From 1b461ca5be841abed53d5fc1572dea63451dc18e Mon Sep 17 00:00:00 2001 From: Luke Parker Date: Tue, 19 Jul 2022 22:35:09 -0400 Subject: [PATCH] Split Validators and Consensus docs --- docs/protocol/Consensus.md | 17 +++++++++++++++++ docs/protocol/Validators.md | 18 ------------------ 2 files changed, 17 insertions(+), 18 deletions(-) create mode 100644 docs/protocol/Consensus.md diff --git a/docs/protocol/Consensus.md b/docs/protocol/Consensus.md new file mode 100644 index 00000000..4006a7ec --- /dev/null +++ b/docs/protocol/Consensus.md @@ -0,0 +1,17 @@ +# Consensus + +Consensus is a modified Aura implementation with the following notes: + +- Stateful nodes exist in two forms. Contextless and contextual. +- Context is inserted by external programs which are run under the same umbrella as the node and trusted. +- Contextless nodes do not perform verification beyond technical validity on `Oraclization` and `Report`. +- Contextual nodes do perform verification on `Oraclization` and `Report` and will reject transactions which do not represent the actual context. +- If a block is finalized under Aura, contextual checks are always stated to be passing, even if the local context conflicts with it. + +Since validators will not accept a block which breaks context, it will never be finalized, bypassing the contextual checks. If validators do finalize a block which seemingly breaks context, the majority of validators are saying it doesn't, signifying a locally invalid context state (perhaps simply one which is behind). By disabling contextual checks accordingly, nodes can still keep up to date with the chain and validate/participate in other contextual areas (assuming only one local contextual area is invalid). + +By moving context based checks into consensus itself, we allow transforming the `Oraclization` and `Report` messages into a leader protocol. Instead of every validator publishing their own message and waiting for the chain's implementation to note 66% of the weight agrees on the duplicated messages, the validators agreeing on the block, which already happens under BFT consensus, ensures message accuracy. + +Aura may be further optimizable by moving to either BLS or FROST signatures. BLS is easy to work with yet has a significance performance overhead. Considering we already have FROST, it may be ideal to use, yet it is a 2-round protocol which exponentially scales for key generation. While GRANDPA, an alternative consensus protocol, is 2-round and therefore could be seamlessly extended with FROST, it's not used here as it finalizes multiple blocks at a time. Given the contextual validity checks, it's simplest to finalize each block on their own to prevent malicious/improper chains from growing too large. + +If the complexity challenge can be overcame, BABE's VRF selecting a block producer should be used to limit DoS attacks. The main issue is that BABE is traditionally partnered with GRANDPA and represents a more complex system than Aura. Further research is needed here. diff --git a/docs/protocol/Validators.md b/docs/protocol/Validators.md index c6eac8a9..d71258f3 100644 --- a/docs/protocol/Validators.md +++ b/docs/protocol/Validators.md @@ -21,21 +21,3 @@ Ideally, a DPoS system will eventually be possible where stake takes a variadic # Report (message) `Report` reports a validator for malicious or invalid behavior. This may be publishing a false `Oraclization` or failing to participate as expected. These apply a penalty to the validator's assigned rewards, which is distinct from the bond which must be kept as a multiple of 1m. If the amount deducted exceeds their assigned rewards, they are scheduled for removal with an appropriately reduced bond. - -# Consensus - -Consensus is a modified Aura implementation with the following notes: - -- Stateful nodes exist in two forms. Contextless and contextual. -- Context is inserted by external programs which are run under the same umbrella as the node and trusted. -- Contextless nodes do not perform verification beyond technical validity on `Oraclization` and `Report`. -- Contextual nodes do perform verification on `Oraclization` and `Report` and will reject transactions which do not represent the actual context. -- If a block is finalized under Aura, contextual checks are always stated to be passing, even if the local context conflicts with it. - -Since validators will not accept a block which breaks context, it will never be finalized, bypassing the contextual checks. If validators do finalize a block which seemingly breaks context, the majority of validators are saying it doesn't, signifying a locally invalid context state (perhaps simply one which is behind). By disabling contextual checks accordingly, nodes can still keep up to date with the chain and validate/participate in other contextual areas (assuming only one local contextual area is invalid). - -By moving context based checks into consensus itself, we allow transforming the `Oraclization` and `Report` messages into a leader protocol. Instead of every validator publishing their own message and waiting for the chain's implementation to note 66% of the weight agrees on the duplicated messages, the validators agreeing on the block, which already happens under BFT consensus, ensures message accuracy. - -Aura may be further optimizable by moving to either BLS or FROST signatures. BLS is easy to work with yet has a significance performance overhead. Considering we already have FROST, it may be ideal to use, yet it is a 2-round protocol which exponentially scales for key generation. While GRANDPA, an alternative consensus protocol, is 2-round and therefore could be seamlessly extended with FROST, it's not used here as it finalizes multiple blocks at a time. Given the contextual validity checks, it's simplest to finalize each block on their own to prevent malicious/improper chains from growing too large. - -If the complexity challenge can be overcame, BABE's VRF selecting a block producer should be used to limit DoS attacks. The main issue is that BABE is traditionally partnered with GRANDPA and represents a more complex system than Aura. Further research is needed here.