Ethereum, the second-largest cryptocurrency by market capitalization, utilizes a unique dual consensus mechanism that combines the strengths of two main families of consensus methods: the longest chain model and the BFT (Byzantine Fault Tolerance) model. In this blog, we will delve into the details of Ethereum's proof-of-stake consensus, exploring its components, the role of staking, slashing, and the two consensus methods: and . GHOST Casper Byzantine Fault Tolerance is a clever feature that helps distributed systems, like blockchain networks, work smoothly even when some participants misbehave or act dishonestly. It ensures that the system can still reach an agreement and stay secure, even in the presence of faults or bad actors. This makes the network reliable and able to handle challenges while maintaining trust among its participants. To achieve Byzantine Fault Tolerance, consensus algorithms like Practical Byzantine Fault Tolerance (PBFT) and Tendermint are used. These algorithms require a certain percentage of honest participants (often referred to as the "Byzantine fault tolerance threshold") to come to an agreement on the validity of transactions and the order in which they are added to the blockchain. Staking refers to owning a certain number of tokens in the network, and these tokens are valuable and not easy to replicate, similar to the difficulty of creating a proof-of-work hash. To prove your stake in Ethereum, you need to send 32ETH, along with your public and withdrawal addresses, to a smart contract that tracks all validators who are staking. When you sign something using your validator's private key, others can check the smart contract and verify that you are staking with 32ETH. This signature becomes your . proof of stake In Ethereum, staking requires locking up your tokens, unlike some other proof-of-stake protocols, to ensure that validators are committed to the network's security. Slashing is like a punishment given to validators in Ethereum who misbehave or try to cheat the system. Validators are the ones who help keep the network secure and agree on new transactions. If a validator does something dishonest, like signing conflicting transactions or being offline when they should be working, they can lose some of their money (tokens). This loss is called . Slashing is essential because it encourages validators to be honest and follow the rules. If there were no penalties, some validators might try to cheat or work against the network's best interests, which could cause problems for everyone using Ethereum. slashing By having slashing in place, Ethereum ensures that validators have a strong reason to be good actors and keep the network safe and reliable for all users. It helps maintain trust and confidence in the Ethereum blockchain. The reason each validator has to stake is to make each signature equally valuable. In decentralized consensus methods, all signatures need to be treated equally for easy vote counting. 32ETH Ethereum uses two main consensus methods: GHOST and pBFT. For its default consensus method called GHOST, it uses a variation of the longest chain model. Every added block in the blockchain is like a vote for the branch of the fork you want to win. However, the traditional longest chain model can sometimes lead to cases where a validator's vote isn't counted correctly. In this example, we can see a fork, one side of the fork is 2 blocks long, and the other side has 3 blocks added but they all reference the same block so is only 1 block long if we use the normal longest chain rule, then the top branch would become the winner as it is the largest chain, however, is that actually what we want? the top branch only had 2 validators vote for it, whereas 3 validators voted for the bottom branch, so shouldn't the bottom branch wins? due to the 3 validators all referencing the same block, their 3 votes are only counted as one using the traditional longest chain rule. has changed the model slightly so that it counts every block in a fork as a vote, even if they are conflicting blocks and not a part of the longest chain. This means that under GHOST, the bottom branch would win as more validators have voted for it compared to the top branch. new blocks will be added to one of the three bottom blocks instead of the top fork. GHOST In Ethereum, a new block is added to the blockchain approximately every 12 seconds. There are a lot of validator nodes, around 400K, but they don't all need to vote on every block for it to be safe and secure. Waiting for all of them to vote on each block would take a very long time. Instead, Ethereum has a smart way of doing things. If a significant number of validators, like maybe 10%, vote on a block, it is considered safe and unlikely to be reversed. This practical approach ensures that the network runs efficiently and securely without waiting for all validators to vote on every single block, which would be too slow. So, even though there are many validators, Ethereum only needs a small portion of them to vote on a block to make sure things are safe and secure. This way, the blockchain keeps moving forward quickly and securely for all users. a new method called " " has been introduced to improve the consensus process and make it more efficient. Instead of always creating new blocks, validators can now support existing blocks by providing attestations. attestations "attestations" in Ethereum mean validators showing their support for a specific block on the blockchain. Instead of creating new blocks, validators vote for existing ones by providing their approval through digital signatures. These votes, called attestations, help in reaching agreement among validators and maintaining the security of the network. Attestations allow validators to participate in the consensus process effectively without having to create new blocks themselves. When the blockchain