Phase 1 checklist

[vbuterin]

• Determine whether substantial conceptual simplifications to the proof of custody game are possible; if so implement them, if not, conclusively decide that it's fine as is.
• Grammar fixes and edits
• Naming changes
• Economic review, particularly around sizes and structure of rewards and penalties
• Evaluate possible change to branch challenges: a MultiBranchChallenge where a challenger challenges a particular data root, and all attestation signers are assigned random chunks to respond. This is theoretically much cheaper because it reuses the attestation verification.
• Evaluate a possible change where each recipient needs to respond with a contiguous array of eg. 16 chunks instead of a single chunk. Currently, we have very low data efficiency for responses because we use a ~500 byte branch to reveal/verify 32 bytes of data, we can extend this to ~900 bytes to reveal/verify 500 bytes of data, a much more favorable tradeoff if the goal is to force revealing the entire block.
• Replace the current mixing function for custody leaf generation (hash(data, subkey)) with a more MPC-friendly alternative

[vbuterin]

Evaluate possible change to branch challenges: a MultiBranchChallenge where a challenger challenges a particular data root, and all attestation signers are assigned random chunks to respond. This is theoretically much cheaper because it reuses the attestation verification.

FWIW my latest thinking on this is that especially with the 512 byte chunk change and the use of a non-slashable attestation, this is not necessary.

[JustinDrake]

Closing in favour of #864.