644 lines
27 KiB
Markdown
644 lines
27 KiB
Markdown
---
|
||
title: 38/CONSENSUS-CLARO
|
||
name: Claro Consensus Protocol
|
||
status: raw
|
||
category: Standards Track
|
||
editor: Corey Petty \<corey@status.im\>
|
||
created: 01-JUL-2022
|
||
revised: \<2022-08-26 Fri 13:11Z\>
|
||
uri: \<https://rdf.logos.co/protocol/Claro/1/0/0#\<2022-08-26%20Fri$2013:11Z\>
|
||
contributors:
|
||
- Álvaro Castro-Castilla
|
||
- Mark Evenson
|
||
sidebar_position: 38
|
||
---
|
||
- Status: raw
|
||
- Category: Standards Track
|
||
- Editor: Corey Petty \<corey@status.im\>
|
||
- Contributors::
|
||
|
||
|
||
## Abstract
|
||
|
||
This document specifies Claro: a Byzantine, fault-tolerant, binary decision
|
||
agreement algorithm that utilizes bounded memory for its execution.
|
||
Claro is a novel variant of the Snow family providing a probabilistic
|
||
leaderless BFT consensus algorithm that achieves metastablity via
|
||
network sub-sampling. We present an application context of the use of
|
||
Claro in an efficient, leaderless, probabilistic permission-less
|
||
consensus mechanism. We outline a simple taxonomy of Byzantine
|
||
adversaries, leaving explicit explorations of to subsequent
|
||
publication.
|
||
|
||
NOTE: We have renamed this variant to `Claro` from `Glacier` in order to disambiguate from a previously released research endeavor by [Amores-Sesar, Cachin, and Tedeschi](https://arxiv.org/pdf/2210.03423.pdf). Their naming was coincidentally named the same as our work but is sufficiently differentiated from how ours works.
|
||
|
||
## Motivation
|
||
This work is a part of a larger research endeavor to explore highly scalable Byzantine Fault Tolerant (BFT) consensus protocols. Consensus lies at the heart of many decentralized protocols, and thus its characteristics and properties are inherited by applications built on top. Thus, we seek to improve upon the current state of the art in two main directions: base-layer scalability and censorship resistance.
|
||
|
||
Avalanche has shown to exibit the former in a production environment in a way that is differentiated from Nakamoto consensus and other Proof of Stake (PoS) protocols based in practical Byzantine Fault Tolerant (pBFT) methodologies. We aim to understand its limitations and improve upon them.
|
||
|
||
## Background
|
||
Our starting point is Avalanche’s Binary Byzantine Agreement algorithm, called Snowball. As long as modifications allow a DAG to be constructed later on, this simplifies the design significantly. The DAG stays the same in principle: it supports confidence, but the core algorithm can be modeled without.
|
||
|
||
The concept of the Snowball algorithm is relatively simple. Following is a simplified description (lacking some details, but giving an overview). For further details, please refer to the [Avalanche paper](https://assets.website-files.com/5d80307810123f5ffbb34d6e/6009805681b416f34dcae012_Avalanche%20Consensus%20Whitepaper.pdf).
|
||
|
||
1. The objective is to vote yes/no on a decision (this decision could be a single bit, or, in our DAG use case, whether a vertex should be included or not).
|
||
2. Every node has an eventually-consistent complete view of the network. It will select at random k nodes, and will ask their opinion on the decision (yes/no).
|
||
3. After this sampling is finished, if there is a vote that has more than an `alpha` threshold, it accumulates one count for this opinion, as well as changes its opinion to this one. But, if a different opinion is received, the counter is reset to 1. If no threshold `alpha` is reached, the counter is reset to 0 instead.
|
||
4. After several iterations of this algorithm, we will reach a threshold `beta`, and decide on that as final.
|
||
|
||
Next, we will proceed to describe our new algorithm, based on Snowball.
|
||
|
||
We have identified a shortcoming of the Snowball algorithm that was a perfect starting point for devising improvements. The scenario is as follows:
|
||
|
||
- There is a powerful adversary in the network, that controls a large percentage of the node population: 10% to ~50%.
|
||
- This adversary follows a strategy that allows them to rapidly change the decision bit (possibly even in a coordinated way) so as to maximally confuse the honest nodes.
|
||
- Under normal conditions, honest nodes will accumulate supermajorities soon enough, and reach the `beta` threshold. However, when an honest node performs a query and does not reach the threshold `alpha` of responses, the counter will be set to 0.
|
||
- The highest threat to Snowball is an adversary that keeps it from reaching the `beta` threshold, managing to continuously reset the counter, and steering Snowball away from making a decision.
|
||
|
||
This document only outlines the specification to Claro. Subsequent analysis work on Claro (both on its performance and how it differentiates with Snowball) will be published shortly and this document will be updated.
|
||
|
||
## Claro Algorithm Specification
|
||
|
||
The Claro consensus algorithm computes a boolean decision on a
|
||
proposition via a set of distributed computational nodes. Claro is
|
||
a leaderless, probabilistic, binary consensus algorithm with fast
|
||
finality that provides good reliability for network and Byzantine
|
||
fault tolerance.
|
||
|
||
### Algorithmic concept
|
||
Claro is an evolution of the Snowball Byzantine Binary Agreement (BBA) algorithm, in which we tackle specifically the perceived weakness described above. The main focus is going to be the counter and the triggering of the reset. Following, we elaborate the different modifications and features that have been added to the reference algorithm:
|
||
|
||
1. Instead of allowing the latest evidence to change the opinion completely, we take into account all accumulated evidence, to reduce the impact of high variability when there is already a large amount of evidence collected.
|
||
2. Eliminate the counter and threshold scheme, and introduce instead two regimes of operation:
|
||
- One focused on grabbing opinions and reacting as soon as possible. This part is somewhat closer conceptually to the reference algorithm.
|
||
- Another one focused on interpreting the accumulated data instead of reacting to the latest information gathered.
|
||
3. Finally, combine those two phases via a transition function. This avoids the creation of a step function, or a sudden change in behavior that could complicate analysis and understanding of the dynamics. Instead, we can have a single algorithm that transfers weight from one operation to the other as more evidence is gathered.
|
||
4. Additionally, we introduce a function for weighted sampling. This will allow the combination of different forms of weighting:
|
||
- Staking
|
||
- Heuristic reputation
|
||
- Manual reputation.
|
||
|
||
It’s worth delving a bit into the way the data is interpreted in order to reach a decision. Our approach is based conceptually on the paper [Confidence as Higher-Order Uncertainty](https://cis.temple.edu/~pwang/Publication/confidence.pdf), which describes a frequentist approach to decision certainty. The first-order certainty, measured by frequency, is caused by known positive evidence, and the higher-order certainty is caused by potential positive evidence. Because confidence is a relative measurement defined on evidence, it naturally follows comparing the amount of evidence the system knows with the amount that it will know in the near future (defining “near” as a constant).
|
||
|
||
Intuitively, we are looking for a function of evidence, **`w`**, call it **`c`** for confidence, that satisfies the following conditions:
|
||
|
||
1. Confidence `c` is a continuous and monotonically increasing function of `w`. (More evidence, higher confidence.)
|
||
2. When `w = 0`, `c = 0`. (Without any evidence, confidence is minimum.)
|
||
3. When `w` goes to infinity, `c` converges to 1. (With infinite evidence, confidence is maximum.)
|
||
|
||
The paper describes also a set of operations for the evidence/confidence pairs, so that different sources of knowledge could be combined. However, we leave here the suggestion of a possible research line in the future combining an algebra of evidence/confidence pairs with swarm-propagation algorithm like the one described in [this paper](http://replicated.cc/files/schmebulock.pdf).
