Plasma Docs
  • Introduction
    • Overview
    • Use Cases
    • Why Bitcoin
    • Roadmap
  • Architecture
    • System Overview
    • Core Features
    • Consensus
      • HotStuff
      • PlasmaBFT
      • Committee Formation
      • References
    • Execution
    • Bitcoin Bridge
    • Hardware Requirements
    • RPC