Ethereum 2.0: Casper & Beacon Chain

Background Information

In the first article in this series, What will Serenity bring? In this article, we outline the history of the Ethereum network development and explain the major issues that the much-anticipated Eth 2.0 will address. In the second article, Ethereum 2.0: How to achieve scalability? In this paper, we introduced the Layer 2 expansion scheme and the Sharding expansion scheme of Plasma, status channel, etc. that are expected to be implemented in Eth2.0. In this article, we will explore the Casper consensus mechanism that Eth 2.0 will use and introduce the beacon chain that implements the Casper mechanism. The reader is advised to combine the previous two articles to have a deeper understanding of Eth2.0.

Consensus algorithm

In traditional value and information exchange networks, there is usually an intermediary to protect and verify the network. For example, banks provide security for their customers' assets and centralize their online transactions and information. In the blockchain field, since the blockchain network is decentralized, such an intermediary is not required.

Since there is no intermediary, the blockchain network must use some form of system to maintain security and ensure the validity of new information added to the distributed ledger . [1]

That is to say, most nodes of the blockchain network must "reach a consensus" on the network status of a single version in order to ensure the security of the network .

To accomplish this, the blockchain uses various "consensus algorithms" , which are a set of predefined rules written into the protocol code that allow the network to reach consensus and achieve finality. The final meaning is that “once the specific operation is completed, the operation will always be engraved in the history, and the operation will not be reversed.” [2] [Remarks, regarding the finality of the blockchain, readers can refer to Unitimes before Published article " Ethereum 2.0: How to achieve finality? 》].

The consensus algorithm determines the security of the network, the speed of validation, and the way in which transactions are sorted and verified in a distributed ledger to provide a true book record . This ensures that by decentralization, the new block added to the blockchain will be the only truth version in the system.

Workload Proof (PoW) is the blockchain consensus algorithm first used by Bitcoin, which ensures the security and decentralization of Bitcoin networks. Recently, many other blockchain platforms have introduced other consensus algorithms such as PoS (Profits), DPoS (Proxy Proof), and PoA (Authority Proof) for a number of reasons.

Why do you need PoS?

A Proof of Work (PoW) system such as Bitcoin involves many miners connected to a blockchain network through computer hardware. The PoW consensus algorithm sets a target value for each new block, and the miners will compete to be the first to find the target value and add the new block, so that the mining reward can be obtained.

To do this, they run the header data of the proposed block through a hash function that will return/output a fixed-length string (hash). The miners have been changing the "nonce value" they entered, that is, recalculating the hash of the block header until the hash value generated by the input "nonce value" matches the target value. At this point, the new block will be broadcast to all nodes in the network, which will verify the block and add it to the ledger, and the miner who successfully digs out the block will receive a mining award.

A key aspect of the PoW system is that finding the right hash input requires a lot of computational power (ie, there is difficulty in mining), but once the miner finds the correct input (also known as the "nonce value"), it is easy to verify the output ( That is, the hash value returned by the hash function). The difficulty of the mining process guarantees the security of the network, and the node verification of each block is relatively simple, which allows thousands of network nodes to maintain the latest record of the blockchain.

But unfortunately, finding the difficulty of each target value through hashing requires a lot of computing power and power, which reduces the efficiency of the network and the profit of the miners . All miners had to spend a lot of power and calculations trying to identify blocks and win rewards, but only one of the miners managed to dig up new blocks. Because of this, the excavation of each block will cause a lot of power and calculation waste. This means that although the PoW algorithm can guarantee network security, the algorithm is very inefficient.

In addition to the inefficiency of the PoW blockchain, the mining sector is also susceptible to market monopolies, as this mining approach gives unfair advantages to those with more resources . Rich and powerful individuals and organizations can afford a lot of faster and more powerful mining hardware, which gives them a greater chance of successfully dug up new tokens. Currently, about 65% of Bitcoin mining is done by five large mining groups, and in theory they can jointly control more than 50% of the computing market (although they are unlikely to do so). This creates a situation where Bitcoin and other PoW blockchain networks are not decentralized as they were originally envisaged, jeopardizing their independence and utility.

PoS (Proof of Equity) first appeared in 2012 to address the issues of efficiency, cost, and centralization of the PoW mechanism. In fact, the Ethereum team planned to transition to PoS from the start of the project, but until recently it was the plan to implement this transition through the Casper mechanism. In the PoS system, the entire mining process is virtual, eliminating the need for expensive and inefficient mining hardware. Energy consumption is replaced by economic incentives and game theory as a means of protecting networks and verifying blocks.

