Read on Twitter
The #Ethereum #proofofstake #phase0 #beaconchain is getting close to launch!
So what?
Here's a thread to explain why millions of dollars of #ETH are being moved into this state of the art gadget, what makes it different from other #PoS systems, and why it was worth the wait!
So what?
Here's a thread to explain why millions of dollars of #ETH are being moved into this state of the art gadget, what makes it different from other #PoS systems, and why it was worth the wait!
First things first: even though the #beaconchain is being referred to as an #eth2 or "Ethereum 2.0" technology, it does not exist to replace the current Ethereum Virtual Machine we know and love as "Ethereum 1.0" today. If you're using the EVM, you're fine. It's not going away.
Instead, the beacon chain is a gadget that was planned even from before the launch of "Ethereum 1.0" to be swapped in for the #proofofwork system, called "Ethash", which currently secures that same EVM environment. https://blog.ethereum.org/2014/10/03/slasher-ghost-developments-proof-stake/
Moving real ETH into the beacon chain gadget (which has been tested for months now to ensure the software and supporting tools are robust and reliable) is the first step in a phased plan to both eliminate Ethash and to upgrade Ethereum's capacity. #phase0
It is that upgrade *roadmap* for the existing EVM environment which is referred to as "Ethereum 2.0", even though "Ethereum 1.0" is coming along for the ride rather than being left behind. Confusing, I know. But there's only one Ethereum, one ETH currency, etc.
Okay, with all of that 1.0/2.0 stuff out of the way, the next obvious question is: if all of this was planned before the initial network even launched, then why did Ethereum's #proofofstake upgrade take over *six years*?
The answer is simple: until now the technology did not exist to run a secure, decentralised, and rapid #proofofstake system that was genuinely superior to #proofofwork on its technical characteristics. The beacon chain gadget differs substantially from previous generation #PoS.
The core issue is signature volume. If you want to replace computing power with digital assets as your costly commitment to a decentralised #cryptoeconomic protocol, you need a way for LOTS of participants to INDEPENDENTLY commit those assets to each protocol update they make.
If you keep the member list small, and the buy-in cost sky high, this problem is easy. You just take turns making updates, and once a high enough % of participants sign off, you get good economic guarantees (glossing all of BFT here, but it *is* 40 years old now, it's not hard).
And it's also not decentralised. But if you lower the buy-in to something even halfway accessible while still trying to keep security high, it takes forever to get the guarantees. You can take turns faster, but then your whole chain fills up with signatures. It gets bad fast.
Previous generation #PoS just gave up on trying to have more participants. They "delegated" the stake or "nominated" it or whatever. But either security was low, or getting "listed" was crazy expensive, or the chain was impossible to sync, or roles were trusted, or #alloftheabove
Random sampling can help, fraud reporting can help, but at the end of the day the #Ethereum community wasn't willing to give up security, decentralisation, *or* rapid finality. So there were always too many signatures. THAT'S why it took six years.
Fast forward to this year. The #Medalla beacon chain testnet hit almost 75,000 simultaneous validator slots, with a block every 15 seconds and *every* validator signing off on every 8 minute "epoch". That's nowhere near capacity: it was limited by total testing participation.
If the money used on #Medalla were real, faking 10 minutes / 40 confirmations would have required a budget of at least ~40M USD, and faking the ~20 minute irreversible finality guarantee would have cost ~800M USD. This blows the economic security of PoW out of the water!
So that's security and speed, but what about decentralization? Amazingly, there were over 5000 unique testnet addresses which participated in #Medalla, far higher than the number of solo miners in any #proofofwork chain today (most PoW miners use mining pools).
And how do entry costs for solo #beaconchain staking compare with solo PoW mining? If we take one block per month as the minimum viable proposition for solo mining, #ethereum #proofofwork mining rewards for 24 blocks/months amount to ~60 ETH (27,000 USD at #Medalla prices).
With 10% for electricity and 10% for profit, this means it costs ~50 ETH to become a solo #proofofwork miner on #ethereum. If you go more than 24 months between hardware refreshes, or you mine on a chain with less frequent rewards (like #bitcoin 
), then the entry cost is higher.
), then the entry cost is higher.
Entry costs for solo staking on the #beaconchain, meanwhile, are roughly 32 ETH plus ~1000 USD (2 ETH) in hardware and then a monthly cost of 100 USD or less for a solid internet connection. Call it ~40 ETH all in for 2 years, and we're basically in the same ballpark. Nice!
Note: this is a huge amount of $$, so the vast majority of individual #proofofwork miners are pooled miners, and similarly we can expect the vast majority of individual #proofofstake stakers to be pooled stakers. Trustless pools are crucial to maintaining financial accessibility.
(Insert shameless plug for my "Dirt Simple Withdrawal Contract" proposal which aims to bring us trustless pools as quickly and safely as possible: https://twitter.com/technocrypto/status/1327939776113233920 ) #beaconchain #teardownthe32ETHwall
But back to the #medalla #beaconchain. How was all this accomplished? How did researchers finally achieve a design that combined speed, security, and decentralization? And why wasn't this possible before now?
The answer (twice over!), is found in three little letters: #BLS
The answer (twice over!), is found in three little letters: #BLS
The Boneh-Lynn-Shacham (a.k.a. "BLS") signature scheme was invented almost 20 years ago, is fairly well studied, and relies on well understood cryptographic assumptions. It lets you easily combine (or "aggregate") multiple digital signatures into one! https://hovav.net/ucsd/dist/sigs.pdf
Seeing as how the root problem in keeping #proofofstake both decentralized and fast is the amount of signatures you have to store and process, this is definitely going to help! But there's a downside: the traditional way of doing BLS had poor performance at high security levels.
BLS to the rescue again! This time it's Barreto-Lynn-Scott curves, a family of elliptic curves which were discovered shortly after BLS signatures, but didn't rise to the forefront until the performance/security tradeoffs of the more popular "BN" curves were better understood.
In 2017 #Zcash researchers from @ElectricCoinCo designed and implemented BLS12-381, a specific member of the BLS curve family, to finally make possible BLS signatures with both high security levels AND high performance. The stage was set. https://github.com/zcash/zcash/issues/2502
It's at this point that #ethereum researchers actually started to play a role. Others had built all the parts but things needed to be standardised and hardened. This thread is getting super long so I'll just refer you here for the full details/backstory https://www.reddit.com/r/ethfinance/comments/jghide/daily_general_discussion_october_23_2020/g9sz7jm/?context=8&depth=9
The short gist is that a standard needed to be finalized; quality high performance libraries built, audited and formally verified; and quantum-secure redundancy built in to ensure that #ethereum could survive even the arrival of #quantumcomputing if it comes sooner than expected.
These processes literally finished just in time for the launch of the #beaconchain! Maybe not everyone cares about all these gritty details, but #ethereum researchers sure do, and that's how you're going to get #proofofstake that you can trust. It's #worththewait! Get psyched!
There are many more aspects of this #proofofstake design that I didn't have time to get into here, like how it combines BFT technology with the Casper FFG algorithm to provide both safety and plausible liveness under realistic network conditions, or how it supports sharding, etc.
But the main thing I want to share my excitement about is how this really is a gadget that couldn't have existed in this fashion and quality at any time before now. We're on the cutting edge and I for one am glad we took the time to do it right.
Now let's get this thing launched, and start testing it in production with real money at stake!
And also get trustless pools working kthanksbye.
#teardownthe32ethwall
And also get trustless pools working kthanksbye.
#teardownthe32ethwall
