Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Prevent clients from traveling down minority forks #160

Closed
bytemaster opened this issue Jul 15, 2015 · 2 comments
Closed

Prevent clients from traveling down minority forks #160

bytemaster opened this issue Jul 15, 2015 · 2 comments
Assignees
@bytemaster
Labels
hardfork High Priority
Milestone
DevShares 2.0

Comments

@bytemaster
Copy link
Contributor

A single rogue witness could create an alternative chain that is longer than the undo history. If they are able to connect to a peer first then that peer could end up "stuck" on the minority chain and would be unable to recover without manual intervention.

The goal is to ensure that at all times a node is able to recover if it is presented with the real chain and the real chain has no significant gaps without checkpoints confirming the gaps are legitimate.

Given an undo buffer of 1000 blocks we need to ensure that no node will extend a chain for which there may exist an alternative chain that is longer and which forks more than 1000 blocks ago.

Every time a block is missed it requires two blocks to confirm the miss with certainty that you are still on the highest participation fork. Based upon this information we can construct the following algorithm:

if( empty_slots_from_prior_block > 0 )
     missed_count += 2*empty_slots_from_prior_block
else
    missed_count = max(0,missed_count-1)
ASSERT( missed_count < 2*MAX_UNDO_HISTORY )

If you miss 1000 blocks in a row, then you will not push block 1001.
If you miss 999 blocks in a row, then you must produce 2 blocks for every block missed thereafter (2/3) delegate participation.

In effect this requires 2/3 participation to stay in sync while allowing short disruptions in block production.

Stated another way, the required UNDO history can be determined by the "missed_count". This means that a healthy network can get away with a shorter undo history than an unhealthy network and that the MAX_UNDO_HISTORY needs to define a threshold where a rogue witness is unable to flood a user's memory with undo state.
@bytemaster
Copy link
Contributor Author

Proposed solution:
MIN_UNDO_HISTORY 10 blocks
MAX_UNDO_HISTORY 10000 blocks
CURRENT_UNDO_HISTORY = max( MIN_UNDO_HISTORY,missed_count )

@vikramrajkumar vikramrajkumar added this to the pre-alpha milestone Jul 15, 2015
@bytemaster
Copy link
Contributor Author

There exists a potential attack where the attacker simply wishes to disrupt the downloading of new blocks by causing a client to go down many dead-end chains before finding the proper chain. The risk of this attack needs to be balanced with the risk of a natural short-term disruption in the participation rate on the main chain.

bytemaster added a commit that referenced this issue Jul 15, 2015
@bytemaster
Issue #160 - Dynamic Undo History / Minority Fork
7f54d3d 
The blockchain now has a minimal participation requirement that can only
be overridden with checkpoints.  Any time participation falls below a
minimal level no new blocks may be added.

Currently it requires 66% participation and tolerates short periods of
time below 66% participation with a maximum of 500 consecutive blocks
missed.  For every two blocks produced 1 can be missed with a slack of
999 bias.
@vikramrajkumar vikramrajkumar modified the milestones: pre-alpha, devshares Aug 10, 2015
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@bytemaster bytemaster

Labels
hardfork High Priority
Projects
None yet
Milestone
DevShares 2.0
Development

No branches or pull requests
2 participants
@bytemaster @vikramrajkumar