Data Retrieval Slashing

Data retrieval slashing

This section of the documentation will explore the slashing mechanism used on DA Nodes during the data retrieval process. Every node in the DAC has a stake of 32 ETH, which can be reduced (either partially or completely) if it engages in misconduct. The implementation of the slashing mechanism guarantees that every node is motivated to engage in honest participation, discourages disruptive actions, and preserves the network's integrity by ensuring the availability of data even in adversarial situations.

For data retrieval slashing, we consider an adversarial $A$ that controls $C \subseteq \{1, 2, \dots, N\}$ nodes, which are therefore also considered non-responsive. $A$ will try to bribe the remaining node in $\overline{C}$ to fail the data retrieval process. The slashing mechanism considers the economic power of $A$ and will ensure the data retrieval process will succeed.

The penalty

The slashing mechanism is triggered by a client making a data retrieval request over the network. In a highlevel overview, the steps are as follows:

Client Request

The client sends its query to all DAC nodes over the network.

Response evaluation

If at least $k$ nodes respond, the client can reconstruct the original data. Here, $k$ represents the minimum number of encoded chunks (data points) required to accurately reconstruct the original data using Polynomial interpolation.

The data is encoded as a polynomial $P(x)$ of degree $k-1$ . The value $k$ corresponds to the number of original data points, which equals the degree of the polynomial plus one. To reconstruct $P(x)$ , the client must retrieve at least $k$ distinct encoded chunks $\{(x_i, y_i)\}$ , where each $y_i = P(x_i)$ .

The original polynomial $P(x)$ can be reconstructed using interpolation with the following formula:

P(x) = \sum_{j=1}^{k} y_j \prod_{\substack{1 \leq m \leq k \\ m \neq j}} \frac{x - x_m}{x_j - x_m}

In this formula:

$x_j$ are the distinct evaluation points.
$y_j$ are the corresponding encoded values.
The product term $\prod_{\substack{1 \leq m \leq k \\ m \neq j}}$ forms the Lagrange basis polynomials.

Since each node stores a determenistic unique evaluation of the polynomial, the client has sufficient information to reconstruct the original polynomial $P(x)$ , thereby recovering the original data and terminating the protocol if enough nodes respond.

Smart contract request

If the client does not received $k$ responses by a certain timeout, it escelates the procedure by posting the query on-chain in an Ethereum smart contract. The client must make a base payment to deter spamming, which can be 0 if the gas fee is high enough.

Fair on-chain response evaluation

To avoid slashing or penalties, all $N$ nodes respond to the query with their assigned data chunk within a certain time window.

ℹ

Note: as the network grows in size, step 4 will require to use a determenistic random function to query only a subset of node to avoid spamming the blockchain and DA network. Additionally, there will be a veto contract that can veto slashing when a malicous client is attempting to force slashing by spamming the blockchain.

Slashing conditions

Nodes that respond to the on-chain request will never be slashed or penalized, noting that an invalid response is treated as a non-response. There are 2 conditions under which a node can be slashed. In below conditions, let $\sum_{j=1}^{N} x_j$ be the nodes that respond with a valid response.

The node does not respond, but enough other nodes did so that $\sum_{j=1}^{N} x_j \geq k$
- In this case, the fault of the non-responding node is likely not adversarial and does not pose a significant risk to the data retrieval process. Therefore, it will only be penalized for a small amount. At genesis, this will equal $R_{\text{att}}^{(i, c)}$ , which is the reward of the attested chunk.
- $\text{Penalty} = - R_{\text{att}}^{(i, c)}$
The node does not respond, and not enough other nodes responded so that $\sum_{j=1}^{N} x_j \lt k$
- This case is more severe and could indicate a large scale attack on the network. This therefore also requires a harsher penalty.
- $\text{Penalty} = -{\text{Stake}_j}$

Considerations

When fewer than $k$ nodes respond to the client's request and thereby jeopordize data availability, it suggests that adversial $A$ controls a substantial fraction of the total nodes. Specifically, if $\sum_{j=1}^{N} x_j \lt k$ , it indicates that the economic power of $A$ is so substantial, it prevents the honest nodes from being able to achieve the $k$ threshold.

Calculating the probability of complete slashing

To better understand that the slashing mechanism ensure robustness of the DA network against these sort of adversarial attacks, we will calculate the probality that an adversarial can successfully bribe enough nodes and control the network. This probability involves the economic power required to both stake behind enough nodes and to bribe enough remaining honest nodes.

The probability of an adversary achieving success is approximately:

q_{\text{adv}} \approx \frac{\text{Adversary's Effective Budget}}{\text{Required Security Threshold}}

$\text{Adversary's Effective Budget}$ is simply the economic power to bribe nodes minus the amount to control nodes with staking: $p_0 - f \times p_s$

$\text{Required Security Threshold}$ refers to the minimal amount of honest involvement and economic incentives necessary to withstand bribery attempts and maintain the security of the data retrieval process against adversarial attacks. It is written as $(H - k + 1) \times \Delta$ , where $H$ is the number of honest nodes remaining and $\Delta$ the total value at stake for each node, minus the cost of participating the game: $(p_{\text{stake}} - \text{Fee}_{\text{gas}})$ .

The equation provides the relationship between the adversary’s budget, the number of adversary-controlled nodes, and the economic incentives that influence the likelihood of a successful attack.

The adversary must not only have a high stake at risk to control enough nodes, but also have sufficient economic power to bribe enough honest nodes so that $k$ can not be reached. With a significant enough $\Delta$ and $H$ , attempting an adversary attack on the DA becomes economically infeasible for $A$ . Rational nodes are incentivized not to accept bribes considering $\Delta$ is large and the assets at risk are therefore large too.

Given this equation, nodes can be confident that complete slashing is impossible to happen when participating honestly, extremly unlikely to happen in the event of a node malfunction, and virtually impossible as the network grows. Clients can be certain that their data availability is guaranteed, even if not all nodes participate in the query game.

No reward on responses & avoiding on-chain queries

DA Nodes that respond honestly to a query request on-chain are not rewarded or reimbursed for the gas fee. This ensures that the nodes prefer to respond over the network, which provides the client with a low-cost, low-latency method of requesting data. As seen before, nodes are incentivized to respond to on-chain queries, as failing to do so will lead to penalties.

Whistleblower rewards

When a client creates an on-chain game where $\sum_{j=1}^{N} x_j \lt k$ , the client is rewarded with a whistleblower fee, which is deducted from the slashed amount. The whistleblower fee is small enough to prevent self-slashing, but large enough to incentivize clients to police the network, so that the reward is calculated as:

\text{Reward}_{\text{whistleblower}} = \alpha \cdot \sum_{i \in \text{slashed}} \text{Stake}_i

Preventing spam

The on-chain game should only be triggered when a client does not receive a result over the network. To prevent the DA nodes from incurring large gas fee costs from repeated unnecessary games, the client is obliged to pay a fee when creating a game. This fee is large enough to deter clients from making unnecessary query requests, but smaller than the whistleblower reward as to not prevent anyone from policing the network.

Overview Coming Soon