Skip to content

Reorganize our documentation #1542

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Draft
wants to merge 52 commits into
base: main
Choose a base branch
from
Draft

Reorganize our documentation #1542

Changes from 2 commits
Commits
Show all changes
52 commits
Select commit Hold shift + click to select a range
7dedecd
Re-organize the documentation frontpage.
dnadales May 30, 2025
baa1e6b
Add an introduction to the Explanation section
dnadales May 30, 2025
55900a3
Add a "Design Goals" section
dnadales May 30, 2025
b73350d
Add a "Interaction with the Ledger Layer" section
dnadales Jun 2, 2025
762d433
Add sections about ticking and forecasting
dnadales Jun 3, 2025
7a66676
Add a section on Cardano Instances for ledger-related types and classes
dnadales Jun 3, 2025
08949d4
Add a section explaining the queries mechanism in Consensus
dnadales Jun 4, 2025
dc24f1b
Minor edits to the Queries section
dnadales Jun 4, 2025
a688388
Replace explanation of the removed `querySupportedVersion`
dnadales Jun 5, 2025
5800fec
Add a section on query serialization
dnadales Jun 5, 2025
d014aae
Add a HOWTO on adding new queries
dnadales Jun 6, 2025
a70eb17
Add a Consensus Protocol Section
dnadales Jun 26, 2025
77fcc20
Add haddocks for `selectView`
dnadales Jul 1, 2025
f50a9bb
Add `LedgerSupportsProtocol` section
dnadales Jul 1, 2025
51272ac
Add `BlockSupportsProtocol` section
dnadales Jul 1, 2025
535afc3
Add haddocks for `selectView`
dnadales Jul 1, 2025
4091b92
Add haddocks to `ChainOrderConfig`
dnadales Jul 1, 2025
c573f06
Add a section on envelope validation (`ValidateEnvelope`)
dnadales Jul 2, 2025
2780f37
Add an explanation about `BlockProtocol`
dnadales Jul 4, 2025
5218d4a
Add a section on the extended ledger state (`ExtLedgerState`)
dnadales Jul 4, 2025
5785878
Add an explanation about `ProtocolHeaderSupportsLedger`
dnadales Jul 4, 2025
559f88e
Add a section on Chain Validity
dnadales Jul 4, 2025
010b374
Minor
dnadales Jul 7, 2025
d4e72cd
Add an explanation about chain ordering
dnadales Jul 8, 2025
c03302e
Correct typo
dnadales Jul 8, 2025
35c863a
Address Nick's comments on the `ChainOrder` section
dnadales Jul 9, 2025
881e6d4
Address Alex's feedback on chain ordering explanation
dnadales Jul 9, 2025
fcb4615
Minor
dnadales Jul 9, 2025
6c1f0e2
Add a section on Chain Selection
dnadales Jul 11, 2025
087ccd4
Add a section on block forging
dnadales Jul 14, 2025
9006ea5
Add a section on the k security parameter
dnadales Jul 14, 2025
9ac679c
Add a section on PBFT
dnadales Jul 14, 2025
50ea594
Add a section on TPraos
dnadales Jul 14, 2025
24b51f9
Add a section about Praos
dnadales Jul 15, 2025
ca3a2b1
Move Genesis.md to genesis-design.md
dnadales Jul 16, 2025
52d8937
Edit Notation, Requirements, Components sections of genesis-design.md
dnadales Jul 16, 2025
02b0114
Edit "How the Components Satisfy the Requirements"
dnadales Jul 16, 2025
6403c82
Add Genesis Design to the sidebar
dnadales Jul 21, 2025
e76e6a9
Edit first batch of component level design sections
dnadales Jul 21, 2025
a761e72
Replace `---` with `&mdash`
dnadales Jul 21, 2025
4403179
Edit "The Genesis Density Disconnection Component without CSJ"
dnadales Jul 21, 2025
c9d9fda
Edit "The Limit on Patience Component" section
dnadales Jul 21, 2025
54cf44e
Edit "The Limit on Patience Component"
dnadales Jul 21, 2025
3968a6c
Incorporate minor edits to the Genesis Design section
dnadales Jul 23, 2025
c1fa8f3
Incorporate second round of minor edits to the Genesis Design section
dnadales Jul 23, 2025
a4e5179
Update stale note about honest peers with candidate fragments ...
dnadales Jul 23, 2025
e7d2b2f
Change best=worst to average=worst
dnadales Jul 23, 2025
67a10f3
Update "The Genesis Density Disconnection Component with CSJ" section
dnadales Jul 23, 2025
67636c2
Update Genesis Design to account for #1598
dnadales Jul 24, 2025
8c2809b
Add a section briefly explaining features of the Genesis protocol
dnadales Jul 25, 2025
c8a5b9c
Add a section on managing updates
dnadales Jul 25, 2025
b3f9112
Add a reference to LoE
dnadales Jul 25, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
48 changes: 48 additions & 0 deletions docs/website/contents/explanation/consensus-protocol.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -303,3 +303,51 @@ Blocks that were previously added to the database but not selected due to the Lo
A background thread ([`watcher`](https://github.com/intersectmbo/ouroboros-consensus/blob/fcb4615f1d40f3baa24f9f1ac69d1feaaaf7bd9f/ouroboros-consensus/src/ouroboros-consensus/Ouroboros/Consensus/Genesis/Governor.hs#L122)) handles this by polling candidate fragments and explicitly sending `ChainSelReprocessLoEBlocks` messages to the `cdbChainSelQueue`, ensuring that these blocks are reconsidered.

