によって Vlad Zamfir 7年前.
2838
もっと見る
e.g. block availability guarantee for light clients
For pre-consensus confirmations
For finality times
https://medium.com/@VitalikButerin/parametrizing-casper-the-decentralization-finality-time-overhead-tradeoff-3f2011672735
see Vitalik's and Yoichi's blogs
https://medium.com/@pirapira/fixing-safety-proof-on-dynamic-validator-pos-5d8d463d8ae8
https://medium.com/@pirapira/a-mechanized-safety-proof-for-pos-with-dynamic-validators-17e9b45faff4
https://medium.com/@VitalikButerin/safety-under-dynamic-validator-sets-ef0c3bbdf9f6
Fault attribution
Maximally attributable liveness faults
Perfectly attributable safety violations
minimum slashing conditions
https://medium.com/@VitalikButerin/minimal-slashing-conditions-20f0b500fc6c
Fault models/Fault contexts
Estimate safety
ideal adversary (and lower bounds)
Estimate safety decision rules have estimate safety
Consensus safety
Estimate safety liveness
Consensus liveness
On the order of time that clients are expected to come online (weak subjectivity timeline)
On order of censorship resistance timeline of the blockchain + timeline of client gossip for discovery of equivocation
penalties for safety violations
requires censorship resistance
note that subjective assignment of Byzantine node's weight to zero always works
otherwise, there won't be consensus between validators on the evidence
perfectly attributable Byzantine faults
penalties for liveness failures
maximally attributable liveness faults
Strategy inference functions
i.e. expect blockchain and penalize those who may have caused orphaned (and included) forks
Penalizing online nodes for censoring missing nodes
opens opportunity for griefing as anti-competitive behavior
Issuance
Fees
Predictions from behavioural/equilibrium models
Incentivized attacks
Behavioural models
Rewards vs Penalties
Do we need to conduct our own experiments?
Market models
Oligopolistic markets
Price/Quantity leadership
Coordination between Validators is possible
The Cartel model
What is the in-protocol cost/benefit to cartel of attacking?
Safety failure
Invalid blocks
revenue from misleading light clients (?)
cost of lost deposits
Reversion
Revenue from double spending
cost of lost deposits (when equivocation is required)
Unavailability attack
Preventing consensus
cost of penalties due to liveness failures
Revenue from preventing validator rotation
Censorship
Increased returns from censorship
Cost of penalties due to censorship
Not perfect competition
Perfectly competitive markets
Efficient market equilibrium
No significant market concentration
No coordination between validators
Evolutionary models
Nash equilibrium
Game theory
Coordinated choice
Stability
Coalition-proof Nash equilibrium
Core
Strong Nash equilibrium
Fairness
Greifing
Shapely values
In independent choice
Nash Equilibrium
Selfish (mining) behaviour
With bribing
How much does it cost to cause failure?
Safety failures
Liveness failures
Agent based/evolutionary modelling
Technical fault attacks
Network asynchrony
Crash faults
Byzantine faults
External attacks
Buying some bonds + griefing until majority achieved
Buying enough bonds to attack
Attacker motivations
Self/collective defense
Power through censorship
Anti-competitive behaviour
Extra-protocol profit from attack
shorting cryptocurrency
Attacker profiles
Random attacker
Poisson process attack times
power law distribution budget
Crisis speculators
Miners/Validators
Criminal organizations
State attacker
argument about whether it's worth taking seriously
In-protocol penalties
Operating costs
cost of bandwidth
cost of security devices and/or consulting
cost of electrical, capital and maintenance
Cost of capital
how (if at all) do we want to eventually measure this?
Speculators who are longer ether have lower CoC
Give a risk-free opportunity to stake
Infer from amount bonded in auction
Bribes
extra-protocol fees (subscriptions?)
in-protocol revenues (fees + issuance)
Target issuance + fees
Fees only
maybe insufficient deposits in this model?
user cost vs cost to coin holders
market capitalization
definite price discovery
mandatory in-protocol minimum gasprice
burned
gives anti-Sybil measure on users
useful for signaling? governance?
redistributed
free p2p validator2user market
auction mechanism
fixed inflation
may be over paying, no price discovery
Target amount bonded
Reducing return in amount bonded
introduces censorship risk
Auction mechanism for bonding rate
if it gets gamed, then there might be too much issuance