Ecosystem/serai
Ecosystem/serai
1
0
Fork 0
mirror of https://github.com/serai-dex/serai.git synced 2024-11-16 17:07:35 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1
serai/spec/protocol/Validator Sets.md
Luke Parker a3a009a7e9
Move docs to spec
2024-03-11 17:55:05 -04:00

2.5 KiB
Raw Blame History

Validator Sets

Validator Sets are defined at the protocol level, with the following parameters:

  • network (NetworkId): The network this validator set operates over.
  • allocation_per_key_share (Amount): Amount of stake needing allocation in order to receive a key share.

Participation in Consensus

The validator set for NetworkId::Serai participates in Serai's own consensus, producing and finalizing blocks.

Multisig

Every Validator Set is expected to form a t-of-n multisig, where n is the amount of key shares in the Validator Set and t is n * 2 / 3 + 1, for each of its networks. This multisig is secure to hold coins valued at up to 33% of the Validator Set's allocated stake. If the coins exceed that threshold, there's more value in the multisig and associated liquidity pool than in the supermajority of allocated stake securing them both. Accordingly, it'd be no longer financially secure, and it MUST reject newly added coins.

Multisig Creation

Multisigs are created by Processors, communicating via their Coordinators. They're then confirmed on chain via the validator-sets pallet. This is done by having 100% of participants agree on the resulting group key. While this isn't fault tolerant regarding liveliness, a malicious actor who forces a t-of-n multisig to be t-of-n-1 reduces the fault tolerance of the created multisig which is a greater issue. If a node does prevent multisig creation, other validators should issue slashes for it/remove it from the Validator Set entirely.

Placing the creation on chain also solves the question of if the multisig was successfully created or not. Processors cannot simply ask each other if they succeeded without creating an instance of the Byzantine Generals Problem. Placing results within a Byzantine Fault Tolerant system resolves this.

Multisig Rotation

Please see processor/Multisig Rotation.md for details on the timing.

Once the new multisig publishes its first Batch, the old multisig's keys are cleared and the set is considered retired. After a one-session cooldown period, they may deallocate their stake.

Set Keys (message)

  • network (Network): Network whose key is being set.
  • key_pair (KeyPair): Key pair being set for this Session.
  • signature (Signature): A MuSig-style signature of all validators, confirming this key.