owned this note
owned this note
Published
Linked with GitHub
Incentivization, Spam Protection and Validation in Whisper
=========================================================
# OKRs
- P0. Improve decentralization, including light client support
- P2. 50 users running Status nodes
# Problems
- how to convince community to run Status nodes?
- one idea is that people would do that voluntarily
- they would not in the long-term
- some would do that in order to be independent, for example running a Mail Server to avoid giving up some metadata
- provide incentivization layer, i.e. pay SNT for running nodes
- how much SNT?
- we can assume a single node on Digital Ocean which costs around $10/mo
- SNT value should cover that
- it must be easy
- clear step-by-step instruction
- for example, how to run a Status node on Ubuntu and Digital Ocean
- clear instruction how they can earn SNT
- it requires registering and managing their nodes
- DApp?
- how to monitor if registered nodes are good and provide quality service?
- one can register a node but it can work poorly
- for example, Mail Server can be often down and fail to deliver all historic messages
- payment must depend on the service quality
- validators are a must ???
- who would run validators?
- what would be incentivization for doing that?
- stake and slash
- providers would need to stake some SNT in order to register their nodes
- if they provide good service, their stake is safe and they earn SNT
- if the service quality is bad they do not earn SNT and their stake might be slashed
- how to decide when stake should be slashed?
- slashed stake, in some %, goes to a validator
- we would need to provide validators
- how to prevent from abusing being a validator?
- I can run a lot of validators and try to attack nodes with DoS in order to get their stake
- how validator can prove that service's quality is bad?
- MailServer -- it fails to deliver historic message
- one more problem is that MailServer can limit peers they accept; how a validator can not be blocked?
- Whisper -- ???
- should validator also stake SNT?
- can a Status node validate validator and slash its stake? :D
- how and for what should the Status app users pay?
- for Mail Servers,
- each Mail Server may have a different price and capabilities (one can store messages for 1 month and another one for 1 year)
- for message passing by Whisper nodes ???
- should the payment depend on the number of messages
- OR the time the node uses connection slots
- for bumping PoW of their messages ???
- is it possible? It was mentioned long time ago during a call with Whisper co-author
- how should they pay?
- stake and token burning?
- there is an EIP for subscriptions payment
# PoC 1
Above, we distinguished two groups of users: service providers and users.
As we don't want to put any more impediments on users and we want to fulfill our quarter objectives, we should focus on service providers.
## Objectives of PoC 1
- it's possible for non-core-contributors to run a Mail Server and register it in Status Mail Server Registry
- registration requires a stake in SNT
- non-core-contributors can run validators which will verify if registered Mail Servers provide a good quality service
- figure out how to do that
- there is pool of SNT from which Mail Server providers are paid if they provide a good quality service
- similar incentive as 1MM for work done through SOB
# Thoughs on proof-of-custody inspired solution
1. We established that a MailServer needs to send commitments for envelopes it is going to store
- commitment will contain envelope's hash and a signature of the hash
2. Validator submits a challenge on-chain,
3. Challange requires data from which a message hash is recreated: `hash=H(data, ttl, topic, expiry, nonce); if ecRecover(hash, sig) == msg.address`, the challenge is resolved successfully,
5. Reputation needs to be somehow calculated
- commitments with larger envelopes (data field) will results in a larger reputation value
- a higher number of commitments also increases a raputation score
- obviously, failing a challenge decreases a reputation score
## Attack vectors
1. Validator can send a lot of challenges in order to get rid of compeeting MailServers,
- if a challenge is resolved successfully, validator's stake is slashed
2. MailServer can trick a validator to challenge it,
- it's hard to see any gain for MailServer
- MailServer must pay a tx fee to resolve a challenge which is much higher than making a challenge; it won't get validator's stake
3. It is impossible to resolve a challenge successfully because of huge `data` value in the envelope
- MailServer must be careful about commitments it broadcasts
- check Optimizations section below
## Optimizations
1. Consider removing `data` from the calculations. This will require providing an additional hash `hash=H(H(data), ttl, topic, expiry, nonce)` in the commitment, however, it will reduce the cost of resolving a challenge.
# Resources
1. https://gladius.io/pdf/gladius-whitepaper.pdf
2. https://distributedlab.com/whitepaper/ProofOfcustody.pdf
3. https://github.com/AdamColton/trustGraph