|
||
|
||
### Initial opinion
|
||
A proposal is formulated to which consensus of truth or falsity is
|
||
desired. Each node that participates starts the protocol with an
|
||
opinion on the proposal, represented in the sequel as `NO`, `NONE`,
|
||
and `YES`.
|
||
|
||
A new proposition is discovered either by local creation or in
|
||
response to a query, a node checks its local opinion. If the node can
|
||
compute a justification of the proposal, it sets its opinion to one of
|
||
`YES` or `NO`. If it cannot form an opinion, it leaves its opinion as
|
||
`NONE`.
|
||
|
||
For now, we will ignore the proposal dissemination process and assume all nodes participating have an initial opinion to respond to within a given request. Further research will relax this assumption and analyze timing attacks on proposal propagation through the network.
|
||
|
||
|
||
The node then participates in a number of query rounds in which it
|
||
solicits other node's opinion in query rounds. Given a set of `N`
|
||
leaderless computational nodes, a gossip-based protocol is presumed to
|
||
exist which allows members to discover, join, and leave a weakly
|
||
transitory maximally connected graph. Joining this graph allows each
|
||
node to view a possibly incomplete node membership list of all other
|
||
nodes. This view may change as the protocol advances, as nodes join
|
||
and leave. Under generalized Internet conditions, the membership of
|
||
the graph would experience a churn rate varying across different
|
||
time-scales, as the protocol rounds progress. As such, a given node
|
||
may not have a view on the complete members participating in the
|
||
consensus on a proposal in a given round.
|
||
|
||
The algorithm is divided into 4 phases:
|
||
1. Querying
|
||
2. Computing `confidence`, `evidence`, and `accumulated evidence`
|
||
3. Transition function
|
||
4. Opinion and Decision
|
||
|
||
|
||
<!-- NOTE from CP: not sure this fits, commenting for now -->
|
||
|
||
|
||
<!-- ### Proposal Identification
|
||
|
||
The node has a semantics and serialization of the proposal, of which
|
||
it sets an initial opinion:
|
||
|
||
opinion
|
||
\<-- initial opinion on truth of the proposal
|
||
as one of: {NO, NONE, YES}
|
||
|
||
The proposal proceeds in asynchronous rounds, in which each node
|
||
queries `k` randomly sampled nodes for their opinions until a decision
|
||
about local finality is achieved. The liveness of the algorithm is
|
||
severely constrained in the absence of timeouts for a round to
|
||
proceed. When a given node has finalized its decision on the
|
||
proposal, it enters a quiescent state in which it optionally discards
|
||
all information gathered during the query process retaining only the
|
||
final opinion on the truth of the proposal. -->
|
||
|
||
|
||
### Setup Parameters
|
||
|
||
The node initializes the following integer ratios as constants:
