Vitalik Buterin (Ethereum Co-founder) – What makes an ideal state tree? (Aug 2021)


Chapters

00:00:17 Ethereum Stateless Clients: Witness Sizes and Tree Structures
00:10:15 Optimizing Merkle Tree Branch Length and Storage
00:13:36 Polynomial Commitments for State Trees
00:21:13 Vertical Trees: A Novel Approach to Efficient Merkle Tree Proofs
00:27:12 Merkle Tree Improvements
00:31:42 Proof Compression and Quantum Resistance Considerations in Merkle Trees
00:38:53 Quantum-Resistant Post-Quantum Cryptography

Abstract

Navigating the Evolution of Ethereum’s State Tree: From Hexary Structures to Quantum-Resistant Virtual Trees

In the dynamic field of Ethereum’s network, the evolution of its state tree structure stands as a pivotal aspect of blockchain technology. This comprehensive exploration delves into the transition from the conventional hexary tree structure to advanced concepts like binary and virtual trees, including stateless clients, polynomial commitments, and the emerging challenge of quantum computing. By synthesizing insights from Vitalik Buterin, Dinkrad, and other leading figures, we unravel the complexities of this transformation, highlighting the pivotal role of these developments in enhancing Ethereum’s scalability, security, and future-proofing against quantum threats.

Current State Tree Structure and Challenges

Ethereum’s existing state tree employs a hexary structure, stored in the Merkle Bridge Registry. Each node can have up to 16 children, and each child is hashed together with its siblings. The root of the Merkle Bridge Registry is included in every Ethereum block. However, the large size of Merkle branches, particularly in transaction-heavy blocks, poses a significant challenge.

Stateless Clients and the Need for Smaller Branches

Stateless clients are pivotal for Ethereum’s scalability, verifying blocks without storing the entire state. Smaller Merkle branches are essential for their practical implementation.

Reducing Branch Sizes

Transitioning from a hexary to a binary tree structure is a key approach to minimize branch sizes. This shift could drastically shrink branches, thereby bolstering stateless client feasibility.

Other Considerations

Optimizing data structures and algorithms is crucial in reducing the costs of generating and editing branches, directly impacting Ethereum’s performance and scalability.

Binary Merkle Trees: Efficiency and Storage Optimization

Binary Merkle trees offer a notable improvement in efficiency, reducing the number of layers and significantly optimizing storage through effective database chunking.

Editing and Limitations

Despite their advantages, binary trees face limitations in handling large data sets, with witnesses potentially reaching impractical sizes.

Polynomial Commitments: A Potential Solution

CATE commitments emerge as a novel solution, offering constant witness sizes and a reduction in proof length, although they present challenges in proof generation cost.

Pre-computing Witnesses: A Balancing Act

The pre-computation of witnesses introduces a trade-off between read and write efficiencies, necessitating a balanced approach for frequent state updates.

Square Root Compromise and Vertical Trees

The square root compromise, involving a split in the state polynomial, along with vertical trees, presents a balanced solution. Vertical trees, characterized by constant-size proofs and reduced proof sizes, however, introduce complexities in computational costs due to elliptic curve operations.

Verkle Trees vs Hex Arrays

Verkle trees significantly optimize proof size and computation costs compared to hex arrays, utilizing advanced commitments to streamline proof generation.

Virtual Trees: The Current Best Solution

Despite their limitations, virtual trees currently offer the most effective solution, with ongoing research aimed at reducing proof overhead and improving designs.

SNARKs and Merkle Proofs

The use of SNARKs in verifying Merkle branches without the full tree is a key development, coupled with advancements in proof compression techniques like multiproofs.

Quantum Technology and Cryptography

Quantum computing poses a significant threat to blockchain security, prompting the need for quantum-resistant cryptographic algorithms and schemes to ensure long-term viability.

Post-Quantum Path

Lattice-based cryptography, immune to quantum attacks, emerges as the most realistic post-quantum path, highlighting the importance of adapting Merkle trees to these new cryptographic landscapes.

Conclusion

The evolution of Ethereum’s state tree, from its hexary roots to quantum-resistant virtual trees, marks a crucial chapter in blockchain technology. This journey underscores the relentless pursuit of scalability, security, and adaptability in the face of technological advancements, ensuring Ethereum’s robustness in the ever-evolving digital age.

Note: This article is based on summaries and does not include direct citations from external sources like Vitalik Buterin’s blog or Dinkrad’s articles. For detailed insights and technical specifics, readers are encouraged to refer to these expert resources.

Supplemental Update:

Quantum Computers and Cryptography:

– Quantum computers can break certain types of cryptography, including RSA, class group based, and elliptic curve based. However, they do not break lattices and hashes.

Post-Quantum Merkle Trees:

– Vertical trees are vulnerable to quantum computers, but snark-margle trees are not. A realistic post-quantum approach is to create a Merkle tree using an arithmetically friendly hash function and apply a Stark on top.

Resources for Further Reading:

– Vitalik Buterin’s blog contains articles on Verkle trees and ZKSnarks.

– Dinkrad’s blog has a piece on Cat 8 commitments.

– ETH research post on the fancy scheme that doesn’t quite work (number 7520).

– Dinkrad’s piece on Cate commitments covers a lot of the math.

– Article discussing synarchs and polynomial commitments.

– A traditional Chinese article on the same topic.

– A picture explainer of how bulletproof commitments work, used in the vertical.


Notes by: OracleOfEntropy