The Roadmap: Improving Proof of Stake

By

Alex Hook

Introduction

Ethereum’s Proof-of-Stake is nice. Just like everything in crypto, it’s not perfect, but it’s surely the most secure consensus in the area. It’s also impressively optimized for a multi-billion dollar network—thousands of validators run on microcomputers, and every ~7 minutes, blocks become as difficult to revert as burning 70 billion dollars. By staking 32 ETH, or about ten square meters somewhere in San Francisco, you can participate in the largest blockchain network in the world, and even build your own block about every five months.

But as I mentioned, it’s not perfect. And in the Ethereum world, perfection is the name of the game. In this article, we’ll dive into the proposals for improving Ethereum’s PoS, as outlined in Vitalik’s roadmap.

What’s to be Done?

First of all, let’s think about what can be improved with today’s Ethereum consensus mechanism:

Security

Obviously, the more secure the network is, the better. By security, we mean resilience against all kinds of attacks that can hurt Ethereum’s liveness and integrity.

Lower Entry Barrier

Ethereum’s 32 ETH barrier is one of the lowest ones among all permissionless PoS networks. However, at today’s prices, it’s already about $110k. Such an amount is not too much for a first world citizen, but for people from developing countries, even a tenth of that can be life-changing money. Today, these people are not capable of getting enough ETH to run a validator. Therefore, we have to think out how to reduce the minimum stake. The more validators the network has, the more decentralized it is.

Higher Validator Capacity

…which is, in fact, the exact opposite of the previous thesis. Today, Ethereum finalizes the chain every epoch (~7 minutes). This was made to reduce the computational load on validators, allowing more of them to participate in the consensus. However, for various applications like L2s, this temporary reversibility is a major headache. For instance, bridging from L1 to L2 takes anywhere from 1 to 15 minutes, depending on the L2. Even if rollups finalized instantly, they would still not be able to interoperate for this exact reason.

To be able to finalize every block, we have to figure out how to process more validators per one time period. Moreover, if we want to lower the entry barrier, this capacity must be increased even further.

Now, let’s explore the designs proposed in the roadmap.

Secret Leader Election

One of the security problems of today’s PoS design is that the proposers of the upcoming blocks are known in advance. Specifically, the proposer selection happens every epoch according to the randomness generated by the network, so all the upcoming proposers in this epoch are known.

Even though it’s practically unfeasible to detect the node of a certain validator, such vulnerabilities may appear in the future. If this happens, the attackers could find the nodes of the upcoming proposers and DDoS them, effectively halting the network.

To prevent such an attack, we have to implement a mechanism that would not reveal the upcoming proposers to anyone but the proposers themselves. This idea is what’s called “Secret Leader Election.” The existing design proposals are in their early research stages, but the leading one, which we can use as an example, is Whisk.

image

The actual specification contains a lot of cryptography, but the general workflow is as follows:

  1. Validators send their cryptographic commitments to the network. These commitments do not reveal their creator, only that their creator is an actual validator.
  2. The network randomly chooses 16384 commitments. Then, for the next 8192 slots (about 1 day), they get shuffled by each block proposer adding their randomness and ZK proving they generated the randomness correctly, with no malicious intents.
  3. The network then randomly selects half of this set and assigns each commitment to its slot. So, for the next 8192 slots (~1 day), there’s one assigned validator per slot. Validators know their own commitments but not others’, so they can reveal themselves just before proposing their slot. Voilà! Secret election achieved.
  4. After 8192 slots, the cycle is repeated.

Secret Leader Election keeps validators incognito until their proposal, eliminating the risk of DDoS attacks on upcoming proposers. This, in turn, improves the attack resistance of the network.

Distributed Validator Technology

As we’ve previously discussed, 32 ETH per validator is pretty low compared to other PoS networks, but still too expensive for many populations, specifically those from developing countries. Thus, it’s necessary to lower the minimum stake for users that want to participate in the consensus and earn rewards but don’t have enough ETH for their own validator.

— What if we make multiple participants operate a single Ethereum validator?

Someone smart came up with this thought, and the Distributed Validator Technology appeared.

DVT allows a single validator to be operated by multiple nodes, spread across different locations and operators. A validator’s private key is split among multiple nodes using threshold cryptography. This way, these nodes perform validator duties (attestations, block proposals) without any single node having full control over the validator.

image

This approach has numerous advantages:

  • Reduced Minimum Stake: A single validator can be operated by any number of nodes, which allows reducing their minimum stake to the fraction of the original 32 ETH and earning the respective portion of the validator’s rewards.
  • Increased Uptime: Thanks to threshold cryptography, the validator’s participants are able to produce blocks even if any participant goes down. The actual threshold depends on implementation, but if we assume that there are 16 participants of the validator and the threshold is 8/16, up to 8 nodes can go down without affecting the validator’s uptime. This, in turn, allows for higher validator rewards.
  • Improved Decentralization: A validator is normally operated by a single node. By sharing validators between multiple participants, DVT increases the number of nodes per validator. Even though the nodes are cheap, many people see no point in running them, as they don’t have enough stake to run a validator on it. This will increase the number of solo staker nodes in the network, improving decentralization.

DVT is not a protocol-level technology. Any teams can implement their DVT protocol on top of Ethereum. Today, there are multiple projects working on it:

  • SSV Network is based on Shamir’s Secret Sharing to distribute the validator key between multiple entities, hence the name—Secret Shared Validators. It utilizes a Byzantine Fault Tolerant (BFT) consensus algorithm for agreement among operators. Their DAO with the “SSV” token handles network management.
  • Obol Network is pretty similar to SSV. They’re using Distributed Key Generation to split the validator between participant sets, called “clusters,” and utilizing a BFT consensus. Obol also incorporates slashing protection and compatibility with all existing node software in their Charon middleware.
  • Diva is different in that their key management is based on Multi-Party Computation (MPC), and some other implementation details. Their target is to allow as many participants per validator as possible, reducing the required stake to the minimal values.

The idea is simple but brilliant: take a validator and divide it among many nodes. It’s like the blockchain version of “divide and conquer,” but without the conquering part.

Single Slot Finality

Finality is when a block has at least ⅔ of the entire network stake voted for. As finalizing two distinct chains takes 4/3 of the stake, at least ⅓ of all stake has to violate the consensus and get slashed (burned). This gives finalized blocks the irreversibility property.

Today, blocks in Ethereum are finalized every epoch—32 blocks, or ~6.4 minutes. This setup allows the network to handle many validators without overloading them, hence the relatively low 32 ETH staking barrier. While efficient, this approach means blocks are reversible for about 13 minutes (two epochs) after creation! This forces projects relying on Ethereum as the source of trust, such as rollups, to wait for this period before they can accept the deposit or process the message.

To speed things up, we need to finalize every block, AKA slot in the Consensus Layer. Hence, the Single Slot Finality. To make the chain finalize faster, we need to minimize the load on nodes. How? By reducing participation, of course!

There are many SSF designs, but they all boil down to one point: it makes no sense to secure the network with 70 billion dollars if it contains 50. It’s pretty much impossible to get at least 7 billion dollars worth of ETH, so this excess economic security is an overkill that incurs too much load on the network. To minimize the number of signatures from the status quo, we need to:

  1. Increase the maximum effective balance for validators. Currently, validators are limited to 32 ETH. This means large staking pools have to spin up thousands of validators, each producing at least one signature per epoch. By allowing these pools to combine their stake into fewer validators, we can reduce the validator count to probably few enough to process per slot. EIP-7251 does exactly this and is planned for the next Pectra upgrade in Q1 2025.

  2. Reduce the number of validators needed for finality. Even if the above decrease is enough for SSF today, in the future the nodes might no longer be capable of handling this many validators per slot. The latest SSF proposals, including Orbit and Vitalik’s rotating participation, in varying implementations, in fact, suggest to make validators with smaller stake vote less often. This way, the actual validator load is reduced more than the economic security.

Conclusion

Ethereum’s consensus works pretty well today, but we have to prepare it for further scale. The ideal, simple, robust and decentralized Proof-of-Stake consensus, as defined in Vitalik’s roadmap, has to have a lot more features. Thankfully, they’re all being worked on, and some solutions are live even today.

In the future, we’ll have a fully DDoS-resistant consensus supporting millions of geographically distributed lightweight validators, with stakes ranging from a few thousand to several million dollars each, finalizing the chain every 12 seconds. We’re building this future now, one block at a time. Let’s make Ethereum great again!

Thank you for reading.