From afea8a10a5f0e1ba3b2e0035a8e40325b0df0de2 Mon Sep 17 00:00:00 2001 From: Justin Date: Wed, 3 Oct 2018 11:59:59 +0100 Subject: [PATCH 1/6] Rework the TODO Probably missed a few. Will try to keep up to date. --- specs/casper_sharding_v2.1.md | 40 ++++++++++++++++++++--------------- 1 file changed, 23 insertions(+), 17 deletions(-) diff --git a/specs/casper_sharding_v2.1.md b/specs/casper_sharding_v2.1.md index c0d2c231c..04c7a2312 100644 --- a/specs/casper_sharding_v2.1.md +++ b/specs/casper_sharding_v2.1.md @@ -581,27 +581,33 @@ Finally: * Let `next_start_shard = (shard_and_committee_for_slots[-1][-1].shard_id + 1) % SHARD_COUNT` * Set `shard_and_committee_for_slots[CYCLE_LENGTH:] = get_new_shuffling(block.ancestor_hashes[0], validators, next_start_shard)` -------- +### TODO -Note: this is ~80% complete. The main sections that are missing are: +Note: This spec is ~60% complete. -* Logic for the formats of shard chains, who proposes shard blocks, etc. (in an initial release, if desired we could make crosslinks just be Merkle roots of blobs of data; in any case, one can philosophically view the whole point of the shard chains as being a coordination device for choosing what blobs of data to propose as crosslinks) -* Logic for inducting queued validators from the PoW chain -* Penalties for signing or attesting to non-canonical-chain blocks (update: may not be necessary, see https://ethresear.ch/t/attestation-committee-based-full-pos-chains/2259) -* Per-validator proofs of custody, and associated slashing conditions -* Versioning and upgrades +* [ ] Specify how `crystallized_state_root` and `active_state_root` are constructed +* [ ] Specify the shard chain blocks, proposers, etc. +* [ ] Fully specify the registration contract on the PoW chain +* [ ] Flesh out RANDAO, including the hardening against orphaned reveals +* [ ] Add per-validator proofs of custody, including slashing conditions +* [ ] Clearly define all the terms in the glossary +* [ ] Add an appendix for BLS12-381 +* [ ] Add an appendix for the offchain signature aggregation logic +* [ ] Rework the document for readability +* [ ] Undergo peer review, security audits and formal verification -Slashing conditions may include: +**Possible changes and additions** - - Casper FFG slot equivocation [done] - Casper FFG surround [done] - Beacon chain proposal equivocation [done] - Shard chain proposal equivocation - Proof of custody secret leak - Proof of custody wrong custody bit - Proof of custody no secret reveal - RANDAO leak +* [ ] Replace Blake with a STARK-friendly hash function +* [ ] Replacing the IMD fork choice rule with LMD +* [ ] Merge `crystallized_state_root` and `active_state_root` into a single root +* [ ] Add Merklelisation of the state root(s) for light clients +* [ ] Add logic for versioning and upgrades +* [ ] Get rid of dynasties +* [ ] Add a RANDAO slashing condition for early leakage +* [ ] Reworking the `ShardAndCommittee` data structures +* [ ] Reduce the slot duration to 8 seconds +* [ ] Allow for the delayed inclusion of aggregated signatures # Appendix ## Appendix A - Hash function From 21da063d3cc0c543f79fadab2e0395c54c2b16c8 Mon Sep 17 00:00:00 2001 From: Justin Date: Wed, 3 Oct 2018 12:04:17 +0100 Subject: [PATCH 2/6] Update casper_sharding_v2.1.md --- specs/casper_sharding_v2.1.md | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/specs/casper_sharding_v2.1.md b/specs/casper_sharding_v2.1.md index 04c7a2312..117b670f7 100644 --- a/specs/casper_sharding_v2.1.md +++ b/specs/casper_sharding_v2.1.md @@ -586,28 +586,29 @@ Finally: Note: This spec is ~60% complete. * [ ] Specify how `crystallized_state_root` and `active_state_root` are constructed -* [ ] Specify the shard chain blocks, proposers, etc. +* [ ] Specify the shard chain blocks, blobs, proposers, etc. * [ ] Fully specify the registration contract on the PoW chain * [ ] Flesh out RANDAO, including the hardening against orphaned reveals * [ ] Add per-validator proofs of custody, including slashing conditions -* [ ] Clearly define all the terms in the glossary * [ ] Add an appendix for BLS12-381 -* [ ] Add an appendix for the offchain signature aggregation logic +* [ ] Add an appendix on gossip networks and the offchain signature aggregation logic +* [ ] Clearly define all the terms in the glossary * [ ] Rework the document for readability * [ ] Undergo peer review, security audits and formal verification **Possible changes and additions** * [ ] Replace Blake with a STARK-friendly hash function -* [ ] Replacing the IMD fork choice rule with LMD +* [ ] Replace the IMD fork choice rule with LMD * [ ] Merge `crystallized_state_root` and `active_state_root` into a single root * [ ] Add Merklelisation of the state root(s) for light clients * [ ] Add logic for versioning and upgrades * [ ] Get rid of dynasties * [ ] Add a RANDAO slashing condition for early leakage -* [ ] Reworking the `ShardAndCommittee` data structures +* [ ] Reworke the `ShardAndCommittee` data structures * [ ] Reduce the slot duration to 8 seconds * [ ] Allow for the delayed inclusion of aggregated signatures +* [ ] Consider separate networking-optimised serialisation formats # Appendix ## Appendix A - Hash function From 1c3b38a7496319d90920b8331b74975496ed4ed4 Mon Sep 17 00:00:00 2001 From: Justin Date: Wed, 3 Oct 2018 12:10:52 +0100 Subject: [PATCH 3/6] Update casper_sharding_v2.1.md --- specs/casper_sharding_v2.1.md | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/specs/casper_sharding_v2.1.md b/specs/casper_sharding_v2.1.md index 117b670f7..d072a804e 100644 --- a/specs/casper_sharding_v2.1.md +++ b/specs/casper_sharding_v2.1.md @@ -587,17 +587,24 @@ Note: This spec is ~60% complete. * [ ] Specify how `crystallized_state_root` and `active_state_root` are constructed * [ ] Specify the shard chain blocks, blobs, proposers, etc. +* [ ] Add a double-batched Merkle accumulator for beacon chain blocks +* [ ] Specify the various assumptions (global clock, validator honesty, validator liveness, etc.) * [ ] Fully specify the registration contract on the PoW chain * [ ] Flesh out RANDAO, including the hardening against orphaned reveals * [ ] Add per-validator proofs of custody, including slashing conditions +* [ ] Use a separate hash function for the proof of possession * [ ] Add an appendix for BLS12-381 * [ ] Add an appendix on gossip networks and the offchain signature aggregation logic -* [ ] Clearly define all the terms in the glossary +* [ ] Comprehensively and clearly define all the terms in the glossary * [ ] Rework the document for readability * [ ] Undergo peer review, security audits and formal verification **Possible changes and additions** +* [ ] Deprecate Wei and use 64-bit balances, consistent with a 64-bit EVM2.0 +* [ ] Allow for deposits larger than 32 ETH, as well as deposit top ups +* [ ] Having penalties for having a deposit below 32 ETH +* [ ] Add a `SpecialObject` to change the `withdrawal_shard_id`, `withdrawal_address` or `randao_commitment` * [ ] Replace Blake with a STARK-friendly hash function * [ ] Replace the IMD fork choice rule with LMD * [ ] Merge `crystallized_state_root` and `active_state_root` into a single root @@ -605,7 +612,7 @@ Note: This spec is ~60% complete. * [ ] Add logic for versioning and upgrades * [ ] Get rid of dynasties * [ ] Add a RANDAO slashing condition for early leakage -* [ ] Reworke the `ShardAndCommittee` data structures +* [ ] Rework the `ShardAndCommittee` data structures * [ ] Reduce the slot duration to 8 seconds * [ ] Allow for the delayed inclusion of aggregated signatures * [ ] Consider separate networking-optimised serialisation formats From ca7bb7426e4adc05f3a7ec8e1c56127caff71895 Mon Sep 17 00:00:00 2001 From: Justin Date: Wed, 3 Oct 2018 12:32:16 +0100 Subject: [PATCH 4/6] Update casper_sharding_v2.1.md --- specs/casper_sharding_v2.1.md | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/specs/casper_sharding_v2.1.md b/specs/casper_sharding_v2.1.md index d072a804e..453537cb0 100644 --- a/specs/casper_sharding_v2.1.md +++ b/specs/casper_sharding_v2.1.md @@ -587,15 +587,17 @@ Note: This spec is ~60% complete. * [ ] Specify how `crystallized_state_root` and `active_state_root` are constructed * [ ] Specify the shard chain blocks, blobs, proposers, etc. -* [ ] Add a double-batched Merkle accumulator for beacon chain blocks +* [ ] Specify the rules for forced deregistrations +* [ ] Add a double-batched Merkle accumulator for historical beacon chain blocks * [ ] Specify the various assumptions (global clock, validator honesty, validator liveness, etc.) -* [ ] Fully specify the registration contract on the PoW chain -* [ ] Flesh out RANDAO, including the hardening against orphaned reveals +* [ ] Specify in Solidity the registration contract on the PoW chain +* [ ] Specify the RANDAO logic, including the hardening against orphaned reveals * [ ] Add per-validator proofs of custody, including slashing conditions * [ ] Use a separate hash function for the proof of possession * [ ] Add an appendix for BLS12-381 * [ ] Add an appendix on gossip networks and the offchain signature aggregation logic * [ ] Comprehensively and clearly define all the terms in the glossary +* [ ] Clearly document the various edge cases, e.g. with committee sizing * [ ] Rework the document for readability * [ ] Undergo peer review, security audits and formal verification @@ -603,7 +605,7 @@ Note: This spec is ~60% complete. * [ ] Deprecate Wei and use 64-bit balances, consistent with a 64-bit EVM2.0 * [ ] Allow for deposits larger than 32 ETH, as well as deposit top ups -* [ ] Having penalties for having a deposit below 32 ETH +* [ ] Add penalties for a deposit below 32 ETH (or some other threshold) * [ ] Add a `SpecialObject` to change the `withdrawal_shard_id`, `withdrawal_address` or `randao_commitment` * [ ] Replace Blake with a STARK-friendly hash function * [ ] Replace the IMD fork choice rule with LMD From 24c8a53b5c7be0248015413b6c0f8586e79d6b67 Mon Sep 17 00:00:00 2001 From: Justin Date: Wed, 3 Oct 2018 14:29:56 +0100 Subject: [PATCH 5/6] Update casper_sharding_v2.1.md --- specs/casper_sharding_v2.1.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/specs/casper_sharding_v2.1.md b/specs/casper_sharding_v2.1.md index 453537cb0..f7ab010bb 100644 --- a/specs/casper_sharding_v2.1.md +++ b/specs/casper_sharding_v2.1.md @@ -590,7 +590,7 @@ Note: This spec is ~60% complete. * [ ] Specify the rules for forced deregistrations * [ ] Add a double-batched Merkle accumulator for historical beacon chain blocks * [ ] Specify the various assumptions (global clock, validator honesty, validator liveness, etc.) -* [ ] Specify in Solidity the registration contract on the PoW chain +* [ ] Specify in Vyper the registration contract on the PoW chain * [ ] Specify the RANDAO logic, including the hardening against orphaned reveals * [ ] Add per-validator proofs of custody, including slashing conditions * [ ] Use a separate hash function for the proof of possession From 9a05c79e3ecf1fafe2ceeb71bee0ff1207dc458f Mon Sep 17 00:00:00 2001 From: Justin Date: Wed, 3 Oct 2018 22:15:43 +0100 Subject: [PATCH 6/6] Update casper_sharding_v2.1.md --- specs/casper_sharding_v2.1.md | 47 ++++++++++++++++++----------------- 1 file changed, 24 insertions(+), 23 deletions(-) diff --git a/specs/casper_sharding_v2.1.md b/specs/casper_sharding_v2.1.md index f7ab010bb..5c4106cbf 100644 --- a/specs/casper_sharding_v2.1.md +++ b/specs/casper_sharding_v2.1.md @@ -585,39 +585,40 @@ Finally: Note: This spec is ~60% complete. -* [ ] Specify how `crystallized_state_root` and `active_state_root` are constructed +**Missing** + +* [ ] Specify how `crystallized_state_root` and `active_state_root` are constructed, including Merklelisation logic for light clients +* [ ] Specify the rules around acceptable values for `pow_chain_ref` * [ ] Specify the shard chain blocks, blobs, proposers, etc. * [ ] Specify the rules for forced deregistrations -* [ ] Add a double-batched Merkle accumulator for historical beacon chain blocks -* [ ] Specify the various assumptions (global clock, validator honesty, validator liveness, etc.) -* [ ] Specify in Vyper the registration contract on the PoW chain -* [ ] Specify the RANDAO logic, including the hardening against orphaned reveals -* [ ] Add per-validator proofs of custody, including slashing conditions -* [ ] Use a separate hash function for the proof of possession -* [ ] Add an appendix for BLS12-381 +* [ ] Specify the various assumptions (global clock, networking latency, validator honesty, validator liveness, etc.) +* [ ] Specify (in a separate Vyper file) the registration contract on the PoW chain +* [ ] Specify the bootstrapping logic for the beacon chain genesis (e.g. specify a minimum number validators before the genesis block) +* [ ] Specify the logic for proofs of custody, including slashing conditions +* [ ] Add an appendix about the BLS12-381 curve * [ ] Add an appendix on gossip networks and the offchain signature aggregation logic -* [ ] Comprehensively and clearly define all the terms in the glossary -* [ ] Clearly document the various edge cases, e.g. with committee sizing -* [ ] Rework the document for readability +* [ ] Add a glossary (in a separate `glossary.md`) to comprehensively and precisely define all the terms * [ ] Undergo peer review, security audits and formal verification -**Possible changes and additions** +**Possible rework/additions** -* [ ] Deprecate Wei and use 64-bit balances, consistent with a 64-bit EVM2.0 -* [ ] Allow for deposits larger than 32 ETH, as well as deposit top ups -* [ ] Add penalties for a deposit below 32 ETH (or some other threshold) -* [ ] Add a `SpecialObject` to change the `withdrawal_shard_id`, `withdrawal_address` or `randao_commitment` -* [ ] Replace Blake with a STARK-friendly hash function * [ ] Replace the IMD fork choice rule with LMD -* [ ] Merge `crystallized_state_root` and `active_state_root` into a single root -* [ ] Add Merklelisation of the state root(s) for light clients -* [ ] Add logic for versioning and upgrades +* [ ] Merklelise `crystallized_state_root` and `active_state_root` into a single root +* [ ] Replace Blake with a STARK-friendly hash function * [ ] Get rid of dynasties -* [ ] Add a RANDAO slashing condition for early leakage -* [ ] Rework the `ShardAndCommittee` data structures * [ ] Reduce the slot duration to 8 seconds * [ ] Allow for the delayed inclusion of aggregated signatures -* [ ] Consider separate networking-optimised serialisation formats +* [ ] Use a separate networking-optimised serialisation format for networking +* [ ] Harden RANDAO against orphaned reveals +* [ ] Introduce a RANDAO slashing condition for early leakage +* [ ] Use a separate hash function for the proof of possession +* [ ] Rework the `ShardAndCommittee` data structures +* [ ] Add a double-batched Merkle accumulator for historical beacon chain blocks +* [ ] Allow for deposits larger than 32 ETH, as well as deposit top-ups +* [ ] Add penalties for a deposit below 32 ETH (or some other threshold) +* [ ] Add a `SpecialObject` to (re)register +* [ ] Rework the document for readability +* [ ] Clearly document the various edge cases, e.g. with committee sizing # Appendix ## Appendix A - Hash function