has multiple branches (or forks), the winning branch is determined based on the number of validators voting through attestations, not solely on the length of the chain. The branch with the most attestations becomes the winning chain, and new blocks are added to it. an "epoch" is a fixed period of time, approximately 6 minutes and 24 seconds, during which specific actions and events take place. It is used to organize the consensus process and manage validator participation efficiently. During each epoch, validators are divided into committees, and they take turns proposing and voting on blocks, ensuring the smooth functioning of the blockchain network. To manage the large number of validators (approximately 400,000), Ethereum divides time into "epochs" that last about 6 minutes and 24 seconds each. Within each epoch, all validators are randomly grouped into committees, and each committee is responsible for one time slot. During an epoch, the first member of each committee is designated as the block proposer, responsible for suggesting a new block. The other validators in the committee play their part by providing attestations to the proposed block, indicating their agreement with it. It's important to note that validators can only provide one attestation per epoch; attempting to provide more than one will lead to penalties (slashing) as it could disrupt the consensus process. If the designated block proposer fails to propose a block at their assigned time slot, the other validators in the committee will vote for the previous block to ensure the chain progresses smoothly. This innovative approach streamlines the consensus process in Ethereum, making it faster and more organized. Validators participate efficiently within each epoch, contributing to the network's security and overall stability. Can a block proposed by the block proposer be added to the blockchain with 0 attestations? Yes, it can be added, but blocks with more attestations are considered more reliable and likely to become part of the final chain. Having approximately 12,000 signatures attached to each block to ensure its security would also use up a ton of space. However, the actual number of signatures varies based on the number of active validators in the network. To make signature storage efficient, Ethereum uses signatures. BLS signatures allow hundreds of signatures to be combined into a single compact signature, saving space on the blockchain. BLS (Boneh-Lynn-Shacham) To manage the large number of validators, Ethereum divides them into smaller groups called committees. Each committee is further divided into 64 subnets, with around 100 validators in each subnet. In each subnet, 16 validators are randomly chosen to create BLS signatures for the block they propose. The block proposer collects the best signature from each subnet and combines them into one final BLS signature. This single signature represents all the validators who participated in that block. Maintaining randomness in committee selection is essential to prevent attacks and ensure fair block creation. It helps ensure that no single party can control the block proposal process, enhancing the network's decentralization. The significant number of signatures per block is one reason why Ethereum sets the minimum requirement for staking at 32ETH. Lowering the staking requirement would increase the number of signatures even further, requiring higher node specifications or improved aggregation techniques. Moreover, BLS signatures play a crucial role in introducing randomness to the protocol. Ensuring that committees are unpredictable and random is vital to prevent attackers from trying to manipulate the randomness and become the sole block proposer, potentially censoring transactions. By using BLS signatures and organizing validators into committees and subnets, Ethereum can efficiently process blocks with thousands of participants while ensuring security and preventing centralization. This approach makes the Ethereum network more robust and resistant to malicious attacks. Validators are assigned to committees using a method called randao, where participants collaborate to create an unpredictable random number. Each validator picks a random number privately, commits to it, and later reveals it. These random numbers are mixed together to produce a final random number, which determines the validators' committee assignments for the next epoch. To ensure unpredictability, validators use their . These signatures are mixed using . private keys (without sharing them) to sign blocks, producing unique digital signatures BLS signatures to create the final random number for committee assignment Validators have an incentive to participate and stake their ETH because they receive rewards. Proposing a block comes with a large reward, while making attestations brings smaller rewards. Validators' rewards depend on their timeliness and consensus with other validators' votes. When Ethereum fully transitions to proof of stake, the issuance rate and rewards become variable and depend on the amount of ETH staked. The rewards are likely to range between , and most validators are expected to earn around . This incentive system ensures that validators actively participate in the network, securing the blockchain and maintaining its reliability. 0.54% and 0.94% per year 5% per year As I mentioned at the beginning that Ethereum has two consensus methods. GHOST is secure so why is second one needed? While GHOST follows the longest chain wins model, Casper the friendly finality gadget uses a different method called . Both methods have their strengths, and Ethereum can operate without Casper, but having finality is a valuable addition. BFT (Byzantine Fault Tolerance) In simple terms, Ethereum uses two ways to agree on blocks, and Casper ensures certainty about when a block becomes part of the official chain. In Ethereum, the Casper consensus mechanism provides "Byzantine Fault Tolerance" (BFT) to ensure the network's security and agreement among validators, even in the presence of malicious or faulty nodes. BFT models typically involve two rounds of voting by validators to reach a final decision. In the first round, validators commit to a vote, indicating their choice for a specific block or fork. In the second round, they actually submit their votes, and the consensus is determined based on the majority decision. Having two rounds is essential because, with just one round, an attacker could manipulate the network by telling different things to different sides, causing a split in the consensus. Therefore, the second round ensures that validators follow through with their committed votes and prevents such manipulation. In Ethereum, an epoch can be seen as a round of BFT voting since all validators vote during an epoch. However, a single epoch may not be enough to achieve finality, as a fork might have equal votes on both sides, with an attacker double voting for each. This situation could lead to both forks having more than 67% of the vote, making it uncertain which fork is the valid one. To address these issues, Ethereum penalizes dishonest validators through slashing. If an attacker double votes within an epoch, they will be heavily penalized (slashed) and may even be kicked from the staking contract if their stake goes below a certain threshold (16ETH). Additionally, if validators are not voting enough to reach the required 67% agreement, they will also be penalized for inactivity until the threshold is met again. Casper doesn't necessarily need to reach finality for Ethereum to function. The network can continue to operate using the GHOST protocol, which provides probabilistic finality. This means Ethereum won't go down or freeze if a third of the validators go offline, unlike some protocols that solely rely on a BFT-based consensus model. However, there is a known attack called a when using proof of stake. "long-range attack" In “long range attack”, an attacker stakes a large amount of ETH for a period and then stops staking. They create a secret fork from before they stopped staking, where they continue to stake and build up block rewards. The attacker then shares this hidden chain with other nodes to take over the network. To defend against this attack, One of the main solutions is introducing a concept called " " for new nodes or nodes that have been offline for a while. When these nodes join or rejoin the network, they need to ask other nodes for an identifier from the latest block in the honest chain. This helps them figure out which fork of the blockchain to follow. subjectivity By asking for this identifier, the nodes can ensure they are on the correct chain and avoid following a secretly manipulated fork created by an attacker. This adds a level of trust and helps protect against long-range attacks. the penalties and subjectivity mechanisms help maintain the integrity of the blockchain and protect against potential attacks. Validators in Ethereum are randomly split into committees during each epoch, and each committee is responsible for adding blocks during their assigned time slot. Validators must attest to a block during their time slot, and the chain with the most attestations becomes the winning branch. To make sure Ethereum's blockchain is secure and reliable, it needs agreement from at least 67% of the validators for two rounds in a row. If this agreement isn't reached, the blockchain keeps running with some uncertainty, and validators who misbehave get punished. Unlike other systems that assume 51% of validators are honest, Ethereum takes a more cautious approach ( ). It assumes that most validators are economically motivated, meaning they have strong reasons to act properly. This way, it protects against potential attacks and selfish behavior that could harm the network. It assumes that most validators are economically motivated, not just honest. This means they have strong reasons to behave correctly and not engage in harmful actions. It adds an extra level of security by considering potential attacks and selfish behavior, making the system safer and more reliable The reason for this extra caution is that the honest majority assumption may not catch attackers who bribe validators or manipulate the blockchain for their gain. It's tough to determine the exact amount needed to bribe someone, making it hard to guarantee complete security. By being careful about economic motivation, Ethereum becomes a safer and more trustworthy platform for everyone. To address these potential attacks, Ethereum has implemented slashing. Slashing is a mechanism that imposes severe penalties on dishonest validators, making such behavior economically unviable. This significantly discourages dishonest practices and enhances the security of the network. This approach sets Ethereum apart as one of the most secure proof of stake-based consensus methods, as it actively guards against attacks that many other proof of stake protocols overlook. In summary, Ethereum achieves a high level of security by combining the longest chain wins model with a Byzantine Fault Tolerance (BFT) based consensus model. This combination results in a robust protocol that offers both the advantages of the longest chain and the ability to achieve finality through the BFT mechanism. While the protocol is complex and may be more prone to bugs compared to a full BFT-based consensus, it still performs efficiently in the longest chain wins model. Ethereum prioritizes security and decentralization to establish a highly secure proof of stake-based consensus method. Ethereum's consensus mechanism is a masterful combination of speed, security, and decentralization. It has withstood the test of time and remains a critical component in driving the decentralized revolution.