mirror of
https://github.com/serai-dex/serai.git
synced 2024-12-23 03:59:22 +00:00
24 lines
1.3 KiB
Markdown
24 lines
1.3 KiB
Markdown
|
Upon an issue with the DKG, the honest validators must remove the malicious
|
||
|
validators. Ideally, a threshold signature would be used, yet that would require
|
||
|
a threshold key (which would require authentication by a MuSig signature). A
|
||
|
MuSig signature which specifies the signing set (or rather, the excluded
|
||
|
signers) achieves the most efficiency.
|
||
|
|
||
|
While that resolves the on-chain behavior, the Tributary also has to perform
|
||
|
exclusion. This has the following forms:
|
||
|
|
||
|
1) Rejecting further transactions (required)
|
||
|
2) Rejecting further participation in Tendermint
|
||
|
|
||
|
With regards to rejecting further participation in Tendermint, it's *ideal* to
|
||
|
remove the validator from the list of validators. Each validator removed from
|
||
|
participation, yet not from the list of validators, increases the likelihood of
|
||
|
the network failing to form consensus.
|
||
|
|
||
|
With regards to the economic security, an honest 67% may remove a faulty
|
||
|
(explicitly or simply offline) 33%, letting 67% of the remaining 67% (4/9ths)
|
||
|
take control of the associated private keys. In such a case, the malicious
|
||
|
parties are defined as the 4/9ths of validators with access to the private key
|
||
|
and the 33% removed (who together form >67% of the originally intended
|
||
|
validator set and have presumably provided enough stake to cover losses).
|