HF1 is the tentative code name for the first hard fork of the beacon chain (see here for longer-term naming ideas). The key goals of HF1 are:
We add a randomly sampled “sync committee” to the beacon chain. The purpose of this is to allow light clients to determine the head of the chain with a low amount of overhead (~20 kB per day minimum to keep up, and ~500 bytes to verify a single block). This would allow light clients to actually be viable for mobile devices, in-browser use cases in the like for the beacon chain (and post-merge Ethereum as a whole), paving the way for a much more trust-minimized wallet ecosystem.
For each period (~27 hours), 1024 validators are randomly selected to be part of the sync committee during that period. Validators in the sync committee would publish signatures attesting to the current head. These signatures would be broadcasted as part of a LightClientUpdate
object that could help light clients find the head, and would be included in the beacon chain to be rewarded.
Key PR:
We replace the way that rewards for attesters are computed. Instead of storing PendingAttestation
objects and then processing them at the end, we add a bitfield that stores the status of each validator, allowing the data about who participated to be accumulated in real time. The bitfield is ordered “in shuffled order”, ensuring that records for validators in the same committee appear together. The goal of this change is to simplify client implementations and to make updating the Merkle tree much cheaper.
Key PR:
We make validator set changes and penalty accounting only happen once every 64 epochs, instead of every single epoch. The goal of this is to greatly reduce the complexity of processing “empty epoch transitions” - for example, a chain with very low participation where two successive blocks are a thousand slots apart with only empty space between them. To process such a chain, currently clients would need to recompute each validator’s balance once per epoch to apply inactivity penalties; with this proposal, they would only need to do so once per 64 epochs.
Additionally, we add two changes to how inactivity leaks work:
Key PRs:
We celebrate the fact that we are somewhat, though not yet completely, out of the woods by weakening the training wheels on validator penalties. We change the constants:
INACTIVITY_PENALTY_QUOTIENT
: reduced from 2**26
(= 67,108,864) to 3 * 2**24
(= 50,331,648)PROPORTIONAL_SLASHING_MULTIPLIER
: increased from 1
to 2
MIN_SLASHING_PENALTY_QUOTIENT
: reduced from 2**7
(= 128) to 2**6
(= 64)Currently, if there is no block published in the most recent slot, then for the purposes of LMD GHOST attestations during that slot count as supporting the most recent block in the chain that the attester is supporting. For example, in this diagram below, attestations on BLANK count as attestations on A:
However, this opens the door to 34% attacks. Suppose that there are m
validators assigned to each slot, of which a malicious attacker controls 0.34 * m
. The attacker also has the right to publish B for slot n+1
. The attack proceeds as follows: the attacker DOES NOT publish B, and does not publish any of their attestations. All honest attesters would vote for the claim that they saw A in slot n
and nothing in slot n+1
, which currently counts as votes for A. During slot n+2
, an honest proposer would build a block C
on top of A
, and the honest validators would support C. At this point, the malicious proposer reveals B and their attestations for B for both slots n+1
and n+2
. The bottom fork has 0.68 * m
validators supporting it, but the top fork only has 0.66 * m
support, so the bottom fork wins.
This attack is described in more detail in section 3.1 of this paper here: https://econcs.pku.edu.cn/wine2020/wine2020/Workshop/GTiB20_paper_8.pdf
The proposed fix is to change the way fork choice works, so that instead of operating on the tree of blocks, it operates on the tree of (block, slot) pairs. Hence, the honest votes during slot n+1
would count as votes for (BLANK, n+1)
in the diagram above, and so they would correctly count as supporting the top fork, and so the top fork’s support would be 1.32 * m
and it would defeat the attack.
Key PR:
There is a “balance attack” on the fork choice, where an attacker with 2% of validators publishes a small amount of attestations at the right time just before the end of a slot, convincing >49% of the network that some block A is winning and >49% that block B is winning. If they time their broadcast correctly, each group sees the messages aimed at them on time, but does not have time to rebroadcast the messages to the other group before the slot boundary ends. They can then repeat potentially indefinitely, if network circumstances are optimal for the attacker.
The proposed fix “breaks the symmetry” by empowering the proposer of the next slot to have a temporary, but significant, impact on the fork choice, decisively shifting all validators’ position to one side or the other.
Key doc: