Rumor has it that you, a researcher or manager of researchers, is interested in joint research with the Ethereum Foundation. Below are the primary topics the Foundation will be thinking about for the next 2-3 years. If you, like us, you enjoy the prospect of thinking about one or more of these topics for the majority of your waking hours, do get in touch. The Foundation does have money to pay the salaries/stipend of those undertaking high-value research.

We have topics in both pure research as well as applied research. The Foundation and its agents seek help on either one. Typical outputs from researchers are: peer-reviewed academic papers, technical reports, and/or implementations (prototypes as well as production-ready).

---

• Algorithmic incentive mechanisms providing information security ("cryptoeconomics")

• Reducing transaction costs:
  • How much and when does decentralization reduce transaction costs?
    • Transaction costs = transaction fees + coordination costs?
      • They may be reduced because of:
        • Reduced number of counterparties
        • Reduced need for building trust
      • And increased because of:
        • Increased technical overhead
        • Decreased usability
        • Increased responsibility
  • Strategically increasing coordination costs to reduce the risk of undesired outcomes
    • http:https://vitalik.ca/general/2017/05/08/coordination_problems.html

Building on hundreds of impossibility results. E.g., 1 and 2.

• What centralized protocols can be decentralized (while preserving guarantees)?
  • At what cost in protocol overhead?
    • Are there limits to scalability?
      • Only because of the requirement for shared state?
  • At what cost in incentivization?
    • What are the limits to incentivization?
      • Limits to attribution
      • Limits to mechanism budgets
  • With how much security (against coordinated choice, trusted majority required)?
    • Limits to fault tolerance
    • e.g. in objective protocols and subjective protocols

• What are coordination costs?

  • Costs associated with executing coordinated strategies (like attacks)
    • Discovering potential peers
    • Agreeing on/computing/ coalition strategies
    • Synchronization required for execution
    • Costs of proving to the coalition that players followed coalition strategies
    • Cost of getting rid of individual incentives to deviate

• How can we measure coordination costs?

  • for players running a particular protocol
  • for players executing a particular strategy

• How do we minimize coordination costs?

• Modeling behavior of participants in mechanisms

  • Simple (crash) faults
  • Byzantine faults (arbitrary)
  • Byzantine-Altruistic-Rational (BAR) model
  • Uncoordinated majority (e.g., as in selfish mining)
  • Coordinated choice
  • Bribing attacker (as in P+epsilon attacks or iceman)
  • Behavioral economics models (endowment effect, loss aversion, morality, etc.)

• Complex game-theoretic interactions

  • Blackmail
  • Quantifying cooperative interactions among agents

A protocol fault is uniquely attributable if there is evidence that could be used to umambiguously convince any observer which actor caused the protocol fault.

If a fault is non-uniquely-attributable, the blame for the fault can often at least be narrowed down to 1 of N specific actors.

• Fault attributability in various consensus algorithms
  • Chain-based (synchronous) consensus
  • Partially synchronous consensus (see minimal slashing conditions)
  • Common coins in asynchronous consensus
• Attributability of liveness faults
• Attributability of censorship
  • See for background: https://blog.ethereum.org/2015/06/06/the-problem-of-censorship/
• Translating fault attributions into penalties
  • Shapley values

There are certain patterns that are often used to achieve various goals in cryptoeconomic mechanisms, and these can be studied in the abstract independently of the specific use case.

• Security deposits
  • How do we model capital lockup costs?
  • Dual-use of security deposits
• Challenge-response games (one group of actors is given the opportunity to submit evidence that fact X is false, and if no one submits evidence within some period of time, then X is assumed to be true)
• Channels
  • http:https://www.jeffcoleman.ca/state-channels/
  • How do we minimize the vulnerability of challenge-response games and channels to liveness or censorship faults of the underlying blockchain?
• Escalation games
• Cross-chain interoperability (see the R3 interoperability paper (PDF) )
  • Relays
  • Hash timelock atomic swaps

---

This is all research in

Goal: Fully transition Ethereum from Proof-of-work to Proof-of-stake.

• Proof of stake FAQ

• Economic Incentive analysis [49%]

  • Cryptocurrencies without Proof of Work
  • Minimum Slashing Conditions
  • Slasher Ghost, and Other Developments in Proof of Stake
  • Least Authority Performs Incentive Analysis For Ethereum
  • Demystifying incentives in the consensus computer
  • On Stake
  • Safety Under Dynamic Validator Sets

• Deligation protocols (or Voting Pool for PoS) [20%]

  • Using trusted hardware

• Formal Verification [45%]

  • Formal methods on some PoS stuff
  • A mechanized safety proof with dynamic validators
  • Formal methods on another Casper

• Testing and Implementation [20%]

  • History of Casper: Chapters 1, 2, 3, 4, and 5
  • Stage 1 CASPER contract and JSON RPC demo

Goal: Allow Ethereum transaction capacity to scale to better than linear with computational capacity of the n nodes.

• Sharding FAQ

• Data availability proofs [65%]

  • A note on data availability and erasure coding

• Effective state-space partitioning / Cross-shard communication [15%]

  • Vitalik's R3 paper, particularly Section "scalability" (p20-30). The whole paper also has a three-page executive summary.

• High-Level-Languages [20%]

  • Topic: Developing a language that knows to send the cross-shard asynchronous messages whenever contracts are located on different shards.

• Sharded Proof-of-stake architecture [20%]

  • The Mauve paper [not ready for release; ask Vitalik for link to pre-release].

• Topic: Applying prior theory from multicore CPUs/parallel threading to sharding.

Goal: Increase economic incentive confluence in all aspects of the Ethereum protocol.

• Gas Limit Policy / state-resource pricing

  • A theory of Blockchain Resoure Pricing [not ready for release; ask Virgil for link to pre-release]

• Topic: Validator/miner economic policy---how much should we pay out?

Goal: Have a fast, efficient virtual machine optimized for processing cryptographic operations and smart-contracts.

• Defining the Ethereum Virtual Machine for Interactive Theorem Provers

• Optimising the Ethereum Virtual Machine

• Go Ethereum’s JIT-EVM

• Contract as Automaton: The Computational Representation of Financial Agreements

• Subroutines and Static Jumps for the EVM

• Topic: Applying theory from chip opcode design to the EVM.

Goal: Smart-contracts are new territory and the best ideas in the space remain undiscovered. When we discover them, we must be able to roll them out gracefully.

• Hard Forks, Soft Forks, Defaults and Coercion

• The beautiful Vlad Zamfir on Soft forks, hard forks, and the Ethereum Social Contract

• Topic: Hardforking the EVM

---

Goal: This is an important special-case necessary for many applications. We wish to solve it.

• Implementation
  • Ethereum's RANDAO
  • A candidate alternative design from Vitalik
  • Bitcoin Beacon
  • On Bitcoin as a public randomness source
  • NIST Randomness Beacon
  • Bitcoin Beacon — Princeton Bitcoin seminar final project

Goal: Allow apps to benefit from the transparency of blockchain-execution while preserving author privacy and the confidentiality of zer data. One solution, among several, is homomorphic encryption.

• General: Privacy on the Blockchain

• Mixers [30%] Bitcoin mixing remains an unsolved problem. As what's possible in Ethereum is a strict superset of Bitcoin, solving for either case is sufficient.

  • Princeton Bitcoin course: Anonymity (Lecture 6)
  • An Empirical Analysis of Linkability in the Monero Blockchain
  • CoinParty: Secure Multi-Party Mixing of Bitcoins
  • Secure and Anonymous Decentralized Bitcoin Mixing

• Voting [10%]

  • A Smart Contract for Boardroom Voting with Maximum Voter Privacy

• Zero knowlege proofs [30%]

  • ZK-Snarks

• Other

  • Confidential assets

Goal: We wish to minimize the necessity of trusted third parties in currency exchanges.

• Atomic swap
• on-chain decentralized exchanges
• mkr market
• etherdelta

Goal: Coding contracts (especially secure ones!) is hard. It should be easier. Please help us.

• Languages

  • Solidity
  • Viper
  • Pact
  • Composing contracts: an adventure in financial engineering
  • Ivy
  • Bamboo
  • functional-solidity-language
  • Pax Codex
  • Hammurabi Project in Wolfram Language

• Formal Verification of HLLs [15%]

  • Formal Certification of a Compiler Back-end or: Programming a Compiler with a Proof Assistant
  • Short Paper: Formal Verification of Smart Contracts
  • K Semantics of the Ethereum Virtual Machine (EVM)

• Other programming language techniques to analyse smart contracts

  • Oyente, a symbolic execution based analyser for smart contracts
  • Using Oyente to optimize smart contracts

• Defensive programming [30%]

  • Step by Step Towards Creating a Safe Smart Contract: Lessons and Insights from a Cryptocurrency Lab
  • A Programmer’s Guide to Ethereum and Serpent
  • A survey of attacks on Ethereum smart contracts
  • Thinking About Smart Contract Security
  • Ethereum Contract Security Techniques and Tips

• Ethereum's old list of open problems.