Ethereum Proof of Stake

•

(1/29) @ethereum Fundamentals: Proof of Stake We are post-Merge; Ethereum is now secured by validators, 32 $ETH at a time. At first glance, PoS is simple, but under the hood things get complicated. The ultimate guide to the consensus mechanism at the core of the World Computer.

(2/29) @ethereum is the World Computer, a single, globally shared computing platform that exists in the space between a network of 1,000s of computers (nodes). twitter.com/SalomonCrypto/status/1566078593150492675

(3/29) Each node runs a local copy of the @ethereum Virtual Machine (EVM), a Turing-complete environment that computes the state of the World Computer Although each node's copy is independent, every EVM is sync; the state of any local copy IS the state of the globally shared EVM twitter.com/SalomonCrypto/status/1574618174879735808

(4/29) Coordination is achieved via a leader-follower dynamic. Once per [cycle], a new leader updates their copy of the EVM. The leader (block producer) then packages all these changes into a block; the rest of the network uses the block to sync their EVM with the proposer's. twitter.com/SalomonCrypto/status/1568365818509139968

(5/29) Coordinating blocks between thousands of computers is not trivial; we need a consensus mechanism. Until Sept 2022, the World Computer relied on Proof of Work (PoW) to achieve consensus. But just last month The Merge finally came; Ethereum is Proof of Stake (PoS)! twitter.com/SalomonCrypto/status/1578471242331365376

(6/29) Before we dive in, let me just address the unasked question: “Was the switch to PoS a good thing for @ethereum?” The answer is an unhesitating, emphatic YES! But don't take my word for it, better men than I have already explained why: twitter.com/SalomonCrypto/status/1578941538607845376

(7/29) Those who participate in PoS are making an explicit agreement: "I will be an honest, good faith participant. To ensure good behavior I will put capital at stake." Those who make this promise are called validators. A validator must deposit exactly 32 $ETH.

(8/29) Quick vocabulary note: A node is a real-world computer; a validator stakes 32 $ETH and has responsibilities to operate and secure the network. A node runs validator software and a single node can run many validators. There are currently 8k nodes and ~440k validators.

(9/29) At the most basic level, the process is based around digital signatures. A digital signature proves a SPECIFIC validators signed a SPECIFIC message (in our case, a block). A BLS signature is a special kind of signature that can be aggregated for batched verification. twitter.com/SalomonCrypto/status/1575279806618292226

(10/29) Digital signatures allow us to hold individual validators accountable. If they act maliciously, they can be identified and the $ETH they staked can be slashed. Slashing is the processes of destroying a validators stake and ejecting them from the validator set.

(11/29) Slashing is the mechanism that gives PoS its security. Because validators do not want to lose their investment in resources and infrastructure, slashing ensures that validators stay honest and act in a fashion that does not harm the network. So... how does it work?

(12/29) Every 12 seconds, @ethereum opens a new slot, expecting a new block. Within a block there are thousands txns, but they execute atomically: either all together or none at all. An epoch is made up of 32 slots. twitter.com/SalomonCrypto/status/1577863907976220672

(13/29) Every epoch, @ethereum shuffles the validator set into 32 committees (one per slot) and each committee into 64 subnets. The security of the World Computer requires credible randomness during this shuffling, which is delivered by a process known as RANDAO. twitter.com/SalomonCrypto/status/1576951211659390981

(14/29) The first member of each committee is designated the block proposer and earns the right to progress the EVM. The proposer must build (or otherwise source) the block and then broadcast it to the network. The proposer's stake is at risk if s/he proposes an invalid block. twitter.com/SalomonCrypto/status/1578842388964859904

(15/29) Every validator on the network is listening for a copy of every block. When it receives a new block, it executes the state transition function. The state transition function is the actual process of updating the EVM (and processing epochs, when appropriate). twitter.com/SalomonCrypto/status/1577751304696274944

(16/29) The validators in the committee corresponding with each slot have an additional duty: they must verify the block. Assuming each block is valid, each committee member creates and publishes a cryptographic signature (attestation), putting their stake at risk. twitter.com/SalomonCrypto/status/1578540111930699778

(17/29) In a perfect world, this is pretty straightforward; in the real world, things get tricky very quickly. In sub-ideal network conditions (the vast majority), it's possible that every validator might not receive every block.

(18/29) Imagine the impending block proposer didn't receive a copy of the last block; he creates a new block based on the previous state and sends it out to the network. Now our blockchain has turned into a block-fork. LMD-GHOST is the rule we use to resolve these situations. twitter.com/SalomonCrypto/status/1576016595452731394

(19/29) Every slot a new committee becomes active and is expected to provide attestations. 440k validators / 32 committees = ~14k validators/committee. 14k validators poses a problem; it's both too much network chatter and too many signatures to aggregate all at once.

(21/29) Fortunately, we've already split committees into 64 subnets. Each subnet consists of ~250 validators, of which 16 are designated as aggregators. As validators review blocks, they broadcast their attestations to their subnet.

(21/29) All 16 aggregators are attempting to build the same aggregate signatures, but network conditions often make perfection possible. The best aggregate in each subnet is chosen and aggregated one final time, created a single BLS signature representing the entire committee.

(22/29) Technically speaking, the aggregation process (obviously) happens after the block is proposed (and therefore created); the final aggregate attestation cannot be added on to it. Instead, it is included in the next block. Conceptually, it's part of the same slot cycle.

(23/29) At the end of every epoch, all 32 committees (and therefore every validator) has either proposed or attested; therefore the entire network has voted and made their stake eligible for slashing. Thus, the epoch is the unit of time we judge finalization on.

(24/29) Finalization is a mathematical guarantee that @ethereum has fully applied PoS to an epoch; it cannot be reverted without the destruction (via slashing) of at least 1/3 of the $ETH at stake (~$6B right now).

(25/29) If more than 2/3s of the network votes on an epoch, that epoch becomes justified. If more than 2/3s of the network votes for an epoch that is dependent on a justified epoch, the justified epoch becomes finalized. These rules are defined by Casper FFG. twitter.com/SalomonCrypto/status/1576721911265996800

(26/29) At this point we've nearly finished out @ethereum PoS specifications; as you can see it is complicated. In fact, it is so complicated that many computers with limited resources and/or bandwidth cannot possibly execute it. Many computers that would be incredibly useful.

(27/29) And so, before @ethereum was ever actually PoS, the future of the World Computer was baked directly into the consensus specs. In fall 2021, in preparation for a light client-based future, the Altair upgrade introduced the third validator responsibility: sync committee. twitter.com/SalomonCrypto/status/1579283196708941824

(28/29) Tl;dr a sync committee is a subset of 512 validators, chosen once every 256 epochs (~27 hours). Members of the sync committee must listen for EVERY block and provide a digital signature. This provides the blockchain-level scaffolding needed to support light clients.

(29/29) And that, my friends, is @ethereum Proof of Stake! Well... that's the PoS we have today; the first version of the consensus engine at the core of the World Computer. But it's definitely not the end. We are STILL so early! twitter.com/SalomonCrypto/status/1569867843323428864