Hello potential research collaborator!

Rumour has it that you, a researcher or manager of researchers, are interested in joint research with the Ethereum Foundation. Below are the primary topics the Foundation will be thinking about for the next 2-3 years. If you, like us, enjoy the prospect of thinking about one or more of these topics for the majority of your waking hours, do get in touch. The Foundation does have money to pay the salaries/stipend of those undertaking high-value research.

We have topics in both pure research and applied research. The Foundation as well as the larger Ethereum community seek help on both. Typical outputs from researchers are: peer-reviewed academic papers, technical reports, and/or implementations (prototypes as well as production-ready).

Questions in Fundamental Research

Q1: Can we create a theory of cryptoeconomic mechanisms?

• There are certain patterns that are often used in cryptoeconomic mechanisms. These can be studied in the abstract independently of any specific use case.
  • Security deposits (see also proof of stake)
  • How do we model capital lockup costs?
  • Dual-use of security deposits
• Challenge-response games (one group of actors is given the opportunity to submit evidence that fact X is false, and if no one submits evidence within some period of time, then X is assumed to be true). See also challenge-response authentication.
• Channels
  • State channels
  • How do we minimize the vulnerability of challenge-response games and channels to liveness or censorship faults of the underlying blockchain?
• Escalation games
• Cross-chain interoperability (see the R3 interoperability paper <todo: add link>)
  • Relays
  • Hash timelock atomic swaps

Q2: What is the role of cryptoeconomics in distributed systems? What is the role of economics in cryptography?

• Can we formalize how algorithmic incentives ("cryptoeconomics") can enhance information security?

• Modeling behavior of participants in mechanisms

  • Simple (crash) faults
  • Byzantine faults (arbitrary)
  • Byzantine-Altruistic-Rational (BAR) model
  • Uncoordinated majority (e.g., as in selfish mining)
  • Coordinated choice
  • Bribing attacker (as in P+epsilon attacks or iceman)
  • Behavioral economics models (prospect theory, endowment effect, loss aversion, morality, etc.)

• Complex game-theoretic interactions

  • Blackmail
  • Quantifying cooperative interactions among agents (e.g. dynamic coalition formation)
  • Evolution and enforcements of group norms

Q3: How do distributed systems influence current economics?

• On net, when and how much does decentralization lower transaction costs?
  • No obvious answer. Decentralization _decreases_transaction costs because of: Reduced number of counterparties and reduced need for building trust
  • Yet decentralization increases transaction costs because of: increased technical overhead, Decreased usability, increased responsibility.
  • Are Transaction costs = transaction fees + coordination costs?

Q4: Within game-theory, can we quantify coordination costs?

• for players running a particular protocol
• for players executing a particular strategy

Q5: What are ways we can manipulate (e.g., guarantee/minimize) coordination costs?

• For example, we can reduce risk by increasing coordination costs.
• Coordination costs are costs from multiple-agents coordinating.
• For example: Discovering potential peers, agreeing on computing coalition strategies, synchronization required for execution, costs of proving to the coalition that players followed coalition strategies, cost of getting rid of individual incentives to deviate

Q6: What protocols have better fault attribution?

• A protocol fault is uniquely attributable if there is evidence that could be used to umambiguously convince any observer which actor caused the protocol fault. If a fault is non-uniquely-attributable, the blame for the fault can often at least be narrowed down to within N specific actors.

• Fault attributability in various consensus algorithms

  • Chain-based (synchronous) consensus
  • Partially synchronous consensus (see minimal slashing conditions)
  • Common coins in asynchronous consensus

• Attributability of censorship or liveness faults.

• Translating fault attributions into penalties

  • Shapley values

Q7: What are decentralization's fundamental limits?

Building on hundreds of impossibility results. E.g., 1 and 2, or even fundamental limits from other areas of computer science.

• What centralized protocols can be decentralized (while preserving guarantees)?
  • At what cost in protocol overhead?
    • Are there limits to scalability?
      • For Bitcoin: On Scaling Decentralized Blockchains
      • Only because of the requirement for shared state?
  • At what cost in incentivization?
    • What are the limits to incentivization?
      • Limits to attribution
      • Limits to mechanism budgets
  • With how much security (against coordinated choice, trusted majority required)?
    • Limits to fault tolerance
    • e.g. in objective protocols and subjective protocols

Objectives in Applied Research

Also knows as Pasteur's Quadrant.

1. Base Layer (core protocols)

1.1 Proof of Stake [50% complete]

Goal: Fully transition Ethereum from Proof-of-work to Proof-of-stake.

• Proof of stake FAQ

• Economic Incentive analysis [49%]

  • Cryptocurrencies without Proof of Work
  • Ouroboros: A Provably Secure Proof-of-Stake Blockchain Protocol
  • Minimum Slashing Conditions
  • Slasher Ghost, and Other Developments in Proof of Stake
  • Least Authority Performs Incentive Analysis For Ethereum
  • Demystifying incentives in the consensus computer
  • On Stake
  • Safety Under Dynamic Validator Sets

• Delegation protocols (or Voting Pool for PoS) [20%]

  • Using trusted hardware

• Formal Verification [45%]

  • Formal methods on some PoS stuff
  • A mechanized safety proof with dynamic validators
  • Formal methods on another Casper
  • Securify.ch

• Testing and Implementation [20%]

  • History of Casper: Chapters 1, 2, 3, 4, and 5
  • Stage 1 CASPER contract and JSON RPC demo

1.2 Sharding [49%]

Goal: Allow Ethereum transaction capacity to scale to better than linear with computational capacity of the n nodes.

