We intend to create CREDIT's (Credit SmartChain) consensus engine to fulfill the following objectives:
Wait a few confirmation blocks (should be less than Ethereum 1.0); it's usually best to avoid a fork. Blocking time should be no longer than 5 seconds, which is Ethereum 1.0.
No inflation; transaction gas fees serve as the block reward. Similar to how Ethereum is compatible. with staking and leadership as strong as the universe. Geth implements the ethash (based on PoW) and clique consensus engines (base on PoA). Because CREDIT forgoes PoW, Ethash is not a viable choice. Clique does as little as possible alter the underlying data structure to maintain compatibility with existing Ethereum clients while having a shorter blocking time and being immune to 51% attacks. Centralization and the absence of substantive on-chain staking and governance capabilities are PoA's weaknesses. The CREDIT SmartChain, on the other hand, is based on Cosmos, which does have a working staking and governance mechanism. Therefore, here we attempt to suggest a consensus engine that:
The staking and governance functions are handled by CREDIT SmartChain for CREDIT Smartchain. The CREDIT SmartChain consensus engine maintains a clique-like simplicity. We looked into a few well-known PoA consensus implementations and discovered that Bor had a similar layout to the one described above. To accomplish all of these objectives, we'll take a few ideas from Bor and suggest a new consensus engine.
Structure-related Elements CREDIT SmartChain. It is in charge of holding the staking function to choose the credit validators independently, and the election workflow is carried out using the staking technique.
Accord Protocol Clique is the name of the consensus engine's implementation. This document will overlook the typical details in favor of the differences.
We want to define a few concepts first before we introduce ourselves:
Block epoch. Periodically, the consensus engine will update the validatorSet from the NCValidatorSet contract. As of right now, a block is considered an epoch block if its height is multiples of 200. Snapshot. An assistance object called a snapshot is used to store the most recent validators and signers of blocks. key attributes minimal customer protection The (epoch+N/2) blocks are where validators set changes happen. (N is the validatorset's size before to the epoch block.) We postpone the N/2 block to allow the validatorSet to change in consideration of the security of the light client.
The extra data section of the block header is filled in by the validator for each epoch block by requesting the validatorset from the contract. It will be checked against the validatorset in the contract by the full node. A light client will use it as the validatorSet for next epoch blocks, but it is unable to check it against the contract; instead, it must have faith in the epoch block's signer. The lite client might just navigate to the incorrect Smartchain if the signer of the epoch block writes incorrect extra data. The erroneous epoch block won't receive further N/2 following blocks that are signed by other validators if we delay N/2 blocks to let the validatorSet change to occur, protecting the light client against such an attack.
Input/output operation System transactions are those that use system contracts and are triggered by the consensus engine. Transactions on the system are signed by the validator creating the block. According to its internal logic, the witness node will construct system transactions (without signatures) and, before applying them, will compare them to the system transactions in the block.
Require a backoff Out-of-turn validators in the Clique consensus protocol must wait a randomized period of time before sealing the block. It operates on the presumption that validators will use the canonical version and is implemented in the client-side node software. Validators might run a customized version of the node software to overlook such a delay, however this is plausible given that they would have an economic incentive to seal blocks as quickly as feasible. Every out-turn validator will be given a specific time period to seal the block, preventing them from rushing to do so. The other witness node will ignore any block generated by an out-turn validator that has an earlier blocking time.
How to make a fresh block Step 1: Get ready A validator node gets the block header for the following block ready.
load the snapshot from the database or cache, To make the implementation of light clients easier, each epoch block will save validators' set messages in the extraData field of the block header. The address of the validator is the coinbase. Step 2: Finish and put together If the expected validator is not there, the call will be made to the liveness slash contract to slash that validator and produce a slashing transaction. If there is a gas fee in the block, 1/16 of it will be given to the system reward contract, and the remaining portion will go to the validator contract. Phase 3: Seal before a validator broadcasts the new block, the last stage.
Add the signature to extraData and sign everything in the block header. A trustworthy validator will wait for a random, fair amount of time if it is inappropriate for them to sign blocks. How to replay or validate a block Step 1: CheckHeader Every time you get a new block, check the block header.
Check the extraData in the blockheader to make sure the coinbase signature is there. If the block time of the blockHeader is less than the predicted block time that the signer is expected to use, the blockHeader will be denied. It aids in preventing a self-centered validator from hastily sealing a block. The signer should be the coinbase, and expected value should be the difficulty. Step 2: Complete A validator node will retrieve validatorSet from NCValidatorSet and compare it with extra data if the block is an epoch block. Will call slash contract if the block is not produced by an inturn validatorvalidaror. If there is a gas fee in the block, 1/16 will be distributed to the system reward contract, and the remaining will be distributed to the validator contract. The consensus engine's generated transaction must match the block's transaction exactly. Signature The extraData in the blockheader contains the signature of the coinbase and has the following structure: epoch block. 65 bytes of signature + 32 bytes of extraVanity + N*20 bytes of validator address. block of no epoch. 65 bytes of signature data plus 32 bytes of additional vanity. The block header's Keccak256 RLP encoded content is the signed content.
Security and closure Given that there are more honest validators than 1/2N+1, PoA-based networks typically function safely and correctly. In some circumstances, such as the "Clone Assault," a small number of Byzantine validators may still be able to attack the network. Users of CREDIT are advised to hold off on receiving blocks until they have been signed by more than 2/3N+1 distinct validators in order to ensure maximum security. In this method, the CREDIT can tolerate less than 1/3*N Byzantine validators and be trusted at a security level comparable to the CREDIT.
If there are 21 validators and the block time is 5 seconds, the time required for the 2/3N+1 distinct validator seals will be (2/321+1)5 = 75 seconds. Any essential CREDIT applications might need to wait until 2/3N+1 in order to guarantee a reasonably secure conclusion. In addition to such a setup, CREDIT also adds Slashing logic to punish Byzantine validators for instability or double signing. This Slashing logic will quickly reveal the malicious validators and make it incredibly difficult or economically unviable to carry out the Clone Attack. With this improvement, the majority of transactions require 1/2*N+1 or even fewer blocks for confirmation.
Potential Problem extending the present validator's decision by momentary censorship It is feasible for the in-turn validator to censor the transaction and not change the set of validators for that epoch if the transaction that updates the validator is delivered to the CREDIT right on the epoch period. Even if a transaction cannot be censored indefinitely without the assistance of other n/2 validators, it can do so to lengthen the lifespan of the current validator set and reap some benefits. In general, collaborating with other validators can raise the likelihood of this scheme. The fact that an epoch is 240 blocks long, or 20 minutes, yet a block can be as short as 5 seconds is a pretty innocuous problem. As a result, the validators could only be extended for another 20 minutes.