[Din] [DIN] question about a quorum intersection in SCP

Vasiliy Kevroletin <vasiliy.kevroletin@serokell.io> Mon, 04 March 2019 08:30 UTC

Return-Path: <vasiliy.kevroletin@serokell.io>
X-Original-To: din@ietfa.amsl.com
Delivered-To: din@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5DB08129A85 for <din@ietfa.amsl.com>; Mon, 4 Mar 2019 00:30:41 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.699
X-Spam-Level:
X-Spam-Status: No, score=-1.699 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_INVALID=0.1, DKIM_SIGNED=0.1, RCVD_IN_DNSWL_NONE=-0.0001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=neutral reason="invalid (public key: missing p= tag)" header.d=serokell.io
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jJAEg6C3n5ET for <din@ietfa.amsl.com>; Mon, 4 Mar 2019 00:30:40 -0800 (PST)
Received: from mail-lj1-x232.google.com (mail-lj1-x232.google.com [IPv6:2a00:1450:4864:20::232]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C8C391292F1 for <din@irtf.org>; Mon, 4 Mar 2019 00:30:39 -0800 (PST)
Received: by mail-lj1-x232.google.com with SMTP id a17so3531637ljd.4 for <din@irtf.org>; Mon, 04 Mar 2019 00:30:39 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=serokell.io; s=google; h=mime-version:from:date:message-id:subject:to; bh=WurWuZpdImfWngokToh7hadaSRy7nhcufesGGLt/h34=; b=qgN+0956i6wLVfUx61SjczQKc+LCNVhSwNkf7oZpE8WqISQunpkpndUG9X9raXW+t7 oBAkUP8+CdTLTLW8oBEMC7TTTEmKrj0yRY3zl5FWUsfx1yg+ARcOEX8hBzxIKsKN/Wqh xjE50pZEw2gHTUBr9chX4xYDutWjkYWZX9QUU=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=WurWuZpdImfWngokToh7hadaSRy7nhcufesGGLt/h34=; b=IlYEfNvwsxhXsWOYgW22A7X8zSkCZmzmsnX3og7cfNoODh2WIODQXKVPIZ29w125t7 EtKoNvCSbTxgwx4RzgM9QAmMpyMMZaDt49tFshSJUySOYglC7HKVsGl06kmrPvpQzd7h A+MDK7cLY0b0DsQzeGfuHwd61als+W8JGLFAvforoOjT4mnfiqsrK2+nZ+eRtVxC+edL YUpG6iStKLxyxgfOK4rxrIR5O7dZ5LZQPIYzLwHqxkl+Ri7XoxLS2deWKQ1Vlz0h/BTw WXLW53Wl5XqB2XbKqOe7BQPyC+JSjTiSsm/zHtF/rnc94MTI14l8OKIvUOVn5X+3zg0g 96Iw==
X-Gm-Message-State: APjAAAXdQPoT0y02LNxeOJbSx3fkL2luYev68W/Nbr0fAzMHo6UFUbm8 ffPUgvVbHqvjCpQz4pf+IfEP5DTPOJVVBeLbsnu11Yxt9gA=
X-Google-Smtp-Source: APXvYqwu4OZ8eGiDcNnqNzduya8bio8WPAJKc9qMVnVTyF6gnTKIANSMLNWo48IVXJDVXZbfj6fCT1f8u9FJuJ6nGlU=
X-Received: by 2002:a2e:8092:: with SMTP id i18mr10045264ljg.91.1551688237545; Mon, 04 Mar 2019 00:30:37 -0800 (PST)
MIME-Version: 1.0
From: Vasiliy Kevroletin <vasiliy.kevroletin@serokell.io>
Date: Mon, 04 Mar 2019 15:30:26 +0700
Message-ID: <CAE5h2OD8ehfxpku3tm0ivKFK0QC=hox=nRDkQ0Burby011=6Ww@mail.gmail.com>
To: din@irtf.org
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/din/6yKBDMnzradw2Xttg8ekR8Uo4B8>
Subject: [Din] [DIN] question about a quorum intersection in SCP
X-BeenThere: din@irtf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Discussion of distributed Internet Infrastructure approaches, aspects such as Service Federation, and underlying technologies" <din.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/din>, <mailto:din-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/din/>
List-Post: <mailto:din@irtf.org>
List-Help: <mailto:din-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/din>, <mailto:din-request@irtf.org?subject=subscribe>
X-List-Received-Date: Mon, 04 Mar 2019 08:33:14 -0000

Hello, mailing list

*About me*

My name is Vasiliy Kevroletin, currently, I am studying SCP as a part of my work
at serokell.io. I have a question about Stellar network and SCP.

*Short version*

How system ensures (both in practice and in theory), that there will be quorum
intersection despite ill-behaved nodes?

*Long version*

As far as I understand, to guarantee safety, the paper requires FBAS to have
quorum intersection despite ill-behaved nodes (correct me please if I am wrong).
Which, for me, sounds reasonable and similar to the requirement from the
classical PBFT algorithm to have `2*f + 1` well-behaving nodes.

However, the requirement of quorum intersection seems to be more complex
compared to the classical PBFT, because in SCP each node has it's own "trust
preferences" (quorum slices). Which means that the choice of each node
contributes to the security of the whole system. I don't know right terminology,
but I try to visualize union of all quorum slices as a graph and I intuitively
call it as a "trust graph". My question can be reformulated as "how to analyze a
trust graph?". I am interested both in mathematical analysis, experiments and
observing a real-world functioning system.

I am interested in the analysis of "trust graph" to answer more practical
questions:
+ how each node should choose quorum slices? are there any guidelines?
+ does someone have an idea if it possible to get some metrics from the system
  (for example amount of Stake) and automatically propose (or recommend) quorum
  slices for each node?
+ is it possible to somehow analyze existing system and understand that there
  are potential problems with choices of particular nodes? For example, that
  failure of only a few nodes can partition the system

Thank you

--
Best regards,
Vasiliy Kevroletin