New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Miscellaneous beacon chain changes #128
Comments
Now that I think about it, there is an unintended consequence of |
On the other issues:
|
My suggestion is for the "deposit war" to be on equal terms at 24 ETH on all forks. That is, during a quadratic leak period we do not automatically exit a validator if his balance goes below 24 ETH. Instead, the automatic exit happens when 24 ETH in total leakage has accrued. When the validator comes back online his first transaction may have to be a top-up bringing his balance back to 24 ETH if he wants to remain a validator.
What do you mean?
Can we have a "messaging clean slate" after a fork, i.e. all pre-fork offchain messages are effectively invalidated and have to be rebroadcast?
I'd argue we do not want a global count limit:
|
Right, but what if an attacker joins with fresh validators, after the existing validators have already lost some amount to leakage, and those fresh validators can survive longer before being ejected?
Having a clear norm that "uint16 means shard ID" and "uint32 means validator index" could make it mentally easier to track what certain variables mean, and avoid accidentally using them in the wrong ways. That's all I meant?
No because that also breaks slashing.
OK, seems reasonable. We can replace the global count with per-object-type counts. |
Here's a PR for a per-type limit: #150 |
And here's a PR for (4): #142 |
For (9), the proof of custody PR already treats blocks as fixed-size. The one thing that it does not do is turn proofs of custody off if validator count is too low. Though I think we should consider a different path for that: a particular validator with index Thoughts @JustinDrake? |
Oh, interesting! A few questions:
|
No, <= gets the effect you want. If we want
What slot number? A crosslink is not just for one slot, it's for data gathered over a sequence of slots. I suppose you could do the slot number of the previous crosslink...
The expected number of shards a validator is assigned to is inversely proportional to validator count, so making the growth in proobability of selection be linear is exactly what's needed to counterbalance this and make the work constant, at least up until the point where |
I don't completely understand the attack. Also, what prevents fresh validators that survive longer from registering in the current paradigm? |
FYI to other client implementers: "15. Use uint64 for shard number" commit is here: 5ba47b4 |
@JustinDrake Is this ready to be closed? |
Yes :) |
Below is a summary of suggestions from miscellaneous internal discussions:
BALANCE_AT_RISK = 24 ETH
at risk (lower thanDEPOSIT_SIZE = 32 ETH
). In particular, penalties only apply to the balance at risk (regardless of the size of the balance), and validators with a balance belowBALANCE_AT_RISK
are automatically exited.n
can be included onchain no earlier than slotn + SIGNATURE_INCLUSION_DELAY
(e.g.SIGNATURE_INCLUSION_DELAY = 4
). This allows for the safe reduction ofSLOT_DURATION
(e.g. to 4 seconds), and reduced beacon chain overhead from more efficient aggregation. The fork choice rule is unchanged (it takes into account offchain signatures).uint64
. Exceptions are made for signature types, and possibly where a significant performance penalty would be observed.fork_version
field which is checked as part of the same unified signature verification logic.LOGOUT
,CASPER_SLASHING
, etc.) has a separate object count limit per block.target1 = source1 + 1
,source2 <= source1
andtarget2 >= target1
. (See this ethresear.ch post for context.)withdrawal_address
andwithdrawal_shard
withwithdrawal_credentials
which is composed of a version number and (for version 0) the hash of a BLS pubkey.candidate_pow_receipt_root
with a map from candidate PoW receipt roots to vote counts to avoid bad PoW receipt root candidates from polluting a full voting period.bytes([0] * 32)
until phase 1 for cleanliness and unambiguity.uint16
will plausibly be too small for the future, and is not consistent with the homogenisation touint64
. For extra hashing performancehash(n)
can be cached forn < SHARD_COUNT
.GENESIS_TIME
should fall at 00:00 UTC.randao_last_change
with a counter calledmissed_slots_streak
to remove the notion of "layer" (and the edge case of a validator revealing twice in a RANDAO layer).The text was updated successfully, but these errors were encountered: