controlled the "fork selection rule" and decided to ignore the blocks that packaged the review transaction. For example, in the PoW mechanism, they cannot change the consensus rules, but can only control the ordering of transactions. But as far as I know, in this case, "inactivity leak" will not be activated.

Guard of Ethereum

What can we do in the face of censorship? The answer is a user activated soft fork! In general, we can force an exit (and potentially) to seize an attacker through forked code. This is a targeted attack and will not harm the interests of honest verifiers.

Quoted tweets: https://twitter.com/stonecoldpat0/status/1560040361447260163

Multi client theme

Objective: To avoid zero day attacks that will allow block/invalid transactions to be finalized forever. But how many clients does this require? Well, another problem that arises is the punishment for inaction. If two 50% clients diverge, they will eventually become two parallel worlds.

No single client can activate vulnerability

When the proportion of pledged deposits of the verifier running a client portfolio is more than 33%, the penalty of omission will become meaningful. By running a client that is used by a few people, you can minimize all the damage caused by software vulnerabilities. Read more here: https://dankradfeist.de/ethereum/2022/03/24/run-the-majority-client-at-your-own-peril.html

Punishment is not equal to confiscation

difference:

  • Penalty: It is only a small problem and will not cause damage to the network

  • Confiscation: the verifier has committed publicly detectable and malicious acts

If the verifier triggers the forfeiture condition, they will be forcibly removed from the network. Read more:

Cited article: https://eth2book.info/altair/part2/incentives/slashing/

Two kinds of forfeiture

1. Vote/propose two or more blocks in the same slot (enforce the rule of one vote per slot)

2. Propose to "include" a fork that you have voted for (to resist long-range attacks)

I made a visual diagram based on the formula on the diagram to help you understand.

Anyway, I hope you like this tweet. Ethereum has changed its consensus agreement from workload proof mechanism to equity proof mechanism, which is a great achievement. This is why Ethereum, its roadmap/technology and community are very good.

Ethereum is a paradise for experiments.