AdLunam

There are many interesting changes in the Ethereum protocol which are in preparation, which, we hope, will improve the power of the system, add other functionalities such as the user-friendliness of light and a higher degree of extensibility, and will facilitate the coding of Ethereum contracts. Theoretically, none of these changes is necessary; The Ethereum protocol is very good as it is today and can theoretically be released as it is once customers are somewhat built; The changes are rather there to improve Ethereum. However, there is an objective of design of Ethereum where the light at the end of the tunnel is a little further: mining decentralization. Although we always have the backup option to simply stay with Dagger, Slasher Or Sha3, it is not quite clear that one of these algorithms can really remain decentralized and a mining and resistant long -term swimming pool (the Slasher is guaranteed to be decentralized because it is proof of participation, but has its own moderately problematic defects).

The basic idea behind the mining algorithm that we want to use is essentially in place; However, as in many cases, the devil is in detail.

This version of the Ethereum mining algorithm is an implementation based on Hashcash, similar to the Sha256 of Bitcoin and the SCRYPT of Litecoin; The idea is that the minor to calculate a pseudorandom function several times on a block and a nuncio, trying another nuncio each time, until a nuncio produces a result which begins with a large number of zeros. The only room to innovate in this type of implementation is to modify the function; In the case of Ethereum, the approximate outline of the function, taking the state of the blockchain (defined as the header, the current state tree and all the data of the last 16 blocks), is as follows:

1. To leave h (i) = sha3 (sha3 (block_header) ++ nunci ++ i) For 0 <= i <= 15

2. To leave S Being the state of the blockchain there are 16 pies of houses.

3. To leave C (i) be the number of block transactions I There are blocks. To leave T (i) be the (H (i) MOD C (I))Th block transaction I There are blocks.

4. Apply T (0),, T (1) … T (15) sequentially S. However, whenever the transaction leads to the processing of a contract, (pseudo-) make minor modifications to the code of all the contracts allocated.

5. To leave S ‘ be the resulting state. To leave R to be the SHA3 of the root of S ‘.

If R <= 2 ^ 256 / DifffSO nuncio is a valid nonce.

To summarize in a non -programmatic language, the mining algorithm requires that the minor enter a few random transactions from the last 16 blocks, run the calculation of their application in the State there are 16 blocks with some random modifications, then take the hatch of the result. Each new nuncio that the minor tries, the minor should repeat this process again, with a new set of transactions and random modifications each time.

The advantages are:

1. This requires that the whole state of the blockchain exploits, essentially forcing each minor to be a complete knot. This helps decentralization of the network, because a greater number of complete nodes exist.

2. Because each minor is now necessary to be a complete knot, mining pools become much less useful. In the world of bitcoin, mining pools serve two key objectives. First, the swimming pools even have on the mining award; Instead of each block offering a minor a chance of 0.0001% to extract 16,,000BLoCk,,AMIneRCAnMIneIntotHepooLAndtHepooLgIVestHeMIneRA116,000 blocks, a minor can operate in the swimming pool and the pool gives the minor a 1% chance of receiving a payment of 16,,000BLOck,,primerERCarmedeIntotHepooLAdtHepooLgIVestHeminerA11.60. Second, however, the pools also provide centralized validation in blocks. Instead of having to execute a complete bitcoin client himself, a minor can simply enter the block header data of the pool and mine using this data without really checking the block for itself. With this algorithm, the second argument is theoretical and the first concern can be adversely satisfied by the peer-to-peer pools which do not give control of an important part of the hashness of the network to a centralized service.

3. It is almost resistant to ASIC almost by definition. Because the EVM language is Turing-Complete, any type of calculation that can be done in a normal programming language can be coded in EVM code. Consequently, an ASIC which can execute any EVM is by necessity an ASIC for generalized calculation – in other words, a processor. This also has a Primecoin type social advantage: the effort spent to build ASIC EVM also has the secondary benefit of the construction of equipment to speed up the network.

4. The algorithm is relatively quick to check quickly, although there is no “beautiful” verification formula which can be executed in the EVM code.

However, there are still several major challenges. First, it is not quite clear that the random transactions selection system ends up demanding that the minor uses the whole blockchain. Ideally, blockchain access would be random; In such a configuration, a minor with half of the blockchain would only succeed in about 1 out of 216 nuns. In reality, however, 95% of all transactions will likely use 5% of the blockchain; In such a system, a node with 5% of memory will only take an slowdown penalty of around 2x.

Second, and more importantly, however, it is difficult to say how optimized a minor could be. The definition of the algorithm above asks the minor to “make minor modifications in a random manner” to the contract. This part is crucial. The reason is the following: most transactions have independent results of each other; Transactions could be the form “A sends to B”, “C sends to D”, “e sends a contract which affects G and H”, etc., without overlap. Consequently, without random modification, it would be little necessary for a minor EVM to make many calculations; The calculation would occur once, then the minor would only prepare and store the deltas and apply them immediately. Random changes mean that the minor must actually make new EVM calculations whenever the algorithm is executed. However, this solution is itself imperfect in two ways. First of all, random changes can potentially easily cause very complex and complex calculations that are simply ending early, or at least calulations for which optimizations are very different from optimizations applied to standard transactions. Second, mining algorithms can deliberately ignore complex contracts in favor of those simple or easily optimable. There are heuristic tips to fight against the two problems, but it is not quite clear exactly what would these heuristics be.

Another interesting point in favor of this type of mining is that even if minors of optimized equipment emerge, the community has the capacity to work together to change the mining algorithm by “poisoning” the transaction pool. Engineers can analyze existing ASICs, determine what their optimizations are and dump transactions into the blockchain with which these optimizations simply do not work. If 5% of all transactions are actually poisoned, ASIC cannot have an acceleration of more than 20 times. The good thing is that there is a reason why people would pay the transaction costs to do this: each individual asic company has the incentive to poison the well for its competitors.

These are all challenges that we will work strongly on in the coming months.