Consensus Breakout Notes

Owned by Medha Parlikar (Unlicensed)
Last updated: Apr 15, 2018
3 min read


Open Questions:


  • Weights are derived from the hashes
  • No mention of tie breaking property
  • How many races should be allowed to be decided in a single block?
  • What is the synchronicity constraint to prevent a censorship attack (ignores message)
  • Question around paying out of transaction fees where they are delayed.  If fees exceed the validator's stake, then the validator could just walk.  (May require adding a portion of the fees to the bond, bond is held on to for 30 days, etc..)
  • What is the validator rotation / assignment?



Manual versus Automatic Finality

 - the method for enforcing automatic finality is less forgiving.  

  • How many races should be allowed to be decided in a single block?
    • Greg's feeling is that we should go wide and not deep.  Greg only wants to go 1 deep.  Mike asks why not?
      • Going deep let's more code to interact with it, making it more 'fair'.
      • may have to persist phlo beyond a single block. - non issue.  Open question about whether phlo persists across blocks per computation.
      • Program execution goes over multiple blocks, and may take longer.
  •  
    • Run to quiescence - we have an idea of what it means to run to termination.  we can have Phlo refunds.  This model is preferable.
      • Its not one validator gets to choose.  It's 1 trace, but the network agrees on the trace via consensus.
      • If you are willing to race- you shouldn't care.  
    • Going wide -gives you the opportunity to get more clients - other parties.  Non determinism is not fair.
    • It is preferable to have the races go deep.  This makes data feed harder.  Still trying to resolve this.


  • Validators are accepted when a particular block hash is in their justification.  May and Must - at a further height.
    • Each region has to publish it's cost function - changed the cost function after a point
      • Accept in protocol fault tolerance associated with validator rotation.
      • In accepting a new validator - propose that the validator provide a fee to the existing validator pool.
      • Staking rev.


  • Greg argues for a minimum number of validators.
    • Vlad argues that a low security shard attacks the security of the network.
    • May opt to randomly assign validators to regions.


  • Validator rotation, have to have a 'superblock' at the root namespace, where at some point all the validators have to synchronize.  At this point the assignment of validator to shards with be rotated.
    • How do you add validators?
    • How does it happen on particular namespaces within them and between them?
    • Introduce a new justification edge to validator change blocks in the top space.  This gives the right to a validator to propose blocks.


  • Any joined namespaces will have the WORST properties of the joins.
  • Graph needs to be well connected.  Regions need to be reasonably well connected.  



  • What is the synchronicity constraint to prevent a censorship attack (ignores message)
    • Censorship rejection via censorship scores - Vitalik's paper.


  • Question around paying out of transaction fees where they are delayed.  If fees exceed the validator's stake, then the validator could just walk.  (May require adding a portion of the fees to the bond, bond is held on to for 30 days, etc..)
    • Validator is in the green - Cost of the initial stake, fees as a percentage of their stake, 
    • If someone wants to take over, they have to buy out all the validator.
    • Maximize the cost of attack, maximize the amount of coin they need to purchase.
    • tradeoff - have to pay the validators out, at some rate relative to the stake they have put in.   Possible reduction of entry fees by providing a loan to reduce the cost.  Possibly just pay out the fees immediately.  Fees are already small compared to the disincentive to losing the deposit. 
    • Validators are going to bond based upon their expected return, Profitable regions will have more validators bonding.  Revenue  divided by interest rate = amount bonded.
    • Fees increase your stake - Kyle - consider the issue of cartels. 



Cost Open questions

Quiescence - The state is a Rholang term that has no further reductions.  That is quiescence - (Eager reduction)


Discussed the possibliity of refilling on Gas - concurrency concerns & inconsistency.

Example: transfer a balance, fail to decrement the sending account, then request a phlo refill - which you never execute.

We want to say that certain things do happen or don't happen.



Regions setting their own cost model

  • Changing the cost model has to be agreed upon globally.   Same as the validator rotation.
  • Cost model changes should be slow.  
    • People buying capital, they will want everything stable.
  • Updating the cost model - who pays for the change?






  • Paying out Validators - 

Cost of running 


If there are namespaces / regions where there are a few validators, a person can opt to write their contract and deploy it into a region where these regions are joined.  Then you can compare the answer you get back on the join, versus the answer we get back in  each of the regions.  If the answer doesn't match, you slash.