Ethereum Upgrade: EIP-2537

•

(1/24) @ethereum Upgrades: EIP-2537 EIP-2537 will implement precompiles for BLS12-381 curve operations. This one is very technical and can be tough to understand, but it has big implications for Ethereum's security and empowers ZK-powered, rollup centric roadmap.

(2/24) Ethereum is the World Computer, a single, globally shared computing platform that exists in the space between a network of 1,000s of computers (nodes). These nodes are real computers in the real world, communicating directly from peer to peer. x.com/LogarithmicRex/status/1592309373732151296

(3/24) There are a lot of ways to refer to Ethereum and similar systems: blockchains, smart contract platforms, distributed computing environments, layer 1 protocols, and on and on and on... But the most common way people refer to these systems: cryptocurrencies.

(4/24) I am not a huge fan of the "currency" part (which is largely inherited from @Bitcoin, the first blockchain). But the "crypto" part is exactly right. Cryptography is not only the key tech that enables blockchain, it is the key to delivering on every blockchain's roadmap. x.com/LogarithmicRex/status/1862168230686867611

(5/24) While the field cryptography has a long and storied history, the advent of blockchain technology has marked a new era for cryptography. Not only is cryptography finding more and more interesting use-cases, the pace of optimization and innovation is rapidly accelerating.

(6/24) The good news: with new cryptography, blockchains are becoming cheaper, faster and more expressive - the future of Ethereum has never been more promising. The bad news: the cryptography we've implemented in the World Computer is already showing its age.

(7/24) Fortunately, the World Computer is still evolving. Upgrades to the core protocol happen through the Ethereum Improvement Proposal (EIP) process. EIPs describe standards for Ethereum, including core protocol specifications, client APIs, and contract standards.

(8/24) Which brings us to EIP-2537: Precompile for BLS12-381 curve operations. While this seems like a particularly technical, esoteric upgrade, it's worth understanding at a high level to see the path from today to the fully manifested World Computer. eips.ethereum.org/EIPS/eip-2537

(9/24) Before we get to EIP-2537, we need to cover some basics. First, elliptic curve cryptography. Here's what you need to know: elliptic curve cryptography is based on mathematical properties of elliptic curves. x.com/LogarithmicRex/status/1581695845023350785

(10/24) An elliptic curve is defined as the set of points that satisfy the equation in the image below. At a very high level, elliptic curve cryptography is built around "adding" two or more points within the curve - we call this "point addition."

(11/24) While there are infinitely many possible elliptic curves, not all are created equal. Different curves may be more secure, easier/more efficient, etc. And while all curves support addition, not all curves support the operation that is analogous to multiplication.

(12/24) In elliptic curve cryptography, "multiplication" is carried out via a mechanism called elliptic curve pairings. Pairings are not for the faint of heart - they exist in the part of mathematics referred to as "moon math." All you need to know: pairings are very useful. x.com/LogarithmicRex/status/1583168818381172736

(13/24) Pairing-friendly elliptic curves are rare. If you create an elliptic curve at random, it has a minuscule chance of being pairing-friendly. However, we can find them. And we only need to find them once; after discovery, they can deployed to every relevant application.

(14/24) Which brings us to BLS12-381. BLS12-381 is an elliptic curve designed by @ebfull in 2017 and has become one of the foundational curves for modern blockchains. If you want to dive deep, this post by @benjaminion_xyz is phenomenal. hackmd.io/@benjaminion/bls12-381#BLS12-381-For-The-Rest-Of-Us

(15/24) BLS12-381 is a curve that not only support elliptic curve pairings, it generates short signatures that can be efficiently aggregated. Currently somewhat of a celebrity of the elliptic curve world, BLS12-381 enables much of the cryptography in next-gen blockchains.

(16/24) Today, Ethereum does not natively support BLS12-381. And though it's possible to program the functionality into a smart contract, the reality is that elliptic curve cryptography requires so much computation that it quickly becomes infeasible (consumes too much gas).

(17/24) However, it is becoming more and more clear that BLS12-381 is an incredibly important elliptic curve for the future of Ethereum - both for internal reasons and to trustless interoperate with other blockchains. And so, the solution is becoming clear: we need a precompile. x.com/LogarithmicRex/status/1859760053676630517

(18/24) Which brings us back to EIP-2537. This EIP will add a precompile to Ethereum to natively support the BLS12-381 elliptic curve. The goal: a more secure, more efficient Ethereum that is more prepared for a multi-chain, ZK enabled world! eips.ethereum.org/EIPS/eip-2537

(19/24) The most important use for BLS12-381 is for BLS signatures, which form the cryptographic basis that enables Ethereum's Proof of Stake (PoS). While we already use BLS signatures today, we use a much less secure curve, BN254. x.com/LogarithmicRex/status/1579594609855934465

(20/24) Quick aside: the BLS in BLS12-381 is not the same BLS in BLS digital signatures. In both cases, BLS are the first initial of the last name of the cryptographers who discovered these systems. Interesting, the L is the same person, but the B and the S are different.

(21/24) While BN254 has been useful thus far, it only provides 80 bits of security. By upgrading to BLS12-381, we are moving to a system with 120 bits of security. Specifically, BLS12-381 is 2^40 (or 1.1 trillion) times more secure than BN254. x.com/LogarithmicRex/status/1859043131989344275

(22/24) EIP-2537 plays a crucial role in maintaining Ethereum's security, but its significance goes beyond that. It's a step toward a future where ZK cryptography transforms blockchain capabilities and reshapes our understanding of this technology's potential. x.com/LogarithmicRex/status/1861788897057140780

(23/24) If you want to learn more, check out this episode of PEEPanEIP, where @poojaranjan19 and @ralexstokes have an in-depth discussion about EIP-2537.

(24/24) In summary: EIP-2537 adds functionality that allows the efficient operation of elliptic curve BLS12-381. While this is very much an under-the-hood upgrade, it makes consensus much more cryptographically secure and paves the way for ZK to continue upgrading Ethereum.