Is it known at the moment, which elliptic curve is going to be used for Casper? Also, which Distributed Key Generation is going to be used for Casper? Is it going to be joint-Feldman?
How is one going to handle adding/removing validators to/from an existing validator set? When a validator joins, one will need generate a key share for this validator …
which Distributed Key Generation is going to be used for Casper?
We only do plain BLS aggregation (see here); there is no DKG. Aggregate public keys are recomputed for every aggregate signature with cheap curve multiplications.
Signature verification will be outside of the EVM, implemented in native code. There will be a smart contract on the main chain to make 32 ETH deposits and initialise BLS identities with proofs of possession.
The confusion is because the old post has the best description of the beacon chain. The new post only focuses on the BLS signatures, and mentions the beacon chain only in passing. Perhaps it would help to have a full overview of the beacon chain and the signature scheme, in a single document.
Although that post points in an overall direction which we have taken today, be careful with what ethresear.ch posts say. The ideas are generally quite fresh, definitely not authoritative, and most of them don’t make it to the final design.
In that post I used Dfinity’s random beacon for illustrative purposes but RANDAO is the current plan. Also note the definition of “beacon chain” has changed. In that post I had a stricter definition where the beacon chain’s only role is to produce a random beacon.
Today we use the term “beacon chain” more loosely. It’s now both a random beacon and a “manager chain” for things like crosslinks, slashing conditions, accounting, Casper FFG. In other words, in Ethereum 2.0 the beacon chain is the new main chain.
Recently our team has started implementing the beacon chain in js. One of our blockers is implementing py_ecc in pure js. Just wondering if anyone has worked on something similar? Our repo is here.