What Avalanche is Not, Episode 3

Last episode, we discussed rewards. On today's episode, the other half of the Nakamoto Incentive: penalties. We will show how Avalanche does not provide the accountable safety property that modern PoS protocols have.

The Nakamoto Incentive is both an incentive (rewards + fees) and a disincentive (penalties for both individuals and majorities). Both are necessary for permissionless consensus protocols to function without having to heavily rely on altruism.

Note that it is absolutely critical that incentives be in place. It is *not* sufficient to prove that a permissionless consensus protocol is live and safe under an honest majority. It must also be shown that the protocol incentivizes an honest majority.

The disincentive is made up of two components:
1. A penalty for a minority individual that misbehaves.
2. A penalty for a (colluding) majority that misbehaves.

We'll only cover the second in this episode. The first is left as an exercise for the reader.

In a permissionless consensus system, a majority of colluding Sybil resistance mechanism (stake, hashrate, etc.) can always re-org the ledger, i.e. un-finalize finalize blocks. This is why there must be a penalty in place if this ever happens; a disincentive.

In Nakamoto Consensus, the penalty can actually take on several forms:
1. decrease in coin price
2. decrease in hashing hardware value due to changing the hash function
3. decrease in hashing hardware value (this is actually either 1 or 2)

Note that regardless of which penalty is applied, *everyone* is penalized, not only the attacker. In other words, scorched-earth.

Soft-forking off the attacker's chain doesn't really work long-term because they can simply attack again and again until they get their way.

Modern PoS-based protocols actually have an amazing feature: *accountable safety*. If a majority re-org is done and a finalized block is unfinalized, at least 1/3 of stake is identifiable as the attacker and can then be burned with off-chain coordination.

arxiv.org/abs/1710.09437

Accountable safety is what allows modern PoS-based protocols to have a substantially smaller security budget than PoW-based protocols while providing the same security (i.e. cost to manipulate history) guarantees.

How does Avalanche Consensus (AC) fit into all this? In AC, the opinion of a node is formed by asking some random subsample of other nodes for their opinion, over several rounds. However, the opinion of a node can flip!

Over several rounds, a node can begin by voting for V, then later vote for the conflicting V'. In other words, equivocating is a feature of AC, not an issue! Which then begs the question: can we have accountable safety with AC?

Consider the following scenario: 90% of stake is malicious and vote for V. After the remaining honest 10% lock in with V, the 90% vote for V'. In this scenario, we know a re-org happened, but do we know which stake specifically caused the attack? The answer is no!

No single party has access to timestamped votes from all stakers, so the complete set of equivocating stake can't be proven non-interactively. Even if it were possible, equivocation is a feature, not a bug, in AC, so such a proof wouldn't do us much good.

Therefore, Avalanche does not have accountable safety, and can only use the scorched-earth policy of nuking coin price permanently for everyone. This is a policy that modern PoS protocols have evolved beyond, as it is brittle and unreliable.

And that's a wrap for today's episode, on penalties for a majority, and how Avalanche Consensus does not provide accountable safety. If you're feeling up for it, use the ideas discussed here to do the analysis for minority penalties and Nothing-at-Stake!