Fluid dRNG committee selection

🌌 Research Coordicide
1

In the current proposal, the dRNG-committee consisting of the top high mana node is selected periodically (e.g. daily) and it is supposed to be “the” mana-dRNG-committee, see Committee selection for DRNG in IOTA. In case this committee breaks (fails to produce random numbers or turns out to be corrupted) we can either wait until the end of the period or select an “intermediate” committee, see also Committee Failure Detection Idea. However, to do this consensus has to be found about the “breaking” of the committee and on when to choose the next committee. Moreover, in a sharded world there might be several committees and consensus has to be established which dRND to use when and where.

For those reasons, we want to discuss a new “fluid” way to define/select dRNG committees.

  1. every node can trigger a new committee selection at any time;
    for instance, in case a node sees a need for a new committee it tries to open up a new committee. Such a need could be for instance: the old committee is no longer working correctly, messages of other committees arrive late, low trust in committee since mana is “far away”.
    This trigger messages can be open in the tangle or P2P messages to trusted partners.

  2. In case the trigger messages or open other nodes can candidate for this new committee following rules defined in the trigger message. For instance, they could just use the same procedure as in the current committee selection. After a certain time, if the committee selection procedure is successful, random numbers are produced and put on the tangle.

  3. As a result, there may be several committees at the same time. Every node or application is free to choose which dRNG to follow. For instance, in FPC honest nodes would follow the committee with the most (local) mana (at the current time).

In essence, it is: “The initiative to create a new committee may or may not be successful, and if it is it may be adopted or not.”

In the above everything is about freedom and this may also lead to chaos or times of re-organizations. For instance, there might be two running committees with almost the same members and the same total amount of mana. Now, some nodes decide not to be part of all committees and leave one of them; if several nodes do the same both committee may break at the same time. As a consequence, there might be no dRNG for some time (until a new committee is born.)
For this reason, we outline a possible reference implementation for honest nodes.

Let m be the size of the committee

  1. Nodes that are among 2m top mana nodes and do not receive a random number, or perceive that the current top m mana holders have 50% more mana than the current committee do the following
    a) check if another node already triggered a new committee selection
    b) if yes, apply, (if several apply to all of them)
    c) if no, trigger a new committee selection

  2. Nodes that still receive random numbers apply to ongoing selection if total mana of applicants is at least half of the mana of the current committee

  3. In case of a committee failure, there will probably be more than 1 committee renewal procedure starting around the same time. Honest nodes might agree on the one with the minimal timestamp. Since “lowest timestamp” may not be decidable at this point they may perhaps have to apply to several. But in the end, the minimal timestamp is objective, due to timestamp rules of the message layer. Break ties using minHash.

  4. A node may find itself in several committees, take the oldest timestamp of these committees, and measure cumulative manas of all committees with respect to this timestamp. Continue to be a member of the highest mana committee.

2

In general, I like the idea of giving users freedom, but It might be hard to pinpoint the exact algorithm of how to do this in this vision. Few comments:

  1. Mana is subjective, thus we have some kind of method to have consensus on mana. You wrote rules are in the trigger message. This is fine, but nodes have to know what to propose and how to interpret such proposed rules. We analyzed a few options and decided on own mana stating. If we want to have others we also would need to analyze them.
  2. It seems to me that we would need to fix mana committee size on the protocol level (or at least minimal and maximal number of members).
  3. If any user can create a trigger then the attacker can do this as well. Thus we need some kind of consensus on which trigger is the correct one. The earliest timestamp might be problematic because the attacker can issue trigger messages every 10 sec starting from genesis. This might be problematic as we would need to go far back in time. We might require that such ‘triggering node’ have certain mana, but there is no consensus on mana. Other solution might be that we relate ‘earliest trigger messages’ to the last produced random number and allow for it only when there is RN missing.
  4. If we use the criterion of RN missing as a minimal time when trigger message can appear then there is a question why do we even need certain nodes making this trigger message. Maybe let’s do this automatically - when the network detects random number missing automatically start new committee selection. If we do this then it is very close to the committee failure detection/ recovery mechanism that we already discussed and researched.
3
  1. They can be as in the previous proposition; or mana could be calculated by timestamp of trigger message.
  2. That s right, we need at least some committee that publishes random number at the correct frequency. But that s the same problem that we have now, if nobody wants to run a committee then there is no committee.
  3. These spam trigger messages would be just ignored by other nodes. For instance, a node that is currently in a committee and perceives that is does not work properly, will look if other nodes in the committee already triggered sth (but it will look not too much into the past, just until the committee was still working). Also, any other noder will only consider to appply for committee if this is interetsing (e.g. commutative mana of applicants is sufficiently high/ >50% of current committee)
  4. “the network detects” ? Do you mean that nodes have consensus on failure? If yes, then in this case one would need a consensus protocol (time, FPC among high mana nodes. committtee memebers). Indeed it is similar to detection mechanism, only that the consensus on what kind of committee to be used is done “on tangle”.
4

Assume that have some kind of criterion that tells us: from now on do not ignore trigger messages. For example no RN was produced for some time. Then we can just use this criterion to automatically start application for the new committee. No need for trigger message.