-
Notifications
You must be signed in to change notification settings - Fork 59
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Define ICS1.5 #66
Comments
ICS v3 and mesh security are really different things. mesh security is more amenable to IBC 2B using the taxonomy proposed by jae (see constitution.md) I did write something myself about mesh security back when it was announced. Maybe worth a read decentralists/DAO#11 although it does not necessarily reflect how mesh security will actually be implemented, there are many knobs that can be tweaked I think actually the key to ICS1.5 is
from the readme Indeed, it would be very interesting if we could rely on the fact that valsets are shared for ICS (and hence implicit) and maybe implement an "implicit" IBC that is much faster than the canonical IBC. For "consumer" and "core" shards, I think there is no modification to ICS required. It's a matter of how the consumer chain is designed. If it's entirely with no token e.g. and diverts all fees to the hub, then it is already a "core shard". |
What exactly does "implicit" mean? I understand it as being defined from the beginning and never moving. But it can't work that way, because you share not only the validator set, but also its voting power, which changes a lot over time. |
the hub and the consumer chains share the same validators, and changes to the hub valset (as well as VP distribution) are reflected on the consumer chains. This is what it means "implicit". Node operators of the producer chain are also node operators of the consumer(s).
implicit means indirectly known, not immutable. |
OK, so it's similar to Replicated Security, I actually thought it was something else. |
It's literally Replicated Security (v1.5 is an improvement over 1 and even using Jae's proposed ICS taxonomy there's a v2 (A and B)). Aside from simplifying current ICSv1 removing the VCSMaturedPackets, this second aspect is where really a v "1.5" could differentiate. A less delayed communication between blockchains within replicated security might enable some interesting scenarios and possibly even compete as a solution - I'm stretching it, but it is good to shoot high - with the megablock idea (aka "atomic" IBC) |
Given recent discussions on this topic, some key aspects of ICS1.5 have raised. (Disclaimer: The following items provided are not necessarily exact and/or may change in the future, they are written to our best understanding. Some of them might also require more thorough discussion).
Co-authored-by: @giunatale |
Context
Given this blog post, we can define the following versions of the main interchain security (ICS) protocols :
So ICS1.5 is an evolution of the Replicated Security (RS) protocol, let's define how Replicated Security actually works (for the other protocols I invite you to check the article).
Replicated Security requires a provider chain and one to many consumer chain(s).
The validator set of the provider chain is replicated (hence the name) to each consumer chain. This means that for each new consumer chain (a consumer chain can only be added by a governance proposal in the provider chain), each validator of the provider chain must run a new node for that consumer chain.
Once live, the provider and consumer chains exchange messages using IBC. For example, each time there's a change in the validator set of the provider chain, the consumer chain receives a Validator Set Change (VSC) IBC message to reflect this change in voting power. These IBC communications are handled by new modules, the provider chain must import the
x/ccv/provider
module, while the consumer chains must import the/x/ccv/consumer
module. Note that the consumer module must replace the staking module, since the consumer chain doesn't have its own validator set, and has no staking mechanism. Both modules are hosted in the interchain-security repo.There's another type of message exchanged in this protocol, the
VSCMaturedPackets
. This one, sent by the consumer chain, ensures that unbonding operations are synchronized between the provider and consumer chains. In other words, it ensures that an unbonding operation registered in the provider doesn't end earlier than in the consumer chain (due to IBC asynchronicity). This is a safety measure to prevent misbehavior of a validator on the consumer chain. If a validator has unbounded on the provider chain, but due to IBC asynchronicity, has kept his voting power on the consumer chain, he can potentially misbehave on that consumer chain without being slashed.These
VCSMaturedPackets
imply a lot of code, and based on @jaekwon idea, we think it could be simplified. We (the decentralists) proposed an ADR where we remove theVCSMaturedPacket
but it wasn't accepted at this time.Define ICS1.5
Removal of
VCSMaturedPackets
I believe ICS1.5 is ICS v1 without
VCSMaturedPackets
, but at this point we have no guarantees that this is actually doable.Recent report done at Informal to see if it's possible to remove these packets found that the above ADR does not guarantee the security model.
Here's an excerpt from the report describing the problem:
Core and Consumer shards
Another feature of ICS1.5, mentioned in the README is the creation of 2 types of consumer chains, the "core shards" and the "consumer shards".
While "consumer shards" is something similar to the consumer chain in RS, "core shards" states about a stronger link between the provider and the consumer chain, especially the fact that the governance of these chains is only handled by the provider chain, hence AtomOne.
There's probably more differences between core and consumer shards, if anyone has more information, please comment this issue.
Other features ?
There may be other features we want in ICS1.5, let's use this issue to list them and evaluate their code complexity and security impact.
The text was updated successfully, but these errors were encountered: