The Technical Evolution of the Ethereum Attestation System

Ethereum co-founder Vitalik Buterin recently published a series of articles exploring the future development direction of the Ethereum protocol. These articles cover six main parts of the Ethereum roadmap, including The Merge, The Surge, The Scourge, The Verge, The Purge, and The Splurge. This article will focus on analyzing the first part of the roadmap—The Merge—discussing what technical designs of the attestation ( PoS ) mechanism can still be improved and the possible ways to implement these improvements.

The "Merge" is considered the most important milestone in Ethereum's history, marking the transition from Proof of Work (PoW) to Proof of Stake (PoS). Now, Ethereum has been operating as a stable PoS system for nearly two years, demonstrating excellence in stability, performance, and decentralization. However, there are still some key areas in the attestation mechanism that need further improvement.

The development roadmap of Ethereum in 2023 will focus on two aspects: first, improving technical features such as increasing stability, performance, and accessibility for small-scale validators; second, making adjustments to the economic model to address centralization risks. It is worth noting that Vitalik emphasized that these are not a comprehensive list of improvements to attestation, but rather ideas that are currently being actively considered.

The main goal of the merge

1. Achieve single-slot determinism (SSF): Currently, Ethereum blocks take about 15 minutes to be finalized. By improving the efficiency of the consensus mechanism, this time can be significantly shortened, allowing blocks to be proposed and finalized within the same slot.

2. Confirm and complete transactions at the fastest speed while maintaining decentralization.

3. Improve the feasibility of participation for independent stakers.

4. Enhance system robustness.

5. Enhance Ethereum's resistance and recovery capability against 51% attacks, including prevention of finality reversals, finality blocking, and censorship.

Single Slot Determinism and Staking Democratization

Currently, the final confirmation of Ethereum blocks requires 2-3 epochs (approximately 15 minutes), and becoming a staker requires 32 ETH. This is the result of a trade-off between three goals:

• Maximize the number of validators participating in staking (lower the staking threshold)
• Minimize finality time
• Minimize the overhead of running nodes

These three goals are contradictory. To achieve economic finality (i.e., the attacker must incur a huge cost to revert a confirmed block), each validator needs to sign two messages every time a block is finalized. Therefore, if there are many validators, either it takes a long time to process all signatures, or nodes with super strong performance are required to handle a large number of signatures simultaneously.

One of the core goals of Ethereum is to ensure that even successful attacks come with a high cost to the attacker, which is the meaning of "economic finality". In contrast, blockchains that lack "economic finality" (such as Algorand) finalize each time slot by randomly selecting a committee. However, the problem with this approach is that if an attacker controls 51% of the validators, the cost of attack is extremely low: only a portion of the nodes in the committee will be detected as participating in the attack and punished, which means the attacker can repeatedly attack the chain.

Therefore, if Ethereum is to achieve economic finality, a simple committee-based approach is not feasible, and it requires the participation of all validators.

Ideally, Ethereum hopes to improve the current situation in two aspects while retaining economic finality:

1. Complete block finality within a slot, ideally maintaining or even shortening the current 12-second slot length, instead of 15 minutes.

2. Lower the staking threshold from 32 ETH to 1 ETH, allowing more users to participate in staking.

The first point ensures that all Ethereum users can benefit from a higher level of security assurance. Currently, most users are unwilling to wait 15 minutes and thus cannot enjoy this assurance. With the single-slot determinism mechanism, users can almost immediately see the final confirmation of their transactions after they are confirmed. Furthermore, if users and applications do not have to worry about the possibility of chain rollbacks, it will greatly simplify the protocols and surrounding infrastructure.

The second point aims to support independent stakers. Multiple polls have shown that the minimum limit of 32 ETH is a major barrier to independent staking. Lowering the threshold to 1 ETH will effectively solve this issue.

However, the challenges currently faced are: the goals of faster determinism and more democratized staking are in conflict with the goal of minimizing overhead. This is also the reason why Ethereum did not initially adopt single-slot determinism. However, recent research has proposed some possible solutions.

Single Slot Deterministic Proposal

In order to achieve single-slot determinism under the condition of a large number of validators, while not causing excessively high operating costs for nodes, there are currently several leading solutions:

1. Brute Force Attack: To achieve a more efficient signature aggregation protocol, ZK-SNARKs technology may be used, making it possible to process signatures from millions of validators in a single time slot. Horn is one of the proposals put forward to design better aggregation protocols.

