CL Y2 meeting notes === ###### tags: `Weekly Meetings` `Y` `Y2` ###### github: https://github.com/protocol/ConsensusLab/issues/13 :::info % COPY THE CONTENT OF THIS BLOCK! ## 2022-01-01 ### ✋ Attendees - Christian - Luca - Duc - @sa8 - @vukolic ### 📣 Updates - your notes here ### 🧵 Discussion ### 🎯 Up next - todo items for the week ### 🛑 Private - What went great? - What can be improved? - Discussions - FYIs ::: ## 2022-11-03 ### ✋ Attendees - Mohsen - Pedro - Duc - @sa8 - @vukolic ### 📣 Updates - Our paper was accepted at OPODIS'22 :tada: ### 🧵 Discussion - Addressing reviewers' comments. ### 🎯 Up next - @sa8: look at Delta thing https://dl.acm.org/doi/pdf/10.1145/3372297.3423365 ### 🛑 Private - What went great? - What can be improved? - Discussions - FYIs ## 2022-10-20 ### ✋ Attendees - Christian - Luca - Duc - @sa8 - @vukolic ### 📣 Updates - your notes here ### 🧵 Discussion - Roughgarden's paper - Christian: simiarl to the one we want to write - Duc: we formalize some attacks that they do not capture. Attacks based on resources. They also have resource pool similar to resource allocator in our paper and the ideal functionality in all blockchain paper. - Message by message permission. - they have two papers on arxiv: [this one](https://arxiv.org/abs/2006.10698) as well - worth reading the most recent one because the permittor is very similar as our allocator - deterministic consensus is impossible in permissionless setting for a bounded adversary - use message bcast by other to change your state - exclude byzantine from sending arbitrary message? - do they use authentication and not say it? - impossibility result - read this more carefully, extract what they want to do. - request for resource and permissioned set of messages? - comparison between their model and ours? - we did not express permissionless setting - look at the resources - comparison of the key concepts of each paper - How can we do this in our model ### 🎯 Up next - todo items for the week ### 🛑 Private - What went great? - What can be improved? - Discussions - FYIs ## 2022-10-6 ### ✋ Attendees - Christian - Luca - Duc - @sa8 - @vukolic - @guy-goren ### 🧵 Discussion - Christian: what to do next? - extend current formalization to more protocols - formalizing the sections that were left informal - lots of assumptions to relax, more realistic assumptions - More things to work on this project - The grant finishes in January but it could be extended (PL does not like 2 years projects) - Agree more on the topic before extension -team composition on christian's side - current paper: some very simplifying assumptions were made (this was expected to start with) - fixed total resources in the system: not realistic - Marko's thinks it's the main difference between pow and pos. pos inflationary role. non-inflationary token in pos limits the research. - inflationary: total supply increases. Monetary model? - pos looks like a permissioned system. - in inflationary it is not - prove pos is more like a permissioned? needs to define it precisely. In the non-inflationary world. - can we have the same thing as in pow? inflationary (non-inflationary for the token, inflationary for energy consumption) - separate the tokens and the resources. - pos token coupled with power of validators - filecoin: added more storage get more power BUT also need to post collateral - decoupling tokens from resource is one thing - analysing pos in inflationary vs non-inflationary? - need formal definition of permissioned system - take Marko's informal argument from his paper and "mix" it with our paper - inflation: define price and production of the resource - Christian: Politicians threatens to ban bitcoin mining. will they share this view? (Marko's view). - Marko: they do not understand it. - Bitcoin is not a payment system only. Monetary policy. - energy is abundant (e.g. nuclear) - needs knowledge to build these machines - this goes back to the external resource in the paper. - Marko is SUPER excited about this but open to other projects. - token value vs monetary policy in our paper is external - Terner is a different model. Also Roughgardenh's paper. They have some lower bounds, not fully understood. - Roughgarden assumes everyone's rational - malicious represents external incentives that are not considered. ### 🎯 Up next - Readings to do: - [Marko's paper](https://vukolic.com/on-the-future-of-decentralized-computing.pdf) - [Tim's paper](https://arxiv.org/abs/2101.07095) - Next meeting on 20th - Sarah may or not join (Dagstuhl) ## 2022-09-08 ### ✋ Attendees async ### 📣 Updates - Paper submitted to OPODIS :tada: ## 2022-09-01 ### ✋ Attendees - Luca - Duc - @sa8 ### 📣 Updates - your notes here ### 🧵 Discussion - resource bleeding - PoS worse because its the abosulate power that is inflated and not the relative power - private attacks -> remove the definition from that section ### 🎯 Up next - Sarah to follow up with Will about PIR ### 🛑 Private - What went great? - What can be improved? - Discussions - FYIs ## 2022-08-25 ### ✋ Attendees - Luca - Duc - @sa8 ### 📣 Updates - related work: Duc did it, sarah to review - 4.2 needs to be finished ### 🧵 Discussion - section 4.2: - for reusable resource, cost function is higer than for burnable - cost seems formal enough. - resource can be - power bleeding. for external resource easy to detect attack. - say what is the cost for each resource - for private attacks - for power bleeding attacks - not call a theorem but property - just say that cost is higer for these attacks ### 🎯 Up next - Sarah to review the paper tomorrow (Friday) - Sarah to write about 4.2 and rearrange on Mon/Tues - Luca and Duc to review 4.2 and edit it on Wed/Thurs - Friday: last passes and edits. - restructure - sarah to open discussion with will ### 🛑 Private - What went great? - What can be improved? - Discussions - FYIs ## 2022-08-11 ### ✋ Attendees - Christian - Luca - Duc - @sa8 - @vukolic ### 📣 Updates - LRA proof done - informal discussion on NaS and power-bleeding attack ### 🧵 Discussion - LRA proof: honest chain upper bound on alpha growth, adversarial chain, lower bound. - Change in PoS model. Will need to rely on other paper to import the proof. - Snow-White - [Tse's paper](http://tselab.stanford.edu/downloads/PoS_LC_SBC2020.pdf) ### 🎯 Up next - Luca and Duc to read Tse's paper and Snow-white and update the paper accordingly - Sarah to keep adding on NaS and power-bleeding and try to make it more formal. - No meeting next week (Sarah OOO) ### 🛑 Private - What went great? - What can be improved? - Discussions - FYIs ## 2022-07-28 ### ✋ Attendees No meeting this week, syncing on slack instead. ### 📣 Updates - Private attacks and Nothing-at-stake first draft ### 🧵 Discussion - Private attacks model - Nothing-at-stake ### 🎯 Up next - todo items for the week ### 🛑 Private - What went great? - What can be improved? - Discussions - FYIs ## 2022-07-21 ### ✋ Attendees - Christian - Luca - Duc - @sa8 ### 📣 Updates - Progress on the overleaf - Luca and Duc: section 3 - assume fix total amount od resrouce - generic protocol for longest chain - import similar results, reformulated (from Pass and Shi) - section 2 and 3 somehow complete - Sarah: section 4 ### 🧵 Discussion ### 🎯 Up next - sarah to read section 2 and 3 - sarah to look at lookback parameter in Filecoin - sarah to finish private attack section: do it more formally in accordanceto section 2 and 3 ### 🛑 Private - What went great? - What can be improved? - Discussions - FYIs ## 2022-07-07 ### ✋ Attendees - Luca - Duc - @sa8 - Guy ### 📣 Updates - Duc: proof Poisson process, still looking at how to prove it. - Sarah OOO next Thrusday (no meeting) ### 🧵 Discussion - Poisson distribution: - chia assume fix number of processes, can we use this? - if so then easy proof - but is it a reasonable assumptions - seems ok for now - most papers do this assumption - do proof with this assumptions and then find a way to generalize it. ### 🎯 Up next - Algorithm 1 and 3 -> have one protocol to describe them all - Luca and Duc: focus on section 5 - Sarah to help on section 6: - write down/formalize private attacks - Maybe nothing-at-stake - More formalization on LRA ### 🛑 Private - What went great? - What can be improved? - Discussions - FYIs ## 2022-06-30 ### ✋ Attendees - Christian - Luca - Duc - @sa8 ### 📣 Updates - Short version of the paper submitted to ConsensusDays :crossed_fingers: ### 🧵 Discussion - Time into resource allocator? - for now we consider a fixed total resource but this will need to change (especially as we consider lra) - proof of poisson process: look at Elaine Shi preprint, every honest node mines with probability p. -> foundations of distributed system. They consider processes with same amount of resource (can pbe extended). - Next Submission? - FC: problem Christian