-
Notifications
You must be signed in to change notification settings - Fork 4
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Voting and certificates section of first tech report #94
Conversation
docs/technical-report-1.md
Outdated
- probability of honest quorum | ||
- 35% adversarial stake: $p = 0.917$ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Sadly, I think that this probability is much smaller because there is another step with ALBA, namely to actually create the certificate/proof. The completeness property of ALBA (ie that the probability that one is not able to create a proof is at most
However, when we have
For the concrete ALBA parameters chosen here, the probability to create a valid proof with 1.86e-20
, so it is extremely unlikely that one will ever be able to create an ALBA proof with a 35% adversary. I adapted the plot from cardano-scaling/alba#17 for the ALBA parameters proposed here:
In particular, even when the adversary only has 20% or 15% stake, so there are 4.13e-7
or 3.26e-3
, so still quite small (in particular much smaller than
So one either needs to change ALBA parameters (e.g. making
(For Peras, all of these things are even more pronounced as
matplotlib script for the plot above
#!/usr/bin/env nix-shell
#! nix-shell -i python3 --pure
#! nix-shell -p "python3.withPackages (ps: [ ps.matplotlib ps.scipy ])"
#! nix-shell -p texlive.combined.scheme-full
#! nix-shell -I nixpkgs=https://github.com/NixOS/nixpkgs/archive/4633a7c72337ea8fd23a4f2ba3972865e3ec685d.tar.gz
from math import *
import matplotlib.pyplot as plt
import numpy as np
plt.rcParams["text.usetex"] = True
plt.rcParams["text.latex.preamble"] = "\\usepackage{siunitx}"
lam = 80 # security parameter
n = 500
n_p_frac = 0.92
n_f_frac = 0.60
n_p = int(n_p_frac * n)
n_f = int(n_f_frac * n)
print(f"n_p = {n_p}, n_f = {n_f}, λ = {lam}")
assert n_f < n_p
# From Corollary 3:
u = ceil((lam + log2(lam) + 5 - log2(log2(e))) / log2(n_p / n_f))
# Make sure we are in Case 1 in the proof of Corollary 3.
S_1_bot = n_p / (17**2 / (9 * log2(e)) * u**2) - 7 < 1
S_2_bot = n_p / (17**2 / (9 * log2(e)) * u**2) - 2 < 1
assert S_1_bot or S_2_bot
# With the parameters above, we are in Case 1 in the proof of Corollary 3 (or
# the "≤ λ²" column in Figure 1).
d = ceil(32 * log(12) * u)
q = 2 * log(12) / d
r = ceil(lam)
print(f"u = {u}, d = {d}, q = {q}, r = {r}")
optimistic_prover_success_bound = lambda v: r * (v / n_p) ** u * d * q
fig, ax = plt.subplots(figsize=(9, 6))
X = np.arange(n_f - 10, n_p + 1)
ax.set_title(
"Optimistic ALBA proving\n"
f"$n_p = {n_p} = {n_p_frac} \\cdot n$ and $n_f = {n_f} = {n_f_frac} \\cdot n$ where $n = {n}$\n"
f"$\\lambda = {lam}$\n"
)
ax.set_xlabel("number of elements $|S_p|$ the prover has access to")
ax.grid(True)
ax.set_yscale("log", base=10)
ax.plot(X, np.vectorize(optimistic_prover_success_bound)(X))
ax.set_ylabel("probability (upper bound) to create a valid proof")
ax.tick_params(axis="y")
secax = ax.secondary_yaxis(location="right")
secax.set_yscale("log", base=2)
ax.axvline(x=n_p, linestyle="--", color="red", label="$n_p$")
ax.axvline(x=n_f, linestyle="--", color="green", label="$n_f$")
ax.legend()
ax.set_ylim(top=1)
axratio = ax.secondary_xaxis(location="top", functions=(lambda v: v / n, lambda r: r * n))
axratio.set_xlabel("$|S_p| / n$")
for specific_x in [0.65 * n, 0.8 * n, 0.85 * n]:
specific_y = optimistic_prover_success_bound(specific_x)
ax.annotate(
f"$\\num[exponent-mode = scientific, round-mode = places]{{{specific_y}}}$",
xy=(specific_x, specific_y),
xytext=(20, -3),
textcoords="offset points",
arrowprops=dict(facecolor="black"),
)
fig.savefig("optimistic-proving.png", dpi=300, bbox_inches="tight")
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks so much, this is very helpful. Aside from choosing different parameters, I see that I need to separate the general probabilistic computations about quorums (which would hold for any certificate scheme) from the additional considerations that a specific scheme like ALBA imposes. It feels like those general computations are an approximate upper bound on the probabilities of a specific scheme.
We should probably clearly separate these cases, which aren't disjoint and which share similar computations.
Content of certificate | Quorum on honest votes? | Certificate created? | Description | Dangerous? |
---|---|---|---|---|
honest votes | yes | yes | proper honest certificate | no |
honest votes | no | yes | erroneous honest certificate | yes |
honest votes | yes | no | failure to make honest certificate | yes |
honest votes | no | no | no honest quorum | no |
adversarial votes | yes | yes | adversarial certificate when honest one was possible | yes |
adversarial votes | no | yes | adversarial certificate | yes |
adversarial votes | - | no | failure to make adversarial certificate | no |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
83caa6e
to
8013fe7
Compare
No description provided.