|
||
```
|
||
# The following values are constants chosen with justification from experiments
|
||
# performed with the adversarial models
|
||
|
||
#
|
||
confidence_threshold
|
||
\<-- 1
|
||
|
||
# constant look ahead for number of rounds we expect to finalize a
|
||
# decision. Could be set dependent on number of nodes
|
||
# visible in the current gossip graph.
|
||
look_ahead
|
||
\<-- 19
|
||
|
||
# the confidence weighting parameter (aka alpha_1)
|
||
certainty
|
||
\<-- 4 / 5
|
||
doubt ;; the lack of confidence weighting parameter (aka alpha_2)
|
||
\<-- 2 / 5
|
||
|
||
k_multiplier ;; neighbor threshold multiplier
|
||
\<-- 2
|
||
|
||
;;; maximal threshold multiplier, i.e. we will never exceed
|
||
;;; questioning k_initial * k_multiplier ^ max_k_multiplier_power peers
|
||
max_k_multiplier_power
|
||
\<-- 4
|
||
|
||
;;; Initial number of nodes queried in a round
|
||
k_initial
|
||
\<-- 7
|
||
|
||
;;; maximum query rounds before termination
|
||
max_rounds ;; placeholder for simulation work, no justification yet
|
||
\<-- 100
|
||
```
|
||
|
||
The following variables are needed to keep the state of Claro:
|
||
|
||
```
|
||
;; current number of nodes to attempt to query in a round
|
||
k
|
||
\<-- k_original
|
||
|
||
;; total number of votes examined over all rounds
|
||
total_votes
|
||
\<-- 0
|
||
;; total number of YES (i.e. positive) votes for the truth of the proposal
|
||
total_positive
|
||
\<-- 0
|
||
;; the current query round, an integer starting from zero
|
||
round
|
||
\<-- 0
|
||
```
|
||
|
||
|
||
### Phase One: Query
|
||
|
||
A node selects `k` nodes randomly from the complete pool of peers in the
|
||
network. This query is can optionally be weighted, so the probability
|
||
of selecting nodes is proportional to their
|
||
|
||
Node Weighting
|
||
$$
|
||
P(i) = \frac{w_i}{\sum_{j=0}^{j=N} w_j}
|
||
$$
|
||
|
||
where `w` is evidence. The list of nodes is maintained by a separate protocol (the network
|
||
layer), and eventual consistency of this knowledge in the network
|
||
suffices. Even if there are slight divergences in the network view
|
||
from different nodes, the algorithm is resilient to those.
|
||
|
||
A query is sent to each neighbor with the node's current `opinion` of
|
||
the proposal.
|
||
|
||
Each node replies with their current opinion on the proposal.
|
||
|
||
See [the wire protocol Interoperability section](#wire-protocol) for
|
||
details on the semantics and syntax of the "on the wire"
|
||
representation of this query.
|
||
|
||
**Adaptive querying**. An additional optimization in the query
|
||
consists of adaptively growing the *`k`* constant in the event of
|
||
**high confusion**. We define high confusion as the situation in
|
||
which neither opinion is strongly held in a query (*i.e.* a
|
||
threshold is not reached for either yes or no). For this, we will
|
||
use the *`alpha`* threshold defined below. This adaptive growth of
|
||
the query size is done as follows:
|
||
|
||
Every time the threshold is not reached, we multiply *`k`* by a
|
||
constant. In our experiments, we found that a constant of 2 works
|
||
well, but what really matters is that it stays within that order of
|
||
magnitude.
|
||
|
||
The growth is capped at 4 times the initial *`k`* value. Again, this
|
||
is an experimental value, and could potentially be increased. This
|
||
depends mainly on complex factors such as the size of the query
|
||
messages, which could saturate the node bandwidth if the number of
|
||
nodes queried is too high.
|
||
|
||
When the query finishes, the node now initializes the following two
|
||
values:
|
||
|
||
new_votes
|
||
\<-- |total vote replies received in this round to the current query|
|
||
positive_votes
|
||
\<-- |YES votes received from the query|
|
||
|
||
### Phase Two: Computation
|
||
When the query returns, three ratios are used later on to compute the
|
||
transition function and the opinion forming. Confidence encapsulates
|
||
the notion of how much we know (as a node) in relation to how much we
|
||
will know in the near future (this being encoded in the look-ahead
|
||
parameter *`l`*.) Evidence accumulated keeps the ratio of total positive
|
||
votes vs the total votes received (positive and negative), whereas the
|
||
evidence per round stores the ratio of the current round only.
|
||
|
||
Parameters
|
||
$$
|
||
\begin{array}{lc}
|
||
\text{Look-ahead parameter} & l = 20 \newline
|
||
\text{First evidence parameter} & \alpha_1 = 0.8 \newline
|
||
\text{Second evidence parameter} & \alpha_2 = 0.5 \newline
|
||
\end{array}
|
||
$$
|
||
|
||
Computation
|
||
$$
|
||
\begin{array}{lc}
|
||
\text{Confidence} & c_{accum} \impliedby \frac{total\ votes}{total\ votes + l} \newline
|
||
\text{Total accumulated evidence}& e_{accum} \impliedby \frac{total\ positive\ votes}{total\ votes} \newline
|
||
\text{Evidence per round} & e_{round} \impliedby \frac{round\ positive\ votes}{round\ votes} \newline
|
||
\end{array}
|
||
$$
|
||
|
||
The node runs the `new_votes` and `positive_votes` parameters received
|
||
in the query round through the following algorithm:
|
||
|
||
total_votes
|
||
+== new_votes
|
||
total_positive
|
||
+== positive_votes
|
||
confidence
|
||
\<-- total_votes / (total_votes + look_ahead)
|
||
total_evidence
|
||
\<-- total_positive / total_votes
|
||
new_evidence
|
||
\<-- positive_votes / new_votes
|
||
evidence
|
||
\<-- new_evidence * ( 1 - confidence ) + total_evidence * confidence
|
||
alpha
|
||
\<-- doubt * ( 1 - confidence ) + certainty * confidence
|
||
|
||
### Phase Three: Computation
|
||
In order to eliminate the need for a step function (a conditional in
|
||
the code), we introduce a transition function from one regime to the
|
||
other. Our interest in removing the step function is twofold:
|
||
|
||
1. Simplify the algorithm. With this change the number of branches is
|
||
reduced, and everything is expressed as a set of equations.
|
||
|
||
2. The transition function makes the regime switch smooth,
|
||
making it harder to potentially exploit the sudden regime change in
|
||
some unforeseen manner. Such a swift change in operation mode could
|
||
potentially result in a more complex behavior than initially
|
||
understood, opening the door to elaborated attacks. The transition
|
||
function proposed is linear with respect to the confidence.
|
||
|
||
Transition Function
|
||
$$
|
||
\begin{array}{cl}
|
||
evidence & \impliedby e_{round} (1 - c_{accum}) + e_{accum} c_{accum} \newline
|
||
\alpha & \impliedby \alpha_1 (1 - c_{accum}) + \alpha_2 c_{accum} \newline
|
||
\end{array}
|
||
$$
|
||
|
||
Since the confidence is modeled as a ratio that depends on the
|
||
constant *`l`*, we can visualize the transition function at
|
||
different values of *`l`*. Recall that this constant encapsulates
|
||
the idea of “near future” in the frequentist certainty model: the
|
||
higher it is, the more distant in time we consider the next
|
||
valuable input of evidence to happen.
|
||
|
||
We have observed via experiment that for a transition function to be
|
||
useful, we need establish two requirements:
|
||
|
||
1. The change has to be balanced and smooth, giving an
|
||
opportunity to the first regime to operate and not jump directly
|
||
to the second regime.
|
||
|
||
2. The convergence to 1.0 (fully operating in the second regime)
|
||
should happen within a reasonable time-frame. We’ve set this
|
||
time-frame experimentally at 1000 votes, which is in the order of
|
||
~100 queries given a *`k`* of 9.
|
||
|
||
[[ Note: Avalanche uses k = 20, as an experimental result from their
|
||
deployment. Due to the fundamental similarities between the
|
||
algorithms, it’s a good start for us. ]]
|
||
|
||
The node updates its local opinion on the consensus proposal by
|
||
examining the relationship between the evidence accumulated for a
|
||
proposal with the confidence encoded in the `alpha` parameter:
|
||
|
||
IF
|
||
evidence \> alpha
|
||
THEN
|
||
opinion \<-- YES
|
||
ELSE IF
|
||
evidence \< 1 - alpha
|
||
THEN
|
||
opinion \<-- NO
|
||
|
||
If the opinion of the node is `NONE` after evaluating the relation
|
||
between `evidence` and `alpha`, adjust the number of uniform randomly
|
||
queried nodes by multiplying the neighbors `k` by the `k_multiplier`
|
||
up to the limit of `k_max_multiplier_power` query size increases.
