The following paper is relevant to this thread. Comments are welcome. From Indexing to Coding: A New Paradigm for Data Availability Sampling Moritz Grundei, Aayush Rajasekaran, Kishori Konwar, Muriel Medard The data availability problem is a central challenge in blockchain systems and lies at the core of the accessibility and scalability issues faced by platforms such as Ethereum. Modern solutions employ several approaches, with data availability sampling (DAS) being the most self-sufficient ...| Ethereum Research - Latest posts
The Dolev Reischuk lower bound that forces quadratic communication holds against a strongly adaptive adversary: Subsampling validators is a way to use randomization in a way that works against a weak adaptive adversary. See definition here: So you are circumventing the lower bound by assuming a slightly weaker adversary in terms of adaptiveness. I think it’s a very reasonable path| Ethereum Research - Latest posts
Coauthored with Augusto Teixeira.Special thanks to Diego Nehab and Luca Donno for reviewing this piece. Recent ZK advances have reignited interest in Non-Interactive (NI) ZK Fraud Proofs like Kailua and OP Succinct Lite, pitched as a “best of both worlds”: no refutation costs when there is no fraud, and a single ZK proof to invalidate fraud when it occurs. Projects like Eclipse, BOB, SOON, and MegaETH have embraced this model, and even Arbitrum has signaled interest. This enthusiasm led u...| Ethereum Research - Latest posts
Toward Semantic Block Chunking As block gas limits increase, the size of Ethereum blocks will inevitably grow. We cannot rely on monolithic blocks that are compressed, propagated, and only then executed. At some point, we need to introduce block chunking to reduce latency, smooth propagation, and relieve validators in the critical path. In an earlier post, I described semantic payload chunking and the motivation behind it. Now, I want to take that idea further: real progress comes from treati...| Ethereum Research - Latest posts
Deep Funding: A Prediction Market For Open Source Dependencies Elizabeth Yeung, Clément Lesaege, Devansh Mehta. Special thanks to David Gasquez, Eliza Oak and Davide Crapis for their feedback on earlier versions of the draft, and to Vitalik Buterin for the initial inspiration and extensive discussions. Executive Summary Deep Funding uses a network of bots, models and traders to predict the value of open source repositories to Ethereum if they were to be judged by a jury. Goal: A public key t...| Ethereum Research - Latest posts
Static Higher Order Function dynamic higher order functions (Lisp Closures) When you write Lisp compiler, functions are treated as values like other values such as integers, bools, and strings. you may use “closure” to implement functions as a value. But in pen compiler, we do not need to pass functions to other contracts, and if we want to call functions on another contract, then we do not need to recieve function closures. EVM contract call displaced this kind of function closure wrappi...| Ethereum Research - Latest posts
So if you can take the entire network down and steal all the funds, and it requires two transactions or two network packets, that is not even low severity. Or should the sentence be read differently ? and then, what does “trivially cause network splits” even mean? If you “non-trivially cause network splits,” aren’t you paid $2M? and then, if you have a vulnerability that slashes 1% of validators, you could trivially slash 33% of validators by applying the same exploit 33 times. and ...| Ethereum Research - Latest posts
Thanks toToniandLadislausfor discussion and feedback. EIP-7928 introduces Block-Level Access Lists (BALs) to improve parallel execution on L1. Beyond scaling, BALs also unlock a simpler foundation for proposer commitment protocols, especially execution preconfs. Instead of relying on fragmented proofs across multiple Merkle Patricia Tries, BALs provide a canonical record of all post-transaction values that commitments can be tied to. That said, the current EIP-7928 spec isn’t directly amena...| Ethereum Research - Latest posts
TL;DR: In our latest research, we designed, implemented, and evaluated three bribery attacks. They aim to violate three fundamental properties of consensus protocols. PayToAttest: Tramples safety by enabling vote buying (attestations). PayToExit: Incentivizes validators to cease participating in the consensus, thereby threatening liveness. PayToBias: RANDAO bribery market impacting fairness. Our results show that these attacks are surprisingly cheap and practical, with bribes as low as 0.09 E...| Ethereum Research - Latest posts
