What is Ethereum Metropolis: The Ultimate Guide

Translator's note: As the third phase of Ethereum Metropolis approaches (block height 4370000), imToken users are very concerned about the impact of this hard fork. A brief explanation: imToken will handle all node upgrades and changes brought about by the hard fork. Users do not need to do anything, and this fork does not expect to generate new currencies. In order to help everyone better understand the details of the Metropolis technical upgrade, I translated this article. Corrections are welcome. – by imToken Guo Hui

As a milestone event of Ethereum, Metropolis is finally coming to us. The Ethereum development team plans to test "Metropolis" on the test network on September 18, and the test will last for at least 3 weeks. If the test is normal, "Metropolis" will be deployed on the main network. Therefore, the earliest time to upgrade to the "Metropolis" stage is October 9 ( Translator's note: the actual deployment time has been postponed ). So, the question is:

•What is “Metropolis”?
•What new features will “Metropolis” bring to the Ethereum network?
•Will there be a fork after “Metropolis” to create a new Ethereum?
•Will the price of Ethereum go up?

These questions can be answered in this guide.

(I) What is “Metropolis”? The Four Stages of Ethereum

This is not the first upgrade of Ethereum, nor will it be the last. Ethereum is designed not only as a currency model, but also as a decentralized application platform. Before it finally reaches this goal, it needs to go through different growth stages. In each stage, Ethereum will introduce different features to make the system more stable and powerful.

Ethereum's complete development path is divided into four stages, namely "Frontier", "Homestead", "Metropolis" and "Serenity". "Metropolis" is the third of the four stages of Ethereum's development. With its arrival, Ethereum will add many interesting features. Here are some features that will have a significant impact on Ethereum, namely:

• zk-SNARKs
• Early implementation of PoS (Proof of Stake) • Flexibility and stability of smart contracts • Abstract accounts

(II) Four characteristics of a metropolis

Feature 1: zk-SNARKs

The biggest and most important feature of Metropolis is the execution of zk-SNARKs, which stands for Zero-Knowledge Succinct Non-Interactive Argument of Knowledge. zk-SNARKs is based on zero knowledge proof (ZKP).

What is "zero-knowledge proof"?

"Zero-knowledge proof" was proposed by S.Goldwasser, S.Micali and C.Rackoff in the early 1980s. It means that the prover can convince the verifier that a certain assertion is correct without providing any useful information to the verifier. "Zero-knowledge proof" is essentially a protocol involving two or more parties, that is, a series of steps required for two or more parties to complete a task. The prover proves to the verifier and makes him believe that he knows or has a certain message, but the proof process cannot leak any information about the proved message to the verifier. A large number of facts have proved that "zero-knowledge proof" is very useful in cryptography. If "zero-knowledge proof" can be used for verification, it will effectively solve many problems.

The following three elements are required for “zero-knowledge proof” to be established:

• Completeness: If the claim is true, then an honest verifier can be trusted by an honest prover;
• Reliability: If the statement is false, there is a certain probability that a cheater can convince an honest verifier that it is true;
• Zero-knowledge: If the claim is true, then the verifier does not know anything about the claim during the proof process;

"Zero-knowledge proof" is not a proof in the mathematical sense, because it has a small probability of error, and the cheater may deceive the prover through false statements. In other words, "zero-knowledge proof" is a probabilistic proof rather than a deterministic proof. However, there are also technologies that can reduce the error to a negligible value.

The formal definition of zero knowledge must use some computational model, the most common of which is the computational model of the Turing machine.

Here are two examples to illustrate zero-knowledge proof:

1) Suppose there is a room that can only be opened with a key and cannot be opened by any other method. Alice wants to prove to Bob that she has the key to this room. There are two ways to do this:

① Alice shows the key to Bob, who uses it to unlock the room, thus proving that Alice has the correct key to the room.

② Bob determines that there is an object in the room. Alice uses her own key to open the door of the room, and then takes out the object and shows it to Bob, thus proving that she does have the key to the room.

The following method ② belongs to zero-knowledge proof. The advantage is that during the entire proof process, Bob cannot see the key at all times, thus avoiding the key from being leaked.

2) This is a classic example: a circular corridor with a gap, the exit and the entrance are very close (within eye distance), but somewhere in the middle of the corridor there is a door that can only be opened with a key, and Alice wants to prove to Bob that she has the key to the door. Using zero-knowledge proof, Bob watches Alice enter the corridor from the entrance and then walk out of the corridor from the exit. At this time, Bob does not get any information about the key, but can fully prove that Alice has the key.

The above two examples are the "operations" of zero-knowledge proof in the real world. So how do we realize the application of zero-knowledge proof in blockchain through zk-SNARKs?

How do zk-SNARKs work?

zk-SNARKs consists of 3 algorithms: G, P, and V.

G is a key generator that needs to generate a random variable L (which must not be leaked under any circumstances) and a program C. Then it generates two public keys - the proof public key Pk and the verification public key Vk. Both public keys are public and can be viewed by anyone.

P is the prover and needs to input three parameters, namely the public key Pk, the public random input hash value x, and the privacy statement w to be proved. The P algorithm generates the proof prf, and the function is expressed as: prf = P (Pk, x, w)

V, as a verifier, will return a Boolean result, that is, true or false. V will verify the public key Vk, the random input hash value x in P, and the proof prf as input parameters, that is, V (Vk, x, prf). If the prover is correct, it returns true, otherwise it returns false.

From the above relationship between G, P, and V, we can see that the random variable L is crucial and must be kept secret, because anyone can use it to generate false proofs that can also return true, regardless of whether the prover has knowledge of the privacy statement w.

Now let's go back to our old friends Alice and Bob. Alice is the prover and Bob is the verifier.

As a verifier, the first thing Bob needs to do is to use G to generate the proving public key Pk and the verifying public key Vk. To do this, he needs to generate a random variable L. As mentioned above, Bob must be very careful with L. He cannot let Alice know the value of L to prevent Alice from making false proofs.

Now that Bob has generated two public keys, Alice needs to generate a proof prf to prove the validity of the statement. She will use the proof algorithm P to generate a proof to prove that she knows the hash value of the privacy statement w is x. Alice will then give these proof parameters to Bob who will eventually run the zk-SNARKs verification algorithm. Bob will use the verification algorithm V (Vk, x, prf) to verify the result. If it returns true, then Alice is sincere and does know what the privacy statement w is. If it returns false, then Alice is lying about knowing what w is.

Ethereum & zk-SNARKs

Ethereum and Zcash (Zero Cash, a cryptocurrency based entirely on zk-SNARKs) are working closely together, and if you ask me who has integrated zk-SNARKs and blockchain the most, it is undoubtedly Zcash. Personally, I can’t wait to see the integration of Metropolis and zk-SNARKs.

Feature 2: Early implementation of PoS (Proof of Stake)

In this section, we will elaborate on the controversial PoS protocol and compare it with PoW (Proof of Work).

PoS vs PoW

PoW: Most mainstream cryptocurrencies, including ETH and BTC, use this protocol. PoW requires miners (or nodes) to continuously consume computing power for hash calculations to find the desired random numbers, which means that the system needs to consume a lot of computing power and electricity.

PoS: In this system, we have validators instead of miners. The principle is that as a validating node, you must first have a certain amount of ether. According to the amount of ether and time, the stake used to bet on and verify the block will be generated. Only nodes with stake can effectively verify blocks. When the block you verify is packaged into the chain, you will receive a block reward proportional to your stake. If you verify a malicious or wrong block, the stake you bet will be deducted.

In order to implement PoS, Ethereum will adopt the Casper consensus algorithm. At the beginning, it will be a system where PoW and PoS coexist. The vast majority of transactions in the block will still use the PoW protocol, and one out of every 100 blocks will be mined using the PoS protocol. The purpose of this is to create a real test environment on the Ethereum platform, but what benefits can this protocol bring to Ethereum? Let's talk about it slowly:

1. Reduce the overall energy cost of the system: Bitcoin miners around the world spend about $50,000 per hour, which is about $450 million a year! By using the PoS protocol, you can virtualize the entire process and significantly reduce costs;

2. No ASIC Advantage: Since the entire process is virtual, it will no longer depend on who has better equipment or ASICs.

3. 51% attack becomes more difficult: The PoW protocol has the problem of centralized computing power, and the risk of 51% attack is very high. PoS makes this attack more difficult.

4. No malicious validators: Any validator needs to lock their stake in the blockchain, which will ensure that they will not add any malicious or wrong blocks to the chain, as this means that all stake will be deducted;

5. Creating blocks: Block generation and the entire process will be faster (more on this later);

6. Scalability: By introducing the concept of "sharding", blockchain becomes scalable;

Although various simple PoS protocols have been deployed before, what really makes the Casper consensus algorithm stand out is that it can incentivize honest miners and punish dishonest miners. If you try to verify malicious blocks, then sorry, all your rights will be deducted. It will severely punish anyone who does not follow the rules of the game.

Vitalik explained it this way:

Imagine there are 100 people sitting around a round table, one of them holding a lot of paper, each of which records a lot of historical transaction information. The first person picks up the pen and signs it, then passes it to the second person, who also makes the same choice. If most people make the same choice, that is, they all sign the same paper, then each participant will get $1. When you make a different choice from the majority of people, then your house will catch fire!

He then added that this might be the right incentive to ensure everyone signs the right paper! So:

1. What is the time "difficulty bomb"?

2. How to incentivize miners to switch from PoW to PoS?

Miners spend a lot of money to buy equipment for mining, but with the advent of PoS, a lot of equipment has become worthless; imagine that a super complex mining pool that cost a lot of money to build suddenly becomes useless!

If miners cannot be stopped from staying on PoW and continuing to mine, three Ethereum coins will be created: ETC, ETH-PoW, and ETH-PoS, which is absolutely a nightmare for Ethereum! Because it will not only reduce the credibility and economic value of Ethereum, but also dilute the hash rate of the entire system, making it more vulnerable to hacker attacks!

In order to ensure that Ethereum miners can join the new chain, the development team introduced the "difficulty bomb" mechanism. The "difficulty bomb" was launched on September 7, 2015. To understand how the "difficulty bomb" works, we first need to understand what "difficulty" and mining are.

What is "Difficulty" and how does it work?

The concept of "difficulty" originated from Bitcoin. In the early days of Bitcoin, due to the small number of people mining, mining seemed relatively simple, and anyone could engage in mining activities as long as they used their computers. As Bitcoin became more and more popular, the number of miners also increased. In order to prevent all Bitcoins from being mined too early, Satoshi Nakamoto introduced a difficulty system in Bitcoin from the beginning.

The difficulty system works roughly like this: miners use their computer power to decrypt, which is a process of randomly adding a random string (also called a nonce) to the hashed block, and then hashing the entire string again. If the resulting number is less than a certain value, the decryption is considered correct and the new block is added to the chain. However, finding this nonce is usually extremely difficult and random, which is the core of mining.

This process can also be summarized concisely as follows:

1. Get the hash value of the new block content

2. Add a random string to the block

3. Hash the new string again

4. The final hash is then compared to the difficulty coefficient to see if it is less than or equal to the difficulty coefficient.

5. If not, change the random number and recalculate

6. If yes, the new block is added to the chain and broadcast to the entire network

7. The corresponding miners will receive rewards for the new blocks.

The difficulty of Bitcoin is adjusted every 2016 blocks. The difficulty coefficient is proportional to the speed of block generation. Bitcoin generates a new block every 10 minutes. If the block generation time is less than 10 minutes, the difficulty coefficient increases; otherwise, the difficulty coefficient decreases. Bitcoin ensures that the block generation time can always remain around 10 minutes by adjusting the difficulty coefficient.

The above is how Bitcoin mining works. Ethereum also uses the same protocol.

So what about Ethereum’s “difficulty bomb”?

The difficulty bomb will increase the difficulty coefficient exponentially to the point where mining becomes almost impossible. As we said before, the difficulty coefficient will be adjusted according to the speed of block production. Ethereum's difficulty adjustment algorithm is as follows:

"`

block_diff = parent_diff + parent_diff // 2048 * max(1 – (block_timestamp – parent_timestamp) // 10, -99) + int(2**((block.number // 100000) – 2))

(In here “//” is the division operator such that 6//2 = 3 and 9//2 = 4.)

"`

Let's explain the meaning of the above two lines of code in a more straightforward way:

block_timestamp: the time when the latest block was generated;

parent_timestamp: the time when the previous block was generated;

1. If (block_timestamp – parent_timestamp) < 10 seconds, then the difficulty factor will increase by “parent_diff // 2048 * 1”

2. If (block_timestamp – parent_timestamp) is between 10-19 seconds, the difficulty remains unchanged.

3. If (block_timestamp – parent_timestamp) > 20 seconds, reduce the difficulty from “parent_diff // 2048 * -1” to the maximum value “parent_diff // 2048 * -99”.

This is the difficulty adjustment algorithm of Ethereum in the "Homestead" stage, and its final result is to keep the block time stable at 15 seconds. The "difficulty bomb" is that it will increase the difficulty coefficient exponentially, so the block time will also increase significantly, until it is almost impossible to mine blocks. We call this state the "Ethereum Ice Age". At that time, miners will have no choice but to switch to the new PoS protocol.

Will the difficulty bomb go off during the “Metropolis” period?

The difficulty bomb was originally scheduled to explode at the end of 2017, but now it seems to be delayed by a year and a half than originally planned. However, with the arrival of Metropolis, the development team will take two other measures to ensure a smooth transition to PoS. That is:

• Deploy the Casper algorithm mentioned above, and one out of every 100 blocks will be mined using the PoS protocol.

• The reward for each block is reduced from 5 ETH to 3 ETH

All of these measures are aimed at ensuring that all nodes can deploy the PoS protocol and eliminate previous problems before the arrival of Ethereum’s final stage, Serenity.

Feature 3: Flexibility and stability of smart contracts

It is no exaggeration to say that smart contracts are the lifeblood of Ethereum.

How are smart contracts executed in Ethereum? A simple example can be used to illustrate this. Suppose Alice and Bob complete a transaction or function without any third-party intervention. Alice asks Bob to complete a task, and Bob charges one ETH. Alice puts one ETH in a box. If Bob performs the task, the 1 ETH in the box will automatically go to Bob's account. Otherwise, the 1 ETH will automatically return to Alice's account. In this example, the box is like a smart contract. Although this example is rough, it can still help you understand how smart contracts work.

So what innovations does Ethereum bring to smart contracts that make it better?

How do smart contracts work in Ethereum?

Suppose Alice asks Bob to execute a smart contract. Each function in the contract requires Bob to use some computing power. This computing power is called "gas", and the money to pay for this computing power is called "ETH". Usually Bitcoin pays the same fee for all transactions, but Ethereum can set the computing power (i.e. "gas") spent for each smart contract. Each smart contract has its own "gas" limit, which is set by the creator of the contract. Obviously, this will lead to two situations:

• The required "gas" is greater than the limit: If this is the case, the contract execution state will be rolled back to the previous state and all the "gas" will be consumed.

• The required gas is less than the limit: If this is the case, the contract is executed successfully and the remaining gas is returned to the contract creator.

If someone wants to return to an earlier state during the execution of a contract, they need to manually trigger an exception. For example, if someone wants to block a transaction, he has to pay double the price for it. In order to roll back the contract to a previous state, developers can use the "throw" function. Although the "throw" function does help to roll back the contract state, it will also use up all the "gas" in the contract.

To address this, Metropolis is enhancing the “revert” feature, which will allow a contract to be restored to a previous state without using up all the gas, with any unused gas in the contract being refunded to the contract creator. Along with the “revert” feature, Metropolis is introducing the “returndata” instruction to allow contracts to be restored to a state with an arbitrary variable amount of gas.

Feature 4: Abstract Account

Before we formally understand what abstract accounts are, let's first understand what "abstraction" is. "Abstraction" means that anyone can use a system or protocol without fully understanding its internal or external technical details. For example, when you use your iPhone, you don't need to be a programmer or engineer, you just need to press or slide the screen to use the APP or make a call. You don't need to know how these APPs activate the internal circuits of the iPhone. In short, "abstraction" can greatly reduce the threshold for ordinary people to use complex technologies. Because of this, "abstraction" has become part of Ethereum's future. Imagine that in a decentralized future, everyone is using DApps, and they don't even realize that these DApps are based on Ethereum. "Metropolis" is taking an important step towards achieving this grand goal by introducing "abstract accounts."

As we all know, there are two types of accounts in Ethereum today, external accounts and contract accounts. External accounts are controlled by private keys, and contract accounts are controlled by the code written by the creator. Ethereum is trying to blur the line between the two, that is, you can have both contract accounts and external accounts at the same time. This practice essentially allows users to define external accounts in the format of contract accounts. Once this is done, the code supports the key to add the user's unique identifier to the transaction, but what's the use of this? Because you might say that with the development of quantum computers, it will make cryptocurrency less secure. Suppose you want to save a transaction that has been attacked by a quantum computer, what should you do? With the implementation of "abstract accounts", you can use a signature mechanism like a hash ladder to define your account, so that your account will have quantum-level security, and your account will become completely customizable, just like a smart contract.

(III) Metropolis Extra

What are "Byzantium" and "Constantinople"?

Friends who are familiar with Ethereum should be familiar with "Byzantium" and "Constantinople", so what do these two terms mean? "Metropolis" brings a lot of important features to Ethereum, and it is impossible to introduce so many features at once. After all, developers have limited energy. This is why Ethereum will release "Metropolis" in two stages and both stages will be hard forked, and these two stages are "Byzantium" and "Constantinople".

After several delays, Byzantium will hard fork around block 4370000.

"Byzantium" will introduce a lot of new features, mainly including the ones mentioned above:

1. zk-SNARKs

2. "revert" function and "returndata"

3. Abstract Account

It is not clear when Constantinople will be deployed, but it should be deployed in 2018. Its main feature is to smoothly handle all the problems caused by Byzantium and introduce a hybrid chain mode of PoW and PoS.

Will Ethereum Hard Fork Again? Will a Third Ether Coin Be Created?

Due to the previous ETH-ETC and BTC-BCC hard forks, people began to take it for granted that all hard forks will inevitably lead to chain splits, but in fact this is not the case at all.

The main reason for the previous hard forks that led to chain splits was that the proposed changes were highly controversial in the community and not everyone agreed. However, the upgrade of "Metropolis" has been unanimously agreed by the community, and everyone knows that this will come. This hard fork is the result of the upgrade, not a temporary solution in an emergency. This is why there will not be any community splits and no new Ethereum. The focus of possible debate is the implementation of PoS, of course, there is no point in arguing, miners will not get more benefits by staying on the old chain, on the contrary, as mentioned earlier, the detonation of the "difficulty bomb" will make mining almost impossible.

Ethereum Metropolis Conclusion: What’s Happening Now?

So will the price of ether go up? We don’t know, we are not investment advisors, and you need to do your own research before investing in any cryptocurrency. Byzantium brings so many changes to Ethereum, and it’s exciting to see how it will turn out. The implementation of zk-SNARKs is also a brave change. Of course, “Constantinople” and its PoS will be something that everyone in the crypto world will be paying attention to. The upcoming year will definitely be revolutionary in the path of Ethereum’s decentralization!