Ethereum with iO is God Protocols

category
Cryptography
date
Apr 2, 2025
slug
ethereum-with-io-is-god-protocols
type
Post
lang
en
status
Published
Many thanks to Sora Suegami for his review.
Ethereum is the first widely adopted blockchain to feature Turing completeness [1]. On the other hand, the "God Protocol" is an idealized protocol proposed by Nick Szabo in 1997, described as a "protocol capable of executing all transactions and contracts without relying on trusted third parties” [2].
In this article, we first review the concept of God Protocols and the features they must satisfy. Then, we discuss how closely Ethereum approaches this ideal protocol. We focus especially on the privacy aspects currently lacking in Ethereum and explore Indistinguishability Obfuscation (iO), a cryptographic technology potentially capable of addressing this limitation.

1. God Protocols

1.1 The Concept of God Protocols and Szabo’s Background

The concept of "God Protocols" was introduced by Nick Szabo in 1997 [2]. Szabo defined God Protocols as those capable of mathematically substituting the role of a trusted third party. Here, "God" metaphorically represents an ideal entity capable of executing arbitrary computations precisely, behaving fairly, and safeguarding the privacy of users.
A God Protocol acts as a universally trusted and fair entity for all participants, receiving their inputs, computing precisely, and returning only the necessary outputs. Importantly, no participant gains any additional information about other parties' inputs beyond what can be inferred from their own inputs and outputs. This concept is not an explicit specification or implementation but rather an abstract idealization.

1.2 Properties of God Protocols

God Protocols are designed to execute contracts or transactions fairly without needing trust in third parties. We propose summarizing their essential properties into these six attributes:
  1. Permissionlessness: Anyone can participate. There is no specific administrator who controls participant access. Individuals or organizations can freely join and utilize the system. This removes external barriers such as enforced exclusions or permissioned entry, enabling open usage. Although not explicitly stated by Szabo, permissionlessness can be inferred from his depiction of "a god on everyone's side." Permissionlessness can be further subdivided into three types: 1) Node Participation Permissionlessness: Anyone can run a network node, assuming that the majority remain honest. 2) Development Permissionlessness: Anyone can develop and deploy arbitrary programs. 3) Usage Permissionlessness: Anyone can read from or write to deployed programs.
  1. Turing Completeness: Capable of solving any computable problem. The protocol allows arbitrary computations to be expressed and executed. Turing completeness is vital, especially when supporting smart contracts, as it enables diverse logics. Moreover, this property inherently includes state storage capabilities, implying God Protocols function as state machines.
  1. Consistency: Global state remains consistent. The entire network consistently maintains the same computed global state following a correct transaction order. Even if forks temporarily occur, the system eventually converges to a single state. Note that consistency defined here is broader and slightly weaker than the strict consistency used in State Machine Replication (SMR) problems or the CAP/PACELC theorems [3,4,5].
  1. Liveness: Always returns computation results. The network continuously operates and resists external disruption or failure. Even if certain nodes fail, the overall operation is maintained. This aligns with the liveness concept in SMR problems [3]. However, the concept of availability in CAP/PACELC theorems is slightly broader than the liveness described here [4,5].
  1. Censorship Resistance: No participant gains unfair advantage through prior knowledge. The protocol prevents intentional manipulation of transactions by participants. This attribute corresponds closely to fairness, meaning that no party obtains an advantage by prematurely learning information. For instance, transaction-order manipulation to increase personal gains must be prevented.
  1. Privacy: Participants cannot access more information than necessary. Only information required for executing transactions or contracts is disclosed, with no sensitive details unjustifiably leaked. Privacy is heavily emphasized in Szabo’s original description. Examples include auctions or elections, where insufficient privacy protection could disadvantage certain participants. Thus, privacy is essential for God Protocols.
Importantly, Szabo acknowledged inherent trade-offs among fairness (censorship resistance), fault tolerance, and privacy. Additionally, impossibility results such as FLP impossibility theorem, CAP theorem, and PACELC theorem mathematically demonstrate intrinsic limitations [6,7,8]. Vitalik’s blockchain trilemma is also well-known; fully proven mathematically for PoW but not yet conclusively for PoS [9,10].
Although scalability was noted as a constraint, it’s omitted here. Practically speaking, low latency is desirable, yet simultaneously achieving perfect levels of the above properties and scalability remains extremely challenging. Realistically, no current computing platform fully satisfies all six properties simultaneously.
Given node-participation permissionlessness, God Protocols inherently require a distributed system architecture, assuming that the majority of participants are honest. Under such conditions, fulfilling all properties naturally implies Byzantine Fault Tolerance (BFT). BFT allows legitimate nodes to maintain consensus despite malicious or faulty nodes [11]. Most conventional distributed systems do not achieve BFT, whereas many major public blockchains inherently possess this property.
The notion of liveness described above differs strictly from the liveness defined by Alpern and Schneider in 1985 (here, we refer to the latter as "abstract liveness" for convenience) [12]. Informally, abstract liveness is often defined as "something good eventually happens." Within the properties discussed above, eventual convergence of the global state or liveness falls under this category of abstract liveness.
Protocols partially satisfying certain properties do exist. Public cloud services, for example, enable deploying arbitrary programs (Turing completeness) and offer high levels of liveness and consistency. However, ultimate trust remains with service providers, making permissionlessness, censorship resistance, and privacy very challenging.
Achieving all these properties simultaneously remains exceedingly difficult. However, doing so would eliminate reliance on intermediaries, making contracts (e.g., auctions, exchanges, elections) potentially trustless and fair. Szabo’s original vision highlighted the theoretical possibility of achieving ideal trust through cryptography and economics. Although initially distant from practical realization, advancements in distributed ledger and cryptographic technologies have already begun partial implementations.

