The developer of this repository has not created any items for sale yet. Need a bug fixed? Help with integration? A different license? Create a request here:
From January through March of 2015, Least Authority, conducted an analysis of Ethereum's Gas Economics and Proof of Work, in a consulting capacity with DEVolution, GmbH. The two analysis topics are independent and presented here as separate documents comprising this report:
GasEcon.md : An analysis of the Ethereum Virtual Machine (EVM), its use of "gas" to compensate miners for the computational costs of verification, and the resulting economic effects. Includes an examination of contract composition and defensive programming strategies.
PoW.md : An analysis of "Ethash", the Proof-Of-Work function which makes it difficult and expensive to attack Ethereum's consensus algorithm. We examine its goals ("GPU-friendly, ASIC-resistant"), compare it to existing techniques in the password-hashing literature, and discuss how it will need to evolve as conditions change.
Appendix.md : a summary of mitigations applied since delivering our report
Ethereum is a decentralized consensus network for processing smart contracts. Ethereum is typically considered a descendent of Bitcoin, a predecessor which introduced decentralized consensus for transaction processing using a Proof-of-Work mechanism, with scriptable transactions to specify a wide range of contractual agreements.
The fundamental distinction between Bitcoin and Ethereum is that while the former provides complex transaction criteria which can codify various contractual rules, the latter allows for /stateful/ code instances called contracts which persist across multiple transactions and whose code can be Turing complete and use custom state transitions to codify contractual agreements. Ethereum introduces a gas abstraction as a system of accounting for storage and processing of these contracts by the network verifiers.
Although stateful contracts using gas is the fundamental design space difference Ethereum has from Bitcoin, it has many other practical differences in design, including a distinct Proof-of-Work consensus system. This alternative consensus system relies on a new custom Proof-of-Work algorithm designed by the Ethereum project called Ethash. Its design goals attempt to limit the marginal advantage of developing specialized hardware for consensus mining, while still allowing lightweight clients to verify the "weight" of candidate chains.
This report focuses on the gas accounting system and its economic impact on the system, as well as the custom Ethash algorithm.
DEVolution, GmbH is Ethereum's Swiss development organization. They have commisioned this report in order to evaluate and improve the security of Ethereum in preparation for its anticipated release during 2015.
Least Authority, LLC, is a private company specializing in privacy preserving, decentralized, open source, and user-empowering technologies. We've performed security audits and provided security and cryptography engineering consultation for a variety of open source privacy or transparency related projects, including CryptoCat, GlobalLeaks, SpiderOak, and Ooni
Additionally, Least Authority employs most of the core developers of the Tahoe-LAFS decentralized secure data storage network.
This review was conducted by Andrew Miller, Brian Warner, and Nathan Wilcox.
In order to be maximally useful during Ethereum's development, we have made our findings available to Ethereum developers informally and incrementally as quickly as possible.
A github repository containing our final report will be made publicly available at https://github.com/LeastAuthority/ethereum-analyses and incudes additional code examples and tools.
As our report comprises a design analysis rather than an implementation security audit, our primary sources are the written specifications, especially the "Yellow paper" specification. However, we also made use of source code in order to improve our understanding and develop illustrative examples. Although we took snapshots of the specifications and code at the beginning of our analysis, we also attempted to use the most recent versions as updates occurred. When we have needed to reference specific prior versions, we have indicated the version or commit hash inline in our report.
Our primary sources:
This file generated from https://github.com/LeastAuthority/ethereum-analyses .