Substrate, with Tendermint, has a known block producer schedule, enabling DoSs #134
Comments
|
Consensus protocols which flicker between candidates for eventual resolution on one, such as Avalanche (not an endorsement, just an acknowledgement) would also be another option. Considering SASSAFRAS is premised on ZK-proofs, the overhead of the rounds of Avalanche may be more performant in practice (though I believe moving consensus yet again isn't a feasible discussion). |
|
Based on W3F's work on SASSAFRAS, yet here firmly described without a reliance on ZK-SNARKS: Assuming the proof needs to:
Define basepoints:
For each slot a validator should have, they sample Once the commit phase is over, validators perform membership proofs over A Schnorr PoK for The proxy is The proxy publishes the membership proof and The block proposal is signed with In summary:
If Bootle proofs are used for membership, with 512 members:
Compared to Groth16, the only benefit appears to be with proving time. I believe the merkle tree used (presumably Poseidon) would take twice as long to prove, even with no other operations. I am unsure how complex the full SASSAFRAS circuit is. Instead of having n slots per validator with n keys, a single unlinked ticket key can be used if the actual validator never signs the block, thereby linking them. This may require Dandelion++ to ensure the node actually responsible is not discovered via network analysis, or simply sufficiently frequent key changes. This greatly increases the efficiency of the protocol. |
|
SASSAFRAS doesn't allow slashing on failure to propose. It'd need to be extended with a MPC (where the group can decrypt a ticket on failure) system for that. While that doesn't feel necessary, it's a decent note. |
Updates to polkadot-v0.9.40, with a variety of dependency updates accordingly. Substrate thankfully now uses k256 0.13, pathing the way for #256. We couldn't upgrade to polkadot-v0.9.40 without this due to polkadot-v0.9.40 having fundamental changes to syncing. While we could've updated tendermint, it's not worth the continued development effort given its inability to work with multiple validator sets. Purges sc-tendermint. Keeps tendermint-machine for #163. Closes #137, #148, #157, #171. #96 and #99 should be re-scoped/clarified. #134 and #159 also should be clarified. #169 is also no longer a priority since we're only considering temporal deployments of tendermint. #170 also isn't since we're looking at effectively sharded validator sets, so there should be no singular large set needing high performance.
|
We now use BABE which has secondaries to protect against DoSs. |
|
#159 was about Tendermint having a bad block producer algorithm. This was more about Substrate. |
kayabaNerve
changed the title
|
https://eprint.iacr.org/2020/025.pdf, to throw in a link relevant, even though this issue is closed. |
We did not go with BABE + GRANDPA, where BABE has a primary candidate and multiple secondary, and GRANDPA eventually finalizes on a chain, because we wanted per-block finality. With this decision, we lost BABE's fallback block production, as multiple proposers are incompatible with Tendermint.
Since Tendermint only has a single, known proposer, it's vulnerable to DDoS attacks. Cosmos solves this via proxies, which is a practical solution.
The W3F also has research into a new block production protocol which has is private regarding order, yet with only producer, SASSAFRAS. It, or a similar design, should be usable here.
We either have to handle this from a ops point of view or from a consensus point of view to ensure security however.
Related to #47.
The text was updated successfully, but these errors were encountered: