Join GitHub today
GitHub is home to over 40 million developers working together to host and review code, manage projects, and build software together.Sign up
This issue deals with more general and easier inclusive approach to active-active validator setup across the globe without relying on trustness on KMS softwares about preventing double-signing. Related discussion here(#1758)
Since this feature brings very significant structural changes on Tendermint codebase, it should be well discussed and reviewed, and it should be a long term goal.
Multiple Validator Consensus Keys
I self raise a question on this multiple consensus key system design about liveness and security conflict.
If there co-exist 2 proposed block(B1,B2) for same height/round.(correct me if I am wrong on this assumption) A non-proposing validator has consensus key K1,K2. K1 voted for B1 and K2 voted for B2.
This is possible because the proposed system controls each key in an async fashion, so K1 does not aware that K2 signed B2 before K1 votes on B1. If the system works in sync fashion, it will lose the highly co-location advantage.
Then, this is a fork causing activity so it should be slashed as a double signing. But the votes cannot be classified whether intentional or unintentional.
This is causing a BFT break down case. So, do we have a work around or this is impossible to achieve in any BFT system? I guess there might exist mathematical proof on this proposition.