Introduction: Radius uses PVDE (time lock + zk) to encrypt the transaction pool, weakening the possibility of MEV attacks. That is, before the time lock is cracked, the transaction content cannot be seen, so MEV attacks cannot be carried out. When Radius receives an encrypted transaction, it makes an order commitment and simultaneously begins to decrypt the time lock. After committing the user’s ordering, the time lock is cracked, and Radius obtains the transaction content and packages and ...| Ethereum Research - Latest posts
@vbuterin could please give your feedback Hi everyone, We’re building a new ZK rollup that makes privacy as fundamental as scalability, and we’d love to gather early feedback from the Ethereum community. The Problem: Layer 2 rollups have solved Ethereum’s throughput bottleneck but not its privacy problem. Today, balances, contract state, and transaction metadata remain public. Since Ethereum uses an account-based model, repeated activity can easily be linked to identities — opening th...| Ethereum Research - Latest posts
MEVless Protocol extends: A trustless on-chain anti-MEV solution for Layer2/3 Prerequisites MEVless applicable attack scenarios: Sandwich attacks Front-running attacks MEVless applicable chains: Here, I do not recommend using the MEVless protocol directly at the L1 public chain level (especially general-purpose blockchains like ETH and Solana), because MEVless requires targeted modifications to the blocks themselves, which are specifically designed to resist MEV and may not be suitable for ot...| Ethereum Research - Latest posts
Joint work with @b-wagn, A Documentation of Ethereum’s PeerDAS The long-term vision of the Ethereum community includes a comprehensive data availability protocol using polynomial commitments and tensor codes. As the next step towards this vision, an intermediate solution called PeerDAS is about to integrated, to bridge the way to the full protocol. With PeerDAS soon becoming an integral part of Ethereum’s consensus layer, understanding its security guarantees is essential. The linked docu...| Ethereum Research
Surely this undermines the basis of eth2 PoS consensus. How then does Ethereum secure itself against validators colluding to raise proposal rewards or even perform double spend attacks? Correct me if I’m wrong, but I imagine your answer will be that it is not in validator self-interest because of the threat to their stake from a loss of confidence in the network. What I want to show you is that the risks of full-block MEVA are comparable in severity, both in terms of gatekeeping centralizat...| Ethereum Research
Context We stitched together the first mainnet view that compares block mev rewards across large operators (Kiln, Everstake, Network) and smaller preconfirmation cohorts (Primev validators, Kiln‑Primev, and Kiln‑EthGas cross‑cuts). The goal: find out whether preconfirmations are already adding value to the typical validator block and what to do next. TL;DR On typical blocks (75th percentile), mev-commit was observed to deliver blocks with higher value than Kiln validators when the two a...| Ethereum Research - Latest posts
BITE Phase 2 MVP Spec With BITE Phase 2, each block can include Contract-Action-Transactions (CATs)— transactions initiated by smart contracts execution in the previous block. CATs enable smart contracts to decrypt data and then perform actions automatically on this data. Key Benefits of Using BITE Phase 2 Automation: Contracts act on decrypted data automatically, without requiring another user transaction. Efficiency: Decryption is done in the same batch as BITE Phase 1, so no extra perfor...| Ethereum Research - Latest posts
The trilemma says you can only have two out of three: Privacy – this means the industry needs confidential data on-chain to match Web2 financial apps. Otherwise, we’ll be stuck forever with trading/gambling/HODLing use cases. Ease of use – without ease of use and ease of development, no one will use or build privacy apps. Classic Consensus – this refers to the classic PoS consensus. If you use Classic Consensus, you can achieve privacy but at the expense of being prohibitively hard to...| Ethereum Research - Latest posts
This works, but there is an alternative route (to prove the status of a certain transaction of block X at index Y within the EVM): if you get the receipt from the transaction, one of the encoded fields is “success” (0 or 1). If the transaction reverted, it is 0. If it succeeded, it is 1. Therefore, to prove that the transaction was reverted in a subsequent block, you have to prove that the status field of that certain transaction was 0 and not 1 (and the transaction is thus the one in que...| Ethereum Research - Latest posts
There are two EIPs proposing a precompile for the current NIST Falcon variant Of the two, EIP-7619 appears to be closest to what AA would need and the most versatile, as it accepts the entire message rather than a pre hashed message (note that Falcon salts it’s messages prior to signing with a signature specific salt). It is the EIP I am attempting to revive for a precompile.| Ethereum Research - Latest posts
Open, Application-Driven FHE for Ethereum I would like to warmly thank Andy Guzman, Christian Knabenhans, Eugene Joo, Gurgen Arakelov, Keewoo Lee, Nam Ngo, Rand Hindi, Sam Richards, Thore Hildebrandt, Younes Talibi Alaoui, and Yuriy Polyakov for their generous feedback. TL;DR Why this matters (and why it’s hard): Fully Homomorphic Encryption (FHE) enables computation on encrypted data, unlocking confidentiality for Ethereum smart contracts, rollups, and AI applications. However, its adoptio...| Ethereum Research - Latest posts
Post-Pectra Effects on Ethereum: Reorg Rate, Propagation, and Block Size This analysis was conducted as part of the Pectra Grants Program by the Decipher Research Team. We would like to thank the ethPandaOps team for providing Xatu-data, an extensive dataset of Ethereum node measurements, and the Ethereum Foundation ESP team for supporting this work through the Pectra grants round. Our preprocessed dataset and analysis code are openly available . TL;DR In this post, we empirically analyze the...| Ethereum Research - Latest posts
Gossipsub’s Partial Messages Extension and Cell Level dissemination or how to make blob propagation faster and more efficient Thanks to Raúl Kripalani, Alex Stokes, and Csaba Kiraly for feedback on early drafts. Overview Gossipsub’s new Partial Message Extension allows nodes to upgrade to cell level dissemination without a hard fork. Increasing the usefulness of data from the local mempool (getBlobs). There is a draft PR that specifies how Consensus Clients make use of the Partial Messag...| Ethereum Research - Latest posts
Payload Chunking tl;dr: Split an EL block (=payload) into multiple mini‑blocks (“chunks”) of fixed gas budget (e.g. 2**24 = 16.77M) that propagate independently as side cars. Each chunk carries the pre‑state it needs to execute statelessly and commits to its post‑state diff. Chunks are ordered but can be executed fully independently in parallel. CL commits to the set of chunk headers; sidecars carry bodies and inclusion proofs. Validation becomes more of a continuous stream. Motivat...| Ethereum Research
13 Gas-model inconsistencies in Ethereum This post summarizes 13 inconsistencies in Ethereum’s gas model. All the symbols come from the Ethereum Yellow Paper (esp. Appendix G. Fee Schedule). --- 1. The external transaction does not incur new-account charges (G_{newaccount}) when creating an account, but internal transactions do Example Suppose you want a contract C to transfer ETH to a brand-new accountA that does not yet exist. If C transfers directly, the internal new-account path charges...| Ethereum Research - Latest posts
Arbitrum One and Base leveraged Ethereum security for only ~28% of its TVS for last month TL;DR L2s aren’t using Ethereum settlement as intended - Most assets and transactions on L2s bypass Ethereum settlement through third-party bridges, external assets, and native tokens. Asset settlement defines true security - The real question about infrastructure-level security is who controls the underlying ledger: Ethereum (canonical assets), external bridges (CCTP USDC, LayerZero OFTs), or the L2 ...| Ethereum Research
Suppose that we have an on-chain Casper FFG cycle, which we absolutely want to confirm, and which we want the chain to be aware of, but this cycle would take a much longer time than we find acceptable because of overhead/finality time/decentralization tradeoffs. For example, suppose that we have 32 ETH validator slots, with 10,000,000 ETH validating in total; this would entail 312500 validator entries, which at an overhead of 4 tx/sec would take nearly a day to go through. We can achieve much...| Ethereum Research
Consider a Lamport signature scheme where there are 256 participants, and each participant is required to reveal one of eight values that they have committed to (ie. 128 bytes total for a Merkle branch). Given a value with hash H (assume a 768 bit hash), take 3 bits of H and assign them to each user. That user is required to provide the specific value that’s assigned to by the 3 hash bits. Any signature containing at least 170 valid preimages+Merkle branches passes as valid. If you actually...| Ethereum Research
TLDR: We present a signature aggregation scheme intended as a possible alternative to BLS signatures in the context of committee voting, with applications such as committee-based notorisation and fork-free sharding. Construction Let V be a committee of voters v_1, ..., v_n. For a given message m every voter can cast one vote by signing m. For concreteness we set |V| = 423 (as inspired by Dfinity) and require a threshold of t votes (e.g. t = |V|/2) to form a quorum. Given at least t votes, som...| Ethereum Research
Epistemic status: early exploration Recently, there has been discussion about more aggressive ways to reduce Ethereum’s slot time. This can be done in two ways: Reducing the \delta parameter (our assumption on maximum expected network latency). This can only be done safely if we get improvements at the p2p layer that reduce latency Re-architecting the slot structure to reduce the number of network latency rounds in one slot. There is significant p2p hardening and optimization work going on ...| Ethereum Research - Latest posts
Helloes, I’m trying to build a brand new blockchain (feel free to ask me why, I’m happy to provide info about my project) and I’m prototyping the first node implementation in Rust. This blockchain will be capable of executing smartcontracts compiled as WebAssembly modules, generating a zk-SNARK proof of their correct execution. I’m quite new to zk-SNARKs but after plenty of exploration I believe the best scheme to use is Halo2, which doesn’t need any trusted setup and also supports ...| Ethereum Research
Hey folks At SKALE we are developing BITE( Blockchain Integrated Threshold Encryption) where the current PoS validator committee is also a Threshold Encryption committee The BITE protocol is used in the new L1 chain we just annouced - FAIR. FAIR is an ETH fork that will support private data on chain In addition to provably eliminating MEV, one compelling direction for BITE is enabling smart contracts to perform on-chain decryption via a precompiled contract. This would allow Threshold Enc...| Ethereum Research
We have recently published a paper “Burn Your Vote”, Proposing a protocol in which voters “burn tokens” to pseudorandom addresses and submit zk‑SNARK proofs to prove a valid burn, achieving vote integrity, coercion resistance, and unlinkability with minimal gas overhead No FHE, No MPC, No TLP, No heavy computation. You can explore the code here: GitHub ‑ Proof‑of‑Burn Voting For a high‑level overview, see our paper: Eprint ‑ Proof‑of‑Burn Voting Why Burn Your Vote? Cur...| Ethereum Research
Privacy is crucial for Ethereum’s long-term survivability and operability. Following the marvelous Ethereum Privacy: The Road to Self-Sovereignty roadmap, we came up with a concept of a confidential WETH, which may grow into a full-fledged confidential token standard (EIP) in the future. Would love to hear your thoughts about the draft! 1. Introduction Transparency is one of the key benefits of public blockchains. However, the public visibility of transactions potentially compromises users...| Ethereum Research
TLDR: We suggest using BLS signature aggregation as a pragmatic medium-term solution to the signature verification bottleneck of sharding and Casper, later replacing it with STARK-based aggregation for quantum security. Background Signature verification is the major bottleneck for both sharding and Casper. Assuming 32 ETH deposits (relatively small deposits to encourage participation and decentralisation) and ~10,000,000 ETH at stake we get ~312,500 validators. Casper finality requires 2/3 of...| Ethereum Research
This study was done by @cortze and @yiannisbot from the ProbeLab team (probelab.io), with the feedback of the EF and the PeerDAS community. Introduction The Dencun upgrade was an important milestone for Ethereum’s roadmap. It introduced Blob transactions and Blob sidecars (through EIP-4844). The upgrade included major updates for the underlying network, which now has to share over GossipSub a target of three blob sidecars of 128KBs each per slot, caped to six of them as a maximum (often ref...| Ethereum Research
TLDR: We present a 1-bit custody bond scheme which is friendly to BLS aggregation. Construction Let V be a 32-ETH collateralised validator that has published H(s) onchain where s is a 32-byte secret. Given a piece of data D the validator V can compute the corresponding “custody bit” b as follows: Partition D into 32-byte chunks XOR every 32-byte chunk with s and H(D) Merkleise the XORed chunks to get a root r Let b be the least significant bit of r The signed message [H(D), b] is a non-o...| Ethereum Research
TLDR: We highlight a special subset of rollups we call “based” or “L1-sequenced”. The sequencing of such rollups—based sequencing—is maximally simple and inherits L1 liveness and decentralisation. Moreover, based rollups are particularly economically aligned with their base L1. Definition A rollup is said to be based, or L1-sequenced, when its sequencing is driven by the base L1. More concretely, a based rollup is one where the next L1 proposer may, in collaboration with L1 search...| Ethereum Research
