Thank you for the proposal (and for the lovely talk at Protocol Berg, which made me aware of this ongoing discussion). I have a few thoughts which I wanted to share with the Ethereum community here.
Concerning the stated goal of ISA optimization
I can see that there may be a solid case for RISC-V as an ISA as compared to the EVM from the specific perspective of succinct cryptographic proving efficiency (although the term “zk-EVM” is used, as far as I can tell these constructions neither expect nor depend on an actual “zero knowledge” property, nor do they seek to provide privacy to applications – please correct me if I am wrong about this).
I am no expert in “zk”, or “succinct cryptographic proof-compatible”, virtual machine architecture, so I’ll leave those details to the folks working on such projects, but I would note that as far as I am aware all serious zkVMs in existence rely heavily on “precompiles” of their own for heavily-used primitives such as hash functions, elliptic curve cryptography, and recursive proof verification. Seriously optimizing for succinct proving speed is thus also likely to require upgrading and altering precompiles, not just switching to RISC-V. Furthermore, if part of the goal here is to “stabilize and ossify” the execution layer, there’s a straightforward theoretical argument that the goals of stability and efficiency will always be in tension: which precompiles will most improve execution efficiency depends on what code is actually run, which is simply not something that a protocol or VM designer can know in advance! If a protocol designer really wishes to harmonize the goals of stability and efficiency as best as possible, I think it would be necessary to instead design a protocol for measuring what code paths are most frequently run and periodically automatically updating the set of precompiles to optimize for those heavily-used code paths. This is far from trivial, but not impossible – one could examine, for example, how Urbit’s Nock uses jets. Still, only so much can be done in software – eventually you would need to dynamically reprogram FPGAs or even perform automatic hardware synthesis. I expect that this is beyond the scope of what the Ethereum community would want to consider right now, but I think it’s important to build a clear shared understanding of the fundamental tension and possibility space here, which is useful context to evaluate whether the time and engineering complexity costs of any particular upgrade are worth it. The idea that we could simply upgrade once to RISC-V and never need to change the execution layer again, without making substantial compromises in efficiency, is simply a fantasy.
Concerning the broader strategic context
@vbuterin – your opening post pitches a RISC-V upgrade as a “radical idea for the future of the Ethereum execution layer”. While I can agree with that from the perspective of the engineering efforts and social coordination needed to execute such an upgrade, from the strategic perspective my worry is that an upgrade to RISC-V would be nowhere near radical enough. An ISA upgrade to RISC-V is, at best, a straightforward optimization: it would make execution cheaper (and specifically cheaper to prove). As far as I can tell (admittedly from a rather ad-hoc dataset), execution costs are not the primary problem facing Ethereum users and developers right now. In fact, execution costs wouldn’t even make the top problems at all. In my experience (and recent canvassing at Protocol Berg), Ethereum users and developers are currently frustrated by (~ top five, unordered):
- Protocol, user experience, and liquidity fragmentation across hundreds of L2s
- Lack of native privacy on the L1, or any way to build privacy-preserving apps for the L1
- Inconsistent commitments, direction, and progress of L1 data availability scalability w.r.t. calldata and blobs (not execution)
- Loss of users, traders, liquidity, and general interest to other chains and ecosystems which iterate much faster than Ethereum does
- A lack of strategic clarity on what exactly Ethereum should focus on as a product proposition (see e.g. this excellent essay)
Upgrading the execution layer to the RISC-V ISA would do absolutely nothing to address any of these frustrations and problems, and it would consume collective years of engineering and social coordination efforts which could be better spent on something else. If such bandwidth exists, why not instead consider, for example:
- Upgrading the execution layer to support native privacy-preserving applications using a state model like that developed by Aztec, Aleo, or Anoma [disclosure: I work on Anoma]. This would open up new categories of applications that are currently impossible to build on Ethereum.
- Upgrade the execution layer to support proper execution sharding. Near has already shipped a well-specified sharding protocol which could be adopted by Ethereum (probably including in a way that would maintain compatibility with existing EVM contracts). Anoma has also specified a sharding system which is architecturally compatible with the EVM – we have not implemented it for the EVM, but someone could, and we’d be happy to help.
- Developing a new, “heterogeneous trust”, virtual machine which would encompass state on all (standardized) L2s, not just the L1, allow developers to write applications once and run them anywhere, and defragment the user experience. This is more of a green field research project – you can find the rough idea described here – but I don’t see any other way personally to really defragment the Ethereum experience (other than shipping execution sharding and killing all the L2s).
Perhaps these ideas are “too radical” – I’m not sure – but at least they stand a chance of actually helping Ethereum achieve the original mission. Swapping 256-bit integer operations for some RISC-V instructions does not.