Toni Wahrstätter ⟠

2.4K posts

Toni Wahrstätter ⟠ banner
Toni Wahrstätter ⟠

Toni Wahrstätter ⟠

@nero_eth

serving ethereum at @ethereumfndn

Katılım Aralık 2021
637 Takip Edilen9K Takipçiler
Sabitlenmiş Tweet
Toni Wahrstätter ⟠
Toni Wahrstätter ⟠@nero_eth·
Ethereum is about to fundamentally change how blocks are executed. With the upcoming Glamsterdam hardfork, it's shipping EIP-7928: Block-level Access Lists, a proposal that brings parallelization to the EVM. Here's a short explainer of what it is, how it works, and why it's a big deal for scaling. Let's start from the top. Alongside EIP-7732 (ePBS), EIP-7928 is the execution-layer (EL) headliner for Glamsterdam. Like ePBS, the main focus has been scaling Ethereum, though both proposals come with a bunch of other, equally important properties on the side e.g. removing trust requirements from the PBS pipeline or improving sync. EIP-7928 adds a Block Access List (BAL) to every Ethereum block. A BAL is a list of accounts and storage slots that the block touches, but that's not all: it also contains post-transaction state diffs (this part is critical!). Post-transaction state diffs tell you what the state looks like after each transaction. Quick example: user A swaps 1 ETH for DAI on DEX B. The BAL tells you that user A's ETH balance decreased by 1 ETH + tx fees and their nonce went up by 1; that DEX B's ETH balance went up by 1 ETH; and that inside the DAI contract, user A's DAI balance increased while DEX B's decreased. In other words, all of that info becomes statically available, something that previously required tracing the transaction. Client software (Geth, Nethermind, Besu, Erigon, Reth, Ethrex, Nimbus) can use this to do a few very powerful things: 1. Parallelize transaction execution. Knowing the post-state of each tx resolves the dependencies between them. No transaction has to wait on the previous one anymore, so execution can be perfectly parallelized. Instead of large parts of block validation sitting idle waiting on sequential execution, clients can finally make much better use of modern hardware. 2. Batch prefetch. One of the most cumbersome jobs for a node has been fetching the state needed for execution from disk. Because state locations (e.g. the exact storage slot in the DAI contract where user A's balance lives) are only discovered along the way, while executing, state-fetching has been a real drag on scaling: it blocks execution, takes time, and eventually slows everything down. With BALs, everything a node needs for execution is known upfront and can be loaded into cache in one go, in parallel. This speeds things up even further. 3. Parallelize post-state root calculation. Another expensive task is walking the updated state tree to compute the post-state root, which is needed so that everyone agrees on what's on disk after executing the block. With the post-tx state already in the BAL, nodes can do this in parallel while executing. A heavy task that used to wait until all transactions had finished can now run alongside prefetching and execution. 4. Snap sync (v2). An often overlooked, less sexy aspect of blockchains is syncing. Nodes need to catch up with the chain, and they need to catch up faster than the chain progresses. Today, most nodes do snap sync: downloading blocks, headers, and state in parallel while chasing the tip, and then "healing" the database once they're close to the head. Healing means asking peers for trie nodes, receiving them, validating them, and updating the local DB. It's iterative, networking-heavy, can take a while, and especially higher throughput pushes that phase to its limits. BALs help here too: with snap v2, nodes can catch up to the tip and skip the healing phase entirely. Syncing at higher throughput becomes more robust and reliable. So, to summarize, a BAL contains two things: -> The state locations the block accesses -> The state changes after each tx (incl. the new values) We're already seeing big performance gains today: on 6-core machines, EL clients validate blocks up to 5x faster, making block gas limits of 300M a very realistic outcome. ePBS will add to that by decoupling the block from the payload, giving validators 2-4x more time for execution. To not overshoot (security stays priority #1), the fork will likely ship with a 200M gas limit, but we shouldn't be stuck there for long before pushing to 300M and beyond. That's a 10x in scaling since we started taking the topic seriously, without touching hardware requirements. None of this would have happened without people going all-in, heads down, shipping: so many hours spent in calls debating the right design, so many iterations refining the specs, and tons of test cases written (and still being worked on). The road from whiteboard to production-ready code has been a journey, and we're not at the finish line yet, but from what I can tell, things look super bullish for Ethereum. Glamsterdam will be a fork that shows what's possible when a distributed, decentralized community works on a shared goal, laser-focused on providing enough block space to onboard the next wave of users.
English
43
151
788
68.6K
Toni Wahrstätter ⟠ retweetledi
Thomas Coratger
Thomas Coratger@tcoratger·
On Ethereum, receiving a payment adds permanent state. The first time an address receives ETH, it gets an account leaf forever. What if Ethereum adopted Bitcoin's one-shot UTXO model for simple payments, shrinking persistent state footprint by 99.8%? 🧵👇
English
6
8
38
2.9K
Toni Wahrstätter ⟠
@nvnxu Privacy on the L1 is something the community wanted forever but it's not so easy to get right
English
1
0
1
45
Toni Wahrstätter ⟠
if with private you mean "unlinkability" then yes, if you mean "untraceability" then no, if not used with some mixer. The first property is not being able to tell two recipients are the same entity (this is something stealth addresses give you), and the second one is not being able to tell the sender from a set of potential senders. This one is the more difficult part when it comes to privacy. So far, it's mostly done on the app-layer but there are plans to enshrine it.
English
2
0
0
52
Toni Wahrstätter ⟠
Bitcoin and Ethereum can both do one-shot payments with UTXOs, but where they store them is the important nuance. For Bitcoin, UTXOs are part of the chain's state and nodes must keep the entire UTXO set to verify new transactions. Spending a UTXO looks it up in state. This means UTXOs must be quickly accessible and can only be deleted from state when spent. The proposed UTXO implementation for Ethereum is different because UTXOs are not kept in state. When created, they are emitted as an event log into history and assigned an index. For spending, the transaction proves that the UTXO exists in history, and to prevent double spending, the chain keeps a single spent bit for each UTXO index, marking is as spent. Bitcoin optimizes for direct look-ups that need no witness against history. Ethereum optimizes for smaller dynamic state by moving "existence" into history and keeping only the min. information needed to prevent double spending. The motivation to go with that approach (which is similar to what Peter Todd described as "Delayed TXO Commitments" for Bitcoin) is its impact on partial full nodes. A partial stateful node that only keeps a minimal subset of the current state doesn't need to store all UTXOs but only the spent-bit structure. This is minimal state for still being able to trustlessly verify/follow the chain. UTXOs can be implemented in various different designs with different trade-offs. On Ethereum, they can provide a cheap solution for (private) payments, without necessarily requiring UTXOs to interact with contracts. It'd be a feature on top, not a replacement of anything.
Toni Wahrstätter ⟠@nero_eth

Native UTXOs on Ethereum. Payments should be one-shot objects, not permanent state. Bitcoin got this right. Ethereum can bring the same idea to payments: prove existence from history, keep only a spent bit in state, and reduce permanent state by ~99.8%. Check out the blog post for details. ethresear.ch/t/native-utxos…

English
14
10
89
9.2K
Toni Wahrstätter ⟠
@nvnxu Only the spent_bits are in state and for accumulators or simple the opening roots, we'd use a ring buffer to keep it's state footprint minimal and constant.
English
1
0
1
43
nvnx.gwei
nvnx.gwei@nvnxu·
@nero_eth > utxo not kept in state but some utxo-related data like accumulator state & nullifier set still accumulate to state trie right? > cheap solution for “private” payments for privacy utxo is great - but to make it cheap & possible need good utxo structures & other eips as well
English
1
0
0
40
Toni Wahrstätter ⟠ retweetledi
Fede’s intern 🥊
Fede’s intern 🥊@fede_intern·
At last @ethereum is solving one of it's biggest problems. UTXOs let's fucking go!
Fede’s intern 🥊 tweet media
English
17
24
209
15.3K
Toni Wahrstätter ⟠
Yes, I've been ignoring the trolls, and you're 100% right. Utxo = Utxo. The question is if an opening becomes state, which is the case for bitcoin and, afaik, cardano, but not in the design I describe. The 2nd challenge is solving the zero-funds-at-recipient problem, which is where frame txs come in super handy.
English
12
2
15
2.4K
Valentin Mihov 🦞
Valentin Mihov 🦞@valentinmihov·
@nero_eth To everyone saying "you are now implementing Bitcoin/Cardano": it's not that simple. Making UTXOs work with smart contracts and allowing multiple transactions updating the same state in a single block is not trivial. The unlock here is EIP-8141: eips.ethereum.org/EIPS/eip-8141
English
6
2
17
2.4K
Toni Wahrstätter ⟠
Toni Wahrstätter ⟠@nero_eth·
Native UTXOs on Ethereum. Payments should be one-shot objects, not permanent state. Bitcoin got this right. Ethereum can bring the same idea to payments: prove existence from history, keep only a spent bit in state, and reduce permanent state by ~99.8%. Check out the blog post for details. ethresear.ch/t/native-utxos…
English
364
89
613
321.4K
Toni Wahrstätter ⟠
Toni Wahrstätter ⟠@nero_eth·
I assume many within EF + ecosystem are needed to ship those, indpendent of their team, and some has been done by Statelessness already, so we're not starting at 0. There's also a new state project/team that will put full focus on thise topics but since this is a big endeavor, cross-team/client collabs are needed.
English
2
0
2
698
Holger Drewes
Holger Drewes@HolgerD77·
@nero_eth @EliBenSasson Is it public who is respectively will be working on this now (with the larger dissolvement of the stateless team within the EF lately)? 🤔
English
1
0
0
50
Eli Ben-Sasson | Starknet.io
Eli Ben-Sasson | Starknet.io@EliBenSasson·
My take on the new roadmap for Ethereum: TL;DR - many good things, a few unclear things, still a few problems. The good: - Recursive STARKs - excellent. Huge progress since the days where most of the Ethereum ecosystem was skeptical about the immense value of STARKs. This and more, recursive STARKs are the efficient way to go. - Privacy - excellent. - Formal verification - excellent. - Quantum-safety - excellent. glad to see this as a high priority. I wish the Bitcoin community took a similar approach. Unclear: - New kinds of state: what does that mean? Who is affected by it? Happy to hear explanations and opinions. Needs improvement: - 3-4 years as the timeline is way too long. Especially for quantum readiness. - New EVM - makes sense given the chosen path with STARKs. The simplest, fastest, safest and wisest path goes through Cairo. It’s battle-tested, designed for ZK STARKs, is a next generation smart contract language.
vitalik.eth@VitalikButerin

