While this is theoretically possible, we at t3rn find it hard to achieve in practice due to:
- The need for a participation rate of over 75% for a realistic chance of success.
- The implausibility of all participating members coordinating in secret.
We think this level of coordination is nearly impossible to maintain without detection.
@petscheit The > 75% coordination you find statistically impossible becomes plausible when each participant gets their software auto-updated. The fallacy is:
People don’t update their software in accordance with a binomial distribution.
Because auto-updating software is the norm across every device and software mechanism (even geth/erigon/prysm/…), it should take very little imagination to see how a plugin+auto update mechanism could be very rapidly be socialized / installed and used to conduct ALC-based bridge attacks, without even their owners knowing. It only requires a software update mechanism that is vetted by a minority of people who then cause the majority of nodes to get the update.
So what you need to address is how the mass-software update scenario is impossible. Can you give it a shot?
I don’t think we want an outcome where two groups of people differ on whether they think the above situation plausible vs implausible. We want an outcome where its impossible for software to be auto-updated, or for there to be such severe consequences that this auto-update scenario would result in a mass-slashing event [which is Prestwich’s point].
@Vincent @petscheit Could you
- evaluate zkCasper: A SNARK based protocol for verifying Casper FFG Consensus as being usable in your systems
- if usable, estimate the level of effort involved
- what it means from a bridge user’s experience relative to your current design
We are seeking alternatives, because the idea that we wait until coordination is detected appears reckless: A lot can happen in the hours that something is detected, and in the Polkadot ecosystem, it will take weeks to sort out the consequences, and you may or may not have some some backer to rescue your bridge. Saying “oops, we lacked the imagination to anticipate this, and did the best we could” is sort of reckless ?