• Sharding FAQ

• Data availability proofs [65%]

  • A note on data availability and erasure coding
    

• Effective state-space partitioning / Cross-shard communication [15%]

  • Vitalik's R3 paper, particularly Section "scalability" (p20-30).
    The whole paper also has a three-page executive summary.

• High-Level-Languages [20%]

  • Topic: Developing a language that knows to send the cross-shard asynchronous messages whenever contracts are located on different shards.

• Sharded Proof-of-stake architecture [20%]

  • The Mauve paper [not ready for release; ask Vitalik for link to pre-release].

• Topic: Applying prior theory from multicore CPUs/parallel threading to sharding.

1.3 Protocol Economics [50%]

Goal: Increase economic incentive confluence in all aspects of the Ethereum protocol.

• Gas Limit Policy / state-resource pricing

  • A theory of Blockchain Resoure Pricing [not ready for release; ask Virgil for link to pre-release]

• Topic: Validator/miner economic policy–-how much should we pay out?

1.4 Ethereum Virtual Machine (EVM) upgrades and optimization [40%]

Goal: Have a fast, efficient virtual machine optimized for processing cryptographic operations and smart-contracts.

• Defining the Ethereum Virtual Machine for Interactive Theorem Provers

• Optimising the Ethereum Virtual Machine

• Go Ethereum’s JIT-EVM

• Contract as Automaton: The Computational Representation of Financial Agreements

• Subroutines and Static Jumps for the EVM

• Topic: Applying theory from chip opcode design to the EVM.

1.5 Stategies for efficaciously hardforking for upgrades [40%]

Goal: Smart-contracts are new territory and the best ideas in the space remain undiscovered. When we discover them, we must be able to roll them out gracefully.

• Hard Forks, Soft Forks, Defaults and Coercion
  

• The beautiful Vlad Zamfir on Soft forks, hard forks, and the Ethereum Social Contract

• Topic: Hardforking the EVM

2. Layer 2

2.1 On-chain Random Number Generation [63%]

Goal: This is an important special-case necessary for many applications. We wish to solve it.

• Implementation
  • Ethereum's RANDAO
  • A candidate alternative design from Vitalik
  • Bitcoin Beacon
  • On Bitcoin as a public randomness source
  • NIST Randomness Beacon
  • Bitcoin Beacon — Princeton Bitcoin seminar final project
  • Tor project's attempt at the same.

2.2 Privacy [40%]

Goal: Allow apps to benefit from the transparency of blockchain-execution while preserving author privacy and the confidentiality of zer data. One solution, among several, is homomorphic encryption.

• General: Privacy on the Blockchain

• Mixers [30%]
  Bitcoin mixing remains an unsolved problem. As what's possible in Ethereum is a strict superset of Bitcoin, solving for either case is sufficient. Incentivized Mixing?

  • Princeton Bitcoin course: Anonymity (Lecture 6)
  • An Empirical Analysis of Linkability in the Monero Blockchain
  • CoinParty: Secure Multi-Party Mixing of Bitcoins
  • Secure and Anonymous Decentralized Bitcoin Mixing
  • Decentralized Mixer based on RingSignature
  • Laundromat: Mixing via ring signatures

• Voting [10%]

  • A Smart Contract for Boardroom Voting with Maximum Voter Privacy

• Zero knowlege proofs [30%]

  • ZK-Snarks

• Other

  • Confidential assets

2.3 Decentralized exchanges [50%]

Goal: We wish to minimize the necessity of trusted third parties in currency exchanges.

• Atomic swap
• on-chain decentralized exchanges
• mkr market
• etherdelta

2.4 High-level-languages (HLLs) [40%]

Goal: Coding contracts (especially secure ones!) is hard. It should be easier. Please help us.

• Our packet for recruiting PLT researchers.

• Languages

  • Solidity
  • Viper
  • Pact
  • Composing contrats: an adventure in finanial engineering
  • Ivy
  • Bamboo
  • functional-solidity-language
  • Pax Codex
  • Hammurabi Project in Wolfram Language

• Formal Verification of HLLs [15%]

  • Formal Certification of a Compiler Back-end or: Programming a Compiler with a Proof Assistant
  • Short Paper: Formal Verification of Smart Contracts

• Other programming language techniques to analyse smart contracts

  • Oyente, a symbolic execution based analyser for smart contracts
  • Using Oyente to optimize smart contracts

• Defensive programming [30%]

  • Step by Step Towards Creating a Safe Smart Contract: Lessons and Insights from a Cryptocurrency Lab
  • A Programmer’s Guide to Ethereum and Serpent
  • A survey of attacks on Ethereum smart contracts
  • Thinking About Smart Contract Security
  • Ethereum Contract Security Techniques and Tips

Appendix

• Ethereum's old list of open problems.

Relevant Conferences

Research communities whose interests intersect with Ethereum's research include (in alphabetical order, non-exhaustive):

• Algorithmic Game Theory. ACM Conference on Economics and Computation, Conference on Web and Internet Economics, Symposium on Algorithmic Game Theory, International Conference on Game Theory
• Blockchain. Annual Blockchain Summit, Coinfest, Consensus, Internet of Things World, Workshop on Bitcoin and Blockchain Research
• Computer Security. ACM Conference on Computer and Communications Security, IEEE Computer Security Foundations Symposium, USENIX Security Symposium
• Cryptography. CRYPTO (International Association for Cryptologic Research), EUROCRYPT (Annual International Conference on the Theory and Applications of Cryptographic Techniques)
• Distributed Computation. ACM Symposium on Principles of Distributed Computing, ACM Symposium on Parallelism in Algorithms and Architectures
• Multi-Agent Systems. International Conference on Autonomous Agents and Multiagent Sytems, AAAI Conference on Artificial Intelligence, International Joint Conference on Artificial Intelligence