Note: This research has been originally written at the beginning of April, 2022.
Additional data was added - feasibility conclusion and additional network insights at middle of May, 2022. The review was done and the content was edited at the same time.
In this post we will go over the importance of validators on the Ethereum Proof-of-Stake consensus layer, the current state of their privacy and why it is important for these entities.
Additionally we will go deeper into describing the current threats and attack vectors, as well as the compromises made that enable these threats. The compromises are tightly correlated to other parameters, crucial for correct functioning of the network - such as network latency. We will also describe these parameters and their role of being bottlenecks for improving validator anonymity.
To overcome these issues, we analyse a potential solution which involves creating a private pre-network using Dandelion++ and RLN. We describe the potential implementation in detail, the current development details as well as it’s overall impact on the network.
At the end we present our insights from this analysis and come to a conclusion why the proposed potential solution with sufficient anonymity guarantees is not feasible for the Ethereum consensus layer.
Note: It is expected that the reader has a high level understanding of the Ethereum Proof of stake consensus mechanism.
In Ethereum’s Proof-of-Stake consensus layer, validators are entities that are responsible for bringing the network to a consensus and to a finalized state. To become a validator, one must stake a fixed amount of Ether (32 Ether currently), which is necessary for the security of the network - but also necessary for disincentivising the validator for performing malicious actions, which would contribute for preventing the network to come to a consensus. In such cases, when the validators do not follow the consensus layer rules, they will be penalised appropriately, and in some cases they will be also excluded from the network. The penalties and rewards are described in more details here.
In contrast to that, the validators are rewarded by a small amount of Ether for appropriate behaviour according to the consensus layer rules - which serves as an incentive to continue participating in the network.
The Ethereum consensus layer is designed in a way that validators have different roles, which are assigned for each slot and might be different. The validator roles (or duties) are the following:
At each slot, a single validator (block proposer) proposes a block, while the other validators are attesting for the beacon block head (LMD GHOST vote) and the epoch checkpoint block (FFG vote).
The validators are rewarded according to the importance of the duty they are performing for the slot, as well as the current state of the network. The importance of each duty is different.
Block proposals are the most important messages. Attestations are also very important, because they essentially vote what is valid and what is not. However because of the proportions of the obligation delegation (one block proposer vs many attesters), the emphasis on valid block proposals is set much higher. Additionally there is a buffer for the amount of the attestations necessary for justification and finalisation of a block, which means the network would continue forward even if not all validators have attested properly.
In order for blocks to be proposed, the validators with a block proposer duty should be active/online in the first place and then respond to their role appropriately.