Kategorier: Alle - security - penalties - censorship

av Vlad Zamfir 7 år siden

2838

CasperResearch

The document delves into various facets of blockchain security and validator management within the Casper protocol. It discusses the handling of security deposits, issuance, and fee management, emphasizing the importance of penalties for liveness and safety violations.

CasperResearch

Casper Research

Consensus stuff

Overhead
Redundancy-free-ness versus computational ease of honest Validator strategy
in-protocol guarantees vs assumptions

e.g. block availability guarantee for light clients

Latency vs Overhead

For pre-consensus confirmations

For finality times

https://medium.com/@VitalikButerin/parametrizing-casper-the-decentralization-finality-time-overhead-tradeoff-3f2011672735

VM replication
finality gadget on top of existing blockchain
timestamp estimates giving order
composing binary decisions
having the longest chain as a canonical estimator
ranked voting as canonical estimators
Validator rotation
how is this done without a consensus safety fault tolerance threshold, again?
countersigning to get consensus on next group of validators

see Vitalik's and Yoichi's blogs

https://medium.com/@pirapira/fixing-safety-proof-on-dynamic-validator-pos-5d8d463d8ae8

https://medium.com/@pirapira/a-mechanized-safety-proof-for-pos-with-dynamic-validators-17e9b45faff4

https://medium.com/@VitalikButerin/safety-under-dynamic-validator-sets-ef0c3bbdf9f6

Removing Byzantine nodes
Safety + Liveness
Fault modelling

Fault attribution

Maximally attributable liveness faults

Perfectly attributable safety violations

minimum slashing conditions

https://medium.com/@VitalikButerin/minimal-slashing-conditions-20f0b500fc6c

Fault models/Fault contexts

Asynchronous safety

Estimate safety

ideal adversary (and lower bounds)

Estimate safety decision rules have estimate safety

Consensus safety

Minimum synchronicity for liveness

Estimate safety liveness

Consensus liveness

Security Deposit, issuance, and fee management

Placing and withdrawing deposits
Limited slots, auctions, and queues
Logging on and off without compromising safety
Long deposit withdrawal times allows for penalties on Byzantine faults

On the order of time that clients are expected to come online (weak subjectivity timeline)

On order of censorship resistance timeline of the blockchain + timeline of client gossip for discovery of equivocation

Validator payoffs
in-protocol expenses

penalties for safety violations

requires censorship resistance

note that subjective assignment of Byzantine node's weight to zero always works

otherwise, there won't be consensus between validators on the evidence

perfectly attributable Byzantine faults

penalties for liveness failures

maximally attributable liveness faults

Strategy inference functions

i.e. expect blockchain and penalize those who may have caused orphaned (and included) forks

Penalizing online nodes for censoring missing nodes

opens opportunity for griefing as anti-competitive behavior

in-protocol revenues

Issuance

Fees

Mechanism design questions
Payoff structure

Predictions from behavioural/equilibrium models

Inference of strategies from protocol states
Utility of protocol states

Security modelling

Attack + Behavioural models
Attack modelling

Incentivized attacks

Behavioural models

Rewards vs Penalties

Do we need to conduct our own experiments?

Market models

Oligopolistic markets

Price/Quantity leadership

Coordination between Validators is possible

The Cartel model

What is the in-protocol cost/benefit to cartel of attacking?

Safety failure

Invalid blocks

revenue from misleading light clients (?)

cost of lost deposits

Reversion

Revenue from double spending

cost of lost deposits (when equivocation is required)

Unavailability attack

Preventing consensus

cost of penalties due to liveness failures

Revenue from preventing validator rotation

Censorship

Increased returns from censorship

Cost of penalties due to censorship

Not perfect competition

Perfectly competitive markets

Efficient market equilibrium

No significant market concentration

No coordination between validators

Evolutionary models

Nash equilibrium

Game theory

Coordinated choice

Stability

Coalition-proof Nash equilibrium

Core

Strong Nash equilibrium

Fairness

Greifing

Shapely values

In independent choice

Nash Equilibrium

Selfish (mining) behaviour

With bribing

How much does it cost to cause failure?

Safety failures

Liveness failures

Agent based/evolutionary modelling

Technical fault attacks

Network asynchrony

Crash faults

Byzantine faults

External attacks

Buying some bonds + griefing until majority achieved

Buying enough bonds to attack

Attacker modelling

Attacker motivations

Self/collective defense

Power through censorship

Anti-competitive behaviour

Extra-protocol profit from attack

shorting cryptocurrency

Attacker profiles

Random attacker

Poisson process attack times

power law distribution budget

Crisis speculators

Miners/Validators

Criminal organizations

State attacker

argument about whether it's worth taking seriously

Projection of deposit amounts
From projections of Validator costs

In-protocol penalties

Operating costs

cost of bandwidth

cost of security devices and/or consulting

cost of electrical, capital and maintenance

Cost of capital

how (if at all) do we want to eventually measure this?

Speculators who are longer ether have lower CoC

Give a risk-free opportunity to stake

Infer from amount bonded in auction

From projections of total Validator revenues

Bribes

extra-protocol fees (subscriptions?)

in-protocol revenues (fees + issuance)

Target issuance + fees

Fees only

maybe insufficient deposits in this model?

user cost vs cost to coin holders

market capitalization

definite price discovery

mandatory in-protocol minimum gasprice

burned

gives anti-Sybil measure on users

useful for signaling? governance?

redistributed

free p2p validator2user market

auction mechanism

fixed inflation

may be over paying, no price discovery

Target amount bonded

Reducing return in amount bonded

introduces censorship risk

Auction mechanism for bonding rate

if it gets gamed, then there might be too much issuance