|
||
|
||
;; possibly increase number nodes to uniformly randomly query in next round
|
||
WHEN
|
||
opinion is NONE
|
||
AND
|
||
k \< k_original * k_multiplier ^ max_k_multiplier_power
|
||
THEN
|
||
k \<-- k * k_multiplier
|
||
|
||
### Decision
|
||
The next step is a simple one: change our opinion if the threshold
|
||
*`alpha`* is reached. This needs to be done separately for the `YES/NO`
|
||
decision, checking both boundaries. The last step is then to *`decide`*
|
||
on the current opinion. For that, a confidence threshold is
|
||
employed. This threshold is derived from the network size, and is
|
||
directly related to the number of total votes received.
|
||
|
||
Decision
|
||
$$
|
||
\begin{array}{cl}
|
||
evidence \> \alpha & \implies \text{opinion YES} \newline
|
||
evidence \< 1 - \alpha & \implies \text{opinion NO} \newline
|
||
if\ \text{confidence} \> c_{target} & THEN \ \text{finalize decision} \newline
|
||
\end{array}
|
||
$$
|
||
|
||
After the `OPINION` phase is executed, the current value of `confidence`
|
||
is considered: if `confidence` exceeds a threshold derived from the
|
||
network size and directly related to the total votes received, an
|
||
honest node marks the decision as final, and always returns this
|
||
opinion is response to further queries from other nodes on the
|
||
network.
|
||
|
||
IF
|
||
confidence \> confidence_threshold
|
||
OR
|
||
round \> max_rounds
|
||
THEN
|
||
finalized \<-- T
|
||
QUERY LOOP TERMINATES
|
||
ELSE
|
||
round +== 1
|
||
QUERY LOOP CONTINUES
|
||
|
||
Thus, after the decision phase, either a decision has been finalized
|
||
and the local node becomes quiescent never initiating a new query, or
|
||
it initiates a [new query](#query).
|
||
|
||
### Termination
|
||
|
||
A local round of Claro terminates in one of the following
|
||
execution model considerations:
|
||
|
||
|
||
1. No queries are received for any newly initiated round for temporal
|
||
periods observed via a locally computed passage of time. See [the
|
||
following point on local time](#clock).
|
||
|
||
2. The `confidence` on the proposal exceeds our threshold for
|
||
finalization.
|
||
|
||
3. The number of `rounds` executed would be greater than
|
||
`max_rounds`.
|
||
|
||
#### Quiescence
|
||
|
||
After a local node has finalized an `opinion` into a `decision`, it enters a quiescent
|
||
state whereby it never solicits new votes on the proposal. The local
|
||
node MUST reply with the currently finalized `decision`.
|
||
|
||
#### Clock
|
||
|
||
The algorithm only requires that nodes have computed the drift of
|
||
observation of the passage of local time, not that that they have
|
||
coordinated an absolute time with their peers. For an implementation
|
||
of a phase locked-loop feedback to measure local clock drift see
|
||
[NTP](https://www.rfc-editor.org/rfc/rfc5905.html).
|
||
|
||
## Further points
|
||
|
||
### Node receives information during round
|
||
In the query step, the node is envisioned as packing information into
|
||
the query to cut down on the communication overhead a query to each of
|
||
this `k` nodes containing the node's own current opinion on the
|
||
proposal (`YES`, `NO`, or `NONE`). The algorithm does not currently
|
||
specify how a given node utilizes this incoming information. A
|
||
possible use may be to count unsolicited votes towards a currently
|
||
active round, and discard the information if the node is in a
|
||
quiescent state.
|
||
|
||
#### Problems with Weighting Node Value of Opinions
|
||
If the view of other nodes is incomplete, then the sum of the optional
|
||
weighting will not be a probability distribution normalized to 1.
|
||
|
||
The current algorithm doesn't describe how the initial opinions are formed.
|
||
|
||
## Implementation status
|
||
The following implementations have been created for various testing and simulation purposes:
|
||
- [Rust](https://github.com/logos-co/consensus-research)
|
||
- [Python](#) - FILL THIS IN WITH NEWLY CREATED REPO
|
||
- [Common Lisp](#) - FILL THIS IN WITH NEWLY CREATED REPO
|
||
|
||
## Wire Protocol
|
||
|
||
For interoperability we present a wire protocol semantics by requiring
|
||
the validity of the following statements expressed in Notation3 (aka
|
||
`n3`) about any query performed by a query node:
|
||
|
||
|
||
```n3
|
||
@prefix rdf: \<http://www.w3.org/1999/02/22-rdf-syntax-ns#\> .
|
||
@prefix rdfs: \<http://www.w3.org/2000/01/rdf-schema#\> .
|
||
@prefix xsd: \<http://www.w3.org/2001/XMLSchema#\> .
|
||
|
||
@prefix Claro \<https://rdf.logos.co/protocol/Claro#\> .
|
||
|
||
Claro:query
|
||
:holds (
|
||
:_0 [ rdfs:label "round";
|
||
a xsd:postitiveInteger; ],
|
||
rdfs:comment """
|
||
The current round of this query
|
||
|
||
A value of zero corresponds to the initial round.
|
||
""" ;
|
||
|
||
:_1 [ rdfs:label "uri";
|
||
rdfs:comment """
|
||
A unique URI for the proposal.
|
||
|
||
It MAY be possible to examine the proposal by resolving this resource,
|
||
and its associated URIs.
|
||
""" ;
|
||
a xsd:anyURI ],
|
||
|
||
:_2 [ rdfs:label "opinion";
|
||
rdfs:comment """
|
||
The opinion on the proposal
|
||
|
||
One of the strings "YES" "NO" or "NONE".
|
||
""" ;
|
||
# TODO constrain as an enumeration on three values efficiently
|
||
a xsd:string ]
|
||
) .
|
||
```
|
||
|
||
Nodes are advised to use Waku messages to include their own
|
||
metadata in serializations as needed.
|
||
|
||
## Syntax
|
||
|
||
The semantic description presented above can be reliably round-tripped
|
||
through a suitable serialization mechanism. JSON-LD provides a
|
||
canonical mapping to UTF-8 JSON.
|
||
|
||
At their core, the query messages are a simple enumeration of the
|
||
three possible values of the opinion:
|
||
|
||
{ NO, NONE, YES }
|
||
|
||
When represented via integers, such as choosing
|
||
|
||
{ -1, 0, +1 }
|
||
|
||
the parity summations across network invariants often become easier to
|
||
manipulate.
|
||
|
||
## Security Considerations
|
||
|
||
|
||
### Privacy
|
||
|
||
In practice, each honest node gossips its current opinion which
|
||
reduces the number of messages that need to be gossiped for a given
|
||
proposal. The resulting impact on the privacy of the node's opinion
|
||
is not currently analyzed.
|
||
|
||
### Security with respect to various Adversarial Models
|
||
|
||
Adversarial models have been tested for which the values for current
|
||
parameters of Claro have been tuned. Exposition of the
|
||
justification of this tuning need to be completed.
|
||
|
||
### Local Strategies
|
||
|
||
#### Random Adversaries
|
||
|
||
A random adversary optionally chooses to respond to all queries with a
|
||
random decision. Note that this adversary may be in some sense
|
||
Byzantine but not malicious. The random adversary also models some
|
||
software defects involved in not "understanding" how to derive a truth
|
||
value for a given proposition.
|
||
|
||
#### Infantile Adversary
|
||
|
||
Like a petulant child, an infantile adversary responds with the
|
||
opposite vote of the honest majority on an opinion.
|
||
|
||
### Omniscient Adversaries
|
||
|
||
Omniscient adversaries have somehow gained an "unfair" participation in
|
||
consensus by being able to control `f` of `N` nodes with a out-of-band
|
||
"supra-liminal" coordination mechanism. Such adversaries use this
|
||
coordinated behavior to delay or sway honest majority consensus.
|
||
|
||
#### Passive Gossip Adversary
|
||
|
||
The passive network omniscient adversary is fully aware at all times
|
||
of the network state. Such an adversary can always chose to vote in
|
||
the most efficient way to block the distributed consensus from
|
||
finalizing.
|
||
|
||
#### Active Gossip Adversary
|
||
|
||
An omniscient gossip adversary somehow not only controls `f` of `N`
|
||
nodes, but has also has corrupted communications between nodes such
|
||
that she may inspect, delay, and drop arbitrary messages. Such an
|
||
adversary uses capability to corrupt consensus away from honest
|
||
decisions to ones favorable to itself. This adversary will, of
|
||
course, choose to participate in an honest manner until defecting is
|
||
most advantageous.
|
||
|
||
### Future Directions
|
||
|
||
Although we have proposed a normative description of the
|
||
implementation of the underlying binary consensus algorithm (Claro),
|
||
we believe we have prepared for analysis its adversarial performance
|
||
in a manner that is amenable to replacement by another member of the
|
||
[snow*](#snow*) family.
|
||
|
||
We have presumed the existence of a general family of algorithms that
|
||
can be counted on to vote on nodes in the DAG in a fair manner.
|
||
Avalanche provides an example of the construction of votes on UTXO
|
||
transactions. One can express all state machine, i.e. account-based
|
||
models as checkpoints anchored in UTXO trust, so we believe that this
|
||
presupposition has some justification. We can envision a need for
|
||
tooling abstraction that allow one to just program the DAG itself, as
|
||
they should be of stable interest no matter if Claro isn't.
|
||
|
||
## Informative References
|
||
|
||
0. [Logos](\<https://logos.co/\>)
|
||
|
||
1. [On BFT Consensus Evolution: From Monolithic to
|
||
DAG](\<https://dahliamalkhi.github.io/posts/2022/06/dag-bft/\>)
|
||
|
||
2. [snow-ipfs](\<https://ipfs.io/ipfs/QmUy4jh5mGNZvLkjies1RWM4YuvJh5o2FYopNPVYwrRVGV\>)
|
||
|
||
3. [snow*](\<https://www.avalabs.org/whitepapers\>) The Snow family of
|
||
algorithms
|
||
|
||
4. [Move](\<https://cloud.google.com/composer/docs/how-to/using/writing-dags\>)
|
||
Move: a Language for Writing DAG Abstractions
|
||
|
||
5. [rdf](\<http://www.w3.org/1999/02/22-rdf-syntax-ns#\>)
|
||
|
||
6. [rdfs](\<http://www.w3.org/2000/01/rdf-schema#\>)
|
||
|
||
7. [xsd](\<http://www.w3.org/2001/XMLSchema#\>)
|
||
|
||
8. [n3-w3c-notes](\<https://www.w3.org/TeamSubmission/n3/\>)
|
||
|
||
9. [ntp](\<https://www.ntp.org/downloads.html\>)
|
||
|
||
## Normative References
|
||
|
||
0. [Claro](\<https://rdf.logos.co/protocol/Claro/1/0/0/raw\>)
|
||
|
||
1. [n3](\<https://www.w3.org/DesignIssues/Notation3.html\>)
|
||
|
||
2. [json-ld](\<https://json-ld.org/\>)
|
||
|
||
## Copyright
|
||
|
||
Copyright and related rights waived via
|
||
[CC0](https://creativecommons.org/publicdomain/zero/1.0/).
|