Anytrust model for subnets

CoolPineapple · January 18, 2023, 2:00pm

Motivation

AFAK Internet Computer Consensus is as defined in this paper, that is to say it is a Byzantine fault-tolerant consensus mechanism based on probabilistic leader election which is robust provided at most t < n/3 of the parties are corrupt While The Internet Computer as a whole currently runs on 549 machines. The Internet Computer is formed of independent subnets typically containing 13 nodes. This means only 4 nodes need to malicious or buggy for the subnet to fail. While higher relocation subnets are possible increasing the node count comes at the cost of higher costs and latency. This is not acceptable if the goal is for the IC to host consumer facing websites and other applications.

It is already the case that provided that at least one honest replica is still part of the subnet that replica can report misbehaviour to the NNS and the issue can be investigated and corrected. However the process is manual and there is no automated mechanisms for detecting fraud, determining fault and recovering state (See here .

Arbitrum anytrust model

Arbitrum “AnyTrust” is an Ethereum L2 with an honest minority security model. That is the L2 is secure provided there are at least 2 honest nodes. This represents a significant security improvement relative to a 2/3 honest nodes assumption. The system is analogous to:

A generalised state channel with a fixed set of nodes and where computation falls back to the main chain if any of them disagree. this paper

An optimistic rollup where an off chain committee rather than the L1 provides data availability guarantees. this paper for more details

Anytrust subnets.

It seems like variants of this model could be considered as a potential upgrade to subnet security. It allows full speed execution in the happy case and fall back to rollup if misbehaviour is reported.

High replication subnet(s) act as computational court (L1)
Nodes in subnet act as normal in happy case (Chain key threshold is adjusted to be n-1)
In case of dispute challenge is mediated on high replication subnet from last accepted state using bisection method.

Tbd · January 18, 2023, 10:39pm

Yeeeeees modular IC

cryptodriver · January 20, 2023, 9:35am

Hope to hear any further discussion with Dfinity team.

Topic		Replies	Views
Security of Subnet with 13 Nodes General	5	378	May 15, 2023
Trustworthy Node Metrics for useful work Roadmap Discussing	3	747	February 7, 2024
Simple question on consensus Developers	3	365	December 15, 2022
Is ther any plan to increase node count of subnet commonly? Roadmap	5	708	January 30, 2023
Has someone here looked deeply into other consensus mechanisms? I was wondering how some of them compare to the ICs Developers Discussing	1	338	October 6, 2022

Anytrust model for subnets

Motivation

Arbitrum anytrust model

Anytrust subnets.

Related Topics