13 Gas-model inconsistencies in Ethereum This post summarizes 13 inconsistencies in Ethereum’s gas model. All the symbols come from the Ethereum Yellow Paper (esp. Appendix G. Fee Schedule). --- 1. The external transaction does not incur new-account charges (G_{newaccount}) when creating an account, but internal transactions do Example Suppose you want a contract C to transfer ETH to a brand-new accountA that does not yet exist. If C transfers directly, the internal new-account path charges...| Ethereum Research - Latest posts
Ethereum uses a constant BLOB_BASE_FEE_UPDATE_FRACTION when updating the blob base fee each block, with the proportional change in the fee computed as: math.exp((blob_gas_used - TARGET_BLOBS * GAS_PER_BLOB) / BLOB_BASE_FEE_UPDATE_FRACTION) A new value for this constant has been included in each EIP that changes the target blob gas. It turns out that there is a simple generalization for computing the constant, consistent with both the value set in EIP-4844 and EIP-7691, that would be appropria...| Ethereum Research - Latest posts
Thanks for Ellie, Luca, Florian, and Ladislaus for all the feedback as well as the various teams who reviewed. Feedback is not necessarily an endorsement. SCOPE is a minimal protocol for push-based synchronous composability, enabling contracts on Ethereum and rollups to call each other and immediately process results as if they lived on a single chain. It supports all directions, L1↔L2 and L2↔L2, within a single atomic execution scope. A minimal proof of concept can be found here. Motivat...| Ethereum Research - Latest posts
The below oracle is designed to be a trust-minimized and permissionless way to get token prices that anyone can use. At its most basic level the oracle works by having a reporter submit both a limit bid and ask at the same price. Anyone can swap against these orders minus a small fee (no partial fills). If nobody takes either order in a certain amount of time, it is evidence of a good price that can be used for settlement. If an order is taken, the taker needs to post collateral in both token...| Ethereum Research - Latest posts
This article is authored by Chanyang Ju(wooju), Researcher at Radius. Thanks to Hugo for his contribution to the PoC and AJ for reviewing this post. 1. Abstract --- This article introduces State Lock Commitment, a new blockspace commitment mechanism for Proposer-Builder Separation (PBS). Current inclusion-based commitments fail to guarantee execution consistency, leading searchers to adopt risk-averse strategies that reduce market efficiency. We propose a dual-component approach that goes bey...| Ethereum Research - Latest posts
Yea, so I learned about this today. I think it’s a bad idea and I don’t think we should do it.| Ethereum Research - Latest posts
Unlocking privacy-perserving DeFi. No protocol-level modifications, no co-processors needed for ZEX to operate. Although very heavy on the UX side (and gas-wise), this is an early PoC draft. Any feedback would be invaluable! The ZEX protocol is built on top of the cWETH confidential token model. Please do check it out first before proceeding. --- 1. Introduction Ethereum’s transparency, while being one of its most valuable advantages, has become a barrier to real-world financial adoption. P...| Ethereum Research - Latest posts
Ethereum Validator Key Management via DDH-Based Exponent Verifiable Random Functions (eVRF) Authors: Yecheke Bonya Oryn Bonya and Antonio Sanso As Ethereum and other blockchain platforms evolve towards more scalable and secure consensus mechanisms, the demand for verifiable randomness becomes increasingly critical. In Proof-of-Stake (PoS) systems, randomness drives validator selection, leader election, and committee formation—processes that must be both unpredictable and publicly verifiable...| Ethereum Research - Latest posts
Authors:Thomas Coratger, Giacomo Fenzi Thank you to Justin Drake and Tom Wambsgans for the insightful and constructive feedback. Introduction: why and how WHIR could be used for Ethereum in the future? As Ethereum continues to scale, the demands on SNARK proof systems become increasingly sharp: proofs must be tiny, verification must be lightning-fast, and the overall system must remain simple and robust enough to be verifiable on minimal hardware — ideally something as constrained as a Rasp...| Ethereum Research - Latest posts
The Problem DeFi protocols can’t optimize their parameters without trust assumptions. They either pay consultants like Gauntlet millions per year or stick with static parameters that leave money on the table. The numbers are substantial—Uniswap V3 LPs lose hundreds of millions to poor range management, lending protocols maintain unnecessarily conservative parameters. The obvious solution would be to run optimization algorithms on-chain, but that’s not feasible. LLMs and neural networks ...| Ethereum Research - Latest posts
