Although this can have an indirect impact on their own wealth with a “Goldfinger attack” or combining an attack of suitable magnitude with suitable derivatives on Ether

need

however a brief functional explanation is useful to explain how it overcomes the limitations of simple threshold signing.

decreasing security, or losing the just-obtained ability to protect against signing undesirable messages?

Has this change really achieved anything, or just moved the attacker’s target so that they have to attack the signer rather than the validator client?

the issue of being unable to sign undesirable messages is still present

Moving the decryption passphrase to be remote from the validator client significantly enhances the protections provided by encrypting the validator key

But if the validator process can access the key, so can the attacker. This is usually achieved by storing the decryption key on the validator client, which results in many of the attacks remaining.

It is entirely possible to store this number without any protection, however this would open the key up to a number of simple attacks, for example

according to the goals the attacker only needs to sign a single arbitrary message to be able to meet their goal

It is important to be clear on the purpose of protecting the validator key, because this allows each feature to be weighed against how much it adds to the purpose. This is carried out through the definition of goals.

t is generally considered that the security requirements for validator keys are similar to that for withdrawal keys.

validator keys hold no funds themselves

Note

a network attack was attempted and stopped

The more validators that are slashed around the same time, the higher the penalty for all slashed validators.

Stake effectiveness range

What is it, and why does it matter?

low stake effectiveness lowers their expected percentage returns from ther validators.

a

Staking effectiveness matters because the more Ether used to secure the network the better.

Ethereum 2 uses a measure called effective balance to judge the weight of attestations, and the majority of validators will have a level of inefficiency where their balance is higher than their effective balance.

;

Note

stimated returns after costs

25/validator/monthandanEtherpriceof25/validator/monthandanEtherpriceof25/validator/month and an Ether price of 200

As such it is prudent to consider the estimated validator return to be a fraction of the maximum validator return

The specific method used to calculate this value is up to the user and the data they have available to them

This

that

using

Figure 2: Participation rate range

Network liveness range

either across the network

,

what can be considered “good” or “bad” for each one.

running

that provide

2

Stake effectiveness range

balance

perfectly

staying roughly in the same place

initially

effe

For example, if a validator has a balance of 31.7Ξ its effective balance will be 31Ξ, resulting in it being only 1−31.7−3131=97.7%1−31.7−3131=97.7%1-\frac{31.7-31}{31} = 97.7\% effective.

Network liveness

Staking effectiveness matters because the more Ether used to secure the network the better

above graph

This could be vulnerable to temporary peaks and troughs in network participation rate, however, so an average participation rate over a time period may provide a more accurate representation. However, as this is a forward-looking metric it will only every be possible to provide an estimate.

This

participation rate

this value

The breakdown of which levels

Levels of reward

Maximum rewards dependent on number of validators (approximate)

perfectly

carries

Estimated

open to interpretation

Participation rate range

67%

f pa

if participation

receives

that are

Participation rate

current epoch can be calculated from the three chain values genesis time, seconds per epoch and slots per second, along with the current timestamp

Network liveness range

Selecting

the

reverted

,

This article provides information about some of these

but have not been explained in adequate detail

Being aware of the conditions required for, and time taken in, transitions between states is vital for ensuring the successful operation of an Ethereum 2 staking infrastructure.

information above

Annotated validator lifecycle

until a transfer operation is introduced

to transfer Ether

his provides the longest time in which a cheat can be caught,

can be

18 days

Second

rather than just working its way to the end of the exit queue

than spent

higher

should

caught cheating

Similar

wanted

even though it may be selected for a near-future role.

An exiting validator has signalled its intention to stop validating, however whilst in this state it carries on much as before, attesting and proposing as it did when active.

the first situation listed above, where a validator is removed from active validating.

Figure 5:

the

cannot

has

active state

proceed to be

prepared

state

approximately 4 hours

as that is where the funds for the validator originate

its transitions

state

and proposing

attesting

Deposited a

it is useful to have

For the sake of readability

However, becoming a validator, and stopping being a validator, is part of an overall lifecycle that includes various transitions that are generally not well understood.

to

in early stages

of this option

is the

withdraw

is the

must

look at

of this option

It is not so easy to be sure that those 10,000 Ether are definitely controlled by the staking service, that the staking service is unable to withdraw the Ether for themselves, that the staking services’ security is adequate to protect the withdrawal keys from hackers. etc. These difficulties may result in the tokens’ market price being significantly below par.

services’

all of the other benefits tokenization brings.

of this

sell

so that these are represented as well

would accrue

you need to also trust their

is one option

,

practical

very similar to running the validator and key manager

the

with

of this

do so

talk

not all!

.

indeed part

It is possible for a staker to create their own deposit agreement, or for a service to provide the deposit agreement.

redundancy

The risk is that the value of the token depends on the reputation of the service. Because the withdrawal of funds from validators is not managed by a smart contract the asset underlying the token (i.e. staked Ether) is not tied to the token. It would be possible for an untrustworthy service to withdraw all of the staked Ether for themselves, rendering the token worthless. There are also possible tax implications of this action: it is possible that tax authorities look at the exchange of Ether for tokens as selling Ether and buying a token, in which case it becomes a taxable event. Although there is no final word on this, and treatment is likely to be different from one jurisdiction to another, the possibility exists and must be considered.

The benefit of this is that the staker has a fungible asset for their staked Ether: they can sell some or all of it at any time. They can also buy tokens, or fractions of tokens, whenever they wish rather than have to wait until they have 32 Ether to start a new validator.

and provide a smart contract that returns tokens for staked Ether. The token represents staked Ether at a certain rate, and as rewards accrue to the service’s validators the value of a token increases in terms of Ether. When a staker wishes to withdraw funds they can do so by selling the token on the open market.

previous model today,

broadcast it

agreement that contains the details of the who will be validating and to where the funds can be returned.

One other definition is useful: a “staker” is an entity that provides the funds with which validation occurs.

Any staking service will have a number of features, including control of the deposit, control of the validator, access to staked funds, and payment for the service (cumulatively known as the “model”) . Each of these features can be done in different ways, resulting in many possible staking services. There is no single “best” model for a staking service. Each model has its own characteristics, and will suit different types of investor. Indeed, if too much staked Ether uses a single model it will create a frailty in Ethereum, where a single failure could result in a large percentage of validators going offline at the same time.

Instead,

hat has been

validator rewards

, however

loss of validation rewards

Ultimately

network

(hereafter “node”)

for

vendor

the

judgement

the Ethereum 2 beacon chain

These models provide a dilemma, because having more connections to other nodes provides a more up-to-date view of the network, gives less reliance on any single node to share information, and ultimately results in higher rewards. However, these come at the cost of paying the hosting company. Ultimately the consideration of increased cost with increased reward will need to be examined to pick a suitable balance.

the first cost that comes to mind

they can only do so once a suitable server has been selected

that may need to be made that can influence your decision, from the physical size of the server to the amount of power it requires (more on this below).

as

the standards for such should be finalized

many different implementations that are incompatible with each other

it when

for them

will be incentivized to keep it going separate to the merged chain

likely

chain

to

if not it should be seen in

merge

his is likely to be on-going work but early definitions will need to come in the second or third quarter of 2020 to allow implementation and testing.

execution environment

in many transactions

in conjunction with phase 2 being released

There are expected to be

,

have been on-going at the same time as phase 0 design and implementation however are significantly less mature and still undergoing significant changes.

igure 1: Phase 0 release gates

but as the changes in the design reduce to bug fixes and necessary optimizations the time between a new version of the specification being made and code running to that specification will reduce to a matter of days

trust

there is a

the production Ethereum 2 network.

for

as

2020 is as close to a make-or-break year for Ethereum as it has ever seen

Some of the items that are required to mature over the next year are discussed below.

here have been a number of suggestions how to merge Ethereum 1 and Ethere

Design of some of these more common special-purpose, as well as the general-purpose, execution environments will require significant work, not least to attempt to define what each features each execution environment should and should not have.

transaction there are many common themes

that provide large amounts of similarity

Phase 2’s design is actually very simple