From 28cda4e177667129626cdd756a603f48b18a578c Mon Sep 17 00:00:00 2001 From: Liam Monninger Date: Fri, 4 Apr 2025 18:02:04 +0800 Subject: [PATCH 1/8] feat: ximen standards. --- MD/md-117/README.md | 38 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 38 insertions(+) create mode 100644 MD/md-117/README.md diff --git a/MD/md-117/README.md b/MD/md-117/README.md new file mode 100644 index 00000000..36a80a7c --- /dev/null +++ b/MD/md-117/README.md @@ -0,0 +1,38 @@ +# MD-117: Ximen (Postconfirmations) Standards + +- **Description**: Provides a set of liveness and correctness requirements for Postconfirmations protocols. +- **Authors**: [Liam Monninger](mailto:liam@movementlabs.xyz) +- **Approval**: :red-cross: +- **Etymology**: These standards were originally drafted as a planned but later alternative to the [Dongmen Standards](https://github.com/movementlabsxyz/MIP/pull/116) and so bear the name of a "younger" Taipei neighborhood, Ximen. + +## Overview + +The [Dongmen Standards](https://github.com/movementlabsxyz/MIP/pull/116) (MD-116) acknowledge the inability of fully-synchronous protocols to satisfy traditional BFT assumptions. These standards accept MD-116.D2,3 but reject [MD-116.D1](https://github.com/movementlabsxyz/MIP/tree/l-monninger/dongmen-standards/MD/md-n#d1-fully-synchronous) (full synchronicity) instead proposing [MD-117.D1](#d1-partially-synchronous) (partial synchronicity) in its place. + +As a result, [MD-116.D4](https://github.com/movementlabsxyz/MIP/tree/l-monninger/dongmen-standards/MD/md-n#d4-minority-aware) (minority awareness) is no longer relevant. However, a request for a clear consideration of attacks on the indefinite nature of the agreement synchronicity is requested. + +## Definitions + +- **Partially-synchronous**: A model of distributed systems in which the network may behave asynchronously for an unbounded (but finite) period of time, after which it stabilizes and messages are guaranteed to arrive within some fixed delay. This transition point, known as the *Global Stabilization Time (GST)*, is not known to the protocol. Unlike in fully-synchronous models, liveness is not guaranteed at any fixed moment, but is guaranteed eventually. + +- **Commitment Hostage Attack**: An adversarial strategy in which a network or participant delays confirmation of a block (or decision) indefinitely by exploiting asynchrony, forcing the protocol into a state of limbo. These attacks often require post-facto reasoning or off-path resolution to identify and mitigate. + +- **Synchronicity Attack**: A broader class of strategies in which an adversary manipulates message timing or node behavior to degrade the liveness or fairness of a consensus protocol, often without violating safety directly. + + + +## Desiderata + +### D1: Partially-synchronous + +**User journey**: Consumers of Ximen Postconfirmations consensus can rely on agreement to be achieved by a know Global Stabilization Time w.r.t. to the confirming ledger. + +**Justification**: A partially-synchronous protocol is a consensus protocol under FLP. While it does not render predictable points in time at which consensus will be known, it does prevent permanent asynchrony and unliveness. + +### D2: Describe attacks on indefinite synchronicity + +**User journey**: Consumers of Ximen Postconfirmations consensus can interpret a well-considered discussion of attacks on the indefinite nature of synchronicity. For a given Ximen Postconfirmation protocol, best efforts should be made to mitigate these attacks. + +**Justification**: The Ximen Standards seek to ensure common synchronicity attacks, such as [Commitment Hostage Attacks](https://github.com/movementlabsxyz/MIP/tree/main/MD/md-3), are well-considered for an adhering protocol. Owing to the complexity and often [off-path](https://economics.stackexchange.com/questions/57998/on-and-off-equilibrium-path-game-theory) nature of these attacks, the Ximen Standards recognize that full and rigorous criteria for protections against these attacks are not practical. + +## Changelog \ No newline at end of file From 036f69afdaa5590d4fbdef6e0faefa316150b483 Mon Sep 17 00:00:00 2001 From: apenzk Date: Sat, 5 Apr 2025 15:45:17 +0200 Subject: [PATCH 2/8] add example --- MD/md-117/README.md | 20 +++++++++++++++++++- 1 file changed, 19 insertions(+), 1 deletion(-) diff --git a/MD/md-117/README.md b/MD/md-117/README.md index 36a80a7c..0e232b3b 100644 --- a/MD/md-117/README.md +++ b/MD/md-117/README.md @@ -35,4 +35,22 @@ As a result, [MD-116.D4](https://github.com/movementlabsxyz/MIP/tree/l-monninger **Justification**: The Ximen Standards seek to ensure common synchronicity attacks, such as [Commitment Hostage Attacks](https://github.com/movementlabsxyz/MIP/tree/main/MD/md-3), are well-considered for an adhering protocol. Owing to the complexity and often [off-path](https://economics.stackexchange.com/questions/57998/on-and-off-equilibrium-path-game-theory) nature of these attacks, the Ximen Standards recognize that full and rigorous criteria for protections against these attacks are not practical. -## Changelog \ No newline at end of file +## Appendix + +### A1: Example + +We build on the example of [MD-116.A6.3](https://github.com/movementlabsxyz/MIP/tree/l-monninger/dongmen-standards/MD/md-n#a63-revotes-single-counting-with-propagation) to build a simple example of a protocol that satisfies the desiderata above. + +We assume the protocol progresses through epochs, which we argue in this this example is the equivalent to a view change. If the epoch changes, new voters must vote on the oldest not decided height. Voters that have been voters in the previous epoch may not have to vote again. + +We change step 2 of the algorithm to be: + +1. For each undecided height $h^+ < h$ + 1. If $\sigma_{h^+}(s_h^+) > \frac{2}{3}N$ AND $t \leq t_h^+ + \Delta$, accept the tuple $(s_h^+, h^+)$. Continue processing slot $h^++1$. + 3. Else Return + +**What can go wrong?** + +- Liveness may get stuck for epoch lengths. The L1 synchronizes the committee at epoch boundaries, and if enough committee members are honest and live eventually the protocol will be live again. + +## Changelog From d5a1aa5bbf0e610a9f99b56d5bc0310a99e394d4 Mon Sep 17 00:00:00 2001 From: apenzk Date: Wed, 9 Apr 2025 17:35:49 +0200 Subject: [PATCH 3/8] mermaid --- MD/md-117/README.md | 64 ++++++++++++++++++++++++++++++++++++++------- 1 file changed, 54 insertions(+), 10 deletions(-) diff --git a/MD/md-117/README.md b/MD/md-117/README.md index 0e232b3b..ed6ff1af 100644 --- a/MD/md-117/README.md +++ b/MD/md-117/README.md @@ -7,31 +7,34 @@ ## Overview -The [Dongmen Standards](https://github.com/movementlabsxyz/MIP/pull/116) (MD-116) acknowledge the inability of fully-synchronous protocols to satisfy traditional BFT assumptions. These standards accept MD-116.D2,3 but reject [MD-116.D1](https://github.com/movementlabsxyz/MIP/tree/l-monninger/dongmen-standards/MD/md-n#d1-fully-synchronous) (full synchronicity) instead proposing [MD-117.D1](#d1-partially-synchronous) (partial synchronicity) in its place. +The [Dongmen Standards](https://github.com/movementlabsxyz/MIP/pull/116) (MD-116) acknowledge the inability of quasi-synchronous protocols to satisfy traditional BFT assumptions. These standards accept MD-116.D2,3 but reject [MD-116.D1](https://github.com/movementlabsxyz/MIP/tree/l-monninger/dongmen-standards/MD/md-n#d1-fully-synchronous) (quasi-synchronicity) instead proposing [MD-117.D1](#d1-partially-synchronous) (quasi-partial-synchronicity) in its place. As a result, [MD-116.D4](https://github.com/movementlabsxyz/MIP/tree/l-monninger/dongmen-standards/MD/md-n#d4-minority-aware) (minority awareness) is no longer relevant. However, a request for a clear consideration of attacks on the indefinite nature of the agreement synchronicity is requested. ## Definitions -- **Partially-synchronous**: A model of distributed systems in which the network may behave asynchronously for an unbounded (but finite) period of time, after which it stabilizes and messages are guaranteed to arrive within some fixed delay. This transition point, known as the *Global Stabilization Time (GST)*, is not known to the protocol. Unlike in fully-synchronous models, liveness is not guaranteed at any fixed moment, but is guaranteed eventually. - - **Commitment Hostage Attack**: An adversarial strategy in which a network or participant delays confirmation of a block (or decision) indefinitely by exploiting asynchrony, forcing the protocol into a state of limbo. These attacks often require post-facto reasoning or off-path resolution to identify and mitigate. -- **Synchronicity Attack**: A broader class of strategies in which an adversary manipulates message timing or node behavior to degrade the liveness or fairness of a consensus protocol, often without violating safety directly. +- **Quasi-synchronicity Attack**: A broader class of strategies in which an adversary manipulates message timing or node behavior to degrade the liveness or fairness of a consensus protocol, often without violating safety directly. ## Desiderata -### D1: Partially-synchronous +### D1: Safety-favoring and quasi-partially-synchronous + +**User journey**: Consumers of Ximen Postconfirmations consensus can rely on agreement to be achieved at some finite point in time w.r.t. to the confirming ledger. -**User journey**: Consumers of Ximen Postconfirmations consensus can rely on agreement to be achieved by a know Global Stabilization Time w.r.t. to the confirming ledger. +**Justification**: +A quasi-partially synchronous protocol, as defined in [MD-116](https://github.com/movementlabsxyz/MIP/tree/l-monninger/dongmen-standards/MD/md-n), provides a way of changing the view on who decides the progress of the protocol. It is safety-favoring. -**Justification**: A partially-synchronous protocol is a consensus protocol under FLP. While it does not render predictable points in time at which consensus will be known, it does prevent permanent asynchrony and unliveness. +The requirement of **quasi-partial-synchronicity** means that for a given height, if a supermajority decision is not made by some time $\Delta$, a new committee will be elected for the protocol to make progress. However, it is not known when this progress will happen. -### D2: Describe attacks on indefinite synchronicity +In essence this means that the protocol is **safety-favoring**, see Appendix [A1.2]() of [MD-116](https://github.com/movementlabsxyz/MIP/tree/l-monninger/dongmen-standards/MD/md-n), rather than **liveness-favoring**. This is because it does not render predictable points in time at which consensus will be known. However, by changing the committee, it increases the probability of progress. -**User journey**: Consumers of Ximen Postconfirmations consensus can interpret a well-considered discussion of attacks on the indefinite nature of synchronicity. For a given Ximen Postconfirmation protocol, best efforts should be made to mitigate these attacks. +### D2: Describe attacks on indefinite quasi-asynchronicity + +**User journey**: Consumers of Ximen Postconfirmations consensus can interpret a well-considered discussion of attacks on the indefinite nature of quasi-asynchronicity. For a given Ximen Postconfirmation protocol, best efforts should be made to mitigate these attacks. **Justification**: The Ximen Standards seek to ensure common synchronicity attacks, such as [Commitment Hostage Attacks](https://github.com/movementlabsxyz/MIP/tree/main/MD/md-3), are well-considered for an adhering protocol. Owing to the complexity and often [off-path](https://economics.stackexchange.com/questions/57998/on-and-off-equilibrium-path-game-theory) nature of these attacks, the Ximen Standards recognize that full and rigorous criteria for protections against these attacks are not practical. @@ -46,11 +49,52 @@ We assume the protocol progresses through epochs, which we argue in this this ex We change step 2 of the algorithm to be: 1. For each undecided height $h^+ < h$ - 1. If $\sigma_{h^+}(s_h^+) > \frac{2}{3}N$ AND $t \leq t_h^+ + \Delta$, accept the tuple $(s_h^+, h^+)$. Continue processing slot $h^++1$. + 1. If $\sigma(s_h^+) > \frac{2}{3}N$ AND $t \leq t_h^+ + \Delta$, accept the tuple $(s_h^+, h^+)$. Continue processing slot $h^++1$. 3. Else Return **What can go wrong?** - Liveness may get stuck for epoch lengths. The L1 synchronizes the committee at epoch boundaries, and if enough committee members are honest and live eventually the protocol will be live again. + +
+ +
+ +```mermaid +graph TD + s0 -->|70%| s1 + s1 -->|50%| s2 + s1 -->|50%| s2' + s2 --> |50%| s3 + + style s1 fill:#faa,stroke:#f00,stroke-width:2px + style s2 fill:#faa,stroke:#f00,stroke-width:2px + style s2' fill:#faa,stroke:#f00,stroke-width:2px + style s3 fill:#faa,stroke:#f00,stroke-width:2px +``` + +

Fig 1 a): Time = Δ. Committee A (red) is active. s1 gathers 70% of votes and will be committed. Votes for s2 and s2' will be ignored.

+
+ +
+ +```mermaid +graph TD + s0 --> s1 + s1 -->|70%| s2 + s1 -->|30%| s2' + s2 --> |70%| s3 + +style s2 fill:#afa,stroke:#0a0,stroke-width:2px +style s2' fill:#afa,stroke:#0a0,stroke-width:2px +style s3 fill:#afa,stroke:#0a0,stroke-width:2px + +``` + +

Fig 1 b): Time = 2Δ. Committee B (green) is active. s3 and s4 will be committed.

+
+ +
+ ## Changelog From 5eb7e8109abce9691996164f5eb6e1cdea409388 Mon Sep 17 00:00:00 2001 From: apenzk Date: Wed, 9 Apr 2025 21:17:00 +0200 Subject: [PATCH 4/8] add mermaid and update content --- MD/md-117/README.md | 22 ++++++++++------------ 1 file changed, 10 insertions(+), 12 deletions(-) diff --git a/MD/md-117/README.md b/MD/md-117/README.md index ed6ff1af..a7276197 100644 --- a/MD/md-117/README.md +++ b/MD/md-117/README.md @@ -1,13 +1,13 @@ -# MD-117: Ximen (Postconfirmations) Standards +# MD-117: Ximen Standards - safety-favoring Postconfirmation protocol -- **Description**: Provides a set of liveness and correctness requirements for Postconfirmations protocols. +- **Description**: Provides a set of requirements for a safety-favoring Postconfirmation protocol. - **Authors**: [Liam Monninger](mailto:liam@movementlabs.xyz) -- **Approval**: :red-cross: -- **Etymology**: These standards were originally drafted as a planned but later alternative to the [Dongmen Standards](https://github.com/movementlabsxyz/MIP/pull/116) and so bear the name of a "younger" Taipei neighborhood, Ximen. +- **Approval**: +- **Etymology**: These standards were originally drafted as a planned but later alternative to the [Dongmen Standards](https://github.com/movementlabsxyz/MIP/pull/116) and so bear the name of a "younger" Taipei neighborhood, Ximen. ## Overview -The [Dongmen Standards](https://github.com/movementlabsxyz/MIP/pull/116) (MD-116) acknowledge the inability of quasi-synchronous protocols to satisfy traditional BFT assumptions. These standards accept MD-116.D2,3 but reject [MD-116.D1](https://github.com/movementlabsxyz/MIP/tree/l-monninger/dongmen-standards/MD/md-n#d1-fully-synchronous) (quasi-synchronicity) instead proposing [MD-117.D1](#d1-partially-synchronous) (quasi-partial-synchronicity) in its place. +The [Dongmen Standards](https://github.com/movementlabsxyz/MIP/pull/116) (MD-116) acknowledge the inability of quasi-synchronous protocols to satisfy traditional BFT assumptions. These standards accept MD-116.D2,3 but reject [MD-116.D1](https://github.com/movementlabsxyz/MIP/tree/l-monninger/dongmen-standards/MD/md-n#d1-fully-synchronous) (quasi-synchronicity) instead proposing [MD-117.D1](#d1-partially-synchronous) (quasi-partial-synchronicity, defined in MD-116) in its place. As a result, [MD-116.D4](https://github.com/movementlabsxyz/MIP/tree/l-monninger/dongmen-standards/MD/md-n#d4-minority-aware) (minority awareness) is no longer relevant. However, a request for a clear consideration of attacks on the indefinite nature of the agreement synchronicity is requested. @@ -15,9 +15,7 @@ As a result, [MD-116.D4](https://github.com/movementlabsxyz/MIP/tree/l-monninger - **Commitment Hostage Attack**: An adversarial strategy in which a network or participant delays confirmation of a block (or decision) indefinitely by exploiting asynchrony, forcing the protocol into a state of limbo. These attacks often require post-facto reasoning or off-path resolution to identify and mitigate. -- **Quasi-synchronicity Attack**: A broader class of strategies in which an adversary manipulates message timing or node behavior to degrade the liveness or fairness of a consensus protocol, often without violating safety directly. - - +- **Message Timing Attack**: A broader class of strategies in which an adversary manipulates message timing or node behavior to degrade the liveness or fairness of a consensus protocol, often without violating safety directly. ## Desiderata @@ -30,7 +28,7 @@ A quasi-partially synchronous protocol, as defined in [MD-116](https://github.co The requirement of **quasi-partial-synchronicity** means that for a given height, if a supermajority decision is not made by some time $\Delta$, a new committee will be elected for the protocol to make progress. However, it is not known when this progress will happen. -In essence this means that the protocol is **safety-favoring**, see Appendix [A1.2]() of [MD-116](https://github.com/movementlabsxyz/MIP/tree/l-monninger/dongmen-standards/MD/md-n), rather than **liveness-favoring**. This is because it does not render predictable points in time at which consensus will be known. However, by changing the committee, it increases the probability of progress. +In essence this means that the protocol is **safety-favoring**, see Appendix [A1.2]() of [MD-116](https://github.com/movementlabsxyz/MIP/tree/l-monninger/dongmen-standards/MD/md-n), rather than liveness-favoring. This is because it does not render predictable points in time at which consensus will be known. However, by changing the committee, we give the protocol the chance to recover from an inactive committee. ### D2: Describe attacks on indefinite quasi-asynchronicity @@ -44,7 +42,7 @@ In essence this means that the protocol is **safety-favoring**, see Appendix [A1 We build on the example of [MD-116.A6.3](https://github.com/movementlabsxyz/MIP/tree/l-monninger/dongmen-standards/MD/md-n#a63-revotes-single-counting-with-propagation) to build a simple example of a protocol that satisfies the desiderata above. -We assume the protocol progresses through epochs, which we argue in this this example is the equivalent to a view change. If the epoch changes, new voters must vote on the oldest not decided height. Voters that have been voters in the previous epoch may not have to vote again. +We assume the protocol progresses through epochs, which we argue in this this example is similar to a view change. If the epoch changes, new voters must vote on the oldest not decided height. We change step 2 of the algorithm to be: @@ -74,7 +72,7 @@ graph TD style s3 fill:#faa,stroke:#f00,stroke-width:2px ``` -

Fig 1 a): Time = Δ. Committee A (red) is active. s1 gathers 70% of votes and will be committed. Votes for s2 and s2' will be ignored.

+

Fig 1 a): Time = Δ. Committee A (red) was active. s1 gathers 70% of votes and will be committed. Votes for s2 and s2' will be ignored.

@@ -92,7 +90,7 @@ style s3 fill:#afa,stroke:#0a0,stroke-width:2px ``` -

Fig 1 b): Time = 2Δ. Committee B (green) is active. s3 and s4 will be committed.

+

Fig 1 b): Time = 2Δ. Committee B (green) was active. s3 and s4 will be committed.

From f4db1a895049e13429618edd5cdb530a6011248b Mon Sep 17 00:00:00 2001 From: apenzk Date: Wed, 9 Apr 2025 21:46:31 +0200 Subject: [PATCH 5/8] attempt different figure --- MD/md-117/README.md | 32 +++++++++++++------------------- 1 file changed, 13 insertions(+), 19 deletions(-) diff --git a/MD/md-117/README.md b/MD/md-117/README.md index a7276197..5e3e9544 100644 --- a/MD/md-117/README.md +++ b/MD/md-117/README.md @@ -54,12 +54,10 @@ We change step 2 of the algorithm to be: - Liveness may get stuck for epoch lengths. The L1 synchronizes the committee at epoch boundaries, and if enough committee members are honest and live eventually the protocol will be live again. -
-
- -```mermaid +
+ 
 graph TD
   s0 -->|70%| s1
   s1 -->|50%| s2
@@ -70,28 +68,24 @@ graph TD
   style s2 fill:#faa,stroke:#f00,stroke-width:2px
   style s2' fill:#faa,stroke:#f00,stroke-width:2px
   style s3 fill:#faa,stroke:#f00,stroke-width:2px
-```
-
-
Fig 1 a): Time = Δ. Committee A (red) was active. s1 gathers 70% of votes and will be committed. Votes for s2 and s2' will be ignored.

-
+ +

Fig 1 a): Time = Δ. Committee A (red) was active. s1 gathers 70% of votes and will be committed. Votes for s2 and s2' will be ignored.

+
-
- -```mermaid +
+ 
 graph TD
   s0 --> s1
   s1 -->|70%| s2
   s1 -->|30%| s2'
   s2 --> |70%| s3
 
-style s2 fill:#afa,stroke:#0a0,stroke-width:2px
-style s2' fill:#afa,stroke:#0a0,stroke-width:2px
-style s3 fill:#afa,stroke:#0a0,stroke-width:2px
-
-```
-
-
Fig 1 b): Time = 2Δ. Committee B (green) was active. s3 and s4 will be committed.

-
+ style s2 fill:#afa,stroke:#0a0,stroke-width:2px + style s2' fill:#afa,stroke:#0a0,stroke-width:2px + style s3 fill:#afa,stroke:#0a0,stroke-width:2px + +

Fig 1 b): Time = 2Δ. Committee B (green) was active. s3 and s4 will be committed.

+
From a771056b24c8ed9830f2d31169c2f044d96277ba Mon Sep 17 00:00:00 2001 From: apenzk Date: Wed, 9 Apr 2025 21:55:47 +0200 Subject: [PATCH 6/8] next attempt --- MD/md-117/README.md | 64 ++++++++++++++++++++++----------------------- 1 file changed, 31 insertions(+), 33 deletions(-) diff --git a/MD/md-117/README.md b/MD/md-117/README.md index 5e3e9544..e0405db5 100644 --- a/MD/md-117/README.md +++ b/MD/md-117/README.md @@ -53,40 +53,38 @@ We change step 2 of the algorithm to be: **What can go wrong?** - Liveness may get stuck for epoch lengths. The L1 synchronizes the committee at epoch boundaries, and if enough committee members are honest and live eventually the protocol will be live again. +```mermaid +graph TD -
-
- 
-graph TD
-  s0 -->|70%| s1
-  s1 -->|50%| s2
-  s1 -->|50%| s2'
-  s2 --> |50%| s3
-
-  style s1 fill:#faa,stroke:#f00,stroke-width:2px
-  style s2 fill:#faa,stroke:#f00,stroke-width:2px
-  style s2' fill:#faa,stroke:#f00,stroke-width:2px
-  style s3 fill:#faa,stroke:#f00,stroke-width:2px
-
-

Fig 1 a): Time = Δ. Committee A (red) was active. s1 gathers 70% of votes and will be committed. Votes for s2 and s2' will be ignored.

-
- -
- 
-graph TD
-  s0 --> s1
-  s1 -->|70%| s2
-  s1 -->|30%| s2'
-  s2 --> |70%| s3
-
-  style s2 fill:#afa,stroke:#0a0,stroke-width:2px
-  style s2' fill:#afa,stroke:#0a0,stroke-width:2px
-  style s3 fill:#afa,stroke:#0a0,stroke-width:2px
-
-

Fig 1 b): Time = 2Δ. Committee B (green) was active. s3 and s4 will be committed.

-
- -
+ %% Subgraph for Fig 1 b + subgraph "Fig 1 b)" + s_0b --> s_1b + s_1b -->|70%| s_2b + s_1b -->|30%| s_2b' + s_2b -->|70%| s_3b + + style s_2b fill:#afa,stroke:#0a0,stroke-width:2px + style s_2b' fill:#afa,stroke:#0a0,stroke-width:2px + style s_3b fill:#afa,stroke:#0a0,stroke-width:2px + end + + %% Subgraph for Fig 1 a + subgraph "Fig 1 a)" + s_0a -->|70%| s_1a + s_1a -->|50%| s_2a + s_1a -->|50%| s_2a' + s_2a -->|50%| s_3a + + style s_1a fill:#faa,stroke:#f00,stroke-width:2px + style s_2a fill:#faa,stroke:#f00,stroke-width:2px + style s_2a' fill:#faa,stroke:#f00,stroke-width:2px + style s_3a fill:#faa,stroke:#f00,stroke-width:2px + end + +``` + +*Fig 1 a: Committee A (red). Time = Δ. Committee A (red) was active in time [0..Δ]. s1 gathers 70% of votes and will be committed. Votes for s2 and s2' will be ignored.* +*Fig 1 b: Committee B (green). Time = 2Δ. Committee B (green) was active in time [Δ..2Δ]. s3 will be committed.* ## Changelog From 8aac4a56ed495ceca286916fd0c0225af50c3e94 Mon Sep 17 00:00:00 2001 From: apenzk Date: Wed, 9 Apr 2025 22:07:00 +0200 Subject: [PATCH 7/8] final diagram updates --- MD/md-117/README.md | 25 ++++++++++++------------- 1 file changed, 12 insertions(+), 13 deletions(-) diff --git a/MD/md-117/README.md b/MD/md-117/README.md index e0405db5..1f2d6db7 100644 --- a/MD/md-117/README.md +++ b/MD/md-117/README.md @@ -53,16 +53,15 @@ We change step 2 of the algorithm to be: **What can go wrong?** - Liveness may get stuck for epoch lengths. The L1 synchronizes the committee at epoch boundaries, and if enough committee members are honest and live eventually the protocol will be live again. + ```mermaid graph TD - - %% Subgraph for Fig 1 b subgraph "Fig 1 b)" - s_0b --> s_1b - s_1b -->|70%| s_2b - s_1b -->|30%| s_2b' - s_2b -->|70%| s_3b + s_0b["s_0"] --> s_1b["s_1"] + s_1b -->|70%| s_2b["s_2"] + s_1b -->|30%| s_2b'["s_2'"] + s_2b -->|70%| s_3b["s_3"] style s_2b fill:#afa,stroke:#0a0,stroke-width:2px style s_2b' fill:#afa,stroke:#0a0,stroke-width:2px @@ -71,20 +70,20 @@ graph TD %% Subgraph for Fig 1 a subgraph "Fig 1 a)" - s_0a -->|70%| s_1a - s_1a -->|50%| s_2a - s_1a -->|50%| s_2a' - s_2a -->|50%| s_3a + s_0a["s_0"] -->|70%| s_1a["s_1"] + s_1a -->|50%| s_2a["s_2"] + s_1a -->|50%| s_2a'["s_2'"] + s_2a -->|50%| s_3a["s_3"] style s_1a fill:#faa,stroke:#f00,stroke-width:2px style s_2a fill:#faa,stroke:#f00,stroke-width:2px style s_2a' fill:#faa,stroke:#f00,stroke-width:2px style s_3a fill:#faa,stroke:#f00,stroke-width:2px end - ``` -*Fig 1 a: Committee A (red). Time = Δ. Committee A (red) was active in time [0..Δ]. s1 gathers 70% of votes and will be committed. Votes for s2 and s2' will be ignored.* -*Fig 1 b: Committee B (green). Time = 2Δ. Committee B (green) was active in time [Δ..2Δ]. s3 will be committed.* +*Fig 1 a: Committee A (🟥 ). Time = Δ. Committee A (red) was active in time (0..Δ]. `s_1` gathers 70% of votes and will be committed. Votes for `s_2` and `s_2'` will be ignored.* + +*Fig 1 b: Committee B (🟩 ). Time = 2Δ. Committee B (green) was active in time (Δ..2Δ]. `s_3` will be committed.* ## Changelog From 99a0c06a3b2ab3866c3fa1e9c1a0dd762d50e8d4 Mon Sep 17 00:00:00 2001 From: apenzk Date: Thu, 10 Apr 2025 10:53:00 +0200 Subject: [PATCH 8/8] apply review --- MD/md-117/README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/MD/md-117/README.md b/MD/md-117/README.md index 1f2d6db7..48211e54 100644 --- a/MD/md-117/README.md +++ b/MD/md-117/README.md @@ -1,6 +1,6 @@ -# MD-117: Ximen Standards - safety-favoring Postconfirmation protocol +# MD-117: Ximen Standards for Postconfirmation protocols -- **Description**: Provides a set of requirements for a safety-favoring Postconfirmation protocol. +- **Description**: Provides a set of liveness and correctness requirements for Postconfirmation protocols that may be more safety-favoring than the [Dongmen Standards](https://github.com/movementlabsxyz/MIP/pull/116). - **Authors**: [Liam Monninger](mailto:liam@movementlabs.xyz) - **Approval**: - **Etymology**: These standards were originally drafted as a planned but later alternative to the [Dongmen Standards](https://github.com/movementlabsxyz/MIP/pull/116) and so bear the name of a "younger" Taipei neighborhood, Ximen.