Casper Research

Security modelling

Projection of deposit amounts

From projections of total Validator revenues

in-protocol revenues (fees + issuance)

Target amount bonded

Auction mechanism for bonding rate

if it gets gamed, then there might be too much issuance

Reducing return in amount bonded

introduces censorship risk

Target issuance + fees

fixed inflation

may be over paying, no price discovery

auction mechanism

Fees only

definite price discovery

free p2p validator2user market

mandatory in-protocol minimum gasprice

redistributed

burned

gives anti-Sybil measure on users

useful for signaling? governance?

maybe insufficient deposits in this model?

market capitalization

user cost vs cost to coin holders

extra-protocol fees (subscriptions?)

Bribes

From projections of Validator costs

Operating costs

Cost of capital

how (if at all) do we want to eventually measure this?

Infer from amount bonded in auction

Give a risk-free opportunity to stake

Speculators who are longer ether have lower CoC

cost of electrical, capital and maintenance

cost of security devices and/or consulting

cost of bandwidth

In-protocol penalties

Attack + Behavioural models

Attacker modelling

Attacker profiles

State attacker

argument about whether it's worth taking seriously

Criminal organizations

Miners/Validators

Crisis speculators

Random attacker

power law distribution budget

Poisson process attack times

Attacker motivations

Extra-protocol profit from attack

shorting cryptocurrency

Bribes

Anti-competitive behaviour

Power through censorship

Self/collective defense

Attack modelling

External attacks

Buying enough bonds to attack

Buying some bonds + griefing until majority achieved

Technical fault attacks

Byzantine faults

Crash faults

Network asynchrony

Incentivized attacks

Game theory

In independent choice

Agent based/evolutionary modelling

Nash Equilibrium

With bribing

How much does it cost to cause failure?

Liveness failures

Safety failures

Selfish (mining) behaviour

Coordinated choice

Fairness

Shapely values

Greifing

Stability

Strong Nash equilibrium

Core

Coalition-proof Nash equilibrium

Market models

Perfectly competitive markets

No coordination between validators

Nash equilibrium

Evolutionary models

No significant market concentration

Efficient market equilibrium

Oligopolistic markets

Not perfect competition

Coordination between Validators is possible

The Cartel model

What is the in-protocol cost/benefit to cartel of attacking?

Liveness failures

Censorship

Cost of penalties due to censorship

Increased returns from censorship

Preventing consensus

Revenue from preventing validator rotation

cost of penalties due to liveness failures

Unavailability attack

Safety failure

Reversion

cost of lost deposits (when equivocation is required)

Revenue from double spending

Invalid blocks

cost of lost deposits

revenue from misleading light clients (?)

Price/Quantity leadership

Behavioural models

Do we need to conduct our own experiments?

Rewards vs Penalties

Security Deposit, issuance, and fee management

Mechanism design questions

Utility of protocol states

Inference of strategies from protocol states

Payoff structure

Predictions from behavioural/equilibrium models

Validator payoffs

in-protocol revenues

Fees

Issuance

in-protocol expenses

penalties for liveness failures

Penalizing online nodes for censoring missing nodes

opens opportunity for griefing as anti-competitive behavior

maximally attributable liveness faults

i.e. expect blockchain and penalize those who may have caused orphaned (and included) forks

Strategy inference functions

penalties for safety violations

perfectly attributable Byzantine faults

requires censorship resistance

otherwise, there won't be consensus between validators on the evidence

note that subjective assignment of Byzantine node's weight to zero always works

Placing and withdrawing deposits

Long deposit withdrawal times allows for penalties on Byzantine faults

On order of censorship resistance timeline of the blockchain + timeline of client gossip for discovery of equivocation

On the order of time that clients are expected to come online (weak subjectivity timeline)

Logging on and off without compromising safety

Limited slots, auctions, and queues

Consensus stuff

Safety + Liveness

Minimum synchronicity for liveness

Consensus liveness

Estimate safety liveness

Asynchronous safety

Consensus safety

Estimate safety

Estimate safety decision rules have estimate safety

ideal adversary (and lower bounds)

Fault modelling

Fault models/Fault contexts

Byzantine faults

Crash faults

Network asynchrony

Fault attribution

Perfectly attributable safety violations

minimum slashing conditions

https://medium.com/@VitalikButerin/minimal-slashing-conditions-20f0b500fc6c

Maximally attributable liveness faults

Validator rotation

Removing Byzantine nodes

countersigning to get consensus on next group of validators

see Vitalik's and Yoichi's blogs

https://medium.com/@VitalikButerin/safety-under-dynamic-validator-sets-ef0c3bbdf9f6

https://medium.com/@pirapira/a-mechanized-safety-proof-for-pos-with-dynamic-validators-17e9b45faff4

https://medium.com/@pirapira/fixing-safety-proof-on-dynamic-validator-pos-5d8d463d8ae8

how is this done without a consensus safety fault tolerance threshold, again?

VM replication

ranked voting as canonical estimators

having the longest chain as a canonical estimator

composing binary decisions

timestamp estimates giving order

finality gadget on top of existing blockchain

Overhead

Latency vs Overhead

For finality times

https://medium.com/@VitalikButerin/parametrizing-casper-the-decentralization-finality-time-overhead-tradeoff-3f2011672735

For pre-consensus confirmations

in-protocol guarantees vs assumptions

e.g. block availability guarantee for light clients

Redundancy-free-ness versus computational ease of honest Validator strategy