2. Ethereum from the Perspective of God Protocols

2.1 Properties Required by God Protocols and Ethereum

Ethereum is the first blockchain equipped with a Turing-complete virtual machine [1]. Below is an overview of how Ethereum aligns with the six properties discussed in the previous chapter.
  1. Permissionlessness Ethereum is a public blockchain allowing anyone to connect to the network, submit transactions, operate nodes, or deploy smart contracts without needing permission from a central authority. Thus, it meets the open-access requirement of God Protocols. Although participation as a validator requires staking 32 ETH, no special permission from any particular entity is needed. Ethereum assumes the majority of participating validators are honest, and economic security through staking serves as a defense mechanism against attacks like the 51% attack [13].
  1. Turing Completeness Ethereum features a virtual machine, the Ethereum Virtual Machine (EVM), capable of executing code written in high-level languages such as Solidity in a Turing-complete manner. Its ability to implement arbitrarily complex logic aligns closely with the God Protocols' requirement of "solving any computable problem." Ethereum addresses the infinite loop issue inherent in Turing completeness by introducing the concept of gas fees. Moreover, Ethereum updates a global state with each block, recording transaction and contract statuses. In contrast, Bitcoin is a non-Turing-complete public blockchain incapable of representing complex logic or loops.
  1. Consistency Ethereum uses Gasper—a Proof-of-Stake (PoS)-based consensus algorithm composed of Casper FFG and LMD GHOST—to properly propose and finalize blocks [14]. Consequently, all nodes share an identical state. Although temporary forks may occur, Ethereum ultimately converges on a single unique chain, ensuring that all nodes recognize the same state.
  1. Liveness Ethereum is operated by globally distributed nodes, meaning the entire network remains operational even if some nodes go offline. Even under disruptions such as DoS attacks, Ethereum continues functioning, allowing the legitimate blockchain to grow continuously.
  1. Censorship Resistance Ethereum is significantly harder to censor than centralized systems, making it extremely difficult to manipulate or suppress transactions. Users issue transactions using ECDSA signatures, preventing third-party alteration. However, issues such as Maximal Extractable Value (MEV) indicate lingering vulnerabilities where proposers, builders, or searchers can influence transaction ordering, including selectively excluding transactions from blocks. This mechanism allows searchers or builders to gain advantages by learning transaction details beforehand, falling short of achieving "perfect fairness." Proposals such as EIP-7805 (Inclusion Lists) aim to alleviate this issue [15].
  1. Privacy Ethereum currently lacks sufficient privacy features. Due to its transparent nature, transaction data and contract states are publicly accessible, making private transactions and handling confidential information fundamentally challenging. Although certain privacy-enhanced Layer 2 solutions and cryptographic techniques are gradually being introduced, their application remains limited.
In summary, Ethereum substantially meets high standards regarding permissionlessness, Turing completeness (state machine), consistency, liveness, and censorship resistance. These properties naturally confer BFT to the network. However, Ethereum continues to face significant privacy challenges. While various projects have attempted to enhance privacy, none have yet achieved broad, universal applicability.

2.2 Ethereum's Privacy Challenges

Ethereum's design emphasizes transparency and traceability, resulting in publicly accessible blockchain data. While beneficial for verification and fostering open community development, this transparency makes Ethereum unsuitable for scenarios requiring complete confidentiality of sensitive individual or organizational information. For example, it is straightforward for anyone to see how much and in which DeFi protocols a particular wallet has invested, or to track transaction histories with other addresses.
Additionally, the openness of smart contract code and logic execution introduces risks of malicious analysis depending on the application. Although privacy-focused Layer 2 solutions have been proposed, their general-purpose application remains limited. An advanced cryptographic technology potentially capable of overcoming these limitations is Indistinguishability Obfuscation (iO).

3. Indistinguishability Obfuscation (iO)

Indistinguishability Obfuscation (iO) is a cryptographic technique aiming to ensure that when multiple circuits (programs) with identical input-output behavior are obfuscated, the resulting obfuscated versions cannot be distinguished from each other by any external observer [16, 17]. Specifically, given two programs, and , which produce the same outputs for every possible input, their obfuscated forms should become indistinguishable. In other words, an attacker cannot differentiate between the obfuscated forms within polynomial time:
The programs before and after obfuscation return identical outputs for any given input:
When this property is satisfied, it becomes possible to safely hardcode secret information such as private keys directly into programs, as iO ensures that obfuscation prevents leakage of these secrets. Consequently, it enables constructing "encrypted programs," capable of performing arbitrary computations with their internal logic entirely hidden.
As a simple illustrative example, consider program that outputs 1 only when given an input equal to its hardcoded secret key and outputs 0 otherwise, and program that always outputs 0. This scenario does not satisfy the security definition of iO, since the two programs produce different outputs when the secret key is input. For the security condition to hold, both programs must yield identical outputs for all inputs. This critical point must be kept in mind when implementing programs that comply with iO's security definition.
While cryptographic obfuscation concepts existed previously, iO was formally defined by Barak et al. in 2001 [16]. iO is considered the closest achievable form to an idealized "black-box obfuscation," which completely hides a program’s internal structure while preserving input-output behavior. iO was proposed as a relaxation of this ideal.
The ideal form, known as "Ideal obfuscation," was proven impossible to achieve by Barak et al . in 2001. However, in 2023, under the assumption that hash functions can be modeled as random oracles, researchers demonstrated that constructing Ideal obfuscation is theoretically possible [18].
The first practical construction of iO proposed in 2013 relied on multilinear maps, though its underlying security assumptions were later compromised [19]. In 2020, Jain et al. introduced the first construction based on standard cryptographic assumptions, significantly advancing the practicality of iO [17].
Remarkably, iO is anticipated to enable the construction of virtually all cryptographic primitives. It has been theoretically shown capable of building advanced cryptographic systems such as public-key encryption, digital signatures, zkSNARKs, and Fully Homomorphic Encryption (FHE) [20,21]. This is possible because iO allows embedding any functionality securely within a program, executing it internally in a hidden manner. Due to this versatility, iO is frequently referred to as the "holy grail of modern cryptography," prompting extensive research on its security and practical implementation.

4. Ethereum with iO from the Perspective of God Protocols

4.1. Ethereum with iO

As described in the previous chapter, Ethereum already meets many of the properties required by God Protocols at a high level, specifically: permissionlessness, Turing completeness (state machine functionality), consistency, liveness, and censorship resistance. It similarly satisfies BFT. However, as previously noted, its privacy features remain extremely limited. Conversely, iO is a powerful cryptographic primitive capable of obfuscating the program itself, making internal logic and confidential information indecipherable from the outside.
If Ethereum could integrate iO, it might significantly advance towards becoming a "trustless and privacy-preserving computational infrastructure," capable of hiding the internal logic and sensitive information of smart contracts currently publicly visible, while preserving verifiability of necessary inputs and outputs.
For example, when a user sends funds to a friend, it could enable processing sensitive data such as transaction amounts or wallet balances without exposing them to third parties. While traditional banking systems rely on centralized entities to guarantee privacy, replicating similar functionality on blockchain—in a fully decentralized manner without trust—is highly challenging. However, if iO makes it possible to securely deploy programs with hardcoded secret keys in an obfuscated manner on-chain, Ethereum could substantially enhance its privacy properties.

4.2. Further Applications and Challenges

Another potential property achievable by integrating iO into Ethereum is resistance to Sybil attacks. Although Sybil resistance isn't explicitly listed among the God Protocols' required features, it is a critically important aspect for current blockchains. Generally, guaranteeing that each person holds only a single account—and preventing individuals from controlling multiple accounts—is extremely difficult. However, if iO could help build systems that securely verify identities using biometric or other personal data while keeping such information confidential, concepts like Proof of Personhood could become feasible.
The original Proof-of-Work (PoW) paper, published in 1992, targeted spam prevention, and Sybil attacks have since become known as a classic, deeply entrenched problem [22]. Although various approaches, including Decentralized Identifier (DID) projects, have attempted to address this issue, satisfactory solutions remain elusive. Ethereum equipped with iO could offer a fundamental solution to this persistent problem.
Nevertheless, the practical feasibility of iO remains distant. Although several new construction methods and implementations have been proposed, questions about their maturity and security persist. Security assumptions in iO present crucial trade-offs, and some constructions rely on exotic assumptions that could potentially be broken [23]. Thus, while incorporating iO technology into Ethereum offers substantial potential for future decentralized computing platforms, significant technical hurdles and rigorous validation remain essential challenges. Continued research in this field is highly anticipated.

5. Future Prospects

In this article, two primary points were presented: the six core properties defining God Protocols and the potential of combining Ethereum with iO to achieve these protocols. Currently, iO technology remains far from practical usability, yet it represents a critically important cryptographic primitive for ensuring privacy, warranting further research.
These critical applications, including iO and related cryptographic technologies, are still immature, with numerous technical challenges to resolve before practical deployment is possible. Precisely because of this, identifying how such technologies connect with social issues and articulating their potential impacts clearly are crucial steps toward eventual implementation. Therefore, our ongoing research aims to clarify and systematize problems solvable by Ethereum integrated with iO.
The guiding principle behind this effort aligns with Nick Szabo's vision: to build a fairer and freer social infrastructure.

References

  1. Ethereum: A Secure Decentralised Generalised Transaction Ledger. Gabin Wood. (2014)
  1. The God Protocols. Nick Szabo. (1997) https://nakamotoinstitute.org/library/the-god-protocols/
  1. Foundations of Blockchains. Tim Roughgarden. (2022)
  1. Towards Robust Distributed Systems. Eric Brewer. (2000)
  1. Consistency Tradeoffs in Modern Distributed Database System Design. Daniel Abadi. (2010)
  1. Brewer's Conjecture and the Feasibility of Consistent, Available, Partition-Tolerant Web Services. Seth Gilbert, Nancy Lynch. (2002)
  1. Impossibility of distributed consensus with one faulty process. Michael Fischer, Nancy Lynch, Mike Paterson. (1985)
  1. Proving PACELC. Wojciech Golab. (2018)
  1. Sharding FAQ. Vitalik Buterin. (2017) https://vitalik.eth.limo/general/2017/12/31/sharding_faq.html
  1. A Formulation of the Trilemma in Proof of Work Blockchain. Taishi Nakai, Akira Sakurai, Shiori Hironaka, Kazuyuki Shudo. (2024)
  1. The Byzantine Generals Problem. Leslie Lamport, Robert Shostak, Marshall Pease. (1982)
  1. Defining Liveness. Bowen Alpern, Fred Schneider. (1985)
  1. Ethereum proof-of-stake attack and defense. Ethereum.org. (2025) https://ethereum.org/en/developers/docs/consensus-mechanisms/pos/attack-and-defense
  1. Combining GHOST and Casper. Vitalik Buterin, Diego Hernandez, Thor Kamphefner, Khiem Pham, Zhi Qiao, Danny Ryan, Juhyeok Sin, Ying Wang, Yan X Zhang. (2020)
  1. EIP-7805: Fork-choice enforced Inclusion Lists (FOCIL). Thomas Thiery, Francesco D'Amato, Julian Ma, Barnabé Monnot, Terence Tsao, Jacob Kaufmann, Jihoon Song. (2024) https://eips.ethereum.org/EIPS/eip-7805
  1. On the (Im)possibility of Obfuscating Programs. Boaz Barak, Oded Goldreich, Rusell Impagliazzo, Steven Rudich, Amit Sahai, Salil Vadhan, Ke Yang. (2001)
  1. Indistinguishability Obfuscation from Well-Founded Assumptions. Aayush Jain, Huijia Lin, Amit Sahai. (2020)
  1. The Pseudorandom Oracle Model and Ideal Obfuscation. Aayush Jain, Huijia Lin, Ji Luo, Daniel Wichs. (2023)
  1. Candidate Indistinguishability Obfuscation and Functional Encryption for all circuits. Sanjam Garg, Craig Gentry, Shai Halevi, Mariana Raykova, Amit Sahai, Brent Waters. (2013)
  1. Obfuqscation of Probabilistic Circuits and Applications. Ran Canetti, Huijia Lin, Stefano Tessaro, Vinod Vaikuntanathan. (2014)
  1. Possible futures of the Ethereum protocol, part 6: The Splurge. Vitalik Buterin. (2024) https://vitalik.eth.limo/general/2024/10/29/futures6.html
  1. Pricing via Processing or Combatting Junk Mail. Cynthia Dwork, Moni Naor. (1992)
  1. Obfuscation from Lattice-Based Equivocal Assumption. Russell W. F. Lai. (2024)

© Titania Research 2024 - 2025