Aptos Follow Mar 15
· 11 min read As stated in The Genesis of Aptos , our mission is to create universal and fair access to decentralized assets for billions of people.The web3 stack is vast and rich, from smart contract platforms to developer infrastructure and tooling, wallets, and decentralized applications.Over the coming years, we expect to build and partner with ecosystem participants to improve the entire space.The Aptos journey begins by working with a decentralized community to deploy a safe, scalable, and upgradable smart contract platform.
There are many smart contract platforms deployed in production today — each with their own unique advantages and tradeoffs.We believe that there is a need for a rapidly innovating and adaptable blockchain to serve the needs of billions today and in the future.Our belief is that the user experience needs significant improvement in safety and scalability in order to reach the masses (especially the non-crypto natives).
Over the past three years, our team has been able to research and develop innovative ideas (see links below with our numerous publications) and safely deploy them into production environments.Below, we describe a brief overview of our plans and how we will support frequent and rapid upgrades to the network.
In the coming months, we will share a series of deep dives and accompanying technical papers on both current and new initiatives toward achieving our goals.
Safety and security Billions of internet users are already familiar with purchasing goods and services and exchanging or storing value.In order to accelerate web3 adoption for internet users, we need a number of advances at the blockchain level that can further enhance the rest of the web3 stack.Below are some of the current areas of focus for our team that move the needle for safety and reliability.
Move language: A safe and flexible blockchain language
The Move language is designed for safe resource management and verifiable execution on a blockchain.Transaction execution is deterministic, hermetic, and metered.
Deterministic and hermetic means that the output of transaction execution is completely predictable and based only on the information contained within the transaction and current ledger state.Metering is an important defense against denial of service attacks at the transaction execution level.
The Move prover can formally verify properties of Move modules via an expressive specification language and is fast enough to run as a part of continuous integration tests.Move resources, inspired by linear types, statically ensure resources are conserved and not copied or accidentally destroyed — avoiding a whole class of potential attacks entirely.Our blockchain and the Move language were co-developed at the same time over three years ago.Accounts, transaction fees, a standard library, validator node management, and configuration are all implemented with Move.We love the safety of Move and are excited about helping build a broad ecosystem around it.
Production-grade, high assurance BFT consensus protocol
Our team has developed a production-grade, low latency Byzantine Fault Tolerant (BFT) engine.We have implemented our fourth iteration of the protoco l (the most advanced HotStuff derivative) over the past three years.During that time, we have upgraded the consensus protocol in a private mainnet environment with a diverse set of operators and zero downtime.
Our first implementation of the BFT protocol added an active pacemaker that used timeouts to synchronize validators much more quickly than waiting for increasing timeouts.With our latest improvement to the protocol, blocks are committed in as few as two network round-trips, making sub-second finality the common case.Our novel reputation system analyzes the on-chain state and automatically updates leader rotations to adjust for non-responsive validators without any human intervention, making it well suited for decentralized environments.
Furthermore, our protocol clearly separates liveness from safety.No matter if the network is unreachable or the non-safety core is compromised in some way, the chain will not fork as long as the BFT honesty guarantees are upheld.The safety of our consensus protocol has been both audited and formally verified .
Our research has shown that there can be simple extensions that increase the resistance of our current BFT protocol by taking advantage of periods where more than 2f+1 nodes vote on a block.These stronger commitments provide an even higher confidence that the network will not fork in the future and further increase user confidence in finality beyond the standard BFT properties.
Aptos Core implementation and testing
A large number of validators operating in diverse environments is important for both decentralization and security.Furthermore, the validator software must be securely designed to prevent attack — this is one of the main reasons we selected Rust and Move to be our languages of choice for implementing protocol and smart contract logic.
The core security properties of the Aptos blockchain rely on the correct implementation of validators, Move modules, and the Move VM.We have modularized the code and identified a minimal trusted computing base (TCB) that isolates critical security properties (e.g.
safety of the consensus protocol and execution correctness).Modularity and the use of a TCB allows us to leverage high assurance development techniques.Moreover, for security critical components, we can enforce stricter requirements for code review, dependencies, testing, and execution environment security.
We have paired decades of collective experience developing, testing, and deploying software at internet scale with new ideas for operating reliably in a decentralized environment.Prior to every code commit, we run a series of distributed network tests such as load testing and Byzantine attacks and then evaluate correctness and performance results.We also have a staged rollout to multiple test networks prior to mainnet deployment with significant load and longevity testing at every step.
Our upcoming incentivized testnet in Q2 will focus heavily on building community learnings on node operation.
We already have significant experience working with the world’s leading node operators on preparing and testing various disaster recovery scenarios and look forward to building the most reliable decentralized network possible.
Safer account key recovery and rotation protocols
To mitigate against key theft, Aptos supports the ability for any account to rotate its private key.Validators can also periodically rotate their consensus key as well for increased security.In order to avoid the issues of billions of dollars of value being locked away due to key loss, we are also working on developing novel techniques around key recovery that can be directly integrated into the blockchain account model.
Multi-agent transactions
Multi-agent transactions leverage Move’s signer type to allow an arbitrary number of atomic actions in one single transaction across multiple on-chain accounts.This can make atomic swaps, K-of-N approvals, and any arbitrary atomic action between two or more on-chain entities complete in a single transaction.
Making these complex interactions indivisible improves both security and performance.An even wider range of composable patterns and use cases are possible when combining multi-agent transactions with multi-signature support in a single account.
Scalability and performance It is well known that high transaction fees, low throughput, and high finality rates limit blockchain use cases and have driven up the demand for performance optimized L1 and L2 blockchains.A less popular aspect of scalability is that on-chain storage is very expensive and has performance challenges scaling to billions of accounts and trillions of on-chain and off-chain assets.Our goal is to focus holistically on performance from the user experience.
We believe that L1 blockchains should bear more of the scalability responsibility in order to simplify and mainstream the user experience.
End-to-end metrics and measurement
Over the years, there has been immense confusion around blockchain performance metrics.Let’s start with the simplest definitions.
Throughput — The number of transactions processed per second (tps) Finality — The time measured from when a client creates and submits a transaction until another party confirms the transaction is committed Throughput and finality are affected by many factors.First of all is the transaction complexity.A simple peer-to-peer transaction that moves tokens to Alice’s account from Bob’s account is much less expensive than one that pre-generates 1,000 NFTs.
The validator and account universe size and distribution also will have a large effect on performance.How many validators are there and what are their hardware specifications? How many accounts are there (e.g.
10,000 vs 1 billion accounts)? What is the account size distribution (e.g.1k vs 10 MB)? What is the access pattern distribution (e.g.zero transaction conflicts to fully sequential dependencies)? What are the ordering guarantees between transactions (partial ordering or total ordering) and are they well suited for smart contracts? These factors make it difficult to objectively compare performance between different networks.Comparisons are even more confusing when considering the different methods of measuring performance.For example, our research on a family of DAG based consensus protocols (i.e.All You Need Is DAG , Narwhal and Tusk: A DAG-based Mempool and Efficient BFT Consensus and Bullshark: DAG BFT Protocols Made Practical ) demonstrate that this class of protocols can range from 125,000 to 160,000 tps or even beyond.
However, these throughput numbers do not represent end-to-end blockchain throughput as they only take into account consensus, network, and partial storage considerations.They do not factor in other important considerations such as transaction execution times, account access patterns, or authenticated data structures (e.g.Merkle trees) in a production blockchain.On the finality side, block times often get mistaken for finality when in fact, block times are an input factor to finality.
We believe in transparency and openness around benchmarking, explaining the differences between testing methodologies, and clearly stating component versus end-to-end results.
In the coming months we will share detailed end-to-end performance findings and testing methodologies.Over time, we intend to share benchmarking frameworks and compare the performance characteristics of various use cases across different blockchains.
A journey to high throughput and fast finality
A major step of this journey has been to fully decouple the consensus protocol from transaction execution.The consensus protocol agrees on a proposed transaction ordering.
In a separate protocol and outside of the critical path, validators execute the transactions and have an agreement on the final transaction ordering and execution results.
Protocols that integrate consensus and execution are simpler, but pay a heavier cost in throughput and latency due to their co-dependencies.
As mentioned earlier, we have the lowest latency, most advanced variant of HotStuff tested over many years.In the most common case, the protocol commits to an agreement in two full network round trips — easily subsecond even when worldwide network round trips take up to 250 milliseconds.When under attack or during periods of network outage, the on-chain reputation system minimizes the negative impact of down validators automatically.We have already begun the research and development for our next consensus protocol iteration that advances transaction dissemination and expect a testnet upgrade with this technology later this year.
After decoupling the consensus protocol from the execution pipeline , the next bottleneck is transaction execution time.Using novel techniques inspired from software transactional memory , we achieve over 130k transactions per second with only 32 cores in our execution only benchmark.Developers get this benefit for free as our execution framework automatically exploits the inherent parallelism in any workload.No extra information from developers needs to be provided.Perhaps most importantly, a high throughput blockchain means low transaction fees for users.
