The ethereum 2.0 deposit contract is no longer expected imminently, but in two weeks, according to Danny Ryan, the ethereum 2.0 coordinator.
In a soft interview concerning much regarding ethereum 2.0, Ryan said that we have to get out version 1 of the spec first, with the deposit contract then following.
However, he said there are a couple of reason why they have not yet released the final spec, which he described as canonical.
The primary reason is the BLS Cryptography Library created by Supranational, a new company that does not even have a team on their website.
Boneh–Lynn–Shacham (BLS) signatures are critical to creating keys, signing messages and are critical in the early phases, Ryan said.
However, the library is under audit. It is also undergoing formal verification, which has some initial results, but the audit is two weeks in, and “we have another about two weeks of this audit to go,” he said.
“Given how critical this library is and if there’s an error we could F things up, that is ‘the blocker,'” he said.
Initially Vitalik Buterin et al intended to go with a much more established cryptography library, but a new dev Justin Drake successfully managed to get them to change to BLS even though this had not yet undergone standardization.
“Although the deposit contract has been written, tested, and formally verified, we are working to allow the BLS standardization to stablize prior to launch…
Fortunately, the deposit contract does not need to be put into production until we near Phase 0 launch, so this focus on standardization is not expected to have any effect on the Phase 0 launch date,” Ryan said a year ago.
The standardization has finished now, but we have this audit and formal verification with two weeks being an optimistic timeline as they may well come up with something and there may well be a re-write of something.
“I don’t expect showstoppers to come from any audits at this point. Instead they might find issues that need to be fixed but can be done so quickly,” Ryan said, adding:
“This is more about uncovering degenerate edge cases rather than a fundamental stamp of ‘good’ or ‘bad’ on the whole library.
The library is of incredibly high quality and really well structured for the sake of formal verification.”
Yet this library has not quite been tested in the wild. It is brand new, with it unclear just how many are keeping an eye on it.
Any error and keys can be broken, while many cryptography libraries having hidden back doors. This one though is used by a few other blockchain projects, but nothing as important as eth unlike the many other cryptography libraries that are used in banking and so on.
An audit moreover is not a stamp of approval. It’s more the people that read the code didn’t find anything, with the only audit that matters being that by the Nakamotos around the world, and if randomness is not air-tight or if there’s some sloppy backdoor, you can be sure they’ll brute force.
The decision to go with this BLS Library was made a year or two ago however, so now eth 2 has to run by their time-table, which so happens to be two weeks.
Ryan further said there are other things like clients hardening, tying up lose ends, optimizations on resource consumption, ongoing client audits, smoothing out the launchpads, all those things are happening in parallel but the big blocker is the audit of the brand new BLS cryptography library, he said.