Can we make AuRa require 2/3 validators signatures instead of 1/2?

[varasev]

To be protected against the attack outlined in https://arxiv.org/pdf/1902.10244.pdf we need AuRa to require 2/3 of signatures instead of 1/2 as it was proposed by the researches in the section 9.2.2 of the article. Can we do that?

[varasev]

I tried to launch the supermajority Parity version with our posdao-test-setup and found the next things:

If I launch all the nodes from scratch, it works fine (blocks with transactions are produced and all the tests pass).

I noted that with the supermajority version the validator set was applied one block later:

1/2 majority:
staking epoch #1 apply block: 83
staking epoch #2 apply block: 163
staking epoch #3 apply block: 243

2/3 majority:
staking epoch #1 apply block: 84
staking epoch #2 apply block: 164
staking epoch #3 apply block: 244

If I run from scratch a few nodes with 1/2 majority and the rest of the nodes with 2/3, they fail to apply a new validator set when staking epoch changes (a fork occurs for a part of the nodes).

If I update all the nodes before changing the validator set, they all continue to work successfully. The nodes which are not updated get error and terminate.

So, to switch to supermajority successfully, all the nodes must be updated before the validator set is changed.

We must introduce supermajority activation with some spec option which would turn it on for all the nodes at the specified block simultaneously (e.g. supermajorityTransition). After that, we could retest the switching to supermajority again to ensure we can safely do this for Sokol/Core/Dai/Kovan.