blockworks-foundation
/
solana
mirror of https://github.com/blockworks-foundation/solana.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
solana/docs/src/proposals/optimistic_confirmation.md

409 lines
17 KiB
Markdown
Raw Blame History

---
title: Optimistic Confirmation
---
## Primitives
`vote(X, S)` - Votes will be augmented with a "reference" slot, `X`
which is the **latest** ancestor of this fork that this validator voted on
with a proof of switching. As long as the validator makes consecutive votes
that are all descended from each other, the same `X` should be used for all
those votes. When the validator makes a vote for a slot `s` that is not
descended from the previous, `X` will be set to the new slot `s`. All votes
will then be of the form `vote(X, S)`, where `S` is the sorted list of slots
`(s, s.lockout)` being voted for.
Given a vote `vote(X, S)`, let `S.last == vote.last` be the last slot in `S`.
Now we define some "Optimistic Slashing" slashing conditions. The intuition
for these is described below:
- `Intuition`: If a validator submits `vote(X, S)`, the same validator
should not have voted on a different fork that "overlaps" this fork.
More concretely, this validator should not have cast another vote
`vote(X', S')` where the range `[X, S.last]` overlaps the range
`[X', S'.last]`, `X != X'`, as shown below:
```text
+-------+
| |
+---------+ +--------+
| | | |
| +-------+ |
| |
| |
| |
+---+---+ |
| | |
X | | |
| | |
+---+---+ |
| |
| +---+---+
| | |
| | | X'
| | |
| +---+---+
| |
| |
| |
| |
| +---+---+
| | |
| | | S'.last
| | |
| +-------+
|
+---+---+
| |
s | |
| |
+---+---+
|
|
|
|
+---+---+
| |
S.last | |
| |
+-------+
```
(Example of slashable votes vote(X', S') and vote(X, S))
In the diagram above, note that the vote for `S.last` must have been sent after
the vote for `S'.last` (due to lockouts, the higher vote must have been sent
later). Thus, the sequence of votes must have been: `X ... S'.last ... S.last`.
This means after the vote on `S'.last`, the validator must have switched back
to the other fork at some slot `s > S'.last > X`. Thus, the vote for `S.last`
should have used `s` as the "reference" point, not `X`, because that was the
last "switch" on the fork.
To enforce this, we define the "Optimistic Slashing" slashing conditions. Given
any two distinct votes `vote(X, S)`and `vote(X', S')` by the same validator,
the votes must satisfy:
- `X <= S.last`, `X' <= S'.last`
- All `s` in `S` are ancestors/descendants of one another,
all `s'` in `S'` are ancsestors/descendants of one another,
-
- `X == X'` implies `S` is parent of `S'` or `S'` is a parent of `S`
- `X' > X` implies `X' > S.last` and `S'.last > S.last`
and for all `s` in `S`, `s + lockout(s) < X'`
- `X > X'` implies `X > S'.last` and `S.last > S'.last`
and for all `s` in `S'`, `s + lockout(s) < X`
(The last two rules imply the ranges cannot overlap):
Otherwise the validator is slashed.
`Range(vote)` - Given a vote `v = vote(X, S)`, define `Range(v)` to be the range
of slots `[X, S.last]`.
`SP(old_vote, new_vote)` - This is the "Switching Proof" for `old_vote`, the
validator's latest vote. Such a proof is necessary anytime a validator switches
their "reference" slot (see vote section above). The switching proof includes
a reference to `old_vote`, so that there's a record of what the "range" of that
`old_vote` was (to make other conflicting switches in this range slashable).
Such a switch must still respect lockouts.
A switching proof shows that `> 1/3` of the network is locked out at slot
`old_vote.last`.
The proof is a list of elements `(validator_id, validator_vote(X, S))`, where:
1. The sum of the stakes of all the validator id's `> 1/3`
2. For each `(validator_id, validator_vote(X, S))`, there exists some slot `s`
in `S` where:
_ a.`s` is not a common ancestor of both `validator_vote.last` and
`old_vote.last` and `new_vote.last`.
_ b. `s` is not a descendant of `validator_vote.last`. \* c. `s + s.lockout() >= old_vote.last` (implies validator is still locked
out on slot `s` at slot `old_vote.last`).
Switching forks without a valid switching proof is slashable.
## Definitions:
Optimistic Confirmation - A block `B` is then said to have achieved
"optimistic confirmation" if `>2/3` of stake have voted with votes `v`
where `Range(v)` for each such `v` includes `B.slot`.
Finalized - A block `B` is said to be finalized if at least one
correct validator has rooted `B` or a descendant of `B`.
Reverted - A block `B` is said to be reverted if another block `B'` that
is not a parent or descendant of `B` was finalized.
## Guarantees:
A block `B` that has reached optimistic confirmation will not be reverted
unless at least one validator is slashed.
## Proof:
Assume for the sake of contradiction, a block `B` has achieved
`optimistic confirmation` at some slot `B + n` for some `n`, and:
- Another block `B'` that is not a parent or descendant of `B`
was finalized.
- No validators violated any slashing conditions.
By the definition of `optimistic confirmation`, this means `> 2/3` of validators
have each shown some vote `v` of the form `Vote(X, S)` where `X <= B <= v.last`.
Call this set of validators the `Optimistic Validators`.
Now given a validator `v` in `Optimistic Validators`, given two votes made by
`v`, `Vote(X, S)` and `Vote(X', S')` where `X <= B <= S.last`, and
`X' <= B <= S'.last`, then `X == X'` otherwise an "Optimistic Slashing" condition
is violated (the "ranges" of each vote would overlap at `B`).
Thus define the `Optimistic Votes` to be the set of votes made by
`Optimistic Validators`, where for each optimistic validator `v`, the vote made
by `v` included in the set is the `maximal` vote `Vote(X, S)` with the
greatest `S.last` out of any votes made by `v` that satisfy `X <= B <= S.last`.
Because we know from above `X` for all such votes made by `v` is unique, we know
there is such a unique `maximal` vote.
### Lemma 1:
`Claim:` Given a vote `Vote(X, S)` made by a validator `V` in the
`Optimistic Validators` set, and `S` contains a vote for a slot `s`
for which:
- `s + s.lockout > B`,
- `s` is not an ancestor or descendant of `B`,
then `X > B`.
```text
+-------+
| |
+---------+ +--------+
| | | |
| +-------+ |
| |
| |
| |
| +---+---+
| | |
| | | X'
| | |
| +---+---+
| |
| |
| +---+---+
| | |
| | | B (Optimistically Confirmed)
| | |
| +---+---+
| |
| |
| |
| +---+---+
| | |
| | | S'.last
| | |
| +-------+
|
+---+---+
| |
X | |
| |
+---+---+
|
|
|
|
|
|
+---+---+
| |
S.last | |
| |
+---+---+
|
|
|
|
+---+---+
| |
s + s.lockout | |
+-------+
```
`Proof`: Assume for the sake of contradiction a validator `V` from the
"Optimistic Validators" set made such a vote `Vote(X, S)` where `S` contains
a vote for a slot `s` not an ancestor or descendant of `B`, where
`s + s.lockout > B`, but `X <= B`.
Let `Vote(X', S')` be the vote in `Optimistic Votes` set made by validator `V`.
By definition of that set (all votes optimistically confirmed `B`),
`X' <= B <= S'.last` (see diagram above).
This implies that because it's assumed above `X <= B`, then `X <= S'.last`,
so by the slashing rules, either `X == X'` or `X < X'` (otherwise would
overlap the range `(X', S'.last)`).
`Case X == X'`:
Consider `s`. We know `s != X` because it is assumed `s` is not an ancestor
or descendant of `B`, and `X` is an ancestor of `B`. Because `S'.last` is a
descendant of `B`, this means `s` is also not an ancestor or descendant of
`S'.last`. Then because `S.last` is descended from `s`, then `S'.last` cannot
be an ancestor or descendant of `S.last` either. This implies `X != X'` by the
"Optimistic Slashing" rules.
`Case X < X'`:
Intuitively, this implies that `Vote(X, S)` was made "before" `Vote(X', S')`.
From the assumption above, `s + s.lockout > B > X'`. Because `s` is not an
ancestor of `X'`, lockouts would have been violated when this validator
first attempted to submit a switching vote to `X'` with some vote of the
form `Vote(X', S'')`.
Since none of these cases are valid, the assumption must have been invalid,
and the claim is proven.
### Lemma 2:
Recall `B'` was the block finalized on a different fork than
"optimistically" confirmed" block `B`.
`Claim`: For any vote `Vote(X, S)` in the `Optimistic Votes` set, it must be
true that `B' > X`
```text
+-------+
| |
+--------+ +---------+
| | | |
| +-------+ |
| |
| |
| |
| +---+---+
| | |
| | | X
| | |
| +---+---+
| |
| |
| +---+---+
| | |
| | | B (Optimistically Confirmed)
| | |
| +---+---+
| |
| |
| |
| +---+---+
| | |
| | | S.last
| | |
| +-------+
|
+---+---+
| |
B'(Finalized) | |
| |
+-------+
```
`Proof`: Let `Vote(X, S)` be a vote in the `Optimistic Votes` set. Then by
definition, given the "optimistcally confirmed" block `B`, `X <= B <= S.last`.