In the PoS network, the “miners” are replaced by “verifiers” who own the native tokens of the network. The verifier participates in the block verification (including the proposed block and the proof of the block) in the network by staking a certain amount of tokens , if the proposed/proven block is added to the network, then Proposal/certification that the verifier of the block will receive a bonus proportional to the pledge. In PoS networks, there is no mining like PoW, which is thousands of times more cost-effective and energy efficient than PoW systems.

"Nothing at Stake" question

One of the biggest problems in implementing the PoS consensus proof algorithm is the problem of “Nothing at Stake” . Since 2013, people have been experimenting with the PoS consensus, and early adopters such as Peercoin have encountered this problem very quickly [4].

The early adoption of the PoS protocol allowed anyone with a network native token to act as a network verifier . These PoS projects assume that those who own the token have a vested interest in the success of the network (ie, will spontaneously participate in becoming a verifier for their own benefit, And honestly verify).

Under the premise that people with more tokens have little chance to attack, those who have more tokens are given more verification rights.

However, early PoS projects quickly realized that this logic was flawed . Usually, the miner/verifier will only be provided with a block for verification. However, due to delays, multiple blocks are often proposed and two miners are available to the miner/verifier.

In the traditional PoW system, miners can only mine in one fork chain at a time [5]. To successfully replace an illegal chain of forks with the previous "authoritative chain" (that is, the longest chain), you need to have more than 50% of the network computing power, which is for large PoW blockchain networks such as Bitcoin. Very difficult.

In a PoS network, it is possible for the verifier to verify the blocks on two different fork chains at the same time, without incurring additional costs . In fact, in the early stages of PoS adoption, in theory, it is in their own economic interest for the verifier to perform staking on any available bifurcation chain, because by doing so, no matter which fork chain is confirmed, the verifier will Get a transaction fee reward, which is the "Nothing at Stake" issue.

The worst consequences of this problem can be explained by the following security assumptions:

  1. The verifier will try to maximize the self-profit, even if it will damage the entire network;
  2. No certifier will verify it unselfishly (only verify the block on one chain);
  3. The verifier will modify their software or download the modified software to allow them to verify multiple fork chains (standard software with internal logic for selecting the correct fork chain when forks occur).

Due to these security assumptions, multiple fork chains may occur, which delays the network consensus and is more complicated. If it is not resolved, it may cause major security holes in the network. If each verifier can actually verify the block of each forked chain in the network, the malicious verifier will be able to perform a double-strike attack with at least 1% verification right (ie, the same token) Spend many times). They can send tokens to an exchange through one of the forked chains, then withdraw the tokens from the exchange, and then only verify the blocks on the other forked chain.

Since all verifiers are assumed to be validating two different fork chains, the second chain will gain more and more proof and eventually become the only valid chain. This means that token transactions that were previously spent on the first forked chain and are withdrawn from the exchange will no longer be valid. As a result, a successful double spending has occurred, and the exchange has been defrauded of funds, regardless of the amount involved.

In fact, this is almost impossible, because there are certainly many verifiers that are honest, and they only validate a correct bifurcation chain. More likely, an attacker would need to have more than 1% verification right in the network, or bribe or collaborate with other verifiers to complete a more complex group attack. Either way, the early PoS algorithms were not as secure as the PoW algorithm, and the PoW algorithm was safe until 51% of attacks were possible.

In short, early attempts by PoS lacked the requirement that each verifier needs to pledge the actual value, which caused the network to be prone to delays, complications, and insecurity.

Solution for the "Nothing at Stake" problem: Casper
Fortunately, the Ethereum team has learned from the shortcomings of the early PoS project and designed the Casper protocol to eliminate the “Nothing at Stake” issue. In 2014, Vitalik first proposed the idea of ​​eliminating the “Nothing at Stake” issue in an article called “Slasher” [5]. The paper proposes a simple solution: “Let the main chain become aware of the other bifurcation chains. After that, if a miner is caught and mines on both chains, the miner will be punished.”

Although this concept has been greatly developed since its introduction, this concept has become the basis of the Casper consensus algorithm.

Casper is an algorithm used to penalize verifiers who verify multiple forked chains or who have damage to the network .

Casper's first implementation will use Ethereum's current PoW proposal mechanism to introduce new blocks on the Eth 2.0 chain. If two blocks are proposed at the same time, then the validator will only be rewarded for pledge on one chain, so it makes sense to bet through the current Eth1.0 chain, because this old chain is most likely Chain of success.

