A blockchain is a tamper-evident type of data storage, which for the first time makes it possible to transfer assets between two transaction partners without any intermediaries. Here, data is aggregated at regular intervals (block time) in a virtual container (block) and cryptographically linked to the preceding block. The blockchain is thus to be understood as a kind of global ledger, which can be used to trace who added, changed or deleted which data and when. If something is changed in any block, the cryptographic linking of the blocks with each other in all subsequent blocks makes it possible to verify that the data has been tampered with.
We at MWAY are heavily involved with proof-of-stake based blockchains, as they offer a good compromise between the degree of decentralization and performance.
One of these projects is the Cosmos Network. As it is common in proof-of-stake based blockchains, in Cosmos, the validator status is determined by the stake, i.e. how large the individual value share is in the network. The larger this stake, the better the validator is rewarded for its work in generating blocks. At the same time, the stake is an incentive for honest behavior, since parts of this stake are destroyed (slashed) in case of misbehavior. Currently, the validator set consists of 125 validators, among which we are also represented as blockscape.
Furthermore, it is also possible for network participants who do not run validators to delegate their stakes to any number of validators they trust from the validator set, in order to be paid proportionally for providing their stakes. However, if the validator misbehaves, the delegators share the risk of being slashed.
Running a validator comes with its own set of challenges that needs to be overcome to ensure safe and smooth operation, laying the foundation for mutual trust in the community with other validators and delegators.
In order to reach consensus in the Cosmos Network, a couple of basic rules need to be followed:
A 2/3 majority of the total stakes in the validator set (voting power) must be available/online. If a validator becomes unavailable for a longer period of time, the network is stripped of its voting power that it needs to reach consensus. This means that if more than 1/3 of the voting power becomes unavailable simultaneously, no consensus can be reached.
No conflicting information may be distributed by validators in order to maintain a common truth, which is also known as double signing. If a validator signs more than one block proposal/vote for the current block height, it forks the blockchain through two conflicting pieces of information - also known as double signing.
If one of these rules is violated, the stake of the validator is partially slashed. In case of repeated, serious violations, the validator will be permanently banned (tombstoned).
Apart from the managing one’s own stake, it is also important to be an attractive option for delegators. In order to consolidate one’s place in the validator set, it is in the interest of every validator to set up a robust and secure infrastructure. A good start is to take a look at the slashing conditions and go from there.
First, let’s take a look at system availability. Given that a single validator represents a single point of failure, additional redundant validators must be added to create a highly available one. Each single validator instance must represent the same validator entity, which in turn means that they all have to sign blocks with the same key pair. Since we run all validator instances in parallel in an active/active cluster mainly for reasons of complexity and data protection, our current setup runs the risk of double signing.
In order to ensure double signing protection, there must be a way for the validators in the active/active cluster to determine who signs which messages for which block height and broadcast them into the network.
In the first iteration, we solved the problem by using a permission log on a small external Raft cluster. This permission log logs which messages have already been signed by one of the active/active validators. This results in a competition between the validators as to who is the first one to make the log entry in order to claim permission to sign a particular message and broadcast it. If a validator tries to secure signing rights to a message that has already been signed, the signing process is aborted and skipped. Curious to know how it works in more detail? Check out our Guide to High Availability for Cosmos Validators.
The second iteration merges the active/active cluster with the Raft cluster using our custom Raftify solution. This creates a validator cluster that uses Raft’s leader election algorithm to grant signing rights to one of the validators until it becomes unavailable and a new one is selected to take its place. One of the advantages of the Raftify approach was that we had to run fewer instances compared to our first iteration. For a more in-depth look at how Raftify goes about all these challenges, you can check out our Raftify Medium article.
Our third and most recent iteration completely eliminates the Raft layer by using the blockchain itself as a perfectly synchronous communication medium between the validators. This not only reduces the number of instances needed, but also eliminates the communication overhead associated with Raft. The way it works is that a validator signs all blocks as long as it does not miss a certain number of consecutive blocks. A second backup validator monitors the signatures contained in the blocks and steps in as a signer as soon as it notices its own signature is missing for the specified number of consecutive blocks. As soon as the previous signer becomes available again and synchronizes its blockchain, it will notice that it has been replaced and step down as signer. You can find a conceptual overview on the design on Medium.
Over the past years, we have been able to follow and actively participate in many blockchain-based projects. This has ultimately enabled us to acquire valuable expertise and gain a lot of experience on which we can build to stay true to our guiding principle of providing the best possible solutions for our customers. Not least because of its young age, the blockchain is a frequently misunderstood technology, which is also often put in a bad light in the media. With great passion, we are at the forefront of technological advancements and exploration of new applications in the blockchain universe, and are committed to doing our part to make blockchain technology more accessible to those interested and bring light into the darkness.