mintlayer-core icon indicating copy to clipboard operation
mintlayer-core copied to clipboard

Published 20 hours ago verified publisher icon mintlayer

Implement key invalidation when reused in staking

Open TheQuantumPhysicist opened this issue 2 years ago • 1 comments

Key invalidation in the way I'm planning it is supposed to help in solving two problems:

  1. Ensures that a stolen key will never cause problems in the future, such as long-range attack.
  2. Prevents nothing-at-stake attacks.

The way I see we should implement it, is that a signer should never, ever, sign for a chain with a chain-trust lower than anything they signed before. This will be a consensus rule. If they ever do that, the block will be rejected, and the staking pool will become invalid and it should then be decommissioned.

It's also possible to slash that behavior, though it's not possible to slash pools that already have been decommissioned but their keys are reused, hence it may not be fair.

Open for discussion.

TheQuantumPhysicist avatar Apr 16 '23 20:04 TheQuantumPhysicist

Currently long-range attacks are prevented by both the 1000 block-reorg rule and our longest chain rule. I'm moving this out of mainnet milestone.

TheQuantumPhysicist avatar Oct 16 '23 13:10 TheQuantumPhysicist