A Post-Merge Vision for Web3

The upcoming Ethereum Merge is a major milestone in the development of web3. This is a good time to take stock of how things are going, what a future web3 could look like, and what we’ll need to build to get there. It will come as no surprise that we think the answer is transport level privacy!

In many ways the world after the Merge will be business as usual, and most users probably won’t even notice the switch, but the Merge will also fundamentally alter the dynamics of the ecosystem. Some of these changes are obvious, but others are subtle and their effects unpredictable. This is particularly true for issues around MEV, because the Merge drastically alters what MEV extraction could look like and which parties are able to do it. The Merge also sees the implementation of mev-boost from Flashbots, which is not directly linked to the Merge but will still significantly affect MEV in the post-Merge world.

It’s been another rollercoaster year in crypto, but the major concerns for the future are the same as they’ve always been:

• Centralization: Is the ecosystem developing in a way that promotes decentralization or not?
• Censorship: Is the ecosystem sufficiently robust against censorship?
• Perverse Incentives: Crypto systems generally rely on actors being rational and greedy. This works brilliantly when incentives are aligned for the greater good, but misaligned incentives can create significant disruption.

These issues are closely interlinked. Decentralized networks are generally more robust against censorship. Common examples of perverse incentives in crypto would be those which lead to increased centralization or censorship. Etc. etc.

Straddling all of these issues we have MEV (maximal extractable value, formally miner extractable value). This is obviously a perverse incentives issue, because incentives to maximize MEV can disrupt the expected and desired ordering of transactions on the chain, even going so far as preventing transactions from being included at all. At this point it’s clearly also a censorship issue. Finally, MEV is a centralization issue, because often only a handful of actors are able to harvest this value.

So how does the Merge alter the MEV landscape, and what does an optimistic future look like where all these problems are solved?

MEV and Perverse Incentives Post-Merge

It may seem like MEV opportunities are unaffected by the Merge. After all, blocks will still be built from the same mempool. However, changes to the protocol could radically affect how much MEV is extracted and who will be doing the extraction.

First of all, the switch to proof of stake adds a huge degree of predictability. Block times will be fixed, and validators will know which slots they’re assigned to in advance. This gives MEV searches much clearer parameters to operate under, which may open up more sophisticated MEV approaches (under PoW, why invest in a complicated MEV search if the mempool can radically shift at any time because a new block has been mined?).

Second, the Merge also coincides with the implementation of mev-boost from Flashbots, a block space marketplace designed to implement proposer-builder separation (PBS). Here block proposers would outsource the actual building of their block to block builders who bid on block space and take a cut of the MEV generated.

mev-boost is a welcome addition for all the reasons outlined in the Flashbots post, but it’s unclear how it will interact with the validator sniping attack which HOPR has been trying to draw attention to these past months. A blockspace auction is basically a price-finding mechanism for which upcoming blocks are worth sniping, with the added wrinkle that it’s now less clear who loses out if the attack is successful.

We’re not alone in this fear. Although the Ethereum Foundation closed ranks somewhat in our discussion with them on validator sniping, here’s Justin Drake from the Ethereum Foundation talking at the dedicated MEV panel at ETH Amsterdam in April outlining the exact same attack, explaining that linking pubkeys to IP addresses and DDoSing proposers is “fairly easy”.

The moderator suggests that this is a solved problem, but as Drake points out these solutions rarely apply to ‘home validators”. (Also, our soon to be published research with Imperial College London suggests that many protections are insufficient for this particular attack.)

Drake brought this up in response to a question about what change most needed to be done “yesterday”, highlighting the importance of this issue. His proposed solution is Single Secret Leader Election, which would remove the foreknowledge of which validator is assigned which block. But it’s unlikely that this will be implemented soon, something which Drake himself tacitly acknowledges (“[T]here will be a small period of time — or many not so small period of time — where proposers will still be known ahead of time.”). Based on the Ethereum Foundation’s timelines for the Merge itself, it seems likely that we should expect SSLE to be implemented later rather than sooner.

In the meantime, the best way to mask validator IPs and sever the link with pubkeys is a transport level privacy solution.

Censorship Post-Merge

There’s a very broad consensus that transaction censorship is bad. If you have sufficient funds and you pay sufficient gas, your transaction should be included on the chain. But even here things are complex. There’s little support for blanket blacklisting as we saw in the case of Tornado Cash, especially when that bleeds into self-censorship from other unrelated services. But people generally support blacklisting to prevent hacked funds being transferred, even though those are perfectly legitimate transactions within the system.

