-
Notifications
You must be signed in to change notification settings - Fork 1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Misc questions #34
Comments
MAX_VALIDATOR_COUNT is not even used in the spec anywhere; we could just remove it.
Personally, I'm inclined to favor int64 over int32 for everything except data structures that get repeated a huge number of times; simplifies things that way. Though that's only my own preference; I'm ok with adding a millennium bug too.
Yep! Happy to make it an int384 when we switch over 😄
This theoretically makes the entire beacon chain from that point invalid.
0.606 ~= e ** -0.5. It's the easiest constant to work with in this context; basically, if we have a rule that deposits are cut by a factor of n/k^2 after n slots of inactivity leak, then after k slots deposits are
Calculating maximum rewards based on the given constants .
I brought up the possibility of making the deposit size variable earlier in our chat; I suppose it's a reasonable idea theoretically.
< 16 seconds, though given other people want a smaller slot duration I guess it's <8 seconds 😄
Nope!
They have to wait the ~3 months and then restart?
IMO the withdrawal address and withdrawal shard should just be immutable; this way you can have a hot signing key and cold hodling key without risking the signing key being able to fully steal funds.
Within the beacon chain, seems reasonable (use gwei as a unit?). Within shards, I'd say keep the use of bignums and wei for currency. |
I'm happy with keeping things clean 👍. That suggests homogenising
Don't we expect conflicting crosslinks from time to time? Suppose for example a committee almost creates crosslink for a shard block but one of the signatures required to reach the committee threshold takes a bit of time to get into the beacon chain. Shortly after the following happen:
I think we should be precise about timing assumptions:
How do they restart? As currently specced the only way to register is via the one-deposit on the PoW chain. If deregistration happens near the launch of the beacon chain (prior to shards having state) it may take years for that validator to be able to restart. I guess my question is: do we want to add a |
Ah I see. I was operating under the assumption that it's not possible to include a transaction for one committee by the time that it's possible to include a transaction for "the next committee" for that same shard, and particularly messages that contribute to committee N+1 must point to, and therefore be aware of, any blocks that could have included a transaction for committee N, so there's no room for honest misunderstandings from latency getting two conflicting committees into a beacon chain. I think that if we reduce the max committees per slot by a factor of at least 3 we get that invariant back; IMO that's the cleanest solution. In any case, I really want to enforce the norm that if the beacon chain includes a crosslink from a given shard block, then that means the beacon chain attests to that shard block being part of the canonical history, and the ultimate validity of the beacon chain from that point on now is now conditional on the validity of the shard chain up until that point. Allowing conflicting crosslinks would make all of that impossible as the beacon chain would effectively be attesting to two conflicting beacon chains.
Technically, we want networking latency plus clock disparity between all honest nodes to be <= 1 slot, so if honest node A sends a message at subjective time T, honest node B will receive the message within the subjective time interval (T - 8, T + 8) (negatives possible due to clock disparity). Though my simulations suggest things will be ok with clock disparity and/or network latency even going up to 3-4x slot duration or more, the chain just won't look as clean 😆 BTW I think we should consider whether or not a default client timing rule that adapts to some guess of what the majority of the network thinks the time is would make sense; will think more before making a concrete proposal.
Using the shard-to-beacon-chain deposit procedure, which is TBD 😄 |
Prysm was planning on having clients sync with an NTP server: prysmaticlabs/prysm#511 (comment) |
The private key is 48 bytes (384-bit) but the Edit: Ah, I was thinking about signatures not public keys, recovery bytes is on signatures. |
@mratsim Out of curiosity, what is a recovery byte? |
Taking from bitcoin's secp256k1: /** Opaque data structured that holds a parsed ECDSA signature,
* supporting pubkey recovery.
*
* The exact representation of data inside is implementation defined and not
* guaranteed to be portable between different platforms or versions. It is
* however guaranteed to be 65 bytes in size, and can be safely copied/moved.
* If you need to convert to a format suitable for storage or transmission, use
* the secp256k1_ecdsa_signature_serialize_* and
* secp256k1_ecdsa_signature_parse_* functions.
*
* Furthermore, it is guaranteed that identical signatures (including their
* recoverability) will have identical representation, so they can be
* memcmp'ed.
*/
typedef struct {
unsigned char data[65];
} secp256k1_ecdsa_recoverable_signature;
/** Parse a compact ECDSA signature (64 bytes + recovery id).
*
* Returns: 1 when the signature could be parsed, 0 otherwise
* Args: ctx: a secp256k1 context object
* Out: sig: a pointer to a signature object
* In: input64: a pointer to a 64-byte compact signature
* recid: the recovery id (0, 1, 2 or 3)
*/
SECP256K1_API int secp256k1_ecdsa_recoverable_signature_parse_compact(
const secp256k1_context* ctx,
secp256k1_ecdsa_recoverable_signature* sig,
const unsigned char *input64,
int recid
) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3); vs signature without recovery: /** Opaque data structured that holds a parsed ECDSA signature.
*
* The exact representation of data inside is implementation defined and not
* guaranteed to be portable between different platforms or versions. It is
* however guaranteed to be 64 bytes in size, and can be safely copied/moved.
* If you need to convert to a format suitable for storage, transmission, or
* comparison, use the secp256k1_ecdsa_signature_serialize_* and
* secp256k1_ecdsa_signature_parse_* functions.
*/
typedef struct {
unsigned char data[64];
} secp256k1_ecdsa_signature;
...
/** Parse an ECDSA signature in compact (64 bytes) format.
*
* Returns: 1 when the signature could be parsed, 0 otherwise.
* Args: ctx: a secp256k1 context object
* Out: sig: a pointer to a signature object
* In: input64: a pointer to the 64-byte array to parse
*
* The signature must consist of a 32-byte big endian R value, followed by a
* 32-byte big endian S value. If R or S fall outside of [0..order-1], the
* encoding is invalid. R and S with value 0 are allowed in the encoding.
*
* After the call, sig will always be initialized. If parsing failed or R or
* S are zero, the resulting sig value is guaranteed to fail validation for any
* message and public key.
*/
SECP256K1_API int secp256k1_ecdsa_signature_parse_compact(
const secp256k1_context* ctx,
secp256k1_ecdsa_signature* sig,
const unsigned char *input64
) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3); In implementation, secp256k1 signature are represented with v, r and s and v is the recovery byte while r and s are 32 bytes for a total of 1 + 32 + 32 = 65 bytes. Edit - here is additional explanation: ethereum/EIPs#155 (comment) by @jhoenicke
Edit 2: I was mixing public keys and signatures, the recovery byte is on signatures, public keys are 96 bytes. Signatures are 96 or 97 bytes. |
All issues addressed elsewhere 👍 |
Also update binary output due to metadata change.
Questions
MAX_VALIDATOR_COUNT
?slot
anddynasty
be set toint32
(as opposed toint64
)? With 8 second slot durations 32 bits gives us 1000+ years. (Same forjustified_streak
,justified_slot
, etc.)pubkey
being aint256
too small for BLS12-381?DEPOSIT_SIZE
? What about top-ups and penalties for being under theDEPOSIT_SIZE
?SpecialObject
to change thewithdrawal_shard_id
,withdrawal_address
orrandao_commitment
?Nitpicks
SpecialObject
types to clean upobj.type == 0
andobj.type == 1
.The text was updated successfully, but these errors were encountered: