For all versions of the proposal, regardless if we use the conflict code or not, I think we should require authorities to participate for at least for 3 rounds of the reveal phase, otherwise not participate in the shared randomness calculation for the day.
This does not have a significant effect over the partitioning attack (which we agreed there's no sense addressing) but it may prevent consensus conflicts that could lead to SRDISASTER or accidental partitioning, in case an authority simply joins too late and for a reason or other doesn't catch up with the rest of the votes from other authorities. Plus, I don't see a reason for why we shouldn't require this - the probability for an authority to be genuinely available _only_ for the last reveal round is reasonably low. Also, if an authority was absent for > 23 hours in a day, not allowing it to participate in the shared randomness calculation for that day only is not an unusual or abusive punishment.
If an authority was present and voted in that protocol run before hour -3, but missed hour -3, it should be allowed to participate. Basically require to have at least 3 reveal votes in the reveal phase of a single day to make sure it has quite low chances not to be in sync. Or we could only require the last 3 reveal rounds from 21:00 UTC or hour -3 to hour 0.
This will be decided just by looking from code simplicity point of view, as in terms of security and followed goal both provide the same effect. I am equally fine with both approaches (but it's very much more unlikely to miss 3 rounds (votes) during ALL the reveal phase as opposite to missing the last 3 consecutive ones).
What do you think?
Whatever we decide, can we make it a torrc option? That way, authorities running the SR code can bootstrap relatively quickly in test networks. (The fastest possible bootstrap would have 1 SR commit round and 1 SR reveal round.)
Tim
Tim Wilson-Brown (teor)
teor2345 at gmail dot com PGP 968F094B
teor at blah dot im OTR CAD08081 9755866D 89E2A06F E3558B7F B5A9D14F
|