WIP: More protocol flavors #355
There are no files selected for viewing
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,58 @@ | ||
| Existing and proposed flavors of Leios. | ||
|
|
||
| > ![Note] | ||
| > This is currently just a brain dump on understanding the status quo and the Leios flavors encounterd by @ch1bo. Maybe some of these names and summarirs are helpful to others. | ||
|
|
||
| ## Status quo / Praos | ||
|
|
||
| Lets look at the status quo consensus protocol of Cardano - Ouroboros Praos - and how it is currently deployed. This section can be also seen as my assumptions on how the current system works. See also [Pi's blog post](https://314pool-v2-git-pi-leios-pi-lanninghams-projects.vercel.app/post/leios#review-of-ouroboros-praos): | ||
|
|
||
| - Every network participant can submit transactions, which diffused across the whole network | ||
| - Each node validates all received transactions against its latest ledger state built from the current longest Praos chain of blocks | ||
| - Nodes pull transactions from their peers, potentially sampling across them | ||
| - However, no punishment for "invalid" transactions | ||
|
|
||
| - Block production: A stake based VRF lottery decides which (stake pool) node will mint the next block | ||
| - Tuned to one active slot every ~20 seconds | ||
| - Probabilistic, so multiple blocks per slot or in short sequence possible | ||
| - Honest nodes: put as many txs from their already ordered mempool into a block | ||
| - Adversary nodes: may fill a block with txs unknown to the network | ||
|
|
||
| - Blocks need to reach the next block producer as fast as possible | ||
| - Currently takes about 3 seconds; Target is < 5 seconds | ||
|
There was a problem hiding this comment. Currently, it takes |
||
| - The lower, the less block height battles / chain re-orgs there are | ||
| - To get 3 seconds end-to-end network diffusion we only have fractions of a second to forward (= download, validate and upload) blocks | ||
|
|
||
| ## Vanilla: Full Leios | ||
| - As published in paper TODO link | ||
| - 7 stage pipeline with two EB rounds (?) | ||
| - Optimal use of available bandwidth | ||
| - TODO ... | ||
|
|
||
| ## Chocolate: Short Leios | ||
| - 5 stages with only one round of EB (?) | ||
| - TODO ... + link short leios in docs/ | ||
|
|
||
| ## Proposal 1 - Pistachio: IBs not contain txs | ||
| - Only reference txs in IBs | ||
| - Tx diffusion happening already for praos | ||
| - Should reuse already transmitted data | ||
|
There was a problem hiding this comment. One doubt I have about it: what happen if a malicious actor spam the mempool? There was a problem hiding this comment. This might answer your question: #341 (reply in thread) Basically, if you allow transactions or permissionless IBs you do indeed get a spam problem. Maybe there are clever solutions, but obvious ones clash with the need for data availablility. There was a problem hiding this comment.
@ both: How would such a "spam attack" actually work? A malicious actor can be an upstream peer to parts of the network and provide them with valid transactions. But that is just business as usual?
No it can't? If it's time to vote it can either validate the EB's sequence of IBs or it doesn't have it. If it the data is not available -> no vote. There was a problem hiding this comment. My understanding is the following: There was a problem hiding this comment. I think it's really an SLA question: IBs are a way to prioritize network propagation of some txs. Without IBs, this lack of prioritisation can compromise the propagation. As you said, the result is "data is not available -> no vote" but if it means that we now need to consider a worst case scenario where you need to communicate the IB to most nodes first, and then resolve the txs within this IB, while vanilla and chocolate only need to consider the latency needed to communicate a (bigger but standalone) IB. If my understanding is right, it means that it will slow down the protocol to get high confidence that we'll have the tx on time. (sorry for the spam, I'm trying to clarify this for myself as well) There was a problem hiding this comment. I don't see the prioritisation aspect. Not why it would make sense and not how you would do that. @coot asked last week about directionality of the mini protocols and AFAIU are tx diffusion and block propagation in opposed directions today and seemingly nobody has thought about that for Leios yet. That means, a single node cannot decide whether txs or blocks are prioritized - neither for them, nor for their peers - because it can only pull transactions or blocks from one direction. There was a problem hiding this comment. I meant prioritisation in the sense that with vanilla and chocolate, once you have the IB, you also have the tx. It avoid the latency issue that occurs with pistachio (latency meaning: you first get the IB, then need to resolve the tx). It's a bit unclear to me with stracciatella, but I'm still doubtful we could ensure a good diffusion without a dedicated transmission. There was a problem hiding this comment. Here's the most general "easy" attack you can do: You make In stage
In an ideal network that forms a complete graph, that means that every node needs to do I have no statistics and I'm not network engineer, but my guess would be that with a network connection that's as good as 90% of the block producers I'm pretty sure you can just spam the network into oblivion. And crucially, this attack is relatively cheap. You just need to pay for Let's say There was a problem hiding this comment.
I'm fairly convinced that this attack is not mountable for two reasons
The network layer is crucial in this and this is clearly a defense-in-depth scenario where we rely on the network protocol to not such an asymmetric resource attack (create a lot of work from little work). |
||
| - Same tunable IB rate as in other flavors | ||
| - Still 5 stage pipeline which starts with IB propose | ||
|
|
||
| ## Proposal 2 - Stracciatella: No IBs | ||
| - Replace IB propose stage with regular Praos-like tx diffusion | ||
| - Effectively removes a stage? | ||
| - Lower individual tx latency possible? | ||
| - Restrict age of txs (as with IBs)? | ||
| - EBs reference txs directly | ||
| - Honest EB producers just pick a "likely" set of transactions everyone saw as if they would do for IBs | ||
| - Schedule multiple EBs per round like in other flavors | ||
| - Maybe also sample EB sizes to increase chance of at least one EB certified? | ||
| - Like Pi's 0.2, but with EBs onto transactions directly: https://314pool-v2-git-pi-leios-pi-lanninghams-projects.vercel.app/post/leios#leios-02---design | ||
|
|
||
| #### Open points | ||
| - Why are we often jumping onto the need for IBs? | ||
| - Am I missing something? | ||
| - Does this avoid the conflicting tx problem as only one would end up in a certified EB? | ||
| - Chain EBs like in vanilla Leios or just vote on longer prefixes? | ||
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Are you sure about that? I thought nodes disconnect from a peer that shares invalid transactions after some threshold.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Not sure. I asked in our internal AMA and either @nfrisby or @coot said that we don't punish right now.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
That's right; the only punishment we'll do in a new tx submission logic, is that we will deprioritise downloading txs from a peer that offered us an invalid tx.