(Partially) Explained Casper CBC specs

With pictures!

A consensus protocol is a mechanism that provides guarantees for a set of communicating agents to agree on something. In the blockchain context, nodes that download new blocks want to make sure they agree on a set of transactions as canonical, a unique history of the system. With Proof of Work (PoW), as soon as a node solves the hashing puzzle with a set of transactions, it can publish this set with a proof of solution to its peers and hope to be included in the canonical chain.

The drawbacks of PoW have been widely covered: its extremely wasteful energy consumption aside, it is not clear that its throughput can be significantly increased while maintaining the same level of security. [1] By making it very difficult to be granted the right to publish a new block, PoW effectively controls writing access to the main chain. Is there another way we could grant this right while maintaining integrity?

Any alternative would need to make it costly to produce faulty, out-of-consensus blocks. In PoW, should you decide to mine out of the main chain, agreed by consensus, your loss will be the work done (solving the cryptographic puzzle) to mine these non-consensus blocks. This loss can very well be measured in dollars and cents, via the energy wasted on the puzzle. Why not cut out the extrinsic penalties and make them intrinsic to the framework?

This is the strategy of Proof of Stake (PoS). In this paradigm, some nodes have the option to become validators. To do so, they must agree to lock up a certain amount of capital (in protocol currency, e.g.) and participate collectively in the selection of the canonical next block. If a validator starts acting funny and deviates from the protocol in a malicious way, its deposit is slashed, in true game theory fashion of rewards and punishments.

But for this idea to even be feasible, we need to understand what it means to equivocate. We call validators a set of consensus-forming peers. Validators must reach consensus on the chain and work to maintain a canonical version of the protocol history, in spite of faults. This is the object of the paper by Vlad Zamfir, Nate Rush, Aditya Asgaonkar and Georgios Piliouras. Aditya already gave an excellent overview of the paper and its place in consensus research. This post serves instead as a hand-holding walkthrough to visually see the concepts behind the maths! [2]

What is CBC?

When designing systems, more so for multibillion dollars systems, security is fundamental. Testing thoroughly the system is one way of ensuring the system works as intended. Is it acting in a predictable way? Does a given set of inputs lead to an internal inconsistency (perhaps, a crash)?

The Correct-By-Construction methodology takes a different approach. We specify a set of first principles and derive correctness by logical induction from these first principles: the CBC way. To be practically useful, the first principles should not be inconsistent and should be specified by a set of formal rules. From these rules, properties of the system can be derived by formal logic and proven to be correct always.

The CBC way, exposed in the paper, also entails the following: Parts of the system may be left undefined, i.e. await for further specifications. One can prove that some property P holds for mechanisms living in some space S. On a subset of S, say a subcategory of mechanisms S’, we may prove some property P’, in addition to P, that may not hold for mechanisms in S that are not in S’. For instance, take S to be the space of blockchain consensus mechanisms. Restrict S’ to be the space of mechanisms that use the longest chain fork choice rule. We know e.g. that the extra specification (the fork choice rule) gives us consistency, a property P’ that may not hold for any other rule. The paper thus starts from a general, abstract specification, of which any part can be further refined to yield additional properties.