You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: ouroboros-consensus-protocol/src/ouroboros-consensus-protocol/Ouroboros/Consensus/Protocol/Praos/Common.hs
+40Lines changed: 40 additions & 0 deletions
Original file line number
Diff line number
Diff line change
@@ -171,6 +171,46 @@ instance Crypto c => Ord (PraosChainSelectView c) where
171
171
--
172
172
-- Then we have @'preferCandidate' cfg a b@ and @'preferCandidate' b c@, but
173
173
-- __not__ @'preferCandidate' a c@ (despite @a < c@).
174
+
--
175
+
-- === Rationale for the rules
176
+
--
177
+
-- 1. The abstract Consensus layer requires that we first compare based on chain
178
+
-- length (see __Chain extension precedence__ in 'ChainOrder').
179
+
--
180
+
-- 2. Consider the scenario where the hot key of a block issuer was compromised,
181
+
-- and the attacker is now minting blocks using that identity. The actual
182
+
-- block issuer can use their cold key to issue a new hot key with a higher
183
+
-- opcert issue number and set up a new pool. Due to this tiebreaker rule,
184
+
-- the blocks minted by that pool will take precedence (allowing the actual
185
+
-- block issuer to decide on eg the block contents and the predecessor), and
186
+
-- they will end up on the honest chain quickly, which means that the
187
+
-- adversary can't extend any chain containing such a block as it would
188
+
-- violate the monotonicity requirement on opcert issue numbers.
189
+
--
190
+
-- See "3.7 Block Validity and Operational Key Certificates" in "Design
191
+
-- Specification for Delegation and Incentives in Cardano" by Kant et al for
192
+
-- more context.
193
+
--
194
+
-- 3. The main motivation to do VRF comparisons is to avoid the "Frankfurt
195
+
-- problem":
196
+
--
197
+
-- With only the first two rules for the chain order, almost all blocks with
198
+
-- equal block number are equally preferrable. Consider two block issuers
199
+
-- minting blocks in very nearby slots. As we never change our selection
200
+
-- from one chain to an equally preferrable one, the first block to arrive
201
+
-- at another pool is the one to be adopted, and will be extended the next
202
+
-- time the pool is elected if no blocks with a higher block number arrive
203
+
-- in the meantime. We observed that this effectively incentivizes block
204
+
-- producers to concentrate geographically (historically, in Frankfurt) in
205
+
-- order to minimize their diffusion times. This works against the goal of
206
+
-- geographic decentralisation.
207
+
--
208
+
-- Also, with the VRF tiebreaker, a block with a somewhat lower propagation
209
+
-- speed has a random chance to be selected instead of the one that arrived
210
+
-- first by pools before the next block is forged.
211
+
--
212
+
-- See 'VRFTiebreakerFlavor' for more context on the exact conditions under
213
+
-- which the VRF comparison takes place.
174
214
instanceCryptoc=>ChainOrder (PraosChainSelectViewc) where
0 commit comments