From the comments, Vitalik Buterin

Analyst

|

1. In retrospect, was it a good decision to have ethereum bytecodes executed on every single mining node? And if not, would he have selected sharding and plasma or a different solution?

2. How confident is he that transitioning to proof-of-stake will be successful? What are the risks of proof-of-stake?

I’ll answer this one here in detail because it’s probably too technical for it to be valuable to put a good answer into a Conversation with Tyler.

> 1. In retrospect, was it a good decision to have ethereum bytecodes executed on every single mining node? And if not, would he have selected sharding and plasma or a different solution?

Ultimately the answer is, yes given the knowledge we had at the time, no given what we know today. If I was doing Ethereum back then with the knowledge that I have today, I would obviously shoot straight for exactly the design that the research team is shooting for today (Casper PoS, sharding), and I would have actively encouraged developers to work on state channels and Plasma from day 1. Layer 1 scaling (sharding) and layer 2 scaling (state channels and Plasma) are complementary; gains from the two are multiplicative with each other, so it’s not a matter of A vs B, it’s A and B.

Ultimately, for a distributed validation system to work, you need to satisfy two properties:

1. There are enough (randomly sampled) nodes on average validating any given piece of data that invalid data will under no circumstances get through.
2. There are mechanisms that can ensure that if bad data *does* get through (eg. because of a 51% attack), then clients can detect this. In a sharded system, there is obviously too much data for clients to verify directly, but there are indirect approaches that can be used that can give equivalent assurances with some additional security assumptions (STARKs, fraud proofs, data availability proofs…)

> 2. How confident is he that transitioning to proof-of-stake will be successful? What are the risks of proof-of-stake?

Close to 100% confident that proof of stake is possible in principle; many chains are using (crappy versions of) it already. There’s obviously the question of how strong properties we can achieve with PoS though, and there are some edges of that that are still being worked out. The main risks that I see are (i) weird game-theoretic attacks on the specific design that we end up going with, and (ii) pool centralization.

IMO Satoshi’s PoW is really nice in part because of its sheer simplicity; the simplicity helps with decentralization because pretty much anyone can understand how it works, whereas traditional non-PoW consensus algos like PBFT are far more complex. Casper FFG was designed in part to replicate something close to PoW-style simplicity while still having the safety and liveness properties of traditional BFT consensus algos; and I’m obviously interested in minimizing complexity of the sharding design as well.

Here is the link, he offers several other “highly technical” answers in the comments.

Comments

I think it's amazing that Vitalik made the effort to give detailed answers to all the technical questions here.

It's clear that Vitalik is focused on developing Ethereum into a scalable viable platform and is not interested in hype for the sake of hype. It's also evident from Vitalik's responses that Ethereum is still a research project: the scalabilty and security aspects are still being worked on.

Moreover the use cases for Ethereum are still not entirely clear - or at least are not a focal aspect in the development of the architecture.

This is the opposite of what happened with the internet. First there were email and newsgroups which ran over UUCP and then were able to move to the academic IP network. Then came FTP. Then came http. With the internet, the explosion of interest and development of the platform came _after_ the basic applications were in use.

I have yet to see any good, non-hype-filled analysis of what kinds of apps are likely to actually take off on Ethereum. After I learn more maybe I will try to write one myself.

It's still far from clear that blockchain currencies can be adequately protected. Over the weekend hackers made off with a reported $40M from one of the South Korean exchanges. the value of both Bitcoin and Ethereum dropped in response to this.

The average person doesn't understand the details of the manipulations of the current financial world. In fact, the complexities of Wall Street and the instruments with which it deals are so are arcane for the very purpose of obfuscation.

Now we have this. Trade, which is central to acquisition of wealth, is actually a simple exchange between willing participants who don't need an understanding of block chains and sharding and plasma. Whatever purpose this sort of thing is meant to accomplish, it has no use in day-to-day life for a normal person.

> Trade, which is central to acquisition of wealth, is actually a simple exchange between willing participants who don't need an understanding of block chains and sharding and plasma

Yes. For that reason I don't think that Bitcoin can ever have a major role in the global economy, OTOH Ethereum and similar projects are not precisely cryptocurrencies but rather decentralized global computing systems - thus they are more interesting.

Thank you, Tyler, Analyst, and Vitalik. That was edifying, if a bit remote for the average joe. I appreciate it.

Shards I am still learning.

The consensus algorithm is broken up, one algorithm for each of N shards, or partitions. When one shard swaps with another in a transaction, the the two shard use a swap protocol. Why keep a master blockchain layer? If the number of shards are small, then cross chain checks are simpler than cross chain swaps. Keep the problem partitioned and pay the price in cross chain validations.

The framework yields a whole variety of simple methods to provide absolute liquidity once swaps work. The consensus problem handled in steps, as needed; all parties incentivized to keep total steps minimum. Keeps things liquid until you absolutely have to call the ledger service.

> Why keep a master blockchain layer?

One of the key goals of sharding is to ensure that all of the shards still share the same validator set for security. This is essential; there have recently been many cases of small blockchains getting hit by 51% attacks (see: https://news.bitcoin.com/proof-of-work-coins-on-high-alert-following-spate-of-51-attacks/), and in a shared-currency system that would be absolutely unacceptable as a successful attack on even one single shard would allow the fraudulent creation of an unlimited number of currency units that could seep into the rest of the system.

Comments for this post are closed