Minimal Slashing Conditions

  1. Accountable safety: if two conflicting hashes get finalized, then it must be provably true that at least 1/3 of validators violated some slashing condition.²
  2. Plausible liveness: unless at least 1/3 of validators violated some slashing condition, there must exist a set of messages that 2/3 of validators can send which finalize some new hash without violating some slashing condition.
Safety proof
But we can get stuck
No more safety.
Left: different hashes may get finalized with these rules, but if they’re part of the same chain, then that’s working as intended. Right: hashes that are not part of the same history are conflicting; there is a proof that the above four slashing conditions prevent two conflicting hashes from being finalized unless at least 1/3 of validators get slashed.
  1. Start off with HEAD being the genesis.
  2. Find the valid descendant of HEAD that has 2/3 prepares and the largest number of commits
  3. Set HEAD to equal that descendant and go back to step 2.
  4. When step 2 can no longer find a descendant with 2/3 prepares and any commits, use the blockchain’s underlying fork choice rule (longest-chain, GHOST, whatever) to find the tip.
  1. Some might argue that proof of work has economic finality with security margin R * k, where R is the block reward and k is the number of blocks that are being reverted, but this isn’t really true as if you make a successful 51% attack then you get compensated for your work with block rewards — the budget requirement for a 51% attack is indeed roughly R * k, but the cost if you succeed is zero.
  2. The 1/3 ratio is taken from traditional Byzantine fault-tolerance theory and is chosen to maximize the total level of fault tolerance. In general, you can replace any mention of 2/3 in the slashing conditions in this article with any value t > 1/2; you can then compute the degree of fault tolerance from a liveness standpoint as 1-t (since you can’t get to t if more than 1-t are offline), and the degree of fault tolerance from a safety standpoint as 2t-1 (if t finalize A and t finalize B, that’s 2t > 1 altogether, so at least 2t-1 of them have to be duplicates). t = 2/3 maximizes the minimum of the two (1-t = 1/3, 2t - 1 = 1/3); you can also try t = 3/5 (liveness: 2/5 fault tolerance, safety: 1/5) or t = 3/4 (liveness: 1/4, safety: 1/2). Note also that values t < 1/2 are also meaningful in the context of common knowledge about how many nodes are likely to be offline, but dealing with these situations, and the broader concept of “subjective finality thresholds”, is a deep and interesting topic for another day.
  3. Unless of course the deposits have already been withdrawn; but that (“long range attacks”) is also a topic for another post, albeit this time it is a post that was made over two years ago
  4. At least, as long as it only uses hashes and signatures for cryptography. If it uses threshold signatures, then it is harder, as a coalition of 2/3 malicious nodes can forge any other participant’s signature.

--

--

--

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Cryptocurrency Oversimplified: A Beginner’s Guide To Crypto

Liquidity Providers Guide

MAGOS — New Era of Crypto Investment with AI

Using Nethereum in Unity | Part 2

Cameron Chell, Co-Founder of Vuele, on the Role of Community in a Decentralized Economy

Cameron Chell, Co-Founder of Vuele, on the Role of Community in a Decentralized Economy

Why i think Formation.fi is going to be a revolution in DEFI.

When Will Bitcoin hit the Much-Anticipated Milestone of $50K ?

When Will Bitcoin hit the Much-Anticipated Milestone of $50K ?

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Vitalik Buterin

Vitalik Buterin

More from Medium

Introducing our fresh vibe

Ethereum Push Notification Services Raises $10.1 million in Series A Funding

The Graph Network: Subgraph Migration Is in Full Swing

What new Canadian cryptoasset regulatory framework should address