diff --git a/content/vm/_index.md b/content/vm/_index.md index eb832ecab..c2add8c1e 100644 --- a/content/vm/_index.md +++ b/content/vm/_index.md @@ -139,9 +139,14 @@ There are two source of randomness in Filecoin: Random Beacon, Tickets. #### Sources ##### Beacon Randomness -The *Beacon Randomness* is generated by an external *Random Beacon* called drand and emits randomness at each Filecoin epoch, and miners use this randomness in order to mine blocks and must include it in their mined blocks. -The *Beacon Randomness* is used to seed randomness generation for values that need to be unbiasable or unpredictable (e.g. to generate challenges for Proof-of-SpaceTime). +The *Beacon Randomness* is generated by an external *Random Beacon* called drand +and emits randomness at each Filecoin epoch, and miners use this randomness in +order to mine blocks and must include it in their mined blocks. + +The *Beacon Randomness* is used to seed randomness generation for values that +need to be unbiasable or unpredictable (e.g. to generate challenges for +Proof-of-SpaceTime). Properties: @@ -149,17 +154,55 @@ Properties: - Randomness cannot be biased. - Randomness of an epoch is the same across forks. -###### Randomn Beacon Outages +###### Mapping between filecoin epoch and drand epoch -A Random Beacon outage is a period in which the Random Beacon is not available to nodes in the network; it could be caused by software bugs, network partitions and other attacks. +The beacon outputs randomness periodically at predetermined timestamps, as +Filecoin. Hence there is a mapping between Filecoin timestamps/rounds and the +beacon timestamps/rounds. To be able to create a block, a miner takes the +beacon randomness that corresponds to the timestamp _before_ the timestamp of +block since the miner must broadcast the block at the timestamp indicated in its +header. -During an outage Filecoin cannot generate new blocks, since the Random Beacon provides the randomness that for generating election proofs. After an outage, the Random Beacon used by Filecoin will go in a catch-up mode. +That means in practice, a miner mine as soon as they have the drand value even +before the previous round finished, but blocks with timestamp in the future are +rejected so the malicious miner can not broadcast this block. -During catchu-up, the Random Beacon will restart to emit the randomness from the last emitted round and it will emit it the randomness at a faster pace until it has finally caught up; Filecoin miners will be generating blocks as soon as new randomness is released. +###### Randomn Beacon Outages -The catch-up round time is chosen such that blocks can be propagated to a large portion of the network and proofs can be generated and successfully submitted to the blockchain. +A Random Beacon outage is a period in which the Random Beacon is not available +to nodes in the network; it could be caused by software bugs, network partitions +and other attacks. + +During an outage Filecoin cannot generate new blocks, since the Random Beacon +provides the randomness that for generating election proofs. After an outage, +the Random Beacon used by Filecoin will go in a catch-up mode. + +During catchu-up, the Random Beacon will restart to emit the randomness from the +last emitted round and it will emit it the randomness at a faster pace until it +has finally caught up; Filecoin miners will be generating blocks as soon as new +randomness is released. + +The catch-up round time is chosen such that blocks can be propagated to a large +portion of the network and proofs can be generated and successfully submitted to +the blockchain. + +The default behavior for miners during catch-up time is to create blocks with a +timestamp in the past and the corresponding drand value. However the rate is +faster than usual. During catchup, as soon as a drand value is outputted by the +network (every 15s instead of 30s under normal conditions), miners try to mine +and include the drand value in their block if they are eligible. Note a miner +can decide to skip a block and inject two drand values in one block for example, +however, that is a fork and it is highly likely that its chain has a lower +weight than the main chain. + +During catchup, a malicious miner can mine one block in advance with respect to +the honest miners. Since the timestamp is already in the past, he could +broadcast it already. Therefore, the attacker can have a 1 block advantage but +given the rate of the catchup allows for transactions and block propagation to +happen, the attacker risks to have a lower chain as well. ##### Ticket Randomness + The *Ticket Randomness* is generated by miners when winning blocks by computing a VRF on the previous ticket and the current drand randomness. The ticket of a tipset is the smallest ticket across blocks in that tipset. The *Ticket Randomness* is used to tie values to a specific fork (e.g. to tie sealed sector to a chain). @@ -189,8 +232,7 @@ Filecoin uses the randomness sources to generate randomness that is used across ##### ElectionProofProduction Input to the VRF computation that generates an election proof. -Seeded with Beacon randomness at the election epoch. - +Seeded with Beacon randomness at the election epoch minus one. ##### InteractiveSealChallengeSeed Seed for challenge generation for proving and verifying `miner.ProveCommitSector` messages.