Latest article by Vitalik: Keeping it Simple and Avoiding Ethereum Consensus Overload

Vitalik's latest article: Keeping Ethereum Consensus Simple

Original text: Don’t overload Ethereum’s consensus

Author: Vitalik Buterin

Translation: Nianyinsi Tang, Planet Daily

Ethereum’s consensus is currently one of the most secure cryptographic economic systems. Validators with a value of 18 million ETH (about 34 billion U.S. dollars) complete a block every 6.4 minutes, running many different protocol implementations to achieve redundancy. If the cryptographic economic consensus fails, whether due to bugs or deliberate 51% attacks, a large community of thousands of developers and more users will closely monitor the network to ensure that the chain is correctly restored. Once the chain is restored, protocol rules will ensure that attackers are (largely) severely punished.

• NGC Ventures: Why we invested in Opside
• Investment tips for the next bull market: In-depth analysis of the development status and trends of 15 cryptocurrency tracks
• Game Dosi: First Impressions of LINE’s Web3 Game, the Japanese Communication Giant

For years, many ideas have been proposed, often in the thought experiment stage, that Ethereum validators or even Ethereum social consensus can be used for other purposes:

• Ultimate Oracle: For a proposal, users can vote by sending ETH to decide what is true, which will use the SchellingCoin mechanism: Everyone who sends ETH to support the majority answer will receive a proportionate share of all ETH sent to support the minority answer. According to its description: “So in principle, this is a symmetrical game. What breaks this symmetry is a) the natural points where truth needs to be coordinated, and more importantly b) the fact that those who bet on the truth can create a credible Ethereum fork route if they lose.”

• Re-staking: A set of techniques used by many protocols, including EigenLayer, allows Ethereum stakers to use their stake as a deposit for another protocol. In some cases, if they do not comply with the rules of other protocols, their deposits will also be confiscated. In other cases, there are no incentives within the protocol, and the stake is only used for voting.

• Restore L2 projects driven by L1: In many cases, if L2 has bugs, L1 can restore it by forking. The most recent example is the design that uses L1 soft fork to recover L2 failures.

The purpose of this article is to explain in detail why, in my opinion, some subset of these technologies poses high systemic risks to the ecosystem and should be discouraged and resisted.

These recommendations are typically well-intentioned, so the goal is not to focus on individuals or projects; rather, our goal is to focus on the technology. This article will attempt to defend the general rule of thumb that: Double-staking ETH using validators is generally feasible albeit with some risks, but attempting to “recruit” Ethereum social consensus to achieve the goal of your application itself is not.

Example of the difference between reusing validators (low risk) and overloading social consensus (high risk)

– Alice creates a Web3 social network where you automatically get a “verified” status if you cryptographically prove that you control the key to an active Ethereum validator. This is low-risk.

– Bob cryptographically proves that he controls the keys to ten active Ethereum validators, in order to prove he has enough wealth to satisfy certain legal requirements. This is low-risk.

– Charlie claims to have disproven the twin primes conjecture and claims to know the largest p such that p and p+2 are both prime. He changes his staking withdrawal address to an smart contract where anyone can submit a claimed counterexample q > p as well as a proof that q and q+2 are both prime SNARK. If someone submits a valid claim, Bob’s validators will be forced to exit and the submitter will receive Bob’s remaining ETH. This is low-risk.

– Dogecoin decides to switch to proof of stake and increase the size of its security pool, allowing Ethereum stakers to “double-stake” and simultaneously join its validator set. To do this, Ethereum stakers must change their staking withdrawal address to an smart contract where anyone can submit evidence of them violating Dogecoin’s staking rules. If someone submits such evidence, the staker’s validators will be forced to exit and their remaining ETH will be used to buy and burn DOGE. This is low-risk.

– eCash does the same thing as Dogecoin, but the project lead further announces: if the majority of participating ETH validators collude to censor eCash transactions, they expect the Ethereum community to hard fork to remove those validators. They believe that doing so would be in Ethereum’s interest, as these validators have been proven to be malicious and unreliable. This is high-risk.

– Fred created an ETH/USD price oracle that allows Ethereum validators to participate and vote. There is no incentive mechanism. This is low risk.

– George created an ETH/USD price oracle that allows ETH holders to participate and vote. To prevent laziness and bribery, they added an incentive mechanism where participants who give answers within 1% of the median receive 1% of the ETH given by participants who gave answers more than 1% from the median. When asked “If someone can credibly bribe all participants to start submitting incorrect answers, will honest people lose 10 million ETH?” George replied that Ethereum would have to fork to exclude the bad actor’s funds. This is high risk.

Two other scenarios are as follows:

• George clearly doesn’t answer. This is medium-high risk (because the project may create the expectation of attempting such a fork even without formal incentives).

• George replied “Then the attacker wins and we abandon using this oracle.” This is medium-low risk (not very “low” because the mechanism does incentivize a large number of participants who may be incentivized to independently advocate for a fork to protect their deposits in a 51% attack).

– Hermione created a successful Layer 2 and believes that because her Layer 2 is the largest, it is inherently the most secure, because if a bug leads to funds being stolen, the loss would be so great that the community would have no choice but to recover users’ funds through a fork. This is high risk.

If you are designing a protocol where losses will be contained among the validators and users who choose to participate and use your protocol even if everything breaks down completely, it is low risk. On the other hand, if you plan to seek forks or reorganizations in the wider Ethereum ecosystem as a means of resolving your issues, this is high risk, and I believe we should strongly resist all attempts to create such expectations.

The concept of the middle ground refers to an incentive for participants to move from a low-risk category to a high-risk category; the SchellingCoin-like technology, particularly the mechanism of severe punishment for deviation from the majority, is a major example.

So, what are the problems with extending Ethereum consensus?

Suppose it’s 2025. Frustrated with the status quo, a group decides to develop a new ETH/USD price oracle that operates by allowing validators to vote on the price every hour. If validators vote, they will unconditionally receive a portion of the fee reward from the system. But soon, participants become lazy: they connect to centralized APIs and when these APIs are attacked, they either drop out or begin reporting incorrect values. To solve this problem, they introduce incentives: the oracle will also retrospectively vote on the price from a week ago, and if your vote (real-time or retrospective) differs from the median of retrospective votes by more than 1%, you will be severely punished, and the proceeds of the punishment will go to those who “correctly” voted.

Within a year, over 90% of validators are participating. Someone asks: what if Lido and several other large stakers band together to carry out a 51% attack on the vote, forcing through a false ETH/USD price and imposing heavy penalties on all those who do not participate in the attack? At this point, supporters of the oracle plan have invested a lot of money, and they answer: if this happens, Ethereum will definitely fork to expel the bad actors.

Initially, the scheme was limited to ETH/USD and appeared to be resilient and stable. But over time, other indices were added: ETH/EUR, ETH/CNY, and eventually interest rates for all G20 countries.

But by 2034, things started to go wrong. A surprise political crisis erupted in Brazil, leading to a controversial election. One party eventually controlled the capital and 75% of the country, but another party eventually controlled some northern regions. Western media outlets believed that the northern party was clearly the legitimate winner because its behavior was legal, while the southern party’s behavior was illegal. Official sources in countries like India as well as Elon Musk believed that the southern party had actually taken control of most of the country and that the international community should not try to be the world’s policeman but should accept this result.

At the time, Brazil had a CBDC with two forked versions: (northern) BRL-N and (southern) BRL-S. When voting in a price oracle, 60% of Ethereum stakers provided the ETH/BRL-S exchange rate. Major community leaders and businesses condemned the stakers’ cowardly surrender to fascism and suggested forking the blockchain to include only the “good stakers” providing the ETH/BRL-N rate and draining the balances of other stakers to near zero. In the seemingly shiny echo chamber, they believed they were sure to win. However, once the fork was initiated, the BRL-S side proved unexpectedly strong. They had expected an overwhelming victory, but the reality was that the community split was almost 50/50.

At this point, the two sides were on two separate chains in independent universes with no real way to come back together. Ethereum is a global permissionless platform created in part to avoid nationalism and geopolitics but was ultimately split in half by a member country of the G20 with unexpectedly severe internal problems.

So that’s a good sci-fi story, but what can we learn from it?

The “purity” of blockchain is a huge advantage because it is a pure mathematical structure attempting to achieve consensus on pure mathematical problems. Once blockchain attempts to “hook up” with the outside world, conflicts from the outside world also start to affect the blockchain. Considering a sufficiently extreme political event – which in fact isn’t all that extreme, as the above story is essentially a mimic of events that actually happened in various major countries (population over 25 million) over the past decade – even benign things like price oracles can tear communities apart.

Here are more possible scenarios:

• One of the currencies the oracle is tracking (possibly even the US dollar) is just malignant inflation, with the market collapsing to no clear specific market price at some points in time.

• If Ethereum was adding a price oracle for another cryptocurrency, the controversial split in the above story wouldn’t be hypothetical: it’s already happened, including in the histories of Bitcoin and Ethereum themselves.

• If strict capital controls are implemented, which price to report as the legitimate market price between two currencies becomes a political question.

But more importantly, I think there is a Schelling fence at work: once blockchain starts incorporating real-world price indices as Layer 1 protocol features, it becomes easy to succumb to explaining more and more real-world information. Introducing Layer 1 price indices also expands the legal attack surface of the blockchain: it is no longer just a neutral technical platform, but more explicitly becomes a financial instrument.

What about the risks of examples beyond price indices?

Any expansion of Ethereum’s consensus “responsibilities” increases the cost, complexity, and risk of running validators. Validators are required to perform manual work, focus on and run other software, to ensure that they operate correctly according to any other protocols introduced. Other communities have gained the ability to place their dispute resolution needs outside the Ethereum community. Validators and the Ethereum community as a whole are forced to make more decisions, each of which carries the risk of community fragmentation. Even without fragmentation, the desire to avoid this pressure creates additional incentives to externalize decisions to centralized entities through staking pools.

The possibility of fragmentation will also greatly reinforce the anomaly mechanism of “too-big-to-fail”. There are so many Layer 2 and application-layer projects on Ethereum that it is unrealistic for Ethereum social consensus to be willing to fork to solve all problems. Therefore, larger projects are inevitably more likely to be rescued than smaller ones. This in turn leads to larger projects gaining a moat: are you willing to put your coins in Arbitrum or Optimism (if there is a problem, Ethereum will fork to save everything), or are you willing to put them in a smaller Taiko (a non-Western project with less social connection to the core development circle and much less chance of L1 support rescue)?

But bugs bring risks, and we need better oracles. What can we do?

In my opinion, the best solution to these problems is to analyze each problem specifically because the various problems are fundamentally different. Some solutions include:

– Price oracles: either a decentralized oracle for incomplete encrypted economics, or a validator voting-based oracle, the latter explicitly promises that its emergency recovery strategy does not resort to L1 consensus for recovery, aiming for a combination of the two. For example, price predictors can rely on an assumption of trust, that the voting participants will slowly be corrupted, so that users can get early warning of attacks and can exit any system that relies on the oracle. Such oracles can deliberately reward participants only after long delays, so that if an instance of the protocol is abandoned (e.g. because the oracle fails, the community turns to another version), participants do not receive a reward.

– A more complex oracle that reports on more subjective facts than price: a decentralized court system built on an incomplete encrypted economy DAO.

– Layer 2 protocols:

• In the short term, relying on partial auxiliary wheels (called the first stage in this article)

• In the medium term, rely on multi-proof systems. This may include trusted hardware such as SGX; I strongly oppose systems like SGX being the only security guarantee, but as members of the 2-of-3 system, they may be valuable.

• In the long run, we hope that complex functions such as “EVM validation” will eventually be incorporated into the protocol.

– Cross-chain bridge: Similar to the oracle logic, but also try to minimize the degree of reliance on cross-chain bridges: keep assets on their native chains and use atomic exchange protocols to move value between different chains.

– Use Ethereum validator sets to protect other chains: One reason why the (safer) Dogecoin scheme in the example list above may not be enough is that although it does prevent 51% “finality-reversion” attacks, it cannot prevent 51% censorship attacks. However, if you have already relied on Ethereum validators, a possible direction is to give up trying to fully manage independent chains and become a validium that anchors proofs in Ethereum. If a chain does this, its protection against finality-reversal attacks will become as strong as Ethereum’s, and it can safely resist 99% (not 49%) censorship attacks.

Summary

The social consensus of the blockchain community is fragile. This is necessary-because upgrades will happen, bugs will happen, and 51% attacks will always be possible-but because it has a high risk of causing chain splits, it should be used with caution in mature communities. The community often has a natural impulse to try to expand the core of the Ethereum blockchain with more and more functions, because the core has the maximum economic weight and the most community attention, but each such expansion will make the core itself more fragile.

We should be wary of application layer projects taking such actions- these actions may increase the “scope” of blockchain consensus, rather than verifying Ethereum’s core protocol rules. For application layer projects, trying such strategies is natural, and in fact, such ideas are usually conceived without considering risks, but the results that may be caused are easy to go against the goals of the entire community. There is no principle to limit this process, and over time, it is easy to lead the blockchain community to have more and more “mandates”, pushing it towards an unsettling choice-either an annual high-risk split or some kind of de facto formal bureaucratic organization that has final control over the blockchain.

On the contrary, we should keep the extreme minimalism of the chain, support the use of re-staking, rather than expanding Ethereum’s consensus role like a landslide, and help developers find alternative strategies to achieve their security goals.

We will continue to update Blocking; if you have any questions or suggestions, please contact us!