More importantly, the Casper protocol introduces a mechanism whereby if any verifier attempts to support an invalid forked chain by simultaneously verifying multiple blocks, the token assets pledged by the verifier will be destroyed. This is achieved by implementing two special protection mechanisms of the “Casper Discipline” [6]:

The first "Casper commandment" is that the verifier cannot issue two different votes at the same block height (ie, two different blocks cannot be signed at the same block height);

The second "Casper commandment" is that the verifier cannot vote again within the other voting time limits if he has already voted .

Any certifier who violates one of the disciplines is considered a malicious verifier and their entire deposit (not just their quality deposit) will be fined. In order to improve the availability of the network and reduce the review of transactions, those who are offline offline will also be moderately punished. See Unitimes' previous article " Eth 2.0 AMA Phase 2 | Vitalik: Ethereum 2.0 has no unresolved research challenges ." Casper researcher Vlad Zamfir likens this new PoS security mechanism to the mining hardware used by anyone who launches a 51% attack in the PoW system and immediately ignites and burns [2].

If the Casper mechanism is implemented correctly, it will eliminate the "Nothing at Stake" problem and allow the Ethereum network to securely transition to the PoS mechanism.

Casper is actually a fusion of two different but related research projects by the Ethereum Foundation, namely Casper the Friendly Finality Gadget (FFG) and Casper the Friendly GHOST: Correct-by-Construction (CBC).

Casper FFG will enable Ethereum to smoothly transition from the PoW consensus mechanism to the PoS consensus mechanism. Therefore, the Casper FFG mode integrates this new PoS protocol by overlaying this new PoS protocol onto the current Ethereum PoW protocol. The block is still mined by PoW, but the last slot in each epoch is the checkpoint of the PoS (each block is generated (about 6.4 minutes) is called an epoch) and the network verifier is at the checkpoint. The finality of the block since the last checkpoint was evaluated. The Casper CBC will be implemented after the FFG to complete the transition to the PoS consensus.

Beacon chain

The Casper proof of entitlement mechanism will be implemented through a beacon chain, which will be a separate chain running in parallel with the current Ethereum PoW chain. The beacon chain will be the “system chain” of the Eth 2.0 chain, and its primary responsibility will be to store and maintain the verifier registry, handle the cross-link between the slice chain and the beacon chain, and play during each epoch Chaos and assigns verifiers to individual slice chains (there will be 1024 sliced ​​chains in the Eth2.0 system) and so on.

The user can participate in the beacon chain's equity certification agreement by sending a 32 ETH (quality deposit) to a smart contract that will be deployed on the current Ethereum old chain. This license deposit will generate a receipt that will contain an ID showing which sharder the certifier was sharded into (see this article [12] for more information on sharding).

After the user has pledged, it will become the pending validator in the beacon chain. After waiting for a while, the user will be "activated" to become an active validator, and then participate in the PoS protocol verification [9]. A user can be "activated" to become a valid verifier only after the beacon chain processes the mortgage receipt generated from the Eth1.0 chain. The activated verifier will alternately propose new blocks and vote on the validity of the block.

Earlier versions of Casper will use the existing PoW proposal mechanism, and later versions will use a more efficient proposal mechanism. Vitalik looks forward to “translating the block proposal into a PoS circular block signature mechanism.” [6] To organize the verifier collusion to launch an attack, the beacon chain randomly assigns the verifier to different fragments by implementing randomness. Block proposal/voting verification in the chain [8]. If the verifier does not know which chain of chips will be assigned to it, it will prevent them from conspiring to launch an attack in advance.

In the event of a fork, the verifier will use their client's beacon chain fork selection rules to automatically select the correct chain. The fork selection rule determines which chain is the "canonical chain" by "Last Message DriVEN Greediest Heaviest Observed SubTree (LMD GHOST)". If a potential attacker wants to verify the wrong forked chain, then the LMD GHOST fork selection rule must be manually modified or eliminated. [Note: For more information on LMD GHOST, readers can refer to Unitimes' previous article "Ethereum 2.0: How to achieve finality?" 》]

For each block, one of the activation verifiers will be selected to make a proposal for the new block, and the other verifiers will vote to prove the validity of the block. Earlier versions of Casper required certifiers to send a chain transaction for each certificate they submitted, but this increased the load on the main chain and exacerbated the scalability issues that Eth 2.0 was working on. According to the current design, the beacon chain will be responsible for the PoS mechanism, so that the verifier's vote will not compete for space on the PoW chain or the slice chain [8].