When chain selection evaluates candidate fragments (potential forks to switch to), these fragments are [trimmed](https://github.com/intersectmbo/ouroboros-consensus/blob/fcb4615f1d40f3baa24f9f1ac69d1feaaaf7bd9f/ouroboros-consensus/src/ouroboros-consensus/Ouroboros/Consensus/Storage/ChainDB/Impl/ChainSel.hs#L745) to respect the LoE.

## Block Forging

Block forging is a single-threaded process initiated at the beginning of each slot. Its primary purpose is to determine whether the node is elected to mint a block and, if so, to create and submit that block to the chain. The process is defined in [`forkBlockForging`](https://github.com/intersectmbo/ouroboros-consensus/blob/6c1f0e293b50b898e69116df0355595004432077/ouroboros-consensus-diffusion/src/ouroboros-consensus-diffusion/Ouroboros/Consensus/NodeKernel.hs#L491).

Block forging logic relies on the `ConsensusProtocol` instance of the protocol in use to determine if the node is a leader for the current slot ([`checkIsLeader`](https://github.com/intersectmbo/ouroboros-consensus/blob/6c1f0e293b50b898e69116df0355595004432077/ouroboros-consensus/src/ouroboros-consensus/Ouroboros/Consensus/Protocol/Abstract.hs#L142)).

The [`blockForgingController`](https://github.com/intersectmbo/ouroboros-consensus/blob/6c1f0e293b50b898e69116df0355595004432077/ouroboros-consensus-diffusion/src/ouroboros-consensus-diffusion/Ouroboros/Consensus/NodeKernel.hs#L375) function uses [`BlockChainTime`](https://github.com/intersectmbo/ouroboros-consensus/blob/6c1f0e293b50b898e69116df0355595004432077/ouroboros-consensus/src/ouroboros-consensus/Ouroboros/Consensus/BlockchainTime/API.hs#L23) to monitor the current slot.

Block forging invokes `forecastFor` on the `LedgerView`. If this operation takes too long, it can delay block production. Note that if it’s not possible to forecast to the current slot, then forging a block is not possible.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
Block forging invokes `forecastFor` on the `LedgerView`. If this operation takes too long, it can delay block production. Note that if it’s not possible to forecast to the current slot, then forging a block is not possible.
Block forging invokes `forecastFor` for the current slot on the `LedgerView`. If this operation takes too long, it can delay block production. Note that if it’s not possible to forecast to the current slot, then forging a block is not possible.


If `checkLeader` confirms the node is a leader, a block is forged, extending the current [selected chain](#chain-selection). Transactions are selected from a [mempool snapshot](TODO-ref!), which is a sequence of valid transactions consistent with the ledger state upon which the block will be built. For the purposes of block forging and the consensus protocol, these transactions are irrelevant as long as they are _valid_.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
If `checkLeader` confirms the node is a leader, a block is forged, extending the current [selected chain](#chain-selection). Transactions are selected from a [mempool snapshot](TODO-ref!), which is a sequence of valid transactions consistent with the ledger state upon which the block will be built. For the purposes of block forging and the consensus protocol, these transactions are irrelevant as long as they are _valid_.
If `checkLeader` confirms the node is a leader, a block is forged, extending the current [selected chain](#chain-selection). Transactions are selected from a [mempool snapshot](TODO-ref!), which is a sequence of valid transactions consistent with the ledger state upon which the block will be built. For the purposes of block forging and the consensus protocol, these transactions are irrelevant as long as they are _valid from the Ledger point of view_.


The forged block is added to the `ChainDB`, which triggers chain selection. The block is treated like any external block to ensure robustness, allowing both the forging and chain selection logic to independently validate and agree on the block’s correctness.

## Security Parameter `k`

The `k` parameter, often referred to as the security parameter, is a fundamental constant in the Ouroboros consensus protocols. On Cardano mainnet, `k` is set to 2160 blocks. This parameter underpins various aspects of a Cardano node's operation, from chain selection and storage to security guarantees and performance.

For Ouroboros Praos, used in Shelley-based eras, theoretical proofs guarantee that within `3k/f` slots, the chain will grow by at least `k` blocks.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Mention or link the Chain Growth Property


### Chain Immutability and Volatility

The blockchain in a Cardano node is conceptually divided into an immutable part and a volatile part. A block becomes part of the immutable portion once it has been confirmed by at least `k` subsequent blocks. This property, known as _Common Prefix_, is a security guarantee of Ouroboros Praos. Immutable blocks are stored in the [ImmutableDB](TODO-ref).

The volatile part consists of the newest `k` blocks, which remain subject to rollback if a more preferable chain is discovered. These blocks, along with other potential fork candidates, are stored in the `VolatileDB`.

### Chain Selection and Rollbacks

The `ouroboros-consensus` implementation enforces a strict rule: a node will never switch to a chain that forks more than `k` blocks deep from its current tip.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Mention again the CP property


When a node is [caught up](TODO-ref), any candidate chains requiring a rollback exceeding `k` blocks are excluded from consideration. This constraint limits the number of ledger states that need to be retained to evaluate forks. Additionally, it prevents arbitrary-length rollbacks thus protecting against potential [attacks](#network-security-and-performance) that rely on this.

When a node is [syncing](TODO-ref) with the chain, an adversary may present it with an alternative chain that forks more than `k` blocks from the current tip. However, the [Genesis](TODO-ref) syncing protocol ensures that a node joining the network does not switch to an adversarial chain.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
When a node is [syncing](TODO-ref) with the chain, an adversary may present it with an alternative chain that forks more than `k` blocks from the current tip. However, the [Genesis](TODO-ref) syncing protocol ensures that a node joining the network does not switch to an adversarial chain.
When a node is [syncing](TODO-ref) with the chain, an adversary may present it with an alternative chain that forks more than `k` blocks from the server's current tip, which would be rejected by a caught up node. However, the [Genesis](TODO-ref) syncing protocol ensures that a node joining the network does not switch to an adversarial chain.

or something similar


Genesis relies on the property that an honest chain is always denser than any adversarial chain within a window of `s` slots, which in practice is defined as `3k/f`, where `f` is the [active slot coefficient](TODO-ref).

### Ledger and Protocol State Management

The LedgerDB (Ledger Database) is designed to retain the last `k` ledger states (specifically, `k + 1` states including the anchor). This facilitates fast rollbacks and the evaluation of potential forks.

To validate headers, the system must [forecast](./ledger-interaction.md#forecasting-and-the-forecast-range) a `LedgerView` for future slots. This process requires the ledger to look ahead `k+1` blocks from a given reference point, providing sufficient information to enable a node to see if a candidate chain is better.

### Network Security and Performance

The `k` parameter is fundamental for bounding the work a node performs and its memory and storage requirements. This is crucial for preventing denial-of-service (DoS) attacks. Without the rollback constraint, an adversary could force a node to store unbounded amounts of data or perform unbounded validation work.

For Cardano’s Praos implementation, `k` was specifically set to 2160 to help mitigate the risk of [grinding attacks](TODO-ref).
Loading