What I mean by shared security is that the security of a canister executing on a subnet should not be at risk if the 1/3 of the nodes on that subnet are compromised (typically comprised of 13 nodes) but rather should be secured by the network as a whole (559 nodes) in some sense.
Scaling while ensuring shared security is what Ethereum is trying to achieve with rollups, Polkadot is trying to achieve with the relay chain/parachain model, and Near is trying to achieve by randomly and frequently reassigning validators to different shards. This can be distinguished from the Cosmos/ICP approach where each subnet is essentially independent and can be separately compromised.
Possible approaches:
-
Node shuffling. although this doesn’t increase the number of nodes that need to be compromised frequent shuffling makes it harder for an attacker to target a particular subnet via time consuming bribery or hacks since the nodes involved can change unpredictably.
-
Subnets as Optimistic rollups: Each subnet acts like an Arbitrum (antitrust) rollup where in the happy case execution proceeds as it does now, but if one node within a subnet disputes a fraud proof is initiated. Since ICP lacks a canonical subnet that can act as an “L1” like computation court I suggest either reserving a high replication subnet for this purpose or simply picking a random subnet to handle the dispute since this would be unpredictable to the attacker.
-
Only High security canisters marked as having a high security demand (for example a ledger canister that holds asset balances) rather than the whole state are re-validated by additional nodes or subnets as an additional assurance. For example:
- By additional randomly chosen subnet(s).
- Using Dominics validation towers where a random beacon and staking system give additional assurance that the state of a particular canister has advanced correctly
-
Some crazy ZK thing.
These are just ideas. The point is more that there should be some kind of program looking at shared security as an objective since this is one of the main criticisms people make of ICP, and while it is not necessary for decentralised social media it is necessary for ICP to be trusted for DeFi and asset applications.