17th October 2021

Cryptographic Frontier

Open Problems in Ethereum Research

at Eurocrypt 2021 (Zagreb, Croatia)

Workshop on open cryptographic problems in Ethereum

Ethereum is one of the largest blockchains in the world and it relies on a variety of different cryptographic primitives and protocols that directly affect both its security and efficiency. Improving these tools is not only of academic interest, but also impacts the security of millions of users. Ethereum relies on advanced frontier crypto schemes in order to tackle the harsh requirements to scalability and performance that haunt the most popular decentralised systems.

This workshop brings the most interesting and challenging open cryptographic questions that Ethereum faces to the attention of academia. We will cover a large spectrum of research topics, such as multisignatures, commitments, verifiable delay functions, secure computation, zk-friendly hash functions and more.

The day

Sunday 17th

Workshop lasts from 10:00 to 17:00 Central European Time

The sessions

Each session starts with a talk (15 minutes long), which introduces the problem, a tentative solution, and open questions. It is followed by a working group. Sessions are independent i.e. one is not required to understand another.

Workshop program

  1. 10:00-10:30 Welcome and Intros

  2. 10:30 Break

  3. 11:00 Session 1: Pairing Based Aggregatable Zero-Knowledge by Mary Maller. Slides

Zero-knowledge protocols have made huge progress in recent years and we are starting to see practical recursive protocols emerge. If only a single layer of recursion is required, as is the case for the proof of space application of Filecoin and for VDFs, then no SNARK in the literature can be aggregated faster than Halo Nova Fractal Groth16. But Groth16 has a trusted setup. We ask if this can be avoided?

  1. 11:40 Break

  2. 11:50 Session 2: Security of ZK Friendly Hash Functions by Dmitry Khovratovich. Slides

When cryptocurrency protocols and verifiable computation schemes convert hash functions to finite field circuits, standard hashes like SHA-3 or Blake are very expensive, so newer hash functions are being introduced like Poseidon and Rescue. We would like cryptographers to investigate new ZK friendly hash functions whose security is based on older cryptanalytic methods.

  1. 12:30 Lunch Break

  2. 14:00 Session 3: Proof of Custody, MPC, and the Delegation Problem by Mark Simkin and Dankrad Feist. Slides

As data availability becomes a crucial concern in the sharded Ethereum 2.0, we put validators between the devil of delegation and the deep blue sea of solitary computation.

  1. 14:40 Break

  2. 14:50 Ethereum Bounty Program

  3. 15:00 Session 4: Verifiable Delay Functions (VDF) by Dmitry Khovratovich. Slides

We revisit existing VDF constructions from the optimality and latency tightness perspective for the purpose of a VDF hosted on-beacon-chain in Ethereum 2.0. We also cover various attacks, quantum upgradeability, and ongoing latency research.

  1. 15:45 Coffee Break

  2. 16:15 Session 5: Miner Extractable Value (MEV) by Justin Drake. Slides

Seemingly specific to game theory, a solution to the problem of miners censoring transactions for profit is within touching distance due to recent breakthroughs.

  1. 17:00 Break

  2. 17:10 Session 6: Polynomial Commitments by Dankrad Feist. Slides

An important barrier to the wide adoption of Ethereum is the state size making it difficult to run fully validating clients. This can be overcome by statelessness which requires efficiently verifiable vector commitments with small witnesses and reasonable prover requirements. We go through the concrete requirements for this scheme as well as present some current solutions and trade-offs.

  1. 17:30 Finish

The Speakers

Mary Maller

Justin Drake

Dankrad Feist

Mark Simkin

Dmitry Khovratovich


Dmitry Khovratovich dmitry.khovratovich@ethereum.org