Anytrust model for subnets


AFAK Internet Computer Consensus is as defined in this paper, that is to say it is a Byzantine fault-tolerant consensus mechanism based on probabilistic leader election which is robust provided at most t < n/3 of the parties are corrupt While The Internet Computer as a whole currently runs on 549 machines. The Internet Computer is formed of independent subnets typically containing 13 nodes. This means only 4 nodes need to malicious or buggy for the subnet to fail. While higher relocation subnets are possible increasing the node count comes at the cost of higher costs and latency. This is not acceptable if the goal is for the IC to host consumer facing websites and other applications.

It is already the case that provided that at least one honest replica is still part of the subnet that replica can report misbehaviour to the NNS and the issue can be investigated and corrected. However the process is manual and there is no automated mechanisms for detecting fraud, determining fault and recovering state (See here .

Arbitrum anytrust model

Arbitrum “AnyTrust” is an Ethereum L2 with an honest minority security model. That is the L2 is secure provided there are at least 2 honest nodes. This represents a significant security improvement relative to a 2/3 honest nodes assumption. The system is analogous to:

  • A generalised state channel with a fixed set of nodes and where computation falls back to the main chain if any of them disagree. this paper

  • An optimistic rollup where an off chain committee rather than the L1 provides data availability guarantees. this paper for more details

Anytrust subnets.

It seems like variants of this model could be considered as a potential upgrade to subnet security. It allows full speed execution in the happy case and fall back to rollup if misbehaviour is reported.

  • High replication subnet(s) act as computational court (L1)
  • Nodes in subnet act as normal in happy case (Chain key threshold is adjusted to be n-1)
  • In case of dispute challenge is mediated on high replication subnet from last accepted state using bisection method.

Yeeeeees :heart: modular IC


Hope to hear any further discussion with Dfinity team.

1 Like