Attestations will be the main source of beacon chain load, so it is important to aggregate the proof as much as possible. The attestations may be the voter's vote on the slice chain block in the slice chain, or the verifier's vote on the beacon chain block in the beacon chain [7]. Once each fragment chain block has obtained enough proof (ie, voting), the block will be added to the slice chain and will be divided by a method called crosslink. The status of the slice is submitted to the beacon chain for proof. Crosslinking will also play an important role in achieving asynchronous cross-chip communication between the various slice chains.

route map

The beacon chain (ie stage 0 of Eth 2.0) is expected to be launched in early 2020, but only if there are minimum number of ETHs pledged in the system and there are at least three production-ready clients, the beacon chain can Successfully started. It is expected that Phase 1 and Phase 2 will be launched in 2021 and 2020 respectively.

Phase 1 will introduce a basic slice chain structure, which is essentially a trial run phase of a slice structure, used to test how the slice system will operate. Therefore, Phase 1 will not immediately realize the full scalability potential of the shard. This phase will address the consensus and finality of the fragmentation chain and will allow the beacon chain to monitor the execution of the fragmentation chain.

Phase 2 will witness a fully integrated fragmented Eth 2.0 system, and the shard will become a fully operational chain. Phase 2 will also introduce the new Ethereum virtual machine eWASM.

It should be noted that although these phases are conceptually separate, due to the interrelatedness of each phase, the work of each phase is in progress.

In addition, efforts to improve the Eth 1.0 chain are currently underway, namely Eth 1.x, which aims to improve network throughput through client-side optimization and implement “state fees” to ensure full operation. The sustainability of the nodes, as well as the ease of payment and the development of a finality gadget that can be used to connect the Eth1.x chain to the Eth2.0 chain.

Special feelings Marin Petrunić and Aidan Hyman reviewed the paper and made many valuable suggestions. In addition, this article is inseparable from the work of many other great authors and researchers in the field. Thanks to all those involved in creating and publishing the resources cited in this article!

The links involved in the article:

  1. "PoW vs PoS — the debate defined.


  • "What is the Ethereum Casper Protocol?
  • ”

  • “How Ethereum Mining Works.”
  • Https://

  • “Understanding Proof of Stake: The Nothing at Stake Theory.”
  • Https://

  • "Slasher: A Punitive Proof-of-Stake Algorithm.
  • ”

  • "Casper the Friendly Finality Gadget.
  • "

  • "Eth 2.0 Specs." Github.
  • Https://

  • "Ethereum 2.0." Medium.
  • Https://

  • "Beacon Casper Chain Talk."

  • "Ethereum Casper Update Expected in 2019, Sharding in 2020.
  • "

  • Words of Marin Petrunić.
  • Https://
  • references:

    • Blockgeeks. “What are Ethereum Nodes And Sharding?” Accessed September 17, 2018.


  • Blockgeeks. “What is the Ethereum Casper Protocol?” Accessed October 12, 2018.
  • Https://

  • Buterin, Vitalik. “Slasher: A Punitive Proof-of-Stake Algorithm.” Ethereum Blog. Jan 15, 2014.
  • Https://

  • Buterin, Vitalik and Justin Drake. "Beacon Casper Chain Talk." Filmed at Sharding Meeting #2 in Berlin. Published July 16, 2018. Video.

  • Buterin, Vitalik and Virgil Griffith. “Casper the Friendly Finality Gadget.” Ethereum Foundation. last revised 15 Nov 2017.
  • Https://

  • Chan, Justin. “PoW vs PoS — the debate defined” Brave New Coin. Mar 1, 2018.
  • Https://

  • “Eth 2.0 Specs.” Github. Accessed November 14, 2018.
  • Hertig, Alyssa. “How Ethereum Mining Works”. Coindesk. Accessed February 11, 2019.
  • Https://

  • Kramer, Melanie. "Ethereum Casper Update Expected in 2019, Sharding in 2020." Unhashed. July 7, 2018.
  • Https://

  • Langley, Darren. "Ethereum 2.0." Medium. August 7, 2018.
  • Https://

  • Martinez, Julian. “Understanding Proof of Stake: The Nothing at Stake Theory.” Jun 7, 2018.
  • Https://

  • Vidrih, Marko. “Roadmap Change at Ethereum — Sharding and Casper at the Same Time?” Medium. Jun 17, 2018.
  • Author | Colin Schwarz

    Compile | Jhonny