# PeerDAS fork-choice part 2 This post follows [a previous one on the fork-choice of PeerDAS](https://notes.ethereum.org/P1iDee8lTwyAtHpZwd8LMw?view), incorporating changes stemming from the [recent developments in the design of PeerDAS](https://notes.ethereum.org/sFGCCOhYTjGbVH_lzItJnA?both). ## Roles of peer sampling ### Peer sampling for full nodes: transaction confirmation The first role of peer sampling concerns full nodes, in particular the security of transaction confirmations. Still, we *do not* need to use peer sampling for the safe head rule, because this already relies on an honest majority assumption, which, if satisfied, would already guarantee availability. Instead, as far as transaction confirmation is concerned, we only need to use peer sampling to ensure availability of finalized checkpoints. ### Peer sampling for attesters: resistance to supermajority attacks As discussed in the [interop update on PeerDAS](https://notes.ethereum.org/sFGCCOhYTjGbVH_lzItJnA?both), peer sampling is not necessary in order for consensus to function, as long as we have a sufficiently high custody requirement. In other words, as long as we have enough *subnet sampling* to ensure that at most a small percentage of the validators can ever vote for something unavailable. Still, peer sampling can play a role in improving a validator's response to supermajority attacks which invole the justification or finalization of an unavailable block. In such a situation, we would like to ensure two things: - An honest validator never votes with an unavailable source, i.e., to finalize an unavailable checkpoint. This would end up locking them on an unavailable chain, unable to even manually switch without slashing themselves through surround voting. - If an unavailable block is finalized, honest validators are able to construct a minority chain. If we can ensure that, we know that the attacker cannot easily disrupt this chain, because voting outside of the subtree rooted at the unavailable finalized block would lead to slashing. ### Peer sampling for proposers? Reorg resilience The last role of peer sampling could be to provide some protection against reorg attacks to proposers that are not supernodes. In particular, the [reorg attacks](https://notes.ethereum.org/P1iDee8lTwyAtHpZwd8LMw?both#Proposer-sees-available-attesters-see-unavailable) we are concerned with are ones in which the attacker tricks the proposer into believing that a block is available. The proposer then builds on an unvailable block, and no one attests to it. To be precise, the attack requires for there to be one slot between the unavailable block and the honest slot, because otherwise proposer boost reorging would be triggered due to the lack of votes. The attacker would then need to control at least two consecutive slots. In the previously linked document, we have suggested switching the fork-choice to a variant of the (block, slot) fork-choice, there called "the majority fork-choice", which would completely prevent this attack vector. However, this would come with the added complexity of a backoff scheme. If we do wish to avoid it for the time being, we could instead employ peer sampling as an extra defensive measures for proposers. In particular, we can have proposers do peer sampling on very weak blocks, for example ones whose total weight is $< 20$% of a committee's weight, the threshold that we currently use to decide whether to attempt a proposer boost reorg. If peer sampling fails, such blocks would be considered unavailable and not extended by the proposer, even if other conditions would normally prevent attempting proposer boost reorg, like the reorg depth being > 1. In order to carry out the attack, it would then be necessary to "defeat" peer sampling, by satisfying all of the proposer's sampling queries without actually making the data available. This does not seem much easier than directly DoSing the proposer, which is already possible today. Moreover, recall that this attack is only applicable to proposers that do not download all of the data, so the vast majority of proposers would not be vulnerable, if the validator custody prescription is widely followed. ## Peer sampling in the fork-choice spec To fulfill the first two roles of peer sampling discussed in the previous section, we employ it in two places in the fork-choice spec. For now we leave out the third role, because there is a lot of room for specifying exactly how and when proposers should use peer sampling in combination with proposer boost reorgs, if indeed that turns out to be the preferred way to handle the attack vector we described. ### on_block We do not import a block whose unrealized justified checkpoint is unavailable with respect to peer sampling: ```python pulled_up_state = state.copy() process_justification_and_finalization(pulled_up_state) assert is_chain_available(store, pulled_up_state.current_justified_checkpoint.root) ``` With this, we get two benefits: - We never update `store.justified_checkpoint` or `store.finalized_checkpoint` to something unavailable with respect to peer sampling (neither directly nor through realization of unrealized justification), nor do we ever have a block in the store whose justified checkpoint is unavailable with respect to peer sampling. Any API which exposes justifications and finalizations, either in the `store` or in the `state`, will never expose something unavailable, ensuring security of transaction confirmation. - We never attempt to vote with an unavailable voting source, because we do not have any such block imported. Therefore, we cannot ever end up locked on an unavailable chain, unable to switch without surround voting. ### get_head We are only left with the last goal, i.e., allowing honest validators to react to the finalization of an unavailable checkpoint by building a minority fork. To do so, we want to ensure that, in any such situation, `get_head` will filter out the unavailable chain and allow the validator to vote on some other branch. Note that this cannot lead to self slashing because we have already ensured that we never vote with an unavailable source. When running `get_head` and determining whether a block should be filtered out because of unavailability, we require peer sampling to be satisfied *only as long the block's epoch is at least two epochs in the past*. When that is the case, it is possible that this block is already finalized, on some branch which we would not have imported due to the availability check in `on_block`. At this point, we consider this block unviable (at least until peer sampling succeeds) and try to contribute to another chain. ```python def is_peer_sampling_required(store, slot): return compute_epoch_at_slot(slot) + 2 <= get_current_epoch(store) def get_head(store: Store) -> Root: # Get filtered block tree that only includes viable branches blocks = get_filtered_block_tree(store) # Execute the LMD-GHOST fork choice head = store.justified_checkpoint.root while True: # Get available children for the current slot children = [ root for (root, block) in blocks.items() if ( block.parent_root == head and is_data_available( root, require_peer_sampling=is_peer_sampling_required(store, block.slot) ) ) ] if len(children) == 0: return head # Sort by latest attesting balance with ties broken lexicographically # Ties broken by favoring block with lexicographically higher root head = max(children, key=lambda root: (get_weight(store, root), root)) ```
Last changed by  
Francesco
160

Read more

PeerDAS fork-choice

Written by Francesco, Luca and Roberto The goal of this document is to deepen our understanding of the interactions between the fork-choice and the data availability layer after introduction of data availability sampling (DAS), with the aim of mitigating potential attacks that arise. To achieve this, we first identify potential attacks under the current fork-choice specification and suggest strategies to counter them. This analysis assumes familiarity with the current fork-choice and known attacks, and with PeerDAS. Distribution phase and sampling phase Recall that in PeerDAS, each blob is individually extended horizontally, stacked vertically and subdivided in NUM_COLUMNS columns, which are used as the sampling unit. PeerDAS comprises two phases: a distribution phase and a sampling phase. In the distribution phase, columns are allocated among subsets of validators, with each subset tasked with the custody of one or more columns (CUSTODY_REQUIREMENT). Subsequently, in the sampling phase, validators request samples to verify data availability. These samples, or columns, are acquired from peers through a request/response mechanism. The distribution phase can also serve as a kind of preliminary sampling phase, enabling a validator to consider data available if all the columns it's required to custody are available, even before completing the actual sampling phase. This proves especially valuable when employing a trailing fork-choice function, a concept explaned further below. Tight fork-choice Ideally, almost all honest validators would ever only vote for blocks that are fully available, without needing to download all of the data. To achieve this, we can require a sufficiently high amount of sampling to be completed before ever voting for a block. We refer to this as the tight fork-choice. In PeerDAS, this would mean that validators are required to perform peer sampling immediately upon receiving a block, and cannot vote for it without completing it. This gives us a useful property, which we call $\delta$-safety of sampling, for some $\delta \in [0,1/2]$ dependent on the amount of sampling ($\delta \to 0$ as number of samples increases)

8/28/2024
Annotated Electra Spec -- The Beacon Chain

Notice: This document is a work-in-progress for researchers and implementers. Table of contents Introduction Constants Misc Withdrawal prefixes Domains

8/6/2024
PeerDAS design progress at the interop

Some meaningful changes in the PeerDAS design have been discussed, and agreed upon, at the interop: Do not use the tight fork-choice in the first iteration of PeerDAS Increase custody requirement and subnet count Introduce validator custody Take peer sampling completely out of the critical path of consensus In my opinion, they represent both a huge simplification and an increase in robustness of the design. Let's break down what these points mean and why that is the case. Trailing fork-choice instead of tight fork-choice

5/28/2024
Validator consolidation in EIP-7251

$\cdot$ by francesco, mike, & mikhail -- based on extensive discussions with Lion, Roberto, Sandra, & Barnabé -- tuesday, january 23, 2024 $\cdot$ tl;dr; EIP-7251 increases the MAX_EFFECTIVE_BALANCE of Ethereum validators to 2048 ETH while preserving the 32 ETH minimum. "In-protocol consolidation", a key feature in the EIP, allows validators to merge their effective balances (thus becoming a single validator with the combined stake) ~without~ fully exiting and re-entering the protocol through the activation queue. This feature is critical to enable large staking pools that wish to merge validators because it allows them to do so without sacrificing significant rewards during the consolidation period. Due to the importance of this feature, we present an FAQ document that aims to answer the natural questions about the process and justify the design decisions. $\cdot$ EIP-7251: related work $\cdot$

1/23/2024
Read more from Francesco
Published on HackMD