2. Orbit Committee: This is a new mechanism that allows a randomly selected medium-sized committee to be responsible for the finality of the chain while retaining the characteristic of high attack cost. Orbit utilizes the pre-existing heterogeneity in the scale of validator deposits, achieving maximum economic finality while still providing matching roles for small validators.

3. Dual-layer staking: This mechanism has two types of stakers, one with higher deposit requirements and the other with lower requirements. Only the tier with higher deposit requirements directly participates in providing economic finality. Various proposals have been put forward regarding the rights and responsibilities of the lower tier deposits, including:

   • The right to delegate attestation to senior equity holders.
   • Randomly select lower-tier stakers to attest and ultimately finalize each block
   • Generate the rights included in the list, etc.

Each solution has its pros and cons, and a balance needs to be struck between the security of Ethereum and the degree of staking centralization: brute-force solutions, while feasible, require the aggregation of a large number of signatures in a very short time, which is technically very challenging; the Orbit committee needs to verify its security and characteristics, and formalize and implement it; the dual-layer staking mechanism faces centralization risks, and the level of risk largely depends on the specific rights obtained by the low-staking layer.

Single Secret Leader Election

In addition to single-slot determinism, the single secret leader election is also an important issue in the Ethereum attestation system. Currently, it is possible to know in advance which validator will propose the next block, which poses security risks: attackers can monitor the network, determine the IP address corresponding to the validator, and launch a DoS attack just as the validator is about to propose the block.

The best way to solve this problem is to hide the information of the next block generator, at least keeping it confidential before the block is actually generated.

The single secret leader election protocol addresses this issue by creating a "blind" validator ID for each validator, and then allowing multiple proposers the opportunity to reorganize and re-blind the blind ID pool.

However, implementing a sufficiently simple single secret leader election protocol is not an easy task. The simplicity of the Ethereum protocol is crucial, and there is a desire not to further increase its complexity. The simplified SSLE using ring signatures only took hundreds of lines of normative code, but introduced new assumptions in complex cryptography.

Implementing sufficiently effective anti-quantum SSLE is also a challenge. Ultimately, it may only be when we introduce a mechanism for executing general zero-knowledge proofs in the L1 Ethereum protocol for other reasons that the "marginal additional complexity" of SSLE will be reduced to a sufficiently low level.

Faster Transaction Confirmation

Further shortening the transaction confirmation time of Ethereum (from 12 seconds to 4 seconds) will significantly improve the user experience of L1 and rollup-based applications, making DeFi protocols more efficient. It will also promote the decentralization of L2, allowing more L2 applications to run on rollups and reducing the need for L2 to build its own committee-based decentralized ordering.

There are two main technical solutions:

1. Reduce the slot time to 8 seconds or 4 seconds.
2. Allow proposers to publish pre-confirmations during a single time slot.

However, the feasibility of shortening the slot time is still uncertain. Even currently, many regions' stakers find it difficult to obtain attestations quickly enough. The attempt at a 4-second slot time may pose the risk of validator centralization, and due to network latency, becoming a validator outside of a few geographically advantageous areas may be impractical.

The proposer pre-confirmation method can significantly improve the inclusion time on average, but it does not improve the worst-case scenario. Furthermore, how to incentivize pre-confirmation remains an unresolved issue.

Quantum Attack Resistance

In the face of potential threats from quantum computing, Ethereum needs to actively develop alternatives that are resistant to quantum attacks. Currently, every part of the Ethereum protocol that relies on elliptic curves needs to have alternatives based on hash or other quantum-resistant technologies. This highlights the reasonableness of maintaining conservatism in the performance assumptions of attestation design and is also the driving force behind more proactive development of alternatives resistant to quantum attacks.

Conclusion

The Ethereum attestation system faces numerous challenges on its path of technological evolution. Due to the high threshold for independent staking, staking service providers represented by Lido have become the main choice for Ethereum node staking, while dual-layer staking schemes also carry a certain degree of centralization risk. To address these challenges, key issues that Ethereum needs to resolve include single-slot finality and staking democratization, single secret leader elections, accelerating transaction confirmations, and developing alternatives resistant to quantum attacks.

Vitalik has conducted a comprehensive reflection on the "The Merge" upgrade, proposing a combination of various technical solutions and exploring the design potential of Ethereum's PoS attestation technology and the currently feasible paths for technical upgrades.

During the process of technological upgrade, Ethereum continuously explores and innovates, weighing choices between different technical solutions to find the most suitable development path, achieving higher security, performance, and decentralization.