This isn’t the place to get into all the ramifications of the Tornado Cash decision. HOPR recently announced that it is a founding member of LPA, an umbrella organization of many crypto projects which will be better placed to tackle these regulatory issues. More details will be announced at Devcon in October.

And of course the US Treasury decision isn’t directly related to the Merge, it just happened at around the same time. But the Merge will radically change the dynamics of transaction censorship, due to a shift in the demographics of who will be proposing blocks. Previously blocks were proposed by miners, who broadly speaking could be expected to ignore censorship pressures (unless they were part of an MEV opportunity). Now the power will shift to ETH holders. And who are the biggest holders? Exchanges, entities which already have a complex and fractured relationship with regulators and a strong incentive to stay on their good side.

Many of the proposed solutions to prevent censorship rely on market dynamics. For example, mev-boost is asserted to reduce censorship since its auction dynamic creates a “competitive market between several builders” which is “better for Ethereum’s censorship resistance, as censoring builders will make less money than non-censoring ones and not be able to bid as much.”

However, exchanges face different pressures around respectability, as noted in this analysis of MEV post-Merge. They may also have sufficient wealth that they’re prepared to offset (perceived) risk by taking a hit in profitability.

Transport level privacy doesn’t directly prevent censorship here (once a transaction is in the mempool, it’s public, so getting it there privately can only achieve so much). However, it’s clear that the kind of robust privacy tools needed to prevent transaction censorship will need to operate in tandem with a transport level privacy solution if they’re going to provide genuine and effective privacy. We predict this will be a major issue for 2023, with many crypto services continuing to over-correct into self-censorship until it becomes clear how radically disruptive this will be for regular users. At that point, we hope everyone will understand that privacy and choice over what data and metadata we expose is a fundamental right and necessity which isn’t synonymous with secrecy or illegality.

Centralization Post-Merge

We’ve already noted the expected change in power dynamics post-Merge, moving away from mining pools to exchanges and validator pools. This is probably a slight improvement, numerically speaking, but far from the dream of full decentralization with tens of thousands of users running nodes from their homes. But do we need that? It’s over five years old now, but Vitalik Buterin’s ruminations on the nuances of decentralization are still relevant today. Full decentralization is ephemeral, probably unachievable and maybe not even useful. A common thread throughout proposed solutions to today’s crypto problems is targeted centralization of certain roles, with heavily decentralized complementary roles acting as a counterbalance.

We see this in mev-boost, where the expectation is that PBS will result in a few block proposers but a diverse number of builders and block space pricing methods.

We see this in governance, where it’s proving very difficult to motivate mass participation, and it’s not even clear that this is desirable. Decision making on complex problems isn’t improved by adding more people to the mix, but it’s very important to have a broad voter base who can keep decision makers in check.

We see this in the anti-censorship debate too. Here’s Justin Drake again, this time talking in ETHCC in Paris on a panel on the Merge. Drake notes that Ethereum is robust against censorship because the validators can always overrule, even in cases where a single builder controls all block creation. But he also stresses that these validators “might be running on Raspberry Pis”, placing in the same category of node runners he noted was vulnerable at the MEV talk in ETH Amsterdam.

More broadly, almost every vision of a scaled-up web3 future places small node runners at its core. We see this particularly in Vitalik’s work, but this sentiment is echoed everywhere.

So the repeated mantra is the need for many smaller node runners, even if their roles are limited or specialized. But these smaller node runners are most vulnerable to attacks, easiest to censor, and most likely to be affected by perverse incentives. They’re also less likely to be able to implement complicated or expensive security measures. The ecosystem seems to be doing a good job in balancing things on the incentives side, but there’s less focus on creating robust solutions to ensure these node runners can easily join the network and remain there safely.

These users will need robust privacy solutions across the stack, but especially at the transport level. Providing this privacy should be a priority post-Merge, to ensure we can build the fair and free web3 future we all dream of.

Dr Sebastian Bürgel,
HOPR Founder

Website: https://www.hoprnet.org
Twitter: https://twitter.com/hoprnet
Telegram: https://t.me/hoprnet
Discord: https://discord.gg/dEAWC4G

Forum: https://forum.hoprnet.org
Staking: https://stake.hoprnet.org
Bounties: https://bounties.hoprnet.org
Playground: https://playground.hoprnet.org