Ethereum’s consensus algorithm is not the only thing changing with the launch of Eth 2.0. The underlying cryptography itself is getting an overhaul based on leading research out of the Electric Coin Company.
Called BLS12-381, the new elliptic pairing curve will securely coordinate transactions on the proof-of-stake (PoS) Eth 2.0 network, while opening up opportunities for data savings and privacy-tech solutions.
Currently, the ins and outs of that curve are being baked into the network with Ethereum Improvement Proposal 2537. That EIP is slated for delivery with the protocol’s 10th hard fork, Berlin, tentatively scheduled for July.
As a hard fork, Berlin will add up to four backwards-incompatible upgrades, two of which continue to be vetted and may ultimately not be included (all though that remains unlikely given all four EIPs are being implemented on various levels by each Ethereum client).
A test net, Yolo, conducting dry runs without applications, is currently underway for EIP 2537 and one other proposal, EIP 2315, which will add “simple subroutines” to the Ethereum Virtual Machine (EVM).
For Eth 2.0, EIP 2537 is an introduction into the interesting cryptography work underpinning the new network while answering a question Ethereum co-founder Vitalik Buterin has been pondering since the network’s early days.
From 1.x to 2.0
In order to launch Eth 2.0, a technical bridge must exist between Ethereum’s existing Eth 1.x and Eth 2.0.
BLS12-381 undergirds one such option by building an Eth 2.0 “lite client” inside the current Ethereum network, according to an April Medium article by Ethereum developer Alex Stokes.
In short, Eth 2.0 will roll out in steps, beginning with Phase 0 in Q3 2020. Phase 0 will begin with the beacon chain, a coordination mechanism for investors staking funds. In PoS networks like Tron or EOS, staked funds operate as a voting mechanism and incentive to partake in verifying transactions.
Eth 1.x operates on the Proof-of-Work (PoW) algorithm and has a wholly separate cryptographic schematic called Elliptic Curve Digital Signature Algorithm (ECDSA), also employed by Bitcoin and other cryptocurrencies.
But in order to bridge the PoW and PoS networks a common tongue is needed.
That’s what EIP 2537 does – by providing a cryptographic translator between the two networks in what is called a precompile of the underlying primitives of Eth 2.0. This precompile makes a lite client possible.
In practice, a lite client would be built as a smart contract inside the EVM. Its main purpose, given the client’s limited functionality, would be to port ether (ETH) over to the new chain, a prerequisite for boarding people onto the new network.
Additionally, Layer 2 (L2) solutions for scaling Ethereum and Eth 2.0 could be built on the lite client, Ethereum co-founder Vitalik Buterin said in an April Ethereum Magicians post.
“If we have that, then an eth2-in-eth1 client is actually not that hard, which opens the door to applications that use eth2 as an availability engine (ie. things like Plasma but waaay more powerful),” Buterin wrote.
Finding the right primitive
The next iteration of Ethereum has far larger ambitions than the ECDSA can handle. Luckily, 10 years of cryptocurrency research has borne fruit in at least one subject: cryptography itself, Cloudflare cryptographer Nick Sullivan said in an interview with CoinDesk. New curves such as BLS12-381 prove as much.
“Elliptic curves have been around since the mid-1980s,” Sullivan said. “The problem is that they’re somewhat limited in what they can do. They can do effectively classical public-key operations: digital signatures, encryption and key agreement.”
Alternatively, “pairing friendly” curves invented in the early 2000s provide alternative security measures that aptly apply to blockchains, Sullivan said.
Invented in 2017, Electric Coin Company cryptographer Sean Bowe’s BLS12-381, a variant of the BLS curve invented by three cryptographic pioneers in 2003, is perhaps the most consequential for most coins today. His curve, and others like it, are the reason blockchains can scale.
“BLS12-381 is a special kind of elliptic curve (a ‘pairing-friendly’ curve) which enables cryptographic primitives like SNARKs and vector commitment schemes,” Bowe said in an email. “These primitives are very useful for improving scalability and privacy in blockchain projects.”
BLS and Eth 2.0
For Eth 2.0, the advantage can be cut into three parts: data savings, privacy and interoperability.
First, BLS-styled signatures keep the necessary computation light by batching cryptographic signatures that verify transactions, according to Ethereum researcher Carl Beekhuizen in an Ethereum Foundation blog post.
(For reference, that’s equivalent to nearly three times the weight of the current Bitcoin blockchain.)
BLS12-381 also allows Eth 2.0 to implement zero-knowledge proofs more naturally: Privacy variants of ETH could be native to Eth 2.0. In fact, BLS12-381 was hard forked into the Zcash protocol with the 2018 Sapling update as a more robust cryptographic primitive.
Moreover, the use of ECC tech on Ethereum highlights the close relationship between Buterin and Zooko Wilcox, co-founder of Zcash and the CEO of ECC. Both the ECC and Zcash teams have shown past interest in bridging the two technologies.
Eth 2.0’s ability to connect with other projects – specifically non-Bitcoin ones – could materialize in a few different ways: Perhaps Ethereum shares its value across different chains or perhaps it siphons tech away from other projects, taking their market caps with it.
Either way, Cloudflare’s Sullivan remains impressed by the math:
The leader in news and information on cryptocurrency, digital assets and the future of money, CoinDesk is a media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. CoinDesk is an independent operating subsidiary of Digital Currency Group, which invests in cryptocurrencies and blockchain startups. As part of their compensation, certain CoinDesk employees, including editorial employees, may receive exposure to DCG equity in the form of stock appreciation rights, which vest over a multi-year period. CoinDesk journalists are not allowed to purchase stock outright in DCG.