is co-chair - Euro S&P - S&P - OPODIS ### 🎯 Up next - sa8: look at attack on Chia from Dembo paper: does it apply to filecoin - Showing resource allocator generates commitments according to poisson process with rate $\lambda$ - formalize proof-of-storage: Luca and Duc to polish it and ping sarah - bring timing in - sa8 to look at praos proof about falt model equivalent to non-flat model ### 🛑 Private - What went great? - What can be improved? - Discussions - FYIs ## 2022-06-16 ### ✋ Attendees - Duc - @sa8 - Luca - Christian ### 📣 Updates - your notes here ### 🧵 Discussion - ConsensusDay: going for the demo - modelling of LRA is only thing missing - proof that resource allocator does the same thing as pow analysis so we can derive the total order broadcast properties. Resoure allocators follows Poisson distribution? how to prove this - introduction ### 🎯 Up next - Sa to wroite informal paragraph about LRA - SA to write intro ## 2022-06-02 ### ✋ Attendees - Luca - Duc - @sa8 ### 🧵 Discussion - total resource in the system constant? - fixed: easier but could be extended - formalize the conditions on the processes for the LRA to work - some processes need to "leave" the system for the attck to work (i.e. have their resource at zero although their resrouces were strictly positvive in the past) - show that with this condition the adversary can choose who to corrupt and do LRA but not possible for pow - is binding useful? - it seems that for PoW it makes sense but not for PoS - Duc to check Terner's paper to see how it comes into play. - Luca to modify proof to use verifiability - modify the validity predicate with external validity - paper for consensus days - pow and pos implement TOB - pow is more secure than pos because of physical resource - ### 🎯 Up next ## 2022-05-19 ### ✋ Attendees - Duc - @sa8 ### 📣 Updates - your notes here ### 🧵 Discussion - After discussion with Christian we do want to abstract away the private keys and consider that the adversary is corrupting parties. Parties indexed by time. Adversary will now control a process at a particular time :heavy_check_mark: - Adversary does not have access to the budget of that processes. has its own budget :heavy_check_mark: - in LRA the adversary can corrupt process who have a budet of zero at the time of corruption (i.e., they left the system). :heavy_check_mark: - do we need the binding property of the resource definition (definition 7)? - Submit a shorter version of the paper as a position paper (or a wip paper) to ConsensusDays. Put only PoW and PoS for the workshop. - Ideas for "full paper": FC or oakland ### 🎯 Up next - SA to write something about the fact that we do not consider tipsets :heavy_check_mark: - SA to double-check with cryptographers that algorithm 7 (and 5-6) is ok ### 🛑 Private - What went great? - What can be improved? - Discussions - FYIs ## 2022-05-10 ### ✋ Attendees - Duc - @sa8 ### 📣 Updates - your notes here ### 🧵 Discussion - Formal model of LRA: - we want to ideally abstract away the private keys (unlike, for example, the model of Winkle) - Index the set of processes by time - Add an "authentication function" of the resource allocator (i.e. such that a process can only call the "commit" function of resource allocator for itself and not someone else) ### 🎯 Up next - Duc to catch up on [Winkle](https://eprint.iacr.org/2019/1440.pdf) model - Discuss the model with Christian and start writting it down. - @sa8 to have a deeper read on paper and leave comments. ### 🛑 Private - What went great? - What can be improved? - Discussions - FYIs ## Duc Notes: Extracted comments from the manuscript: ``` % \item \textbf{Long-range Attack}: a process, $p$, that has % been offline for a long time may potentially interact with old set of % committees, and this old set of committee can feed $p$ invalid state and % there is no way $p$ can distinguish. This scenario is reasonable because % coins associated with these old addresses; hence, the adversary can buy the % old keys at no cost. % \item \textbf{Inclusiveness} implies the equality between new and existing % participants. Ideally, if a new participant makes the same investment % as an old participant, then both participants should have equal roles. % Apparently, in a (non-inflationary) proof-of-stake system, if one party % control more than 51\% stake and refuses to sell, then inclusiveness is % no longer available. ```