Because `X` is a parent of `B`, and `B'` is not a parent or ancestor of `B`,
then:
- `B' != X`
- `B'` is not a parent of `X`
Now consider if `B'` < `X`:
`Case B' < X`: We wll show this is a violation of lockouts.
From above, we know `B'` is not a parent of `X`. Then because `B'` was rooted,
and `B'` is not a parent of `X`, then the validator should not have been able
to vote on the higher slot `X` that does not descend from `B'`.
### Proof of Safety:
We now aim to show at least one of the validators in the
`Optimistic Validators` set violated a slashing rule.
First note that in order for `B'` to have been rooted, there must have been
`> 2/3` stake that voted on `B'` or a descendant of `B'`. Given that the
`Optimistic Validator` set also contains `> 2/3` of the staked validators,
it follows that `> 1/3` of the staked validators:
- Rooted `B'` or a descendant of `B'`
- Also submitted a vote `v` of the form `Vote(X, S)` where `X <= B <= v.last`.
Let the `Delinquent` set be the set of validators that meet the above
criteria.
By definition, in order to root `B'`, each validator `V` in `Delinquent`
must have each made some "switching vote" of the form `Vote(X_v, S_v)` where:
- `S_v.last > B'`
- `S_v.last` is a descendant of `B'`, so it can't be a descendant of `B`
- Because `S_v.last` is not a descendant of `B`, then `X_v` cannot be a
descendant or ancestor of `B`.
By definition, this delinquent validator `V` also made some vote `Vote(X, S)`
in the `Optimistic Votes` where by definition of that set (optimistically
confirmed `B`), we know `S.last >= B >= X`.
By `Lemma 2` we know `B' > X`, and from above `S_v.last > B'`, so then
`S_v.last > X`. Because `X_v != X` (cannot be a descendant or ancestor of
`B` from above), then by the slashing rules then, we know `X_v > S.last`.
From above, `S.last >= B >= X` so for all such "switching votes", `X_v > B`.
Now ordering all these "switching votes" in time, let `V` to be the validator
in `Optimistic Validators` that first submitted such a "swtching vote"
`Vote(X', S')`, where `X' > B`. We know that such a validator exists because
we know from above that all delinquent validators must have submitted such
a vote, and the delinquent validators are a subset of the
`Optimistic Validators`.
Let `Vote(X, S)` be the unique vote in `Optimistic Votes` made by
validator `V` (maximizing `S.last`).
Given `Vote(X, S)` because `X' > B >= X`, then `X' > X`, so
by the "Optimistic Slashing" rules, `X' > S.last`.
In order to perform such a "switching vote" to `X'`, a switching proof
`SP(Vote(X, S), Vote(X', S'))` must show `> 1/3` of stake being locked
out at this validator's latest vote, `S.last`. Combine this `>1/3` with the
fact that the set of validators in the `Optimistic Voters` set consists of
`> 2/3` of the stake, implies at least one optimistic validator `W` from the
`Optimistic Voters` set must have submitted a vote (recall the definition of
a switching proof),`Vote(X_w, S_w)` that was included in validator `V`'s
switching proof for slot `X'`, where `S_w` contains a slot `s` such that:
- `s` is not a common ancestor of `S.last` and `X'`
- `s` is not a descendant of `S.last`.
- `s' + s'.lockout > S.last`
Because `B` is an ancestor of `S.last`, it is also true then:
- `s` is not a common ancestor of `B` and `X'`
- `s' + s'.lockout > B`
which was included in `V`'s switching proof.
Now because `W` is also a member of `Optimistic Voters`, then by the `Lemma 1`
above, given a vote by `W`, `Vote(X_w, S_w)`, where `S_w` contains a vote for
a slot `s` where `s + s.lockout > B`, and `s` is not an ancestor of `B`, then
`X_w > B`.
Because validator `V` included vote `Vote(X_w, S_w)` in its proof of switching
for slot `X'`, then his implies validator `V'` submitted vote `Vote(X_w, S_w)`
**before** validator `V` submitted its switching vote for slot `X'`,
`Vote(X', S')`.
But this is a contradiction because we chose `Vote(X', S')` to be the first vote
made by any validator in the `Optimistic Voters` set where `X' > B` and `X'` is
not a descendant of `B`.
Reference in New Issue View Git Blame Copy Permalink