Here is my attempt to distill Vitalik’s Three Transitions.
I’d like to begin by thanking Raza for pushing me to finish this post. I had decided to not post this due to my lack of understanding of some of the complex topics discussed in the original paper, so thank you for giving me the push I needed.
This had been written to the best of my understanding, so if anything is incorrect, kindly comment to not just educate me, but anyone who decides to read this.
If you haven’t already read the blog, you can reference it here.
Introduction
Father of Ethereum, Vitalik Buterin shared an inevitable roadmap for what Ethereum will need to undergo in order for it to be adopted by the masses. The Three Transitions, are references to the three technological changes that will need to be done in order for Ethereum to become scalable, secure, and private.
Why we need scalability, security, and privacy
Scalability
Scalability seems like a no-brainer, but if you’re new to Ethereum, let me explain wtf is gas and why scalability matters so much. If you were around during the last bull market when NFTs were all the rage, you could find yourself paying hundreds of dollars in gas just to mint a free NFT.
Por que?
Well, the way Ethereum works is like this: When you transact, ie, mint an NFT, transfer tokens, (think anything on-chain where a signature is required), work has to be done to be posted on the network. This work is paid in the way of gas. The higher demand on the network, the more gas will be required to complete the work.
The problem with this is that it's not scalable (lol). If we get our wish, and Ethereum is widely adopted, it won’t be accessible to everyone due to the cost just to interact with the network. Right now, Ethereum's mpg is like a 1990 Ford Bronco and we need mpg closer to a Toyota Prius. Regardless of what the cost of gas is, the amount of gas to take you to point A to point B (think transactions) will be too expensive for the typical user.
Security
For us, web3 natives, one of the major principles of blockchain is the sovereignty of having control over our assets. We understand the responsibility of having good key management practices and the differences between CeFi (Centralized Finance) and DeFi (decentralized finance) applications.
For the non-web3 native, they don’t, and those are the people we need to onboard for Ethereum’s success. Most people don’t trust themselves to hold and save a 24-word-seed phrase.
Hell, I even don’t trust myself to do that. I recently forgot the pin (because I never used it) to one of my wallets. Fortunately, I had imported accounts into it, so besides it being a major nuisance of digging up old private keys to re-do the whole process, it’s a shitty UX and I wouldn’t want to rely on tech like this to hold my life’s savings.
At this point in time, we still trust banks more than crypto wallets to secure our assets because, at the end of the day, there’s a safe proof way of accessing our funds. If I lose my seed phrase or private key, I am SOL. Unlike if I lose my bank cards, or forget passwords, worst case, I can always show up to a bank with a valid ID to prove I am who I am and get access to my accounts.
We need to be able to provide this level of security if we really want to replace our dependence on central banking.
Privacy
By default everything that is onchain is public for anyone to see. Sure you could whip up multiple anon addresses to transact with, but at the end of the day, you’re leaving a paper trail on the blockchain and with tools like AI, it probably wouldn’t take too long to connect the dots to find your transactions and link them to you.
Just as people prefer to make payments privately on Venmo, people want the same features onchain. However, this doesn’t just stop at payments.
One of the fun things about working in the web3 space is that at first glance, your identity is hidden. Between having a PFP that is a faux-crypto punk and a name like Vanes, most people don’t assume I’m a woman, and personally, I like it that way. I don’t correct those when they’re referencing me to bro, or man. I go with it (I have my own personal reasons, but we can save that for another post).
Having all your information on-chain is akin to driving with bumper stickers that publicly display everything you value, believe in, and support. Whether it's your NFTs, POAPs, or community affiliations, these identifying factors are like bumper stickers for everyone to see, reflecting aspects of who you are.
Maybe I don't want the world to instantly categorize me based on my personal choices or beliefs or identifying traits such as gender, race, and age. We're all prone to snap judgments when we see bumper stickers or symbols representing opinions we don't align with. It's human nature, and I've been guilty of it too.
Ethereum needs to take the default opt-in approach, or else it’s just ngmi.
The Domino Effect
These transitions come with three type of possible solutions that come with their own set of unique challenges:
Rollups solve the scaling problem.
Smart contract wallets solve the security problem.
Privacy-preserving fund transfers (partially) solve the privacy problem.
Let’s look at the proposed solutions and their challenges on a high level.
Rollups and Scalability
Rollups, also known as L2s, are the future. Let me try to explain what a rollup is. Earlier I explained how every time you interact with Ethereum (transaction), it needs to be posted to the blockchain. Now imagine that instead of each and every transaction getting posted right away to the network, you could put all these transactions into one notepad and once that notepad is full, it then gets posted to the network. That’s kind of how rollups work. Transactions get rolled into one and get posted once.
Back to our car and driving example, instead of having 5 cars on the road, you decide to carpool and now you have 5 people in each car, helping reduce traffic.
This is great, but because there are tons of different L2s, (Optimism, Arbitrum, zkSync, Scroll, etc) we now introduce a new problem: multiple addresses per user.
This leads us to our next problem, how do you figure out how to pay someone? With multiple accounts, the sender or receiver will need to be able to share what forms of payment they accept. It’s like going from using Visa everywhere (Ethereum), to now needing to have specific cards per merchant.
This is what a typical transaction object currently looks like:
{
from: "0xEA674fdDe714fd979de3EdF0F56AA9716B898ec8",
to: "0xac03bb73b6a9e108530aff4df5077c2b3d481e5a",
gasLimit: "21000",
maxFeePerGas: "300",
maxPriorityFeePerGas: "10",
nonce: "0",
value: "10000000000"
}
Users will need more information than just to when completing transactions.
Key recovery will also get expensive because each account a user has will need to run a recovery process. Even though transacting on rollups will be less expensive than Ethereum, no one wants to pay fees for essentially resetting your password.
Smart Contract Wallets and Security
The TLDR about current wallet security really comes down to the fact that we, as humans, are prone to making mistakes and that includes forgetting our seed phrases and losing our private keys. There are two types of wallets, EOA (externally owned accounts), think MetaMask and Rainbow, and then there are smart contract wallets (Safe, Ambire).
The problem with smart contract wallets is that they also make it more difficult for users to have the same address for a few reasons:
-
Smart contract wallets, unlike externally owned accounts (EOAs) tied to a public key hash, introduce complexity due to varying code across networks, making consistent addresses harder to maintain
-
Smart contract wallets can have ownership changes through key modifications, which might lead to different addresses
-
Some Layer 2 technologies, like 'type 4 ZK-EVMs,' differ from Ethereum's main system (EVM). They may use unique languages, causing the same code to create different 'addresses' on various layers
This leads us to our next problem, onchain payments. Generally, transactions are sent with a gas limit of 21000 because generally there’s only so much data that comes with each transaction from an EOA. Smart contract wallets break this rule, so it will require wallets to adjust this limit. A referenced use case, such as NFT royalties, will also require that the receiver track when payments have been made from EOA and smart contract accounts because as it is, these types of marketplaces ban smart contract wallet owners.
Recovering keys from counterfactual addresses becomes even more complex! Counterfactual addressing refers to a concept where an address can be determined and known before the contract is actually deployed.
Wut?
Counterfactual addresses become useful in making transactions more efficient, flexible, and private, or in preparing for future actions without having to fully commit to them on the blockchain right away.
So, imagine, trying to recover a key from a contract address you don’t even have yet.
Internal Transfers and Privacy
We’ve touched on how L2s and smart contract wallets just make everything more complicated, well, now let’s add privacy to that mix, and let’s make it 100x more complicated.
Although having multiple accounts per user has been talked about as a bug (problem) for scaling and security, it’s actually a feature when it comes to privacy. The more accounts a user has, the higher likelihood that your degen transactions are likely to stay private (sort of).
Stealth addresses only make the multiple-address-per-user problem even worse because it’s a feature that allows a sender to create a unique, one-time address for every transaction on behalf of the recipient.
As it stands, there is no way to privately send someone funds in Ethereum. Contrary to popular belief (including mine), Tornado Cash doesn't allow users to send direct payments to each other; instead, a user sends and withdraws funds to and from a smart contract. Not exactly the same thing.
Lastly, key recovery is a complete nightmare. The perfect UX would be that with one click, you will be able to recover all of your accounts, but how can this be done in a way to preserve your identity? All the accounts would need to be linked, and this is exactly what we don’t want in a privacy-first world.
Conclusion
At the moment, Ethereum is a ship in the middle of the ocean carrying thousands and thousands of passengers and has to patch three parts of the ship, simultaneously, while trying to sail uninterrupted or else it will sink.
Needless to say, I’m skeptical whether or not Ethereum will actually be able to be successful in this. Not only will infrastructure need to change, but so will how applications interact with Ethereum.
However, considering how many developers and researchers are working in Ethereum, and the success of the merge, I lean in favor of the Ethereum community to “rise to the challenge” to solve these problems.
Final Thoughts
This article got me thinking: Why aren't we paying more attention to privacy-first L1s? Adding privacy to a network is complex, so why not build on networks like Namada and Aleo where privacy is treated as a first-class citizen?