GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → cwgoes → tm-proposer-idris

cwgoes / tm-proposer-idris

Licence: GPL-3.0 license
Formalization of Tendermint proposer election properties

Programming Languages

Idris
72 projects
Makefile
30231 projects

Labels

blockchaintendermintformal-verificationdlt

Projects that are alternatives of or similar to tm-proposer-idris

Chainkit
ChainKit is a toolkit for blockchain development. It includes primitives for creating, building and running decentralized applications.
Stars: ✭ 121 (+706.67%)
Mutual labels:  tendermint
Ethermint
Ethermint is a scalable and interoperable Ethereum, built on Proof-of-Stake with fast-finality using the Cosmos SDK.
Stars: ✭ 207 (+1280%)
Mutual labels:  tendermint
disgo
Go Dispatch client
Stars: ✭ 30 (+100%)
Mutual labels:  dlt
Secretnetwork
𝕊 The Secret Network
Stars: ✭ 138 (+820%)
Mutual labels:  tendermint
Movemint
Stars: ✭ 203 (+1253.33%)
Mutual labels:  tendermint
Akash
a secure, transparent, and peer-to-peer cloud computing network
Stars: ✭ 229 (+1426.67%)
Mutual labels:  tendermint
Chain Main
Crypto.org Chain⛓: Croeseid Testnet and beyond development
Stars: ✭ 109 (+626.67%)
Mutual labels:  tendermint
agda-fragment
Algebraic proof discovery in Agda
Stars: ✭ 28 (+86.67%)
Mutual labels:  formal-verification
Starport
The easiest way to build a blockchain.
Stars: ✭ 204 (+1260%)
Mutual labels:  tendermint
terra-rust
Rust <-> Terrad API via LCD service
Stars: ✭ 31 (+106.67%)
Mutual labels:  tendermint
Thaler
Thaler Experimental Network; For Crypto.org Chain: github.com/crypto-org-chain/chain-main
Stars: ✭ 142 (+846.67%)
Mutual labels:  tendermint
Cosmos Sdk
⛓️ A Framework for Building High Value Public Blockchains ✨
Stars: ✭ 3,144 (+20860%)
Mutual labels:  tendermint
kcoin
A stable cryptocurrency that algorithmically targets $1 USD using the Kowala Protocol
Stars: ✭ 17 (+13.33%)
Mutual labels:  tendermint
Tendermint code analysis
通用区块链平台tendermint源码分析
Stars: ✭ 134 (+793.33%)
Mutual labels:  tendermint
daml-on-fabric
Enabling DAML applications to run on Hyperledger Fabric
Stars: ✭ 23 (+53.33%)
Mutual labels:  dlt
Rust Abci
A rust implementation of the ABCI protocol for tendermint core
Stars: ✭ 115 (+666.67%)
Mutual labels:  tendermint
Sentinel
Sentinel is an interoperable secure network layer offering the Sentinel Service Chain exclusively for distributed & decentralized native services like - dVPN, Sentrix (dChat and dVoIP) and more.
Stars: ✭ 228 (+1420%)
Mutual labels:  tendermint
klever
Read-only mirror of the Klever Git repository
Stars: ✭ 18 (+20%)
Mutual labels:  formal-verification
go-cita
A Go implementation of CITA. https://docs.nervos.org/cita
Stars: ✭ 25 (+66.67%)
Mutual labels:  tendermint
SecretNetwork
𝕊 The Secret Network
Stars: ✭ 466 (+3006.67%)
Mutual labels:  tendermint
View All Similar Projects ➔

Summary

Formal verification of fairness of the Tendermint proposer election algorithm in the proof assistant Idris.

In particular, the Idris source in this repository proves that maximally strict bounds on stake-proportionality of proposer election hold over an epoch of any length with no power changes by inhabiting the following type:

fairlyProportional :
  (idA : ProposerId) -> (idB : ProposerId) ->
  (wA : ProposerWeight) -> (wB : ProposerWeight) ->
  (pA : ProposerPriority) -> (pB: ProposerPriority) ->
  (n : Nat) ->
  (wA >= 0 = True) -> (wB >= 0 = True) ->
  (abs(pA - pB) <= (wA + wB) = True) ->
  ((count idA (snd (incrementElectMany n ((idA, wA, pA), (idB, wB, pB)))))
      >= ((n * (wA / (wA + wB))) - 1) = True,
   (count idA (snd (incrementElectMany n ((idA, wA, pA), (idB, wB, pB)))))
      <= ((n * (wA / (wA + wB))) + 1) = True)

where incrementElectMany repeats the proposer-election function and returns the list of elected proposers.

In English, this proof could be read as "a validator, in a sequence of proposer elections where no other power changes take place, proposes no fewer blocks than the total blocks in the epoch multiplied by its fraction of stake less one, and proposes no more blocks than the total blocks in the epoch multiplied by its fraction of stake plus one".

As epochs can be as short as one block (for which one proposer must be chosen), this is the strictest possible fairness criterion.

The requisite initial bound on the difference in proposer priority is the reason for this pull request.

Caveats

  • You must trust that the type theory used by Idris (paper) is sound.
  • At present, this proof only covers the two-validator case - a reduction from the n-validator case is planned.
  • This fairness criterion only holds over epochs with no validator power (weight) changes.
  • The Idris standard library does not implement proofs of standard field laws for arithmetic operations over integers, so these are assumed to hold. In practice standard library proofs wouldn't be helpful anyways since the actual implementation is in Golang, not Idris.
  • This constitutes a proof of algorithmic correctness, which is not the same thing as implementational correctness - the Golang code could have incorrect optimizations, integer overflow/underflow, etc.

Usage

To check that the verified properties hold, run:

make check

To open up a REPL and play around with proof components, run:

make

Or to read the logic yourself, open Main.idr.

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].