Beigepaper:

An Ethereum Technical Specification

Micah Dameron

Abstract

The Ethereum Protocol is a deterministic but practically unbounded state-machine with two basic functions;
the first being a globally accessible singleton state, and the second being a virtual machine that applies changes
to that state. This paper explains the individual parts that make up these two factors.

1. Imagining Bitcoin as a penditures. This is called gas, and is explained fully

Computer
Ethereum utilizes the distributed ledger model that
originated with Bitcoin and repurposes it to model a vir-
tual computer, giving machine level opcodes the same
level of certainty as Bitcoin transactions. Just as sure
as you can be certain that Bitcoin’s ledger is accurate
and that timestamps are correct through the Bitcoin
consensus mechanism, just so sure is it that machine
instructions initiated on Ethereum will execute.
In other words, programs executed on the
Ethereum Blockchain are basically unstoppable. This
doesn’t mean that Ethereum programs can’t have
bugs. This means that Ethereum programs can be
trusted to execute without any interference from exter-
in §3. Gas is paid for exclusively in ether. The small-
est unit of currency in Ethereum is the Wei, which is
equal to Ξ10−18 , where Ξ stands for 1 ether. All cur-
rency transactions in Ethereum, at the machine level,
are counted in Wei. There is also the Szabo, which is
Ξ10−6 , and the Finney, which is Ξ10−3 .
The Ethereum network is subservient to others in
terms of one thing only: ether, the native currency for
Ethereum. Everything the system can do is bounded
up in its ability to expend ether in exchange for gas,
which buys a particular amount of system performance
in some desired direction.
Unit Ether Wei
Ether Ξ1.000000000000000000 1,000,000,000,000,000,000

nal non-network forces. This property arises from the Finney Ξ0.001000000000000000 1,000,000,000,000,000

inherent security of the blockchain which is built by, and Szabo Ξ0.000001000000000000 1,000,000,000,000

maintained upon, cryptographic proofs. Wei Ξ0.000000000000000001 1

1.1. Native Currency 2. Memory and Storage

Because Ethereum strives not primarily at the currency
application, but at all applications, there is a fundamen-
tal network cost unit used to mitigate the possibility of
abusing the network with excessive computational ex-
2.1. World State
The world state is a mapping of Ethereum addresses
to accounts. Such a mapping consists of two things:

1
2. Memory and Storage Beigepaper – v0.8.5 2019-08-15

1. addresses 2.2. Tree Terminology1

2. account states
a) Root Node – The top (first) node in a tree.
through the use of the recursive length prefix standard
b) Child Node – A node directly connected to an-
(RLP). This information is stored as a merkle patricia
other node when moving away from the Root.
tree in a database backend.a that maintains a map-
ping of bytearrays to bytearrays.bc As a whole, the state c) Parent Node – The converse notion of a child.
is the sum total of database relationships in the state
d) Sibling Nodes – A group of nodes with the same
database.
parent.

e) Descendant Node – A node reachable by re-

2.1.1. Merkle Patricia Trees
Merkle patricia trees are modified merkletrees where
nodes represent individual characters from hashes
rather than each node representing an entire hash.
This allows the state data structure itself to represent
not only the intrinsically correct paths in the data, but
also the requisite cryptographic proofs which go into
making sure that a piece of data was valid in the first
place. In other words, it keeps the blockchain valid by
combining the structure of a standard merkletree with
the structure of a Radix Tree. Since all searching and
sorting algorithms in Ethereum must be filtered through
this stringently correct database, accuracy of informa-
tion is guaranteed.
The following is a search tree beginning with hex-
adecimal values a and 4:
peated proceeding from parent to child.
f) Ancestor Node – A node reachable by repeated
proceeding from child to parent.
g) Leaf Node – A node with no children.
h) Branch Node – A node with at least one child.
i) Degree – The number of subtrees of a node.
j) Edge – The connection between one node and
another.
k) Path – A sequence of nodes and edges connect-
ing a node with a descendant.
l) Level – The level of a node is defined by 1 + (the
number of connections between the node and the
root).

m) Node Height – The height of a node is the number

a 4 of edges on the longest path between that node
and a leaf.
a
2 6 9
n) Tree Height – The height of a tree is the height of
its root node.
c b 2 7 c
o) Depth – The depth of a node is the number of
7 6 a62 f 9 edges from the tree’s root node to the node.

p) Forest – A forest is a set of n ≥ 0 disjoint trees.

a2c7 a2b6 f 5

497ff 4ac95
a The database backend is accessed by users through an external application, most likely an Ethereum client; see also: state database
bA bytearray is specific set of bytes [data] that can be loaded into memory. It is a structure for storing binary data, e.g. the contents of a file.
c This permanent data structure makes it possible to easily recall any previous state with its root hash keeping the resources off-chain and minimizing

on-chain storage needs.

2
2. Memory and Storage Beigepaper – v0.8.5
2.2.1. Recursive Length Prefix Encoding
Recursive Length Prefix Encoding (RLP) imposes a
structure on data that intrinsically considers a prefixed
hex value to position the data in the state database
tree. This hex value determines the depth of a cer-
tain piece of data. There are two types of fundamental
items one can encode in RLP:2
1. Strings of bytes
2. Lists of other items
RLP encodes arrays of nested binary data to an
arbitrary depth; it is the main serialization method for
data in Ethereum. RLP encodes structure of data only,
so it does not pay heed to the particular types of data
being encoded.
Positive RLP integers are represented with the
most significant value stored at the lowest memory ad-
dress (big endian) and without any leading zeroes. As
a result, the RLP integer value for 0 is represented by
an empty byte-array. If a non-empty deserialized inte-
ger begins with leading zeroes it is invalid.3
The global state database is encoded as RLP for
fast traversal and inspection of data. RLP encoding
creates a mapping between addresses and account
states. Since it is stored on node operator’s comput-
ers, the tree can be indexed and searched without net-
work delay. RLP encodes values as byte-arrays, or as
sequences of further values, which are subsequently
encoded as byte-arrays.4
2.3. The Block
A block is made up of 17 different elements. The first
15 elements are part of what is called the block header.
2.3.1. The Block Header
Description : The information contained in a block
besides the transactions list. This consists of:
1. Parent Hash – This is the Keccak-256 hash of the
parent block’s header.
3
2019-08-15
2. Ommers Hash – This is the Keccak-256 hash of
the ommer’s list portion of this block.
3. Beneficiary – This is the 20-byte address to
which all block rewards are transferred.
4. State Root – This is the Keccak-256 hash of the
root node of the state trie, after a block and its
transactions are finalized.
5. Transactions Root – This is the Keccak-256
hash of the root node of the trie structure popu-
lated with each transaction from a Block’s trans-
action list.
6. Receipts Root – This is the Keccak-256 hash of
the root node of the trie structure populated with
the receipts of each transaction in the transac-
tions list portion of the block.
7. Logs Bloom – This is the bloom filter composed
from indexable information (log address and log
topic) contained in the receipt for each transac-
tion in the transactions list portion of a block.
8. Difficulty – This is the difficulty of this block – a
quantity calculated from the previous block’s diffi-
culty and its timestamp.
9. Number – This is a quantity equal to the number
of ancestor blocks behind the current block.
10. Gas Limit – This is a quantity equal to the current
maximum gas expenditure per block.
11. Gas Used – This is a quantity equal to the total
gas used in transactions in this block.
12. Timestamp – This is a record of Unix’s time at
this block’s inception.
13. Extra Data – This byte-array of size 32 bytes or
less contains extra data relevant to this block.
14. Mix Hash – This is a 32-byte hash that verifies a
sufficient amount of computation has been done
on this block.
15. Nonce – This is an 8-byte hash that verifies a
sufficient amount of computation has been done
on this block.
3. Processing and Computation
2.3.2. The Other 2 Block Components
Ommer Block Headers – These are ommer block
headers (15 components listed above) of this block.
Transaction Series – This is a list of transactions in
this block and the only non-header content in the block.
2.3.3. Block Number and Difficulty
Note that is the difficulty of the genesis block. The
Homestead difficulty parameter, is used to affect a dy-
namic homeostasis of time between blocks, as the time
between blocks varies, as discussed below, as im-
plemented in EIP-2. In the Homestead release, the
exponential difficulty symbol, causes the difficulty to
slowly increase (every 100,000 blocks) at an exponen-
tial rate, and thus increasing the block time difference,
and putting time pressure on transitioning to proof-
of-stake. This effect, known as the “difficulty bomb”,
or “ice age”, was explained in EIP-649 and delayed
and implemented earlier in EIP-2, was also modified
in EIP-100 with the use of x, the adjustment factor, and
the denominator 9, in order to target the mean block
time including uncle blocks. Finally, in the Byzantium
release, with EIP-649, the ice age was delayed by cre-
ating a fake block number, which is obtained by sub-
stracting three million from the actual block number,
which in other words reduced the time difference be-
tween blocks, in order to allow more time to develop
proof-of-stake and preventing the network from “freez-
ing” up.4
2.3.4. Account Creation
Account creation definitively occurs with contract cre-
ation. Is related to: init. Lastly, there is the body
which is the EVM-code that executes if/when the ac-
count containing it receives a message call.
aA particular path from root to leaf in the state database
Beigepaper – v0.8.5 2019-08-15
2.3.5. Account State
The account state contains details of any particular ac-
count during some specified world state. The account
state is made up of four variables:
1. nonce The number of transactions sent from
this address, or the number of contract creations
made by the account associated with this ad-
dress.
2. balance The amount of Wei owned by this ac-
count. Stored as a key/value pair inside the state
database.
3. storage_root A 256-bit (32-byte) hash of the root
node of a Merkle Patricia Tree that encodes the
storage contents of the account.a
4. code_hash The hash of the EVM code of this
account’s contract. Code hashes are stored in
the state database. Code hashes are permanent
and they are executed when the address belong-
ing to that account receives a message call.
2.3.6. Bloom Filter
The Bloom Filter is composed from indexable informa-
tion (logger address and log topics) contained in each
log entry from the receipt of each transaction in the
transactions list.
2.3.7. Transaction Receipts
3. Processing and Computation
3.1. The Transaction
The basic method for Ethereum accounts to interact
with each other. The transaction is a single crypto-
graphically signed instruction sent to the Ethereum net-
work. There are two types of transactions: message
calls and contract creations. Transactions lie at
the heart of Ethereum, and are entirely responsible for
4
3. Processing and Computation Beigepaper – v0.8.5 2019-08-15

the dynamism and flexibility of the platform. Transac- 3.3. Mining

tions are the bread and butter of state transitions, that
The Block Beneficiary is the 160-bit (20-byte) ad-
is of block additions, which contain all of the computa-
dress to which all fees collected from the successful
tion performed in one block. Each transaction applies
mining of a block are transferred. Apply Rewards is
the execution changes to the machine state, a tempo-
the third process in block_finalization that sends
rary state which consists of all the required changes in
the mining reward to an account’s address. This is a
computation that must be made before a block is final-
scalar value corresponding to the difficulty level of a
ized and added to the world state.
current block.

3.1.1. Transactions Root

3.4. Verification
Notation : listhash
The process in The EVM that verifies Ommer Headers.

Alternatively: Transactions Root

3.5. Sender Function
Description : The Keccak-256 hash of the A description that maps transactions to their sender us-
root node that precedes the transactions in the ing ECDSA of the SECP-256k1 curve.
transactions_list section of a Block.

1. Nonce – The number of transactions sent by the 3.6. Serialization/Deserialization

sender.
2. Gas Price – The number of Wei to pay the net-
work for unit of gas.
3. Gas Limit – The maximum amount of gas to be
used in while executing a transaction.
4. To – The 20-character recipient of a message
call.a
5. Value – The number of Wei to be transferred to
the recipient of a message call.b
6. v, r, s – Values for the transaction’s signature from
which the public key can be derived.
3.2. State Transition Function
State Transitions come about through the State Transi-
tion Function; this is a high-level abstraction of several
operations in Ethereum which comprise the overall act
of taking changes from the machine state and adding
them to the world state.
a In the case of a contract creation this is 0x000000000000000000.
b In the case of a contract creation, an endowment to the newly created contract account.
This function expands a positive-integer value to a big-
endian byte-array of minimal length. When accompa-
nied by a · operator, it signals sequence concatenation.
The big_endian function accompanies RLP serializa-
tion and deserialization.
3.7. Ethereum Virtual Machine
The EVM has a simple stack-based architecture. The
word size of the machine and thus size of stack is
256-bit. This was chosen to facilitate the Keccak-
256 hash scheme and elliptic-curve based computa-
tion. The memory model is a simple word-addressed
byte-array. The memory stack has a maximum size of
1024-bits. The machine also has an independent stor-
age model; this is similar in concept to the memory but
rather than a byte array, it is a word-addressable word
array. Unlike memory, which is volatile, storage is non-
volatile and is maintained as part of the system state.

5
3. Processing and Computation Beigepaper – v0.8.5
All locations in both storage and memory are well-
defined initially as zero. The machine does not follow
the standard von Neumann architecture. Rather than
storing program code in generally-accessible memory
or storage, it is stored separately in a virtual ROM in-
teractable only through specialized instructions.
The machine can have exceptional execution for
several reasons, including stack underflows and invalid
instructions. Like the out-of-gas exception, they do
not leave state changes intact. Rather, the machine
halts immediately and reports the issue to the execu-
tion agent (either the transaction processor or, recur-
sively, the spawning execution environment) which will
deal with it separately.
3.7.1. Fees
Fees (denominated in gas) are charged under three
distinct circumstances, all three as prerequisite to the
execution of an operation.4 The first and most com-
mon is the fee intrinsic to the computation of the op-
eration. Secondly, gas may be deducted in order to
form the payment for a subordinate message call or
contract creation; this forms part of the payment for the
CREATE, CALL and CALLCODE operations. Finally,
gas may be paid due to an increase in the usage of the
memory.
Over an account’s execution, the total fee for
memory-usage payable is proportional to smallest mul-
tiple of 32 bytes that are required such that all memory
indices (whether for read or write) are included in the
range. This is paid for on a just-in-time basis; as such,
referencing an area of memory at least 32 bytes greater
than any previously indexed memory will certainly re-
sult in an additional memory usage fee. Due to this
fee it is highly unlikely that addresses will trend above
32-bit bounds.4
Implementations must be able to manage this
eventuality. Storage fees have a slightly nuanced be-
haviour to incentivize minimization of the use of storage
(which corresponds directly to a larger state database
on all nodes), the execution fee for an operation that
6
2019-08-15
clears an entry in the storage is not only waived, a
qualified refund is given; in fact, this refund is effec-
tively paid up-front since the initial usage of a storage
location costs substantially more than normal usage.4
3.8. Execution
The execution of a transaction defines the state tran-
sition function: stf. However, before any transaction
can be executed it needs to go through the initial tests
of intrinsic validity.
3.8.1. Intrinsic Validity
The criteria for intrinsic validity are as follows:
• The transaction follows the rules for well-formed
RLP (recursive length prefix.)
• The signature on the transaction is valid.
• The nonce on the transaction is valid, i.e. it is
equivalent to the sender account’s current nonce.
• The gas_limit is greater than or equal to the
intrinsic_gas used by the transaction.
• The sender’s account balance contains the cost
required in up-front payment.
3.8.2. Transaction Receipt
While the amount of gas used in the execution and
the accrued log items belonging to the transaction are
stored, information concerning the result of a trans-
action’s execution is stored in the transaction receipt
tx_receipt. The set of log events which are created
through the execution of the transaction, logs_set in
addition to the bloom filter which contains the actual
information from those log events logs_bloom are lo-
cated in the transaction receipt. In addition, the post-
transaction state post_transaction(state) and the
amount of gas used in the block containing the trans-
action receipt post(gas_used) are stored in the trans-
action receipt. As a result, the transaction receipt is a
record of any given execution.
3. Processing and Computation Beigepaper – v0.8.5
A valid transaction execution begins with a per-
manent change to the state: the nonce of the sender
account is increased by one and the balance is de-
creased by the collateral_gasa which is the amount
of gas a transaction is required to pay prior to its execu-
tion. The original transactor will differ from the sender
if the message call or contract creation comes from a
contract account executing code.
After a transaction is executed, there comes a
provisional state, which is a pre-final state. Gas
used for the execution of individual EVM opcodes prior
to their potential addition to the world_state creates:
• Provisional state.
• intrinsic gas, and
• an associated substate.
• The accounts tagged for self-destruction
following the transaction’s completion.
self_destruct(accounts)
• The logs_series, which creates checkpoints in
EVM code execution for frontend applications to
explore, and is made up of thelogs_set and
logs_bloom from the tx_receipt.
• The refund balance.b
Code execution always depletes gas. If gas runs
out, an out-of-gas error is signaled (oog) and the result-
ing state defines itself as an empty set; it has no effect
on the world state. This describes the transactional na-
ture of Ethereum. In order to affect the world state,
a transaction must go through completely or not at all.
3.8.3. Code Deposit
If the initialization code completes successfully, a final
contract-creation cost is paid, the code-deposit cost, c,
proportional to the size of the created contract’s code.
3.8.4. Execution Model
Basics : The stack-based virtual machine which lies
at the heart of the Ethereum and performs the actions
a Designated “intrinsic_gas” in the Yellowpaper
b The sstore operation increases the amount refunded by resetting contract storage to zero from some non-zero state.
7
2019-08-15
of a computer. This is actually an instantial runtime
that executes several substates, as EVM computation
instances, before adding the finished result, all calcu-
lations having been completed, to the final state via the
finalization function.
In addition to the system state and the
remaining gas for computation there are several
pieces of important information used in the execution
environment that the execution agent must provide:
• account_address, the address of the account
which owns the code that is executing.
• sender_address the sender address of the trans-
action that originated this execution.
• originator_price the price of gas in the trans-
action that originated this execution.
• input_data, a byte array that is the input data to
this execution; if the execution agent is a transac-
tion, this would be the transaction data.
• account_address the address of the account
which caused the code to be executing; if the ex-
ecution agent is a transaction, this would be the
transaction sender.
• newstate_value the value, in Wei, passed to this
account if the execution agent is a transaction,
this would be the transaction value.4
• code array the byte array that is the machine
code to be executed.4
• block_header the block header of the present
block.
• stack_depth the depth of the present message-
call or contract-creation (i.e. the number of CALLs
or CREATEs being executed at present).4
The execution model defines the state_transition
function, which can compute the resultant
state, the remaining_gas, the accrued_substate
and the resultant_output, given these defini-
tions. For the present context, we will define it
3. Processing and Computation Beigepaper – v0.8.5 2019-08-15

where the accrued substate is defined as the tu-
ple of the self-destructs_set, the log_series, the
touched_accounts and the refunds.4
3.8.5. Execution Overview
of two instructions, which evaluates to the according
value: otherwise In general, we assume the memory,
self-destruct set and system state don’t change: how-
ever, instructions do typically alter one or several com-
ponents of these values.

The execution_function, in most practical implemen-

Provisional State A smaller, temporary state that is
tations, will be modeled as an iterative progres-
generated during transaction execution. It contains
sion of the pair comprising the full system_state
three sets of data.a
and the machine_state. It’s defined recursively with
the iterator_function, which defines the result of
a single cycle of the state machine, together with 3.8.7. Message Calls
the halting_check function, which determines if the
A message call can come from a transaction or in-
present state is an exceptional halting state of the ma-
ternally from contract code execution. It contains the
chine and output_data of the instruction if the present
field data, which consists of user data input to a mes-
state is a controlled_halt of the machine. An empty
sage call. Messages allow communication between
sequence/series indicates that execution should halt,
accounts (whether contract or external.) Messages
while the empty set indicates that execution should
can come in the form of msg_calls which give out-
continue.
put data. If it is a contract account, this code gets
When evaluating execution, we extract the remain-
executed when the account receives a message call.
ing gas from the resultant machine state. It is thus
Message calls and contract creations are both transac-
cycled (recursively or with an iterative loop) until ei-
tions, but contract creations are never considered the
ther exceptional_halt becomes true indicating that
same as message calls. Message calls always trans-
the present state is exceptional and that the machine
fer some amount of value to another account. If the
must be halted and any changes discarded or until H
message call is an account creation transaction then
becomes a series (rather than the empty set) indicating
the value given takes on the role of an endowment
that the machine has reached a controlled halt.
towards the new account. Every time an account re-
The machine state is defined as the tuple which
ceives a message call it returns the body, something
are the gas available, the program counter, the
which is triggered by the init function. User data in-
memory contents, the active number of words in
put to a message_call, structured as an unlimited size
memory (counting continuously from position 0), and
byte-array.
the stack contents. The memory contents are a se-
ries of zeroes of size 2256 .4
Universal Gas Message calls always have a uni-
versally agreed-upon cost in gas. There is a strong
3.8.6. The Execution Cycle
distinction between contract creation transactions and
Stack items are added or removed from the left-most, message call transactions. Computation performed,
lower-indexed portion of the series; all other items re- whether it is a contract creation or a message call, rep-
main unchanged: The gas is reduced by the instruc- resents the currently legal valid state. There can be
tion’s gas cost and for most instructions, the program no invalid transactions from this point.4 There is also a
counter increments on each cycle, for the three ex- message call/contract creation stack. This stack has
ceptions, we assume a function J, subscripted by one a depth, depending on how many transactions are in
a The final state is reached after deleting all accounts that either appear in the self-destruct list or are touched and empty.

8
3. Processing and Computation Beigepaper – v0.8.5
it. Contract creations and message calls have entirely
different ways of executing, and are entirely different
in their roles in Ethereum. The concepts can be con-
flated. Message calls can result in computation that
occurs in the next state rather than the current one. If
an account that is currently executing receives a mes-
sage call, no code will execute, because the account
might exist but has no code in it yet. To execute a mes-
sage call transactions are required:
• sender
• transaction originator
• recipient
• account (usually the same as the recipient)
• available gas
• value
• gas price
• An arbitrary length byte-array. arb array
• present depth of the message call/contract cre-
ation stack.
3.8.8. Contract Creation
To initiate contract creation you need to send transac-
tion to nothing. This executes init and returns the
body. Init is executed only once at account_cre-
ation, and permanently discarded after that.
3.8.9. Execution Environment
The Ethereum Runtime Environment is the environ-
ment under which Autonomous Objects execute in the
EVM: the EVM runs as a part of this environment.
3.8.10. Big Endian Function
This function expands a positive-integer value to a big-
endian byte array of minimal length. When accompa-
nied by a · operator, it signals sequence concatenation.
The big_endian function accompanies RLP serializa-
tion and deserialization.
9
2019-08-15
3.9. Gas
Gas is the fundamental network cost unit converted to
and from ether as needed to complete the transaction
while it is sent. Gas is arbitrarily determined at the mo-
ment it is needed, by the block and according to the
total network’s miners decision to charge certain fees.
Each miner choose individually which gas prices they
want to accept and which they want to reject.
3.9.1. Gas Price/Gas Limit
Gas price is a value equal to the current limit of gas
expenditure per block, according to the miners. Any
unused gas is refunded to the sender. The canonical
gas limit of a block is expressed and is stabilized by the
time_stamp of the block.
Gas Price Stability Where new_header is the new
block’s header, but without the nonce and mix-hash
components, d being the current DAG, a large data
set needed to compute the mix-hash, and PoW is the
proof-of-work function this evaluates to an array with
the first item being the mix-hash, to prove that a cor-
rect DAG has been used, and the second item being a
pseudo-random number cryptographically dependent
on it. Given an approximately uniform distribution in
the range the expected time to find a solution is pro-
portional to the difficulty.4
This is the foundation of the security of the
blockchain and is the fundamental reason why a mali-
cious node cannot propagate newly created blocks that
would otherwise overwrite (“rewrite”) history. Because
the nonce must satisfy this requirement, and because
its satisfaction depends on the contents of the block
and in turn its composed transactions, creating new,
valid, blocks is difficult and, over time, requires approx-
imately the total compute power of the trustworthy por-
tion of the mining peers. Thus we are able to define
the block header validity function.
Gasused A value equal to the total gas used in trans-
actions in this block.
3. Processing and Computation Beigepaper – v0.8.5 2019-08-15

3.9.2. Machine State – false indicating in the run of computation, no

exceptions were signaled. If this value re-
The machine state is a tuple consisting of five ele-
mains false for the duration of the execution
ments:
until the set of transactions becomes a series
1. gas_available (rather than an empty set.) This means that
2. program_counter the machine has reached a controlled halt.

3. memory_contents A series of zeroes of size 2256

4. memory_words.count Substate A smaller, temporary state that is gener-
ated during transaction execution and runs parallel to
5. stack_contents
machine state. It contains three sets of data:
There is also, [to_execute]: the current operation
• The accounts tagged for self-destruction
to be executed
following the transaction’s completion.
self_destruct(accounts)
3.9.3. Exceptional Halting
• The logs_series, which creates checkpoints in
An exceptional halt may be caused by four conditions EVM code execution for frontend applications to
existing on the stack with regard to the next opcode in explore, and is made up of thelogs_set and l
line for execution: ogs_bloom from the tx_receipt.
• The refund balance.a
if
out_of_gas = true
or 3.9.4. EVM Code
bad_instruction = true
The bytecode that the EVM can natively execute. Used
or
to explicitly specify the meaning of a message to an ac-
bad_stack_size = true
count. A contract is a piece of EVM Code that may
or
be associated with an Account or an Autonomous Ob-
bad_jumpdest = true
ject. EVM Assembly is the human readable version of
then throw exception
EVM Code.
else exec opcode x
then init control_halt
3.10. Blocktree to Blockchain
Exceptional halts are reserved for opcodes that fail
to execute. They can never be caused through an op- The canonical blockchain is a path from root to leaf
code’s actual execution. through the entire block tree. In order to have consen-
sus over which path it is, conceptually we identify the
• The amount of remaining gas in each transac-
path that has had the most computation done upon
tion is extracted from information contained in the
it, or, the heaviest path. Clearly one factor that helps
machine_state
determine the heaviest path is the block number of the
• A simple iterative recursive loop4 with a Boolean leaf, equivalent to the number of blocks, not counting
value: the unmined genesis block, in the path. The longer
– true indicating that in the run of computation, the path, the greater the total mining effort that must
an exception was signaled have been done in order to arrive at the leaf. This is
a The sstore operation increases the amount refunded by resetting contract storage to zero from some non-zero state.

10
3. Processing and Computation Beigepaper – v0.8.5
akin to existing schemes, such as that employed in
Bitcoin-derived protocols. Since a block header in-
cludes the difficulty, the header alone is enough to
validate the computation done. Any block contributes
toward the total computation or total difficulty of a chain.
Thus we define the total difficulty of this_block re-
cursively by the difficulty of its parent block and the
block itself. The jobs of miners and validators are
as follows: Validate (or, if mining, determine)
ommers; validate (or, if mining, determine)
transactions; apply rewards; verify (or, if
mining, compute a valid) state and nonce.
3.11. Ommer Validation
The validation of ommer headers means nothing more
than verifying that each ommer header is both a valid
header and satisfies the relation of Nth-generation om-
mer to the present block. The maximum of ommer
headers is two.
3.12. Transaction Validation
The given gasUsed must correspond faithfully to the
transactions listed, the total gas used in the block, must
be equal to the accumulated gas used according to the
final transaction.
3.13. Reward Application
The application of rewards to a block involves rais-
ing the balance of the accounts of the beneficiary
address of the block and each ommer by a certain
amount. We raise the block’s beneficiary account; for
each ommer, we raise the block’s beneficiary by 1 an
additional 32 of the block reward and the beneficiary
of the ommer gets rewarded depending on the block
number. This constitutes the block_finalization
state_transition_function. If there are collisions
of the beneficiary addresses between ommers and the
block two ommers with the same beneficiary address
11
2019-08-15
or an ommer with the same beneficiary address as the
present block,
additions are applied cumulatively. The block re-
ward is three ether per block.
State & Nonce Validation The function that maps a
block B to its initiation state, that is, the hash of the
root node of a trie of state x. This value is stored in
the state database trivial and efficient since the trie is
by nature a resilient data structure. And finally define
the block_transition_function, which maps an in-
complete block to a complete block with a specified
dataset. As specified at the beginning of the present
work, the state_transition_function, which is de-
fined in terms of, the block_finalisation_function
and, the transaction_evaluation_function. As pre-
viously detailed, there is the nth corresponding status
code, logs and cumulative gas used after each trans-
action, the fourth component in the tuple, has already
been defined in terms of the logs).
The nth state is given from applying the correspond-
ing transaction to the state resulting from the previous
transaction (or the block’s initial state in the case of the
first BYZANTIUM VERSION 3475aa8 – 2018-01-26 14
such transaction): otherwise in certain cases there is
a similar approach defining each item as the gas used
in evaluating the corresponding transaction summed
with the previous item (or zero, if it is the first), giv-
ing us a running total: the function is used that was
defined in the transaction execution function. Finally
new state exists in the context of the block reward
function applied to the final transaction’s resultant
state, thus the complete block-transition mechanism,
less PoW, the proof-of-work function is defined.
3.14. Mining Proof-of-Work
Proof that a certain amount of mining has been done
exists as a cryptographic probability statement which
asserts beyond reasonable doubt that a particular
amount of computation has been expended in the
3. Processing and Computation Beigepaper – v0.8.5
determination of some token value pow_token. It is
utilised to enforce the security of the blockchain. Since
mined blocks produce a reward, the proof-of-work also
serves as a wealth distribution mechanism. For this
reason, the proof of work function is designed to be as
accessible as possible to as many people as possible.
A very basic application of this principle of acces-
sibility is found in combining the traditional Proof-of-
Work function with a Memory-Hardness function. By
forcing the hashing algorithm to use memory as well
as CPU, miners are more likely to use computers than
ASICs, meaning that ASIC efficiency will not obsolete
the person who wants to mine on their home com-
puter from participating in the mining process. To
make the Ethereum Blockchain ASIC resistant, the
Proof-of-Work mechanism has been designed to be
sequential and memory-hard. This means that the
nonce requires high amounts of memory and band-
width such that the memory cannot be used in paral-
lel to discover multiple nonces simultaneously. There-
fore, the proof-of-work function takes the form of 2256
the new block’s header but without the nonce and mix-
hash components. There is the header_nonce, and
data_set which are required to compute the mix hash
and block_difficulty, the difficulty value of the new
block. The proof-of-work function evaluates to an array
with the first item being the mix hash and the second
item being a pseudorandom number which is crypto-
graphically dependent on the header_nonce and the
data_set. The name for this algorithm is Ethash.
3.14.1. Ethash: Seed→Cache→Dataset→Slice
Ethash is the Proof-of-Work algorithm which was used
to launch the Ethereum network and bring it through its
first few releases. It is in the process of being gradually
phased out and replaced with a Proof-of-Stake model.
For now it is the latest version of Dagger-Hashimoto,
introduced by Vitalik Buterin. The general route that
the algorithm takes is as follows: There exists a seed
a Alternatively known as total_computation
12
2019-08-15
which can be computed for each block by scanning
through the block headers up until that point. From the
seed, one can compute a pseudorandom cache, that
is cache_init bytes in initial size. Light clients store
the cache. From the cache, a dataset is generated,
dataset_size bytes in initial size, with the property
that each item in the dataset depends on only a small
number of items from the cache. Full clients and min-
ers store the dataset. The dataset grows linearly with
time. Mining involves grabbing random slices of the
dataset and hashing them together. Verification can
be done with low memory by using the cache to regen-
erate the specific pieces of the dataset that you need,
so you only need to store the cache. The large dataset
is updated once every 1 epoch (10,000) blocks, so the
vast majority of a miner’s effort is spent on reading the
dataset, rather than on making changes to it.
3.14.2. Difficulty Mechanism
This mechanism enforces a relative predictability in
terms of the time-window between blocks; a smaller
period between the last two blocks results in an in-
crease in the difficulty level and thus additional com-
putation required, lengthening the next time-window.
Conversely, if the time-window is too large, the
difficulty is reduced, reducing the amount of time
to the next block. The total_difficultya is the
difficulty_state of the entire Ethereum blockchain.
The block_difficulty, in contrast, is not a state of
the blockchain, but is local–particular to each specific
block. You reach the total difficulty by summing the in-
dividual difficulty of all previous blocks and then adding
the difficulty of the present block.
The GHOST Protocol provides an alternative so-
lution to double-spend attacks from the original solution
in Satoshi Nakamoto’s Bitcoin Whitepaper. Nakamoto
solved the problem of double-spending by requiring the
network to agree on a single block in order to function.
For that reason, in the Bitcoin protocol, it’s impossi-
ble to submit a “double-spend” block without having at
3. Processing and Computation Beigepaper – v0.8.5 2019-08-15

least 50% of the network’s mining power to force the
longest chain. This is because the network automati-
cally chooses the longest chain. So even if one wanted
to submit two spend transactions in a row, the network
simply picks whichever one comes first, ignoring the
second because it no longer pertains to the longest
chain (which now contains the first block that was sent)
so the would-be hacker needs to submit a new block,
as the first double block is no longer feasible.
The “GHOST Protocol” (which stands for Greedy
Heaviest Object subTree) rather requires that miners
begin mining whichever chain the most other miners
are on. Because of differences in network propagation
of data about which miners are mining which block, this
has a tendency to create more uncles. Nevertheless,
in spite of the increased amount of uncle blocks, the
chain itself is equally secure, and this method allows
for higher throughput of transactions than Satoshi’s so-
lution to double-spending does.
state data. This would be a variation on a compres-
sion scheme.4
3.17. Scalability
Scalability is a constant concern. Because Ethereum’s
state transitions are so broad in terms of possible con-
tent, and because its applications and use-cases are
so numerous in the number of potential transactions re-
quired, scalability is inherently necessary for increased
transaction throughput and for more efficient storage
and traversal of the chain.
3.17.1. Sharding
Parallelization of transaction combination and block
building.
3.17.2. Casper
3.17.3. Plasma

3.15. Pseudorandom Numbers

Pseudo-random numbers may be generated by utiliz-
ing data which is generally unknowable at the time
of transacting. This constitutes anything based off
of factors which are unknowable under regular cir-
cumstances, but become knowable through the reg-
ular operation and growth of the chain. Such data
might include a current (or relatively current) block’s
hash, timestamp, or beneficiary address. The block-
hash opcode uses the previous 256 blocks as pseudo-
random numbers. One could further automate this ran-
domness by adding two blockhash operations and
hashing the result.

3.16. Chainsize Limits

The state database usually won’t store every single
tree structure in the history of the blockchain. One idea
has been proposed to simply maintain node check-
points for each age (10,000 blocks) and eventually dis-
card checkpoints which no longer contain necessary

13
A. EVM Opcodes5 Beigepaper – v0.8.5 2019-08-15

A. EVM Opcodes5

A.1. 0x10’s: Comparisons and Bitwise Logic Operations

Data Opcode Gas Input Output Description

0x00 STOP 0 0 0 Halts execution.
0x01 ADD 3 2 1 Addition operation.
0x02 MUL 5 2 1 Multiplication operation.
0x03 SUB 3 2 1 Subtraction operation.
0x04 DIV 5 2 1 Integer division operation.
0x05 SDIV 5 2 1 Signed integer division operation (trun-
cated.)
0x06 MOD 5 2 1 Modulo remainder operation.
0x07 SMOD 5 2 1 Signed modulo remainder operation.
0x08 ADDMOD 8 3 1 Modulo addition operation.
0x09 MULMOD 8 3 1 Modulo multiplication operation.
0x0a EXP 10 2 1 Exponential operation.
0x0b SIGNEXTEND 5 2 1 Extend the length of two’s complemen-
tary signed integer.
0x10 LT 3 2 1 Less-than comparison.
0x11 GT 3 2 1 Greater-than comparison.
0x12 SLT 3 2 1 Signed less-than comparison.
0x13 SGT 3 2 1 Signed greater-than comparison.
0x14 EQ 3 2 1 Equality comparison.
0x15 ISZERO 3 1 1 Simple not operator.
0x16 AND 3 2 1 Bitwise and operation.
0x17 OR 3 2 1 Bitwise or operation.
0x18 XOR 3 2 1 Bitwise xor operation.
0x19 NOT 3 1 1 Bitwise not operation.
0x1a BYTE 3 2 1 Retrieve single byte from word.

A.2. 0x20’s: SHA3

Data Opcode Gas Input Output Description

0x20 SHA3 30 2 1 Compute a Keccak-256 hash.

A.3. 0x30’s: Environmental Information

Data Opcode Gas Input Output Description

0x30 ADDRESS 2 0 1 Get the address of the currently execut-
ing account.

14
A. EVM Opcodes5 Beigepaper – v0.8.5 2019-08-15

0x31 BALANCE 400 1 1 Get the balance of the given account.

0x32 ORIGIN 2 0 1 Get execution origination address. This
is always the original sender of a trans-
action, never a contract account.
0x33 CALLER 2 0 1 Get caller address. This is the address
of the account that is directly responsi-
ble for this execution.
0x34 CALLVALUE 2 0 1 Get deposited value by the instruction/-
transaction responsible for this execu-
tion.
0x35 CALLDATALOAD 3 1 1 Get input data of the current environ-
ment.
0x36 CALLDATASIZE 2 0 1 Get size of input data in current en-
vironment. This refers to the optional
data field that can be passed with a
message call instruction or transaction.
0x37 CALLDATACOPY 3 3 0 Copy input data in the current environ-
ment to memory. This refers to the op-
tional data field passed with the mes-
sage call instruction or transaction.
0x38 CODESIZE 2 0 1 Get size of code running in the current
environment.
0x39 CODECOPY 3 3 0 Copy the code running in the current
environment to memory.
0x3a GASPRICE 2 0 1 Get the price of gas in the current envi-
ronment. This is the gas price specified
by the originating transaction.
0x3b EXTCODESIZE 700 1 1 Get the size of an account’s code.
0x3c EXTCODECOPY 700 4 0 Copy an account’s code to memory.
0x3d RETURNDATA- 2 0 1
SIZE
0x3e RETURNDATA- 3 3 0
COPY

A.4. 0x40’s: Block Data

Data Opcode Gas Input Output Description

0x40 BLOCKHASH 20 1 1 Get the hash of one of the 256 most re-
cent blocks. a
0x41 COINBASE 2 0 1 Look up a block’s beneficiary address
by its hash.
aA value of 0 is left on the stack if the block number is more than 256 in number behind the current one, or if it is a number greater than the current one.

15
A. EVM Opcodes5 Beigepaper – v0.8.5 2019-08-15

0x42 TIMESTAMP 2 0 1 Look up a block’s timestamp by its

hash.
0x43 NUMBER 2 0 1 Look up a block’s number by its hash.
0x44 DIFFICULTY 2 0 1 Look up a block’s difficulty by its hash.
0x45 GASLIMIT 2 0 1 Look up a block’s gas limit by its hash.

A.5. 0x50’s: Stack, memory, storage, and flow operations.

Data Opcode Gas Input Output Description

0x50 POP 2 1 0 Removes an item from the stack.
0x51 MLOAD 3 1 1 Load a word from memory.
0x52 MSTORE 3 2 0 Save a word to memory.
0x53 MSTORE8 3 2 0 Save a byte to memory.
0x54 SLOAD 200 1 1 Load a word from storage.
0x55 SSTORE 5,000 – 20,000 2 0 Save a word to storage.
0x56 JUMP 8 1 0 Alter the program counter.
0x57 JUMPI 10 2 0 Conditionally alter the program counter.
0x58 PC 2 0 1 Look up the value of the program
counter prior to the increment resulting
from this instruction.
0x59 MSIZE 2 0 1 Get the size of active memory in bytes.
0x5a GAS 2 0 1 Get the amount of available gas, includ-
ing the corresponding reduction for the
cost of this instruction.
0x5b JUMPDEST 1 0 0 Mark a valid destination for jumps. a

A.6. 0x60-70’s: Push Operations

Data Opcode Gas Input Output Description

0x60 PUSH1 - 0 1 Place a 1-byte item on the stack.
0x61 PUSH2 - 0 1 Place a 2-byte item on the stack.
0x62 PUSH3 - 0 1 Place a 3-byte item on the stack.
0x63 PUSH4 - 0 1 Place a 4-byte item on the stack.
0x64 PUSH5 - 0 1 Place a 5-byte item on the stack.
0x65 PUSH6 - 0 1 Place a 6-byte item on the stack.
0x66 PUSH7 - 0 1 Place a 7-byte item on the stack.
0x67 PUSH8 - 0 1 Place a 8-byte item on the stack.
0x68 PUSH9 - 0 1 Place a 9-byte item on the stack.
0x69 PUSH10 - 0 1 Place a 10-byte item on the stack.
0x6a PUSH11 - 0 1 Place a 11-byte item on the stack.
a This operation has no effect on the machine_state during execution.

16
A. EVM Opcodes5 Beigepaper – v0.8.5 2019-08-15

0x6b PUSH12 - 0 1 Place a 12-byte item on the stack.

0x6c PUSH13 - 0 1 Place a 13-byte item on the stack.
0x6d PUSH14 - 0 1 Place a 14-byte item on the stack.
0x6e PUSH15 - 0 1 Place a 15-byte item on the stack.
0x6f PUSH16 - 0 1 Place a 16-byte item on the stack.
0x70 PUSH17 - 0 1 Place a 17-byte item on the stack.
0x71 PUSH18 - 0 1 Place a 18-byte item on the stack.
0x72 PUSH19 - 0 1 Place a 19-byte item on the stack.
0x73 PUSH20 - 0 1 Place a 20-byte item on the stack.
0x74 PUSH21 - 0 1 Place a 21-byte item on the stack.
0x75 PUSH22 - 0 1 Place a 22-byte item on the stack.
0x76 PUSH23 - 0 1 Place a 23-byte item on the stack.
0x77 PUSH24 - 0 1 Place a 24-byte item on the stack.
0x78 PUSH25 - 0 1 Place a 25-byte item on the stack.
0x79 PUSH26 - 0 1 Place a 26-byte item on the stack.
0x7a PUSH27 - 0 1 Place a 27-byte item on the stack.
0x7b PUSH28 - 0 1 Place a 28-byte item on the stack.
0x7c PUSH29 - 0 1 Place a 29-byte item on the stack.
0x7d PUSH30 - 0 1 Place a 30-byte item on the stack.
0x7e PUSH31 - 0 1 Place a 31-byte item on the stack.
0x7f PUSH32 - 0 1 Place a 32-byte item on the stack.

A.7. 0x80’s: Duplication Operations

Data Opcode Gas Input Output Description

0x80 DUP1 - 1 2 Duplicate the 1st item in the stack.
0x81 DUP2 - 2 3 Duplicate the 2nd item in the stack.
0x82 DUP3 - 3 4 Duplicate the 3rd item in the stack.
0x83 DUP4 - 4 5 Duplicate the 4th item in the stack.
0x84 DUP5 - 5 6 Duplicate the 5th item in the stack.
0x85 DUP6 - 6 7 Duplicate the 6th item in the stack.
0x86 DUP7 - 7 8 Duplicate the 7th item in the stack.
0x87 DUP8 - 8 9 Duplicate the 8th item in the stack.
0x88 DUP9 - 9 10 Duplicate the 9th item in the stack.
0x89 DUP10 - 10 11 Duplicate the 10th item in the stack.
0x8a DUP11 - 11 12 Duplicate the 11th item in the stack.
0x8b DUP12 - 12 13 Duplicate the 12th item in the stack.
0x8c DUP13 - 13 14 Duplicate the 13th item in the stack.
0x8d DUP14 - 14 15 Duplicate the 14th item in the stack.
0x8e DUP15 - 15 16 Duplicate the 15th item in the stack.
0x8f DUP16 - 16 17 Duplicate the 16th item in the stack.

17
A. EVM Opcodes5 Beigepaper – v0.8.5 2019-08-15

A.8. 0x90’s: Swap Operations

Data Opcode Gas Input Output Description

0x90 SWAP1 - 2 2 Exchange the 1st and 2nd stack items.
0x91 SWAP2 - 3 3 Exchange the 1st and 3rd stack items.
0x92 SWAP3 - 4 4 Exchange the 1st and 4th stack items.
0x93 SWAP4 - 5 5 Exchange the 1st and 5th stack items.
0x94 SWAP5 - 6 6 Exchange the 1st and 6th stack items.
0x95 SWAP6 - 7 7 Exchange the 1st and 7th stack items.
0x96 SWAP7 - 8 8 Exchange the 1st and 8th stack items.
0x97 SWAP8 - 9 9 Exchange the 1st and 9th stack items.
0x98 SWAP9 - 10 10 Exchange the 1st and 10th stack items.
0x99 SWAP10 - 11 11 Exchange the 1st and 11th stack items.
0x9a SWAP11 - 12 12 Exchange the 1st and 12th stack items.
0x9b SWAP12 - 13 13 Exchange the 1st and 13th stack items.
0x9c SWAP13 - 14 14 Exchange the 1st and 14th stack items.
0x9d SWAP14 - 15 15 Exchange the 1st and 15th stack items.
0x9e SWAP15 - 16 16 Exchange the 1st and 16th stack items.
0x9f SWAP16 - 17 17 Exchange the 1st and 17th stack items.

A.9. 0xa0’s: Logging Operations

Data Opcode Gas Input Output Description

0xa0 LOG0 375 2 0 Append log record with 0 topics.
0xa1 LOG1 750 3 0 Append log record with 1 topic.
0xa2 LOG2 1125 4 0 Append log record with 2 topic.
0xa3 LOG3 1500 5 0 Append log record with 3 topic.
0xa4 LOG4 1875 6 0 Append log record with 4 topic.

A.10. 0xf0’s: System Operations

Data Opcode Gas Input Output Description

0xf0 CREATE 32000 3 1 Create a new contract account.
Operand order is: value, input offset,
input size.
0xf1 CALL 700 7 1 Message-call into an account. The
operand order is: gas, to, value, in off-
set, in size, out offset, out size.

18
A. EVM Opcodes5 Beigepaper – v0.8.5 2019-08-15

0xf2 CALLCODE 700 7 1 Message-call into this account with an

alternative account’s code. Exactly
equivalent to CALL, except the recipi-
ent is the same account as at present,
but the code is overwritten.
0xf3 RETURN 0 2 0 Halt execution, then return output data.
This defines the output at the moment
of the halt.
0xf4 DELEGATECALL 700 6 1 Message-call into this account with an
alternative account’s code, but with per-
sisting values for sender and value.
DELEGATECALL takes one less argu-
ment than CALL. This means that the
recipient is in fact the same account as
at present, but that the code is overwrit-
ten and the context is almost entirely
identical.
0xfa STATICCALL 40 6 1 -
0xfd REVERT 0 2 0 -
0xfe INVALID - 1 0 Designated invalid instruction.
0xff SELFDESTRUCT 5000 1 0 Halt execution and register the account
for later deletion.

19
A. References Beigepaper – v0.8.5 2019-08-15

References
[1] W. contributors, Tree (data structure) — wikipedia,
the free encyclopedia, [Online; accessed
15-December-2017], 2017. [Online]. Available:
https : / / en . wikipedia . org / w / index . php ?
title = Tree _ (data _ structure ) %5C & oldid =
813972413 (cit. on p. 2).

[2] E. Foundation, Pyrlp tutorial, 2015. [Online]. Avail-

able: https://github.com/jnnk/pyrlp/blob/
master/docs/tutorial.rst (cit. on p. 3).

[3] ——, Ethereum whitepaper, https : / / github .

com/ethereum/wiki/wiki/White-Paper, 2017
(cit. on p. 3).

[4] D. G. Wood, Ethereum: A secure decentralised

generalised transaction ledger, https://github.
com/ethereum/yellowpaper, 2017 (cit. on pp. 3,
4, 6–10, 13).

[5] V. Buterin, Pyethereum source, https : / / www .

github.com/ethereum/pyethereum/ethereum/
opcodes.py, 2017 (cit. on pp. 14–19).

20
Glossary
Glossary
account state The state of a particular account–a
section of the total world state. Comprises: the
nonce, balance, storage root, and code hash
of the account. 21
addresses 20 character strings, specifically the right-
most 20 characters of the Keccak-256 hash of
the RLP-derived mapping which contains the
sender’s address and the nonce of the block. 21
beneficiary The 20-character (160-bit) address to
which all fees collected from the successful min-
ing of a block are transferred. 21
block header All the information in a block besides
transaction information. 21
Contract A piece of EVM Code that may be associ-
ated with an Account or an Autonomous Object.
21
Cryptographic hashing functions Hash functions
make secure blockchains possible by establish-
ing universal inputs for which there are limited,
usually only one, possible output yet that output
is unique. 21
Ethereum Runtime Environment The environment
which is provided to an Autonomous Object ex-
ecuting in the EVM. Includes the EVM but also
the structure of the world state on which the re-
lies for certain I/O instructions including CALL &
CREATE. 21
EVM Assembly The human readable version of EVM
code. 21
EVM Code The bytecode that the EVM can natively
execute. Used to formally specify the meaning
and ramifications of a message to an Account. 21
aA particular path from root to leaf in the state database
Beigepaper – v0.8.5 2019-08-15
Gas The fundamental network cost unit; gas is paid
for exclusively by ether. 21
Message Data (as a set of bytes) and Value (specified
in Wei) that is passed between two accounts. 21
serialization Serialization is the process of converting
an object into a stream of bytes in order to store
the object or transmit it to memory, a database,
or a file. Its main purpose is to save the machine
state of an object in order to be able to recreate it
when needed. 21
state machine The term State Machine is reserved
for any simple or complex process that moves de-
terministically from one discrete state to the next.
21
state database A database stored off-chain, [i.e. on
the computer of some user running an Ethereum
client] which contains a radix tree mapping bytear-
rays (organized chunks of binary data) to other
bytearrays. The relationships between each node
on this trie constitutes a mapping of Ethereum’s
state. 1, 4, 13, 21
storage root One aspect of an account’s state: this
is the hash of the triea that decides the storage
contents of the account. 21
Storage State The information particular to a given
account that is maintained between the times that
the account’s associated EVM Code runs. 21
transaction A piece of data, signed by an External Ac-
tor. It represents either a Message or a new Au-
tonomous Object. Transactions are recorded into
each block of the blockchain. 21
Acronyms
ERE Ethereum Runtime Environment. 21
EVM Ethereum Virtual Machine. 21
RLP Recursive Length Prefix. 21
21
A. Index Beigepaper – v0.8.5 2019-08-15

Index
160 bit, 5 block header, 3, 7
256 bit, 4, 5 block header validity function, 9
50% attack, 13 block number, 4, 11
block reward, 5, 11
abstract state-machine, 1 block reward function, 11
account, 9 block rewards, 3
account address, 7 BLOCKHASH, 13
account addresses, 2 body, 9
account balance, 4 branch node, 2
account body, 4 byte array, 5
account code hash, 4 byzantium, 4
account creation, 4, 9
account init, 4 cache, 12
account nonce, 4 canonical blockchain, 11
account state, 4 canonical gas, 9
account states, 2 casper, 13
account storage root, 4 certainty, 1
accrued substate, 8 checkpoint nodes, 13
accumulated gas used, 11 checkpoints, 10
age, 13 child node, 2
ancestor node, 2 code array, 7
apply rewards, 5, 11 collisions, 11
arbitrarily determined, 9 complete block, 11
arbitrary length byte-array, 9 computation, 9
asic resistant, 12 computation of operation, 6
autonomous objects, 9 compute valid nonce, 11
available gas, 9 compute valid state, 11
contract creation, 4, 9
balance, 1 contract creation stack, 9
beneficiary, 3 contract creation transactions, 9
beneficiary address, 11 controlled halt, 10
big endian, 3 correct DAG, 9
big endian function, 9 cumulative difficulty, 12
Bitcoin, 1 cumulative gas, 11
Bitcoin Whitepaper, 13
block, 9 DAG, 9
block beneficiary, 5 data structure, 2
block composition, 3 dataset, 12
block contents, 9 dataset slice, 13
block difficulty, 12 descendant node, 2
block finalization state transition function, 11 deserialization, 5, 9

22
Index Beigepaper – v0.8.5 2019-08-15

deterministic, 1 gas deducted, 6

difficulty, 3, 9 gas expenditure per block, 9
difficulty bomb, 4 gas limit, 3, 5, 6
difficulty mechanism, 12 gas paid for increased use of memory, 6
discard nodes, 13 gas price, 5, 6, 9
double-spend problem, 13 gas refund clearing space, 6
dynamic difficulty homeostasis, 4 gas used, 3, 6, 9, 11
genesis block, 11
EIP 100, 4 genesis difficulty, 4
EIP 2, 4 GHOST protocol, 13
EIP 649, 4 global state database, 3
elliptic curve , 5
elliptic curve computation, 5 halting function, 8
elliptic curve cryptography, 5 halting state, 8
empty byte-array, 3 hash scheme, 5
empty byte-sequence, 9 heaviest path, 11
empty set, 10 homestead, 4
ere, 9 homestead difficulty parameter, 4
ethash, 12
ice age, 4
ether, 1
incomplete block, 11
ethereum runtime environment, 9
init, 8, 9
EVM, 5
input data, 7
EVM assembly, 10
inspection of data, 3
EVM code, 10
instantial runtime, 7
evm computation instances, 7
intrinsic validity, 6
exceptional halt, 6, 8
invalid instruction, 6
executed, 1
iterative progression, 8
execution, 6
iterator function, 8
execution environment, 7
execution function, 8 keccak 256, 3, 5
execution model, 8
explicitly specify meaning, 10 leaf node, 2, 4
exponential difficulty increase, 4 ledger, 1
extra data, 3 log events, 6
extract remaining gas, 8 log items, 6
log series, 8
fees, 6 logs bloom, 3, 10
finalization function, 7 logs series, 10
Finney, 1 logs set, 10
forest, 2 longest chain, 13

gas, 6, 9 machine halt, 6

gas available, 10 machine instructions, 1

23
Index Beigepaper – v0.8.5 2019-08-15

machine state, 5, 10 ommer headers, 11

machine storage, 5 ommer validation, 11
mapping, 2 ommers hash, 3
mapping between account states, 3 opcodes, 1
mapping between addresses, 3 originator price, 7
memory, 5 out-of-gas, 6
memory contents, 10
memory model, 5 parent hash, 3
memory model volatility of, 5 parent node, 2
memory size, 5 payment, 6
memory stack, 5 plasma, 13
memory usage fee, 6 positive integer, 9
memory word count, 10 post transaction state, 6
merkle-patricia trees, 2 present depth, 9
merkle-patricia tries, 2 probability statement, 12
merkletrees, 2 program counter, 10
message call, 6, 8, 9 proof-of-work, 12
message call transactions, 9 pseudocode, 1
miner choice, 9 pseudorandom number generation, 13
miners, 9
receipts root, 3
minimize storage use, 6
recipient, 9
mining, 1
refunded, 9
mining effort, 11
refunds, 8
mix hash, 3, 9, 12
remaining gas, 7, 8
modified merkletrees, 2
report exception, 6
native currency, 1 resultant output, 8
natively execute, 10 resultant state, 8
nested binary data, 3 RLP, 2, 3
network cost unit, 9 rlp, 9
newstate value, 7 RLP encodes as byte-arrays, 3
no leading zeroes, 3 RLP integers, 3
node depth, 2 root node, 2, 4
node height, 2
node operator computer, 3 Satoshi Nakamoto, 13
non empty deserialized integer, 3 scalability, 13
non-standard architecture, 6 seed, 12
nonce, 3, 9 self-destructs set, 8
nonce validation, 11 sender, 9
number, 3 sender account, 6
sender address, 7
ommer, 11 sequence concatenation, 9
ommer block headers, 4 serialization, 5, 9

24
Index Beigepaper – v0.8.5 2019-08-15

sharding, 13 transaction series, 10

sibling node, 2 transaction signature, 6
singleton, 1 transaction validation, 11
slice, 12 transactions, 11
speedy traversal of data, 3 transactions root, 3
stack based, 5, 7 tree arbitrary depth, 3
stack based architecture, 5 tree database, 2
stack contents, 10 tree degree, 2
stack underflow, 6 tree edge, 2
state database, 4, 13 tree height, 2
state machine cycle, 8 tree level, 2
state root, 3 tree path, 2
state transition, 5 trie database, 2
state transition function, 8 trusted, 1
state unchanged, 6
status code, 11 universal gas, 9
storage model, 5 unstoppable, 1
substates, 7 unused gas, 9
system state, 5, 7 upfront payment, 6
Szabo, 1
valid header, 11
valid state, 9
tagged for self destruction, 10
value, 5, 9
time stamp, 9
verification, 5
timestamp, 3
virtual machine, 1, 7
timestamped, 1
virtual ROM, 6
to, 5
to execute, 10 Wei, 1
total difficulty, 12 wei, 4
total fee, 6 well defined memory, 6
total gas used, 11 well defined storage, 6
totaly difficulty, 11 well-formed RLP, 6
touched accounts, 8 word addressable, 5
transaction, 5 word addressed, 5
transaction execution, 6 word array, 5
transaction execution function, 11 word size, 5
transaction nonce, 6 world state, 2
transaction originator, 9
transaction receipt, 6, 10 Yellowpaper, 1

25