Details on voting #79
Replies: 1 comment 5 replies
-
The security requirement is that a malicious party controlling < 50% of the total stake should not be able to produce a certificate for an EB that is not voted by any honest party, and that honest parties that control >50% of the total stake are able to produce a certificate with high probability. With ALBA this is translated to number of votes, where voters are elected using a VRF-based lottery.
These numbers depend on the level of security you want to achieve, so no unless you want to reduce the security level on the testnet.
Vote participation is determined using the VRF lottery, and is thus a probabilistic process, and thus e.g., with some probability it can be that all parties create a vote. |
Beta Was this translation helpful? Give feedback.
-
Neither preview nor preprod even has 500 test pools. I don't think 500 eligible votes per pipeline there is possible.
I understand that voting itself is probabilistic. What I don't understand is why "a malicious actor certifies an EB without having enough votes" would be based on probability. |
Beta Was this translation helpful? Give feedback.
-
|
it's basically the probability that the ALBA subsetting breaks down; Imagine I have 480 votes that collectively represent 70% of the network stake. ALBA provides a process where I can select a subset of them (say 150 of them) that convinces you that I have all 480 votes I claim I do. But, that's a probabilistic argument: maybe I only have 150 votes that represent 30% of the network stake, and I just got lucky in that the ALBA process let me present all 150 votes as if they were selected from a larger set. |
Beta Was this translation helpful? Give feedback.
-
ALBA determines which you include--you don't have the choice of which to select.
We're thinking of setting the ALBA security parameter to |
Beta Was this translation helpful? Give feedback.
-
Not a problem because pools can have multiple votes: the lottery is on a lovelace-by-lovelace basis, so a pool with a lot of stake can win several votes. |
Beta Was this translation helpful? Give feedback.
-
Yep, this is what I meant; I do the selecting, but ALBA tells me which to select so that my proof will be convincing. |
Beta Was this translation helpful? Give feedback.
-
I know that much of the design of the voting process is still up in the air, but I'm trying to understand enough about it to simulate it.
What are the requirements for an EB to get certified? Specifically, is it based on total number of votes, or amount of stake tied to each vote? And is an EB certified if it receives a majority of stake/votes, or some sort of quorum?
In a Slack conversation, @bwbush mentioned that (assuming we use ALBA) we need at least 500 eligible votes per pipeline (and 148 votes in the certificate) to maintain security guarantees. Are these numbers related to the size of the network at all? Would we expect to use different values on the much smaller testnets?
Brian also mentioned that we need to know an acceptable probability for the scenario where
How would this be possible with some probability? My understanding of the current protocol is that the endorsement in an RB contains VRF proofs for everyone who voted; is this the probability that an adversary forges enough signatures from nodes which were allowed to vote in that round, but didn't vote for that EB?
Beta Was this translation helpful? Give feedback.
All reactions