[Draft] Implement a quorum balancing algorithm

[AndrejMitrovic]

I've had several different approaches. Initially I tried to split up the stakes into three categories, but this made the algorithm really hard to reason about.

Then I've realized that I can just use the stakes as the chances of each node being included in a quorum set. It simplifies the algorithm quite a bit.

What has been done:

• SCP verifies the quorum set is correct
• Incorporated quorum intersection checker from Stellar into the tests
• Testing of potential quorum splits, this is also part of the quorum intersection checker.
• There is a toml generator, and I am using it successfully with the standalone SCP implementation go-scp.

What's still on the table:

• More tests need to be added with hardcoded keys to ensure no regressions.
• Integration & byzantine node tests are missing.
• Does it make sense to limit the number of nodes in a quorum? Currently the algorithm stops adding nodes to a queue as soon as MAX_NODES_IN_QUORUM is reached, or 67% of the economic value of the entire network is reached.

Requires:

• Add rudimentary bindings to std::unordered_map #662
• Add the quorum intersection checker code from stellar-core #664

Part of: #240

[codecov]

Codecov Report

Merging #684 into v0.x.x will decrease coverage by 0.76%.
The diff coverage is 73.75%.

@@            Coverage Diff             @@
##           v0.x.x     #684      +/-   ##
==========================================
- Coverage   91.10%   90.34%   -0.77%     
==========================================
  Files          65       66       +1     
  Lines        5185     5425     +240     
==========================================
+ Hits         4724     4901     +177     
- Misses        461      524      +63     

Flag	Coverage Δ
#integration	47.80% <0.00%> (-3.09%)	⬇️
#unittests	89.25% <74.05%> (-0.71%)	⬇️

Impacted Files	Coverage Δ
source/agora/common/Amount.d	97.56% <33.33%> (-2.44%)	⬇️
source/agora/consensus/Quorum.d	74.26% <74.26%> (ø)

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 9446bd3...9fadde7. Read the comment docs.

[AndrejMitrovic]

I started writing better tests and realized the node would not automatically add itself in the list of quorum nodes, which was a mistake. I will update the PR with the tests & fixes in the coming days..

[AndrejMitrovic]

This needs to be reworked a little bit.

There is an edge-case. What if one node has 66% of the staked amount of the entire network? In the current algorithm most nodes will end up with a single node in its quorum. We should add some minimum amount of nodes that every node should include. We could make it something simple like "must include at least 5 nodes, and if those nodes do not reach a majority of stakes then add additional nodes".

[AndrejMitrovic]

I wonder about why I hit this performance issue. The Stellar network has hundreds (thousands?) of nodes, it sounds like this algorithm would never finish if it attempted to do quorum intersection checking for the live system. Examine what's causing the performance issue. Maybe the bindings are wrong, the GC is kicking in, or something else.

[Geod24]

Given that stellar has implemented an interrupt method, it might just be that the algorithm is inherently NP-hard.
The comment mentions 2 minutes and "16 node quorums", does that mean there are 16 nodes in the network overall, or each quorums have 16 nodes ?

[AndrejMitrovic]

Turn this todo into an issue and work on it.

[AndrejMitrovic]

I'm going to have to remove this piece of logic. There's two reasons:

• Floating point math could lead to inconsistent results across platforms. We need consistency here. Perhaps we could use fixed-point math, but it would require looking for a good library implementation.
• It doesn't entirely make sense that we're adding nodes into a quorum to make that quorum's monetary value 67% of the network, while at the same time having a 67% threshold value for those included nodes. That would actually turn into 44% with the threshold taken into account. Also, within that quorum set SCP treats every node as equal. This means nodes with 1/10th of the quorum stake and those with 9/10th of the value are treated the same. So monetary value != political (voting) power, as it should be. Finally, the node selection logic already makes sure that nodes with a higher stake are more frequently included in a quorum, so the min_quorum_amount is unnecessary.

[linked0]

There is a standard for double-precision that is IEEE 754. Modern 32-bit computers implement double-precision with two 32-bit memory words and 64-bit computers can do it with its 64-bit memory word. So We don't need to worry about the output of the floating-point operation.

[AndrejMitrovic]

This allocates. Replace with a non-allocating version.

[Geod24]

I've been wanting to add a module with "test data" for a while, I think it could be useful to have somewhere to get "valid, initialized data".

[AndrejMitrovic]

Yeah. It would be nice to have consistent keys in our test-suite, it helps with debugging.

#754

[Geod24]

Okay did a first pass. There's obviously A LOT to review and discuss here, will continue soon.

[Geod24]

Given that stellar has implemented an interrupt method, it might just be that the algorithm is inherently NP-hard.
The comment mentions 2 minutes and "16 node quorums", does that mean there are 16 nodes in the network overall, or each quorums have 16 nodes ?

[Geod24]

Don't use Note: , it generates bad doc IIRC.

Also this could use more actual documentation.

[AndrejMitrovic]

Also this could use more actual documentation.

Well it's a draft. If half the code gets thrown away I'd hate to throw away the documentation too. I'll add it as soon as it's finalized.

[Geod24]

Suggested change

	The voting power of a Boa holder may be increased by spawning multiple nodes,
	The voting power of a BOA holder may be increased by spawning multiple nodes,

[AndrejMitrovic]

What if they're holding snakes huh??

[Geod24]

We send them a job offer

[Geod24]

Nice explanation. We should add the general consideration in the module doc. But that can be left for later.

[Geod24]

I've been wanting to add a module with "test data" for a while, I think it could be useful to have somewhere to get "valid, initialized data".

[Geod24]

Noice. Probably something we want to generalize in the long run. I mean Ocean has it, and I think stellar does too.
Something to consider: For easier memorization, you can use a noun and a verb, like what docker does. E.g. "patriot pangolin" and "mesmerizing door" might stand out more than "Andrew" and "Nathan".

[AndrejMitrovic]

ah yes, the gifycat approach.

Or I could use https://github.com/bpfkorea/ocean/blob/dev-2020-04-02/src/ocean/io/digest/FirstName.d :D

[Geod24]

https://github.com/bpfkorea/agora/blob/20decfd4fed2b43a55e444c284d5a88d44ef0a75/source/agora/common/Amount.d#L184-L198

[AndrejMitrovic]

Those modify the object. So I can't use them with const values.

E.g. I can't do Amount.MinFreezeAmount.mustAdd(Amount.MinFreezeAmount).

[Geod24]

Amount(Amount.MinFreezeAmount).mustAdd(Amount.MinFreezeAmount) ?

[AndrejMitrovic]

The comment mentions 2 minutes and "16 node quorums", does that mean there are 16 nodes in the network overall, or each quorums have 16 nodes ?

16 nodes, where each node has some number of nodes in its quorum set.

And yeah, it's unfortunate that the algorithm is inherently slow.. hence the interrupts.

[AndrejMitrovic]

Windows linker error:

agora.obj : error LNK2019: unresolved external symbol "public: static class std::shared_ptr<class stellar::QuorumIntersectionChecker *> __cdecl stellar::QuorumIntersectionChecker::create(struct std::unordered_map<struct stellar::PublicKey,class std::shared_ptr<struct stellar::SCPQuorumSet>,struct std::hash<struct stellar::PublicKey>,struct std::equal_to<struct stellar::PublicKey>,class std::allocator<struct std::pair<struct stellar::PublicKey const ,class std::shared_ptr<struct stellar::SCPQuorumSet> > > > const &)" (?create@QuorumIntersectionChecker@stellar@@SA?AV?$shared_ptr@PEAVQuorumIntersectionChecker@stellar@@@std@@AEBU?$unordered_map@UPublicKey@stellar@@V?$shared_ptr@USCPQuorumSet@stellar@@@std@@U?$hash@UPublicKey@stellar@@@4@U?$equal_to@UPublicKey@stellar@@@4@V?$allocator@U?$pair@$$CBUPublicKey@stellar@@V?$shared_ptr@USCPQuorumSet@stellar@@@std@@@std@@@4@@4@@Z) referenced in function _D5agora9consensus6Quorum22verifyQuorumsIntersectFHSQBy6common6crypto3Key9PublicKeySQDeQBg5Types12QuorumConfigZv

internal screaming

[AndrejMitrovic]

For those that are curious what we talked about during our whiteboarding session:

I needed to define some constraints or properties of the algorithm. For example, knowing what the optimal quorum layout should look like.

We want several properties of the algorithm:

• It should be possible to shuffle the quorums. This can be done by using the validator's revealed preimages. The preimages are combined into a "seed", which is then fed to the quorum balancing algorithm.
• Nodes which stake a higher amount should be included more often in quorum sets.
• The amount of required messaging between nodes should be minimized.

This last part is my main focus for this sprint.

[AndrejMitrovic]

This should be reworked based on what was introduced in #845. We could add the very first enhancements to the quorum generator. I'll keep this in mind as a background task.

[AndrejMitrovic]

This will be replaced with a series of simpler PRs.