Two weeks ago, Ethereum researchers met in Berlin to continue charting the protocol's long-term trajectory, following along discussions with client teams in Svalbard in April. The updated strawmap is at strawmap.org, and I attached a picture of it to this post. My own high-level takeaways: * "Lean Ethereum" is not a single one-shot upgrade, it is a collection of improvements that will come online to the Ethereum network over the course of three or four years. But make no mistake, this IS the third major iteration of Ethereum in the same way that the Merge was the second. Almost every major piece of the protocol will be replaced: - Verification through recursive STARKs, rather than direct re-execution. Recursive STARKs become an enshrined first-class core component of the protocol - Replacing everything quantum-vulnerable with quantum-safe alternatives - Consensus: decoupled available chain and finality, one or two-round finality. Theoretically optimal security properties, simpler than today, and faster than today - Multidimensional gas - State: not just tree structure, but what *types* of state are available - Changes to client architecture ... At the same time, simplification, cleanup and future-proofing. And this will all be done in a way that minimizes disruption to existing application. We've done this before (the Merge), we can do it again. * H-star (aka Hegota) is probably Ethereum's last thematically "pre-Lean" fork. Starting from I-star, most of everything we do will have a very strong "Lean" feel to it in one way or another. * Privacy is no longer an afterthought, it is a first class goal. When designing Frames, the mempool, additions to the state tree, we explicitly ask the question "okay, how do quantum-safe, intermediary-free privacy protocol transactions go through this, and what is the overhead?" * Formal verification of everything for security. * FV also makes us much more comfortable with canonicalization (having pieces of the protocol that are directly defined as a piece of bytecode expressed in some language). evm-asm is being written in part to become a canonical proof system for the EVM. * Quantum safety has shifted up a LOT in priority. This adds a lot of work (eg. finalizing a quantum-safe blobs design has become urgent; this work has already been ongoing for months) * Probably the single most disruptive part of the plan is the changes to state. There is growing consensus around leaving present-day-style "dynamic state" mostly unchanged, but scaling it only a medium amount, and adding new types of state that are more scalability-friendly (eg. no need for builders to sync/store all of it) but more restrictive, and that will scale a large amount. eg. possible Ethereum in 2030: 2 TB of present-day-style (dynamic) state, and 100 TB of new-style (scalable but restrictive) state This "new-style" state would work very well for ERC20s, NFTs, many defi use cases, but not eg. highly "central" objects like Uniswap contracts, or onchain order books, or other complex things (which are crucial for Ethereum but which only take up a small percentage of state) Hence, it will not be *necessary* to rewrite any apps, but it will be *very cost-effective* to eg. rewrite an ERC20 token into a newer design that uses a new type of UTXO storage that is currently being explored, so that it will have >10x lower txfees. Design of these new state types (current ideas: keyed nonces, ring buffers, UTXOs, statically accessible state, temp state) is an area where we will need a lot of feedback from application developers (incl. privacy-friendly application developers) and probably several rounds of rethinking and iteration. * In the context of a much larger total state size, we need to figure out the incentive issues around who stores this state and what motivates them to. Even saying "each node stores 1%" is not good enough - why do they store that 1% and why are they willing to serve it? This is being elevated as a first-class research area. * Ethereum will need to have a "VM" other than EVM in one form or another - at the very least, we need something like leanISA for recursive STARKs - and the gains are large in exposing it to users so that we support programmable privacy and better scalability. Right now, the most likely contenders are leanISA and RISC-V. My own ideal is that in this world, we adjust the protocol so that the EVM becomes a high-level-language compiler-level feature, and the protocol only "sees" RISC-V / leanISA directly. But this is still far away. * Gas limit increases, blob increases and slot time decreases will happen many times over the next ~5 years. We expect a large gas limit increase with Glasterdam. Each step of increased scale or decreased slot time is a matter of getting to the point where it is safe to do it, which comes from a combination of client optimization and protocol changes. Ethereum is CROPS. Ethereum is scaling. Ethereum is reinventing itself. Onward.

English
28
28
218
24.3K
Toni Wahrstätter ⟠
Toni Wahrstätter ⟠@nero_eth·
@bezzenberger Steath address privacy for sure. Unclear still if we could do something like a trustless CoinJoin with it.
English
8
0
18
5.8K
Toni Wahrstätter ⟠
Toni Wahrstätter ⟠@nero_eth·
@XRS_02 @EliBenSasson It could yeah. Even immutable could be expired and "revived" it's just that since it's mutable, it's more difficult to do, proofs expire.
English
1
0
0
63
conall.gwei
conall.gwei@XRS_02·
@nero_eth @EliBenSasson Do you mean that “immutable state” would fall into this category? We could have a grace period for state where it goes from active, expired (regeneratable), and expired (permanently gone, i.e its leaf in the commitment tree is gone).
English
1
0
0
43
conall.gwei
conall.gwei@XRS_02·
I think the idea of immutable state is just a historical thing we’re trying to hold on to for dear life even though economically it’s a pretty erroneous idea. Immutable state literally means that a user can pay a fixed fee to force nodes to validators to bare infinite cost; if you take this to its logical conclusion it essentially means that an Ethereum validator inevitably will be infinitely impossible to run in the future.
English
1
0
0
67
Toni Wahrstätter ⟠
Toni Wahrstätter ⟠@nero_eth·
I don't think the "new state type" proposals would need new transaction types. It's mostly either a new opcode, or some new functionality (expiring nonces, utxos) that one can build nicely on top of frame transactions (eip-8141). Apps are then flexible to either opt-in (assuming the new type of state supports everything that app needs) or keep producing expensive, fast-accessible dynamic state and pay a higher price.
English
1
1
4
493
Toni Wahrstätter ⟠
Toni Wahrstätter ⟠@nero_eth·
Strawmap focuses on: * UX (shorter slots, frame transactions, faster finality, privacy, code size increases, evm features, etc.) * Scaling (zkEVMs, new types of state, limiting state growth, new node types (vops), new state trie, data scaling + gas limit increases) * PQ / Lean, preparing Ethereum for Q day on every layer. Ethereum is for users.
vitalik.eth@VitalikButerin

