mina
mina copied to clipboard
MinaProtocol
Improve offline/partition detection
The current implementation simply checks if we've seen a block within some constant time period.
ISTM there are two separate things we're interested in when we talk about whether the node is online.
Non-adversarial network failures
For users in the testnets, they look at coda client status to figure out if they're connected properly. If their status is offline, their client is probably misconfigured, their network is down, etc. We could answer that question by querying the network layer. E.g. ask how many peers we've successfully connected to in the last 30 seconds.
Potentially adversarial network partitions
But the second thing is whether or not >50% of stake is online on the same network as the user. If the attacker controls the network then they may censor blocks arbitrarily, and cause the target to believe a state which will never be finalized. It's very plausible an attacker could do this, e.g. with a stingray, malicious WiFi, or in more extreme situations if they own or have compromised the target's ISP. It's unacceptable if I can go into a coffee shop, switch to their WiFi, sell something to a guy and see my account balance increase, then leave, switch back to cellular and see the money disappear. A less bad but still problematic scenario is where the attacker makes me think I haven't received a transaction that I have on the chain that will be final.
We can estimate the fraction of stake online in the last n slots through Bayesian inference, although the choice of hyperparameters is non-obvious since the fraction of stake that is active may rise and fall over time. An attacker may manipulate our estimate of the active stake fraction as well.
Having thought of all that it seems to me what we really want is not the probability that >50% of stake is online, but the probabilities that my best tip a) will be finalized and b) is the global best tip. We want the finalization probability for old blocks as well. This probability is equal to 1 - the probability there exists a stronger, distinct, chain. Under the relevant modelling assumptions. My intuition says there's no efficient closed form equation for that probability (at least in the presence of min_window) and we'd have to go to Monte Carlo, which is not great but might be OK.
This is closely related to both #3272 and #3225, in the former we need to know the probability a block exists that is more than max_length higher than our best tip, and the in the latter we need to know the probability that the best block we've fetched on startup will be finalized/is the global best tip.