Special thanks to Justin Drake and the Flashbots team for feedback and discussion. A major risk threatening the ongoing decentralization of consensus networks is the economics around miner extractable value (MEV), sophisticated tricks to extract profit from the ability to choose the contents of the next block. A simple example of MEV is arbitraging all on-chain decentralized exchanges against price movements that have happened since the previous block. While normal PoS rewards are reasonably ...| Ethereum Research
We can actually scale asset transfer transactions on ethereum by a huge amount, without using layer 2’s that introduce liveness assumptions (eg. channels, plasma), by using ZK-SNARKs to mass-validate transactions. Here is how we do it. There are two classes of user: (i) transactor, and (ii) relayer. A relayer takes a set of operations from transactors, and combines them all into a transaction and makes a ZK-SNARK to prove the validity, and publishes the ZK-SNARK and the transaction data in ...| Ethereum Research
MEV-Boost: Merge ready Flashbots Architecture This architecture is a work in progress - the final design will reflect the feedback collected and lessons learned through implementation and can be found on the mev-boost github repository This document outlines the design for a marketplace for block construction (often referred to as block proposer / block builder separation or PBS) compatible with the upcoming Ethereum merge fork. This trust based solution closely resembles the current Flashbot...| Ethereum Research
Flashbots: Frontrunning the MEV crisis Flashbots is a research and development organization formed to mitigate the negative externalities and existential risks posed by miner-extractable value (MEV) to smart-contract blockchains. We propose a permissionless, transparent, and fair ecosystem for MEV extraction to preserve the ideals of Ethereum. The spike in Ethereum usage over the last few months has revealed a set of negative externalities brought by MEV. These include network congestion (i.e...| Ethereum Research
Thanks to @Mikerah for help revising this. Merged Consensus The high-level goal of merged consensus is to provide an objective deterministic permissionless consensus protocol that can be used for side chains, and runs entirely on-chain. It is an alternative to designs like Proof-of-Stake consensus for side chains, but unlike stake-limited consensus protocols it does not require a separate token, a separate set of block producers, a bunch of strong assumptions, etc. Preambles This spec assumes...| Ethereum Research
At present, the bottleneck constraining throughput on the Ethereum 1.0 chain is state growth. So if we want to scale Ethereum, the logic goes, then 1000 shards where each has independent state would enable 1000x more throughput. But consider the direction that Eth 1.x seems to be heading. The desire for Eth1.x is to make a large cost adjustment to two resource types: storage and tx data. Currently, storage is underpriced and tx data is overpriced. This incentivizes dapp developers to write co...| Ethereum Research
Special thanks to @vbuterin for the original idea, @djrtwo, @zilm and others for review and useful inputs. TL; DR an eth2 execution model alternative to executable shards with support of single execution thread enshrined in the beacon chain. Recently published rollup-centric roadmap announces data shards as the main scaling factor of execution in eth2 allowing scalability upon a single execution shard and simplifying the overall design. Eth1 Shard design supposes communication with data shard...| Ethereum Research
eth1+eth2 client relationship Since Vitalik proposed an Alternative proposal for early eth1 <-> eth2 merge in Dec 2019, there has been an active conversation about what this merger might look like from a software perspective and an eagerness to begin prototyping. The vision is a hybrid in which core consensus work is managed by an eth2-client and state/block-production is managed by an eth1-engine – together forming an eth1+eth2 client. This document aims to make more explicit the separatio...| Ethereum Research
Nicolas Liochon, Théodore Chapuis-Chkaiban, Alexandre Belling, Olivier Bégassat Many thanks to Thomas Piellard, Blazej Kolad and Gautam Botrel for their constructive feedback. Hi all, here is a proposal for an efficient zk-EVM arithmetization which we are starting to implement. Our objective was to satisfy the 3 following design goals: support for all EVM opcodes including internal smart contract calls, error management and gas management, ability to execute bytecode as is, minimal prover t...| Ethereum Research