Two weeks ago, Ethereum researchers met in Berlin to continue charting the protocol's long-term trajectory, following along discussions with client teams in Svalbard in April. The updated strawmap is at strawmap.org, and I attached a picture of it to this post. My own high-level takeaways: * "Lean Ethereum" is not a single one-shot upgrade, it is a collection of improvements that will come online to the Ethereum network over the course of three or four years. But make no mistake, this IS the third major iteration of Ethereum in the same way that the Merge was the second. Almost every major piece of the protocol will be replaced: - Verification through recursive STARKs, rather than direct re-execution. Recursive STARKs become an enshrined first-class core component of the protocol - Replacing everything quantum-vulnerable with quantum-safe alternatives - Consensus: decoupled available chain and finality, one or two-round finality. Theoretically optimal security properties, simpler than today, and faster than today - Multidimensional gas - State: not just tree structure, but what *types* of state are available - Changes to client architecture ... At the same time, simplification, cleanup and future-proofing. And this will all be done in a way that minimizes disruption to existing application. We've done this before (the Merge), we can do it again. * H-star (aka Hegota) is probably Ethereum's last thematically "pre-Lean" fork. Starting from I-star, most of everything we do will have a very strong "Lean" feel to it in one way or another. * Privacy is no longer an afterthought, it is a first class goal. When designing Frames, the mempool, additions to the state tree, we explicitly ask the question "okay, how do quantum-safe, intermediary-free privacy protocol transactions go through this, and what is the overhead?" * Formal verification of everything for security. * FV also makes us much more comfortable with canonicalization (having pieces of the protocol that are directly defined as a piece of bytecode expressed in some language). evm-asm is being written in part to become a canonical proof system for the EVM. * Quantum safety has shifted up a LOT in priority. This adds a lot of work (eg. finalizing a quantum-safe blobs design has become urgent; this work has already been ongoing for months) * Probably the single most disruptive part of the plan is the changes to state. There is growing consensus around leaving present-day-style "dynamic state" mostly unchanged, but scaling it only a medium amount, and adding new types of state that are more scalability-friendly (eg. no need for builders to sync/store all of it) but more restrictive, and that will scale a large amount. eg. possible Ethereum in 2030: 2 TB of present-day-style (dynamic) state, and 100 TB of new-style (scalable but restrictive) state This "new-style" state would work very well for ERC20s, NFTs, many defi use cases, but not eg. highly "central" objects like Uniswap contracts, or onchain order books, or other complex things (which are crucial for Ethereum but which only take up a small percentage of state) Hence, it will not be *necessary* to rewrite any apps, but it will be *very cost-effective* to eg. rewrite an ERC20 token into a newer design that uses a new type of UTXO storage that is currently being explored, so that it will have >10x lower txfees. Design of these new state types (current ideas: keyed nonces, ring buffers, UTXOs, statically accessible state, temp state) is an area where we will need a lot of feedback from application developers (incl. privacy-friendly application developers) and probably several rounds of rethinking and iteration. * In the context of a much larger total state size, we need to figure out the incentive issues around who stores this state and what motivates them to. Even saying "each node stores 1%" is not good enough - why do they store that 1% and why are they willing to serve it? This is being elevated as a first-class research area. * Ethereum will need to have a "VM" other than EVM in one form or another - at the very least, we need something like leanISA for recursive STARKs - and the gains are large in exposing it to users so that we support programmable privacy and better scalability. Right now, the most likely contenders are leanISA and RISC-V. My own ideal is that in this world, we adjust the protocol so that the EVM becomes a high-level-language compiler-level feature, and the protocol only "sees" RISC-V / leanISA directly. But this is still far away. * Gas limit increases, blob increases and slot time decreases will happen many times over the next ~5 years. We expect a large gas limit increase with Glasterdam. Each step of increased scale or decreased slot time is a matter of getting to the point where it is safe to do it, which comes from a combination of client optimization and protocol changes. Ethereum is CROPS. Ethereum is scaling. Ethereum is reinventing itself. Onward.

English
8
5
88
6.5K
Toni Wahrstätter ⟠ retweetledi
djosiris.eth
djosiris.eth@OsirisDjed·
Introducing World Chain v2.4.0. Full Block Access Lists, an out-of-protocol sidecar to Flashblocks that enables parallel pre-processing of full blocks, shard by shard, before consensus validates them. Lower hardware requirements for every validator on the network, and stronger decentralization because of it. github.com/worldcoin/worl…
English
1
10
37
5.9K
Toni Wahrstätter ⟠
Toni Wahrstätter ⟠@nero_eth·
Be like Nethermind. - Care deeply about Ethereum - Work at Ethereum's cutting edge - Improve efficiency without trading off security Great team.
Marek Moraczyński@M25Marek

Looking back at Nethermind's core development journey over the years makes me incredibly proud of what the team has accomplished. The Resiliency Phase Before the Merge, there was effectively no alternative to Geth. It was by far the most stable and performant execution client, and execution client diversity barely existed. That concentration posted a major risk to Ethereum's resilience and one of its core properties: never going down. Today, Nethermind stands alongside Geth as one of the leading execution clients, with each accounting for roughly 30% of the network. The Ethereum Scaling Phase Once execution client diversity became a reality, the next major challenge was scaling Ethereum. Ethereum had been stuck at around a 30M gas limit for a long time. Nethermind led much of the performance engineering effort, demonstrating that Ethereum could safely operate at significantly higher throughput. Beyond setting an example, many of our optimisations and ideas were adopted by other client teams, helping raise performance across the whole Ethereum. Just as importantly, we helped establish a performance engineering culture within Ethereum core development, bringing a more data-driven approach to gas limits and gas pricing. That work was later adopted and expanded by the EF. Ethereum still has plenty of room to scale, but we're moving in the right direction. What's Next We’re now focused on the next set of challenges: 1. Executing on the Strawmap while leveraging AI as much as possible and exploring how AI agents can make Ethereum development increasingly autonomous. 2. Making Ethereum post-quantum resilient. It's part of the Strawmap, but it's important enough to deserve a separate point. 3. Accelerating institutional adoption of Ethereum. 4. Improving RPC layer - from hardening and design to making it verifiable.

English
7
7
168
7K
Toni Wahrstätter ⟠ retweetledi
Ethereum Foundation
Ethereum Foundation@ethereumfndn·
Behind the scenes with the EF's zkEVM team. Bringing Zero-Knowledge technology closer to the Ethereum core protocol.
English
57
206
665
60.9K
D8X
D8X@d8x_exchange·
@nero_eth Quick question: how do you guys come up with these names?
English
1
0
0
230
Toni Wahrstätter ⟠
Toni Wahrstätter ⟠@nero_eth·
It's been 210 days since Fusaka activated, and we're getting closer to the next fork: Glamsterdam. Since the Merge, Ethereum has shipped a fork every ~294 days on average. Shapella: 210 days Dencun: 336 days Pectra (pls don't remind me): 420 days Fusaka: 210 days Glamsterdam is shaping up to be one of the bigger forks. ePBS revamps the block validation pipeline while reducing trust assumptions. BALs bring parallelization to Ethereum, and repricing EIPs make sure we can keep scaling safely. On top of the headline features, we're also getting ETH transfers emitting logs, a SLOTNUM opcode, a deterministic deployment factory, larger contract code size, and more. Glamsterdam will scale Ethereum by around 5x, and with Hegota and a few more repricing EIPs, another 2–3x is within reach. At the same time, work on Hegota is already ramping up. Inclusion Lists (FOCIL) + Frame Transactions will be a great combo, and there are already 20+ EIPs proposed alongside the two headline features. Further out, zkEVMs are the next big theme. PQ Ethereum is also on the horizon, and there's already work underway to get the protocol ready for it. Before we get there, there are still things to do: revamp state and sync, improve RPCs, ship faster finality, shorten slots, add native privacy, and more. Lots of stuff ahead, but it's good to see Ethereum's roadmap starting to come together.
Toni Wahrstätter ⟠ tweet media
English
13
43
210
12.5K