The final bottleneck for performance — and the most ignored — are the authenticated data structures and associated state storage.
One challenge is that while authenticating the ledger state (e.g.account balances, smart contracts, etc.), in-memory Merkle trees are efficient at small scale, however, writing large Merkle trees to persistent storage is a bottleneck.We are designing our authenticated data structures to be database-friendly by exploring higher branching factors, access pattern optimized caching, and careful versioning.We are also currently developing support for large accounts — the ability to access individual Move resources per account rather than inefficiently as a single blob and investigating a future path to finer access within Move resources by splitting them into access pattern optimized chunks.
Tiered storage and state rent are important priorities to support all types of new use cases.
Parallel account transactions while preserving control for transaction ordering
The sequence number approach popularized by Ethereum provides full user control over transaction ordering, efficient mempool filtering, and bounded memory usage.We have experimented with augmenting the sequence number approach with conflict resistant sequence numbers to allow account parallelism over a window of sequence numbers while still allowing users the ability to control transaction ordering when necessary.Our future work is to also consider alternative implementations of parallelism that are even more flexible and composable.
Fast and flexible state management support for light, full, archive, and validator nodes
State synchronization between nodes can be CPU intensive for high throughput blockchains.We support a spectrum of different state synchronization protocols that tradeoff CPU and network bandwidth.
In order to support inexpensive full nodes, we have a protocol that can sync transactions and their executed results signed by a quorum of validators that allows a node to skip the computation at the cost of higher networking throughput and directly update the ledger state from the executed results.
Instead of having to download a chain of blocks to get to the latest ledger as most blockchains do, a client can use the top level transaction accumulator to get the latest committed transaction.This also allows for inexpensive pruning of previous transactions and ledger history if desired.Trusted waypoints also allow fast syncing for nodes to quickly catch up as well.
Upgradability Networks must quickly adapt to supporting evolving web3 needs .The blockchain use cases and technology improvements are constantly growing and evolving by leaps and bounds.
For example, in 2021, NFTs became a $40 billion market .Many predict 2022 to be the year for DAOs to gain adoption.New consensus protocols and smart contract languages are being developed.Privacy preserving transactions are becoming more practical.
Unfortunately, many of today’s networks have had difficulty in making significant protocol improvements after launch.Some networks that attempted significant upgrades have experienced hours of downtime and sometimes accidental hard forks.
We believe this is one of the key reasons why so many new networks are launched.Unfortunately, an explosion of networks leads to challenges around the user experience as it requires familiarity with different environments and figuring out which network is best suited for a particular use case.We designed and built the Aptos blockchain to be upgradable as a key property and have successfully executed several major upgrades without downtime in the past years.In order to achieve this goal, validator management and configuration is managed with on-chain state — making it convenient for the community to vote and quickly execute upgrades.Robust testing and deployment practices ensure a safe and reliable rollout.
The Aptos blockchain history The Aptos technology stack was researched, designed, and developed by a 30+ person crypto platform research and engineering team with domain expertise and PhDs in consensus, cryptography, distributed systems, formal verification, security, etc.
The codebase has grown substantially over 3+ years with 292 unique developers and dozens of community driven improvement proposals.
It was battle-tested in a production environment through a number of different use cases and operated by numerous enterprise operators for over a year with over a dozen possible disaster scenarios.We conducted multiple successful significant upgrades in a private mainnet with zero downtime.The codebase is open source and community governed with a long-term goal to build infrastructure that can be used for many networks.The community is ready and excited to see this technology ship and unlock many new applications going forward.
Our approach and timeline We are committed to launching our mainnet as soon as possible to enable the broader community to start building — many have been waiting years for our technology to launch.Along the journey to mainnet and beyond, we will be announcing a series of global hackathons and look forward to your participation! We will leverage our ability to upgrade the network with new features, functionality, safety and scaling improvements as soon as they reach enterprise readiness in our testnets and deployment process.
2022 Q1 (March 15th) — Developer testnet launch
Work with strategic partners and the web3 developer community to gather feedback and make improvements with respect to the Move developer experience and Move language 2022 Q2 — Incentivized testnet launch
A larger and mainnet-like test playground for strategic partners and web3 developers to build Work with the node operator community to onboard and build expertise on operating the decentralized network together Start a bug bounty to improve the developer experience, node operations, and address infrastructure issues Provide incentive alignment for all participants that help secure the network 2022 Q3 — Mainnet launch
2022 Q4–2023 Q1 — Deploy the next major release to Aptos mainnet with the next set of significant features.