Deep Dive: Optimistic POS
The following post attempts to help the user build intuition for Optimistic Proof of stake by taking the reader through the same thought process used to design the protocol. It's not intended to be a comprehensive guide to SIN, but to help readers understand some of the design decisions made when building the protocol.
At their core, optimistic protocols operate under the assumption that most network participants will act honestly, but that if they don't, dishonesty can always be proven.
To date, this type of design has been implemented within Optimistic Layer 2 Rollups, which work by posting transactions submitted to the rollup to Ethereum L1. Once data has been posted to Ethereum, the L2 transactions can be proven trustlessly that it did occur, and any dishonest transactions submitted would be disproven.
However, this design is not only restricted to two chains - it is also possible between chains, in an interchain communication context. Anyone is always able to prove that a transaction occurred on the origin chain, and by submitting it to the destination chain, it creates a ‘base truth’ to prove honest action against.
A simple optimistic example
In this example, Alice submits a transaction to Chain A, and wants Chain B to know what the transaction is.
- 1.Alice submits a transaction on Chain A to receive $5 on Chain B.
- 2.Chain B is intrinsically unable to know what happened on Chain A.
- 3.Bob (an off-chain agent) says that he knows what happened on Chain A, and sends what he believes to be the Chain A transaction to Chain B. Alongside that, Bob posts a $5 bond.
- 4.During a set period of time, anyone is able to report that Bob did not post the correct transaction.
- 5.If no one reports that Bob is lying about the transaction, Alice now receives her $5 on Chain B, and the data has been successfully transferred from Chain A to Chain B.
- 6.However, anyone can report that Bob is lying about the transaction, since they can prove it compared to the publicly available state of Chain A. If Bob was lying, the reporter earns Bob’s bond, and no fraudulent data about Chain A is successfully posted to Chain B.
Guards & the Optimistic Period
This basic example works well on a single transaction, but is not suitable as the basis for a scalable interchain network. For one thing, messages have arbitrary value. What kind of bond would we require the off-chain agent to put up for a governance vote and how would the situation be corrected in the event that the agent was dishonest?
To deal with these complexities, we introduce two new concepts:
The first: an optimistic period, that is, a wait period between which Bob, the optimistic agent from the example above (who we call a Notary, going forward), sends the transaction data to Chain B, to be reviewed, and in what period of time it can be executed (and finalized).
The second: a Guard. The Guard is an independent agent who institutes checks and balances on the Notary. The Guard can temporarily pause the transaction on the destination chain if the data the notary is providing is incorrect. Now, in the event of a dispute, both agents can go back to chain A, and at least one of the two agents will have their bond slashed; Either the Notary for providing invalid data, or the guard for filing a false report, since there cannot be two truths.
But what happened to the transaction on chain B that has now been paused? We've proved fraud on chain A, and slashed an agent, but as of right now we have no way to trustlessly communicate whether or not the message on chain B was valid.
Optimistic Proof of Stake in the Synapse Interchain Network
Instead of the Notary relaying the state of the origin chain straight to the destination chain, first, any of the Guards in the network submit a message attesting to the state of the origin chain and the state of Synapse Chain in one message, which is posted and to Synapse Chain. This ensures at least 1 guard is always online and continuously validating the state of every chain.
Only after a guard attests to the state of both the origin chain and the Interchain network as a whole, the Notary bonded to the chain a submit its attestation to Synapse chain, updating the state of the network with a proof that both a guard and a notary have attested to the state of Chain A (as well as attestations from any other chains in the system).Once a guard attests to the state of both the origin chain and the entire Interchain network, the bonded Notary on the origin chain can submit its attestation to the Synapse Chain. This updates the state of the network via a proof, confirming that both a Guard and a Notary have attested to the status of Chain A, along with attestations from any other chains within the system.
A snapshot of the Synapse Chain state is then taken and posted to the destination chain, initiating the "optimistic seconds" countdown until the message is eligible for execution. During this period, if the notary and the guard colluded to commit fraud, any guard within the system can present a fraud proof to all chains, temporarily blacklisting agents on every chain while the dispute is resolved.
Only after another Notary & Guard on the origin chain attest that fraud has not been committed, and post it to Synapse Chain (using a longer optimististic period for increased safety), with the results of the dispute can the message be executed.
The pending disputed message can only be resolved after a separate notary and guard on the Origin Chain both verify that no fraud has occurred, and report this to the Synapse Chain. This employs a prolonged "optimistic seconds" timeframe to enhance security, and once complete, the dispute is resolved and the message is executed.
By making the results of these disputes globally accessible, the safety of the system increases as more chains are added. This guarantees that every bonded actor in the system will be looking for fraud all the time, since everyone is forced to attest to the state of the network as whole.
Crucially, bond amounts are set differently for Guards and Notaries to incentivize participation. Since Guards can only grief messages, but cannot independently commit fraud, they are required to post a much smaller bond compared to notaries. This is because at least one guard is necessary to verify the condition of every message.
On the other hand, Notaries are required to post a substantially larger bond to participate in the consensus. This not only minimizes the chances of a notary committing fraud by raising the potential financial penalty for notaries, but it also establishes a significant bounty for guards who promptly report any fraud, thus encouraging swift reporting of any fraud.