Proving Expected Consensus secure

[jsoares]

The security of Expected Consensus is based on simulations. The simulations excluded a type of attack which we call epoch-boundary attacks (which would be the equivalent of the balance attack described in the context of greedy protocols) as they were deemed outside of our threat model. The goal is to formally prove EC secure against a Byzantine adversary under well-defined security assumptions.

Two directions are possible:

1. Find the conditions under which the protocol can formally be proven secure. The capabilities of the adversary will need to be limited (e.g. 33% of the power, limited ability to delay its blocks to some of the players).
2. Upgrade the consensus protocol to one that can be proven under usual assumptions (e.g. remove tipsets).

Improved security with Single Secret Leader Election in longest chain protocols

High level problem

Single Secret Leader Elections (SSLE) where exactly one leader is elected (as opposed to one on expectation) have recently been proposed.

How much would they improve the results on the security of longest-chain protocols?

A direction is to adapt the proof model of Nakamoto-PoS or Ouroboros Praos to the case of exactly one leader per round.

Why is it important to Filecoin?

If the results are noticeable, Filecoin could decide to use SSLE.