Popular Ethereum wallets (e.g., MetaMask) entrust centralized infrastructure providers (e.g., Infura) to run the consensus client logic on their behalf. As a result, these wallets are light-weight and high-performant, but come with security risks. A malicious provider can mislead the wallet, e.g., fake payments and balances, or censor transactions. On the other hand, light clients, which are not in popular use today, allow decentralization, but at concretely inefficient and asymptotically linear bootstrapping complexity. This poses a dilemma between decentralization and performance. In this paper, we design, implement, and evaluate a new proof-of-stake (PoS) superlight client with concretely efficient and asymptotically logarithmic bootstrapping complexity. Our proofs of proof-of-stake (PoPoS) take the form of a Merkle tree of PoS epochs. The verifier enrolls the provers in a bisection game, in which the honest prover is destined to win once an adversarial Merkle tree is challenged at sufficient depth. To evaluate our superlight protocol, we provide a client implementation that is compatible with mainnet PoS Ethereum: compared to the state-of-the-art light client construction of PoS Ethereum, our client improves time-to-completion by 9x, communication by 180x, and energy usage by 30x (when bootstrapping after 10 years of consensus execution). We prove that our construction is secure and show how to employ it for other PoS systems such as Cardano (with full adaptivity), Algorand, and Snow White.

翻译：流行的以太坊钱包（如MetaMask）将共识客户端的逻辑执行委托给中心化基础设施提供商（如Infura）。这些钱包因此具有轻量化和高性能的特点，但也伴随安全风险：恶意提供商可能误导钱包，例如虚构支付和余额，或审查交易。另一方面，当前未被广泛使用的轻客户端虽能实现去中心化，但存在具体效率低下且渐近线性增长的启动复杂度问题。这造成了去中心化与性能之间的两难困境。本文设计、实现并评估了一种新型权益证明（PoS）超轻客户端，其具体高效且渐近对数增长的启动复杂度。我们的权益证明验证（PoPoS）采用梅克尔树形式存储PoS周期。验证者通过二分博弈机制招募证明者，在该机制中，一旦恶意梅克尔树在足够深度受到挑战，诚实证明者必将获胜。为评估超轻协议，我们提供了与主网PoS以太坊兼容的客户端实现：相较于PoS以太坊最先进的轻客户端构造，在完成10年共识启动后，我们的客户端将完成时间提升9倍、通信量降低180倍、能耗降低30倍。我们证明了该构造的安全性，并展示了如何将其应用于其他PoS系统，例如Cardano（完全自适应）、Algorand和Snow White。