Thread
Ethereum’s BS and intellectual dishonesty.
A thread. 1/
A thread. 1/
Some background: About 3 and 1/2 years ago I started looking into PoS systems and published a series of articles documenting my thoughts & findings. 2/
hugonguyen.medium.com/work-is-timeless-stake-is-not-554c4450ce18
hugonguyen.medium.com/proof-of-stake-private-keys-attacks-and-unforgeable-costliness-the-unsung-hero-...
hugonguyen.medium.com/proof-of-stake-the-wrong-engineering-mindset-15e641ab65a2
hugonguyen.medium.com/work-is-timeless-stake-is-not-554c4450ce18
hugonguyen.medium.com/proof-of-stake-private-keys-attacks-and-unforgeable-costliness-the-unsung-hero-...
hugonguyen.medium.com/proof-of-stake-the-wrong-engineering-mindset-15e641ab65a2
Since then, I haven’t paid much attention to Ethereum. Until @TuurDemeester’s and @BitMEXResearch's tweets made me curious. So I take a quick look to see what they’ve been up to. 3/
After all, it’s been more than 3 years. Ethereum people made so much money. They must have thrown billions at finding scaling solutions.
Surely there must be some “progress”, right?
Nope, just the same BS and more intellectual dishonesty.
Let's take a look. 4/
Surely there must be some “progress”, right?
Nope, just the same BS and more intellectual dishonesty.
Let's take a look. 4/
This is one of Ethereum’s most recent articles by Georgios Konstantopoulos and Vitalik Buterin.
Published on @paradigm July 20th, 2021. So just 4 months ago. 5/
www.paradigm.xyz/2021/07/ethereum-reorgs-after-the-merge/
Published on @paradigm July 20th, 2021. So just 4 months ago. 5/
www.paradigm.xyz/2021/07/ethereum-reorgs-after-the-merge/
The article was likely prompted by concerns raised by @bergealex4 and others back in July on how broken Ethereum has become.
The TL;DR is that Ethereum has a vulnerability that could enable reorgs-on-demand services. An existential threat. 6/
The TL;DR is that Ethereum has a vulnerability that could enable reorgs-on-demand services. An existential threat. 6/
Here’s the abstract.
It attempts to explain how Ethereum 2.0 (Gasper) will fix the reorgs-on-demand issue. 7/
It attempts to explain how Ethereum 2.0 (Gasper) will fix the reorgs-on-demand issue. 7/
It starts off with a few definitions, including something called “Finality”.
BS #1: Just because you name something “final” doesn’t mean that it is actually “final” in a distributed consensus sense. It is also not “mathematically impossible” to get re-orged. 8/
BS #1: Just because you name something “final” doesn’t mean that it is actually “final” in a distributed consensus sense. It is also not “mathematically impossible” to get re-orged. 8/
More on this silly Finality concept, from Gasper’s official paper.
Note the naive assumption about always being able to attribute faults to “bad actors” when shit hits the fan. 9/
arxiv.org/pdf/2003.03052.pdf
Note the naive assumption about always being able to attribute faults to “bad actors” when shit hits the fan. 9/
arxiv.org/pdf/2003.03052.pdf
PoS systems can have no bad actors, but will still “finalize” different things and have disastrous reorgs regardless.
An example is when the network gets unexpectedly partitioned due to extraordinary circumstances. 10/
An example is when the network gets unexpectedly partitioned due to extraordinary circumstances. 10/
The honest thing to say, like Satoshi did, is that consensus is always probabilistic. Not throwing around a term like Finality.
The use of deceptive language is a recurring theme in Ethereum and PoS. (More on this below). 11/
The use of deceptive language is a recurring theme in Ethereum and PoS. (More on this below). 11/
BS #2:
Next the article compares PoW with PoS alternatives.
But the table curiously lumps together Ethereum PoW and Bitcoin PoW.
It then proceeds to claim reorgs are “frequent” in Nakamoto consensus (???). 12/
Next the article compares PoW with PoS alternatives.
But the table curiously lumps together Ethereum PoW and Bitcoin PoW.
It then proceeds to claim reorgs are “frequent” in Nakamoto consensus (???). 12/
Bitcon’s orphan blocks have always been rare, and since 2017 _extremely rare_ (one block every few weeks), thanks to the FIBRE network.
Otoh, Ethereum’s orphan rate has historically hovered around 6% or higher. 13/
Otoh, Ethereum’s orphan rate has historically hovered around 6% or higher. 13/
By lumping together Bicoin PoW and Ethereum PoW, the authors pin the “frequent reorgs” problem on PoW.
Not because of Ethereum’s own incompetence. How it intentionally chose unsafe PoW parameters that sacrifice security for speed.
Quite the sleight-of-hand. 14/
Not because of Ethereum’s own incompetence. How it intentionally chose unsafe PoW parameters that sacrifice security for speed.
Quite the sleight-of-hand. 14/
The way the table is presented here is known in psychology as a priming technique.
It primes the readers to be against PoW from the outset. This would have an effect on people who already have a bias against PoW, or are neutral. 15/
It primes the readers to be against PoW from the outset. This would have an effect on people who already have a bias against PoW, or are neutral. 15/
To emphasize this “frequent reorgs” problem, it also references a Princeton paper called the “Instability of Bitcoin Without the Block Reward”. 16/
Alas, the Princeton paper made several silly assumptions that I and others already debunked. 17/
Side note: I don’t think the @Princeton CS department intentionally attacked Bitcoin to elevate altcoins.
It’s simply another case of experts in one domain underestimating interdisciplinary subjects like Bitcoin. 18/
It’s simply another case of experts in one domain underestimating interdisciplinary subjects like Bitcoin. 18/
In this case, it was Computer Scientists making highly naive assumptions about the game-theoretic nature of Bitcoin, and conflate long-term versus short-term security. 19/
Back to the article, it then describes its proposed PoS system, Gasper.
The key words to notice here, and crucial to understand PoS’s weaknesses, are block “weight” and “pseudorandomly chosen” staking committees. 20/
The key words to notice here, and crucial to understand PoS’s weaknesses, are block “weight” and “pseudorandomly chosen” staking committees. 20/
BS #3: Making the outrageous claim that attackers “do not have a way” to beat the “honest majority of thousands of attesters”. 21/
Unlike PoW, to become attesters is cheap, rendering the whole “thousands of attesters” as toothless as AWS instances.
A rich holder could split up & shuffle his stake into many pieces to get more votes. These so-called weights can be manipulated without any additional costs. 22/
A rich holder could split up & shuffle his stake into many pieces to get more votes. These so-called weights can be manipulated without any additional costs. 22/
BS #4: Delegating the difficult task of consensus-finding to an all-magical pseudorandom entity.
In Gasper, the staking committees are chosen by a random oracle.
Pay attention to the bottom footnote in this section. 23/
In Gasper, the staking committees are chosen by a random oracle.
Pay attention to the bottom footnote in this section. 23/
Because PoS does not perform any work, it must generate its randomness from somewhere else. Whereas PoW mining injects entropy (and along with it, fairness) into the system.
The use of a random oracle seems like a small problem, but in reality it is the _entire_ problem! 24/
The use of a random oracle seems like a small problem, but in reality it is the _entire_ problem! 24/
If the source of randomness isn't truly random, it can be exploited. If it is random but relies on a centralized oracle, there’s no point in having this decentralization facade. The system is simply centralized.
But PoS designers very predictably hand-wave this problem away. 25/
But PoS designers very predictably hand-wave this problem away. 25/
All these concepts also sound strangely familiar. It’s because I have written about exactly the same things 3 years ago. On PoS systems like DFINITY.
So much for progress. 26/
So much for progress. 26/
BS #5
Next comes the most ridiculous claim: PoS can achieve distributed consensus with just ~ 50% of the network being honest, which is comparable to PoW (51%), but with none of the costs.
Too good to be true? Because it is. 27/
Next comes the most ridiculous claim: PoS can achieve distributed consensus with just ~ 50% of the network being honest, which is comparable to PoW (51%), but with none of the costs.
Too good to be true? Because it is. 27/
This directly contradicts all prior research that says PoS cannot be secure unless there’s a 2/3+ honest majority.
If true, Vitalik & co should get a Turing Award. 28/
If true, Vitalik & co should get a Turing Award. 28/
It does say that there are “subtle attacks” that only require ~25-49% of attesters (being dishonest).
But it also claims there are “known fixes” to these problems.
So convenient. Do tell us what these “known fixes” are? 29/
But it also claims there are “known fixes” to these problems.
So convenient. Do tell us what these “known fixes” are? 29/
The only link I can find is a PR on ethereum.org. Let’s check it out. 30/
Oh no! This “Key PR” was closed with no replacements in sight. What’s more, it was closed in March, months before this claim was made. What’s going on?
So much for “known fixes”. Looks like we need to take back that Turing Award. 31/
So much for “known fixes”. Looks like we need to take back that Turing Award. 31/
Next paragraph: the all-powerful Finality concept strikes again.
It’s amazing what a crazy person can imagine in their head by just keeping making stuff up. 32/
It’s amazing what a crazy person can imagine in their head by just keeping making stuff up. 32/
BS #6: The illusion of progress
Like a snake that eats its own tail, here’s the typical picture of Ethereum progress:
Problem X is solved by Y. But Y has this small problem Z. Z would work if somehow it goes back to X being solved. 33/
Like a snake that eats its own tail, here’s the typical picture of Ethereum progress:
Problem X is solved by Y. But Y has this small problem Z. Z would work if somehow it goes back to X being solved. 33/
It always goes back to Finality. It always goes back to the Random Oracle.
The system is always one PR away from being perfected. 34/
The system is always one PR away from being perfected. 34/
Let’s quickly look at some other Ethereum activities.
Rollups have been trendy as of late. What are they?
“Rollups are solutions that perform transaction execution outside the main Ethereum chain (layer 1) but post transaction data on layer 1.” 35/
Rollups have been trendy as of late. What are they?
“Rollups are solutions that perform transaction execution outside the main Ethereum chain (layer 1) but post transaction data on layer 1.” 35/
Sounds familiar? Because it should.
"Rollups" are Bitcoin’s default mode of operation: computations are never on-chain, only proofs. 36/
"Rollups" are Bitcoin’s default mode of operation: computations are never on-chain, only proofs. 36/
So after all the years of meandering, of wanting to be the “world computer”, Ethereum comes full circle, back to Bitcoin’s tried and true architecture, with tons of complexity added in the process.
Are "rollups" Ethereum's acceptance of defeat? 37/
Are "rollups" Ethereum's acceptance of defeat? 37/
If I have free time I’ll look more into rollups and the fancy terms they throw around later.
A quick glance and “optimistic rollup” already looks suspect: reframing a security issue (it’s unsafe) as an emotional issue (it’s optimistic). 38/
A quick glance and “optimistic rollup” already looks suspect: reframing a security issue (it’s unsafe) as an emotional issue (it’s optimistic). 38/
A note on the deceptive use of language.
Finality
Weak Subjectivity
Inactivity Leak
Optimistic Rollup
and more
See the pattern? These are all terms with strong inherent bias - designed to reframe or downplay issues.
Pure marketing BS. 39/
Finality
Weak Subjectivity
Inactivity Leak
Optimistic Rollup
and more
See the pattern? These are all terms with strong inherent bias - designed to reframe or downplay issues.
Pure marketing BS. 39/
These patterns of behaviors are consistent throughout the years, going back to Vitalik’s project just before Ethereum: the quantum computer vaporware.
The dude is 27 year-old and has been doing this for 7+ years, you can’t no longer chalk it up to naivety or innocence. 40/
The dude is 27 year-old and has been doing this for 7+ years, you can’t no longer chalk it up to naivety or innocence. 40/
Another one for good measure (and laugh).
BS #8: Ethereum tech lead frames “looking up past balances” as stalking (?!) behavior. Hmm... 41/
BS #8: Ethereum tech lead frames “looking up past balances” as stalking (?!) behavior. Hmm... 41/
BS #9: Or implying 175GB of Ethereum chain data is a fair comparison against a Bitcoin full node.
It’s not. 175GB is just garbage data without any verification. 42/
It’s not. 175GB is just garbage data without any verification. 42/
I consider Ethereum the mother of all scams in this space, so it will always deserve its own special walk of shame.
Yet this is the kind of BS that VCs like @a16z & @paradigm are promoting to millions of people. Whether it’s ignorance or willful malice, only they will know. 43/
Yet this is the kind of BS that VCs like @a16z & @paradigm are promoting to millions of people. Whether it’s ignorance or willful malice, only they will know. 43/
And most other "blockchain" projects are even worse than Ethereum. Such is the state of crypto.
Bitcoin fixes all these bullshits. FIN. 44/
Bitcoin fixes all these bullshits. FIN. 44/
Edit: Several people corrected me that FIBRE is no longer active.
That's true, but the original point stands: Bitcoin has an extremely low orphan rate, no "frequent reorgs". You can look it up for yourself.
That's true, but the original point stands: Bitcoin has an extremely low orphan rate, no "frequent reorgs". You can look it up for yourself.
Here is the paper that presents attacks on Gasper that only require as low as 25% control. So much for DeFi.
Good job @Harvard.
econcs.pku.edu.cn/wine2020/wine2020/Workshop/GTiB20_paper_8.pdf
Good job @Harvard.
econcs.pku.edu.cn/wine2020/wine2020/Workshop/GTiB20_paper_8.pdf
PoS is obfuscated, weaker PoW.
Something else to pay close attention to is the timeline of events in Ethereum.
The above Harvard paper describing 25-30% attacks on Gasper was published Feb 3, 2021.
The so-called "known fixes" for them were proposed (then closed) on Github Feb 9, 2021.
arxiv.org/abs/2102.02247
The above Harvard paper describing 25-30% attacks on Gasper was published Feb 3, 2021.
The so-called "known fixes" for them were proposed (then closed) on Github Feb 9, 2021.
arxiv.org/abs/2102.02247
Similarly, the reorgs-on-demand problem, another existential threat, was raised around July 1, 2021.
Guess when did Vitalik publish the @paradigm article, that was filled with misinformation and outrageous claims, saying ETH2 will fix it? July 20, 2021.
Guess when did Vitalik publish the @paradigm article, that was filled with misinformation and outrageous claims, saying ETH2 will fix it? July 20, 2021.
Wth is going on here?
Damage control.
You were supposed to detail how your design fares against serious fundamental issues YEARS ago. Not fix or publish (incorrect) things on-the-fly in scramble mode.
This is the true picture of Ethereum: hype, lies and total incompetence.
Damage control.
You were supposed to detail how your design fares against serious fundamental issues YEARS ago. Not fix or publish (incorrect) things on-the-fly in scramble mode.
This is the true picture of Ethereum: hype, lies and total incompetence.
On why "Weak Subjectivity" is a BS term, see my old thread.
"Weak" implies that it's trivial.
But the degree of trust required in PoS is exponentially higher than in PoW, in terms of both magnitude and frequency.
"Weak" implies that it's trivial.
But the degree of trust required in PoS is exponentially higher than in PoW, in terms of both magnitude and frequency.
Why "Inactivity Leak" is BS. From one of my PoS articles.
The idea of using punishment as the be-all and end-all solution for L1 consensus is fundamentally flawed.
"Punishment" assumes you always know who the bad guy is. In reality, you don't.
The idea of using punishment as the be-all and end-all solution for L1 consensus is fundamentally flawed.
"Punishment" assumes you always know who the bad guy is. In reality, you don't.
Exactly 3 months after claiming that an attacker has “no way” to beat “thousands of attesters", a paper from their own foundation shows that it's possible with just 0.09% stake. You really can’t make this stuff up.
arxiv.org/abs/2110.10086
arxiv.org/abs/2110.10086
Whether Ethereum can fix some of these issues or not (hint: they can’t) is besides the point. It’s the constant stream of unsubstantiated claims and outright lies that is morally reprehensible.
The Ethereum’s formula: oversell and underdeliver, then oversell some more.
The Ethereum’s formula: oversell and underdeliver, then oversell some more.
On other PoS projects: also severely flawed, but at least some of them are much more honest than Ethereum.
Why Rollups are BS (warning: long thread)
Ethereum just experienced a 7-block reorg.
Root cause is, again, replacing PoW’s objective block-picking mechanism, with PoS’s subjective and Perpetual-Motion-like concepts such as block “weight” and “boost”.
Root cause is, again, replacing PoW’s objective block-picking mechanism, with PoS’s subjective and Perpetual-Motion-like concepts such as block “weight” and “boost”.
Ethereum people estimated this reorg to have 0.00025% probability given the circumstances. System safety is just one big coincidence, right? Deploy & pray, folks.
Beyond a certain point (of ignorance), anyone who shills Ethereum is a full-fledged scammer.
Beyond a certain point (of ignorance), anyone who shills Ethereum is a full-fledged scammer.
Mentions
There are no mentions of this content so far.