Arbitrum One and Base leveraged Ethereum security for only ~28% of its TVS for last month TL;DR L2s aren’t using Ethereum settlement as intended - Most assets and transactions on L2s bypass Ethereum settlement through third-party bridges, external assets, and native tokens. Asset settlement defines true security - The real question about infrastructure-level security is who controls the underlying ledger: Ethereum (canonical assets), external bridges (CCTP USDC, LayerZero OFTs), or the L2 ...| Ethereum Research
Suppose that we have an on-chain Casper FFG cycle, which we absolutely want to confirm, and which we want the chain to be aware of, but this cycle would take a much longer time than we find acceptable because of overhead/finality time/decentralization tradeoffs. For example, suppose that we have 32 ETH validator slots, with 10,000,000 ETH validating in total; this would entail 312500 validator entries, which at an overhead of 4 tx/sec would take nearly a day to go through. We can achieve much...| Ethereum Research
Consider a Lamport signature scheme where there are 256 participants, and each participant is required to reveal one of eight values that they have committed to (ie. 128 bytes total for a Merkle branch). Given a value with hash H (assume a 768 bit hash), take 3 bits of H and assign them to each user. That user is required to provide the specific value that’s assigned to by the 3 hash bits. Any signature containing at least 170 valid preimages+Merkle branches passes as valid. If you actually...| Ethereum Research
TLDR: We present a signature aggregation scheme intended as a possible alternative to BLS signatures in the context of committee voting, with applications such as committee-based notorisation and fork-free sharding. Construction Let V be a committee of voters v_1, ..., v_n. For a given message m every voter can cast one vote by signing m. For concreteness we set |V| = 423 (as inspired by Dfinity) and require a threshold of t votes (e.g. t = |V|/2) to form a quorum. Given at least t votes, som...| Ethereum Research
Very good work! What’s the latest status on this problem? Has it been fixed or improved, and if so, how?| Ethereum Research - Latest posts
That is awesome results. Some questions about the way falcon circuit is implemented in LABRADOR: what is the inside PRNG used for the hashToPoint part of the verification (replace keccak by poseidon for sure ?) how many NTTs are computed in the verification ? Is the precomputed version of the public key used, (being a bijective function, it can be considered as an encoding, thus saving 33% of computational time). benchmarks display 1 thread, is the // of aggregation a easy or hard task (shall...| Ethereum Research - Latest posts
On Ethereum Prover Market Design ^lol… also, there is one easter egg link to a movie franchise in the body of the post – happy clicking \cdot tl;dr; The current Ethereum scaling roadmap depends on ZK proofs to enable consensus under higher gas limits. If proofs become part of the validity condition on blocks, proposers who are unable to generate the proofs themselves must purchase them from a third party. We present a model of this proof acquisition game and compare the performance of two...| Ethereum Research - Latest posts
My name is Mat, researcher at ECF and co-founder of SpaghettETH. I would like to contribute to this thread with something ECF has just released. (Apologies for the hiccup before. I tried to edit my post by adding dapp screenshots but it ended up halting me for 24h) Data on public goods can be unstructured, politically contested, or just incomplete. Without a shared, credible mechanism to validate and update this knowledge base, dashboards risk favouring bias. We want truths about Web3 project...| Ethereum Research - Latest posts
Integrating 3SF with ePBS, FOCIL, and PeerDAS Authors: Luca Zanolini, Roberto Saltini Thank you to Francesco, Julian, and Thomas for the insightful and constructive feedback. In the following, we explore how 3SF can be integrated with ePBS, FOCIL, and PeerDAS. The original 3SF protocol does not account for newer proposals around PeerDAS, inclusion lists, or proposer-builder separation. We build on the existing analysis by Francesco and extend it to fully support 3SF. Note: This is a prelimina...| Ethereum Research - Latest posts
Abstract This document describes a hierarchical deterministic wallet scheme that works with lattice-cryptography. Motivation Hierarchical Deterministic Wallets HD-Wallets have become the de-facto standard in blockchain. As the blockchain industry discussed a post-quantum future, we would like to apply this technique to keys in a lattice cryptography setting, as the user experience of backing up a single seed phrase that generates unlimited a-priori-unconnected keys is highly preferable to use...| Ethereum Research - Latest posts
In theory, the priority fee market operates independently from the base fee market. However, in term of analyzing priority fees, several questions are worth exploring: What percentage of transactions in a block pay priority fees? What types of users pay priority fees? Are they normal users, MEV searchers, or other categories? Under what circumstances do users choose to pay priority fees? We should also examine factors beyond priority fees. For instance, if we make it easier for blocks to reac...| Ethereum Research - Latest posts
Epistemic status: early exploration Recently, there has been discussion about more aggressive ways to reduce Ethereum’s slot time. This can be done in two ways: Reducing the \delta parameter (our assumption on maximum expected network latency). This can only be done safely if we get improvements at the p2p layer that reduce latency Re-architecting the slot structure to reduce the number of network latency rounds in one slot. There is significant p2p hardening and optimization work going on ...| Ethereum Research - Latest posts
Helloes, I’m trying to build a brand new blockchain (feel free to ask me why, I’m happy to provide info about my project) and I’m prototyping the first node implementation in Rust. This blockchain will be capable of executing smartcontracts compiled as WebAssembly modules, generating a zk-SNARK proof of their correct execution. I’m quite new to zk-SNARKs but after plenty of exploration I believe the best scheme to use is Halo2, which doesn’t need any trusted setup and also supports ...| Ethereum Research
We have a way to deal with bad blocks currently. I mentioned earlier the references on dealing with Byzantine nodes that introduce bad blocks (see my post from Feb 3). I would recommend NOT using Pedersen commitments because of modularity, as neat as I find it from a pure technical perspective. What you are doing is tying together the representation with the validation, which is fine, but it closes doors. For example, you start with a binary extension field, then you decide to do homomorphic ...| Ethereum Research - Latest posts
Thanks to Kev, Maryam, Mike, Thomas Thiery, Thomas Coratger, Maria, Caspar, Ladislaus, Marios, George, Mary, and Dmitry for feedback and discussions that led to this post (feedback ≠ endorsement). When Ethereum implements a zkEVM on the L1, it will be necessary to source proofs for blocks. This post proposes to implement a prover market on Ethereum: It allows builders to connect with a permissionless set of provers. Builders, with help from the Ethereum protocol, deposit a prize for proofs ...| Ethereum Research - Latest posts
Hey folks At SKALE we are developing BITE( Blockchain Integrated Threshold Encryption) where the current PoS validator committee is also a Threshold Encryption committee The BITE protocol is used in the new L1 chain we just annouced - FAIR. FAIR is an ETH fork that will support private data on chain In addition to provably eliminating MEV, one compelling direction for BITE is enabling smart contracts to perform on-chain decryption via a precompiled contract. This would allow Threshold Enc...| Ethereum Research
We have recently published a paper “Burn Your Vote”, Proposing a protocol in which voters “burn tokens” to pseudorandom addresses and submit zk‑SNARK proofs to prove a valid burn, achieving vote integrity, coercion resistance, and unlinkability with minimal gas overhead No FHE, No MPC, No TLP, No heavy computation. You can explore the code here: GitHub ‑ Proof‑of‑Burn Voting For a high‑level overview, see our paper: Eprint ‑ Proof‑of‑Burn Voting Why Burn Your Vote? Cur...| Ethereum Research
Privacy is crucial for Ethereum’s long-term survivability and operability. Following the marvelous Ethereum Privacy: The Road to Self-Sovereignty roadmap, we came up with a concept of a confidential WETH, which may grow into a full-fledged confidential token standard (EIP) in the future. Would love to hear your thoughts about the draft! 1. Introduction Transparency is one of the key benefits of public blockchains. However, the public visibility of transactions potentially compromises users...| Ethereum Research
We propose a solution that allows Internet users to privately prove control over real web accounts (like Uber or GitHub) using MPC-TLS without revealing any personal data. By converting these credentials into unlinkable zero-knowledge group proofs, we can unlock Sybil-resistant airdrops, governance, and access control without compromising user privacy. Protocol Overview: ┌─────────────────┐ ┌─────────────────┐ ┌─...| Ethereum Research
Now I’m well aware that Ethereum is migrating to Verkle trees which are a completely different beast, but while working on my own blockchain project I evaluated Merkle-Patricia trees (or tries) versus various types of self-balancing trees and I suspect I have a result that makes 3-ary B-trees significantly better than MPTs. Let’s consider a highly simplistic scenario where we only need to index account balances, so no smartcontract storage or anything else. We need to construct a Merkle-p...| Ethereum Research
@desy we are also offering FREE 1 Goerli-ETH to all users who signup to our MPC based wallet platform. Can you please add our page as well? https://metaclav.com/goerlifaucet/dev-goerli-ape Please let me know if you have any questions or would like to see the demo of the faucet within our platform.| Ethereum Research
Co-authored by vaibhavchellani & letsgetonchain Introduction Today there is a pretty broad consensus that Ethereum L2 interoperability is intent-based. Users simply express what they want, for example, “send 100 USDC from Optimism to Arbitrum.” This intent is picked up by incentivised off-chain bots known as fillers/solvers, who deliver the desired outcome while abstracting away the complexities involved. There are two problematic realities in practice: These markets are illiquid leading ...| Ethereum Research
Co-authored by Michael and Kubi (Gattaca). Special thanks to Thomas, Julian, Anders, Max and Niclas for their feedback and suggestions. Feedback is not necessarily an endorsement. Overview This post introduces relay block merging, a way of immediately increasing block value by offsetting two systemic inefficiencies: exclusive order flow on the builder level, and timing games on the relay level. This unlocks transparent revenue for relays, increases Ethereum’s censorship resistance, and prov...| Ethereum Research
TL;DR: we propose Adamantium, a protocol for Autonomous Data Availability, which retains the scaling benefits of off-chain data availability, while removing all trust assumptions for any willing user. Willing to do what? To be online; and if they aren’t online, their funds cannot be stolen, nor frozen - rather, the funds are moved from L2 back to an Ethereum address under the user’s control. Background Validium relies on a DA Committee (DAC), made up of a set of reputable players in the b...| Ethereum Research
Introduction In blockchain and PKI more generally, people are represented by keys. A somewhat strange question to ask might be “why don’t keys represent people?” I will argue this is actually an important question and the crux of major privacy and onboarding challenges. We present a a threshold network design dubbed Mishti Network to derive keys from people rather than arbitrary randomness. This network solves a number of problems in ZK identity, compliance, and onboarding. What does it...| Ethereum Research
Our of our engineers recently measured bare-bones EVM performance both for JIT and not JIT for transactions that did not include state changes (so this is essentially performance of bytecode interpretation). It was 20,000 TPS without JIT and 50,000 TPS JIT for simple transaction (Fibonnachi number calculation) We are currently measuring TPS for transactions that involve state transitions. It looks that state transitions take much longer than math for typical transactions. Does this sound san...| Ethereum Research
TLDR: We suggest using BLS signature aggregation as a pragmatic medium-term solution to the signature verification bottleneck of sharding and Casper, later replacing it with STARK-based aggregation for quantum security. Background Signature verification is the major bottleneck for both sharding and Casper. Assuming 32 ETH deposits (relatively small deposits to encourage participation and decentralisation) and ~10,000,000 ETH at stake we get ~312,500 validators. Casper finality requires 2/3 of...| Ethereum Research
This study was done by @cortze and @yiannisbot from the ProbeLab team (probelab.io), with the feedback of the EF and the PeerDAS community. Introduction The Dencun upgrade was an important milestone for Ethereum’s roadmap. It introduced Blob transactions and Blob sidecars (through EIP-4844). The upgrade included major updates for the underlying network, which now has to share over GossipSub a target of three blob sidecars of 128KBs each per slot, caped to six of them as a maximum (often ref...| Ethereum Research
TLDR: We present a 1-bit custody bond scheme which is friendly to BLS aggregation. Construction Let V be a 32-ETH collateralised validator that has published H(s) onchain where s is a 32-byte secret. Given a piece of data D the validator V can compute the corresponding “custody bit” b as follows: Partition D into 32-byte chunks XOR every 32-byte chunk with s and H(D) Merkleise the XORed chunks to get a root r Let b be the least significant bit of r The signed message [H(D), b] is a non-o...| Ethereum Research
TLDR: We highlight a special subset of rollups we call “based” or “L1-sequenced”. The sequencing of such rollups—based sequencing—is maximally simple and inherits L1 liveness and decentralisation. Moreover, based rollups are particularly economically aligned with their base L1. Definition A rollup is said to be based, or L1-sequenced, when its sequencing is driven by the base L1. More concretely, a based rollup is one where the next L1 proposer may, in collaboration with L1 search...| Ethereum Research
Special thanks to Justin Drake and the Flashbots team for feedback and discussion. A major risk threatening the ongoing decentralization of consensus networks is the economics around miner extractable value (MEV), sophisticated tricks to extract profit from the ability to choose the contents of the next block. A simple example of MEV is arbitraging all on-chain decentralized exchanges against price movements that have happened since the previous block. While normal PoS rewards are reasonably ...| Ethereum Research
We can actually scale asset transfer transactions on ethereum by a huge amount, without using layer 2’s that introduce liveness assumptions (eg. channels, plasma), by using ZK-SNARKs to mass-validate transactions. Here is how we do it. There are two classes of user: (i) transactor, and (ii) relayer. A relayer takes a set of operations from transactors, and combines them all into a transaction and makes a ZK-SNARK to prove the validity, and publishes the ZK-SNARK and the transaction data in ...| Ethereum Research
MEV-Boost: Merge ready Flashbots Architecture This architecture is a work in progress - the final design will reflect the feedback collected and lessons learned through implementation and can be found on the mev-boost github repository This document outlines the design for a marketplace for block construction (often referred to as block proposer / block builder separation or PBS) compatible with the upcoming Ethereum merge fork. This trust based solution closely resembles the current Flashbot...| Ethereum Research
Flashbots: Frontrunning the MEV crisis Flashbots is a research and development organization formed to mitigate the negative externalities and existential risks posed by miner-extractable value (MEV) to smart-contract blockchains. We propose a permissionless, transparent, and fair ecosystem for MEV extraction to preserve the ideals of Ethereum. The spike in Ethereum usage over the last few months has revealed a set of negative externalities brought by MEV. These include network congestion (i.e...| Ethereum Research
Thanks to @Mikerah for help revising this. Merged Consensus The high-level goal of merged consensus is to provide an objective deterministic permissionless consensus protocol that can be used for side chains, and runs entirely on-chain. It is an alternative to designs like Proof-of-Stake consensus for side chains, but unlike stake-limited consensus protocols it does not require a separate token, a separate set of block producers, a bunch of strong assumptions, etc. Preambles This spec assumes...| Ethereum Research
At present, the bottleneck constraining throughput on the Ethereum 1.0 chain is state growth. So if we want to scale Ethereum, the logic goes, then 1000 shards where each has independent state would enable 1000x more throughput. But consider the direction that Eth 1.x seems to be heading. The desire for Eth1.x is to make a large cost adjustment to two resource types: storage and tx data. Currently, storage is underpriced and tx data is overpriced. This incentivizes dapp developers to write co...| Ethereum Research
Special thanks to @vbuterin for the original idea, @djrtwo, @zilm and others for review and useful inputs. TL; DR an eth2 execution model alternative to executable shards with support of single execution thread enshrined in the beacon chain. Recently published rollup-centric roadmap announces data shards as the main scaling factor of execution in eth2 allowing scalability upon a single execution shard and simplifying the overall design. Eth1 Shard design supposes communication with data shard...| Ethereum Research
eth1+eth2 client relationship Since Vitalik proposed an Alternative proposal for early eth1 <-> eth2 merge in Dec 2019, there has been an active conversation about what this merger might look like from a software perspective and an eagerness to begin prototyping. The vision is a hybrid in which core consensus work is managed by an eth2-client and state/block-production is managed by an eth1-engine – together forming an eth1+eth2 client. This document aims to make more explicit the separatio...| Ethereum Research
Nicolas Liochon, Théodore Chapuis-Chkaiban, Alexandre Belling, Olivier Bégassat Many thanks to Thomas Piellard, Blazej Kolad and Gautam Botrel for their constructive feedback. Hi all, here is a proposal for an efficient zk-EVM arithmetization which we are starting to implement. Our objective was to satisfy the 3 following design goals: support for all EVM opcodes including internal smart contract calls, error management and gas management, ability to execute bytecode as is, minimal prover t...| Ethereum Research