mirror of
https://github.com/serai-dex/serai.git
synced 2024-11-16 17:07:35 +00:00
23 lines
1.3 KiB
Markdown
23 lines
1.3 KiB
Markdown
Upon an issue with the DKG, the honest validators must remove the malicious
|
|
validators. Ideally, a threshold signature would be used, yet that would require
|
|
a threshold key (which would require authentication by a MuSig signature). A
|
|
MuSig signature which specifies the signing set (or rather, the excluded
|
|
signers) achieves the most efficiency.
|
|
|
|
While that resolves the on-chain behavior, the Tributary also has to perform
|
|
exclusion. This has the following forms:
|
|
|
|
1) Rejecting further transactions (required)
|
|
2) Rejecting further participation in Tendermint
|
|
|
|
With regards to rejecting further participation in Tendermint, it's *ideal* to
|
|
remove the validator from the list of validators. Each validator removed from
|
|
participation, yet not from the list of validators, increases the likelihood of
|
|
the network failing to form consensus.
|
|
|
|
With regards to the economic security, an honest 67% may remove a faulty
|
|
(explicitly or simply offline) 33%, letting 67% of the remaining 67% (4/9ths)
|
|
take control of the associated private keys. In such a case, the malicious
|
|
parties are defined as the 4/9ths of validators with access to the private key
|
|
and the 33% removed (who together form >67% of the originally intended
|
|
validator set and have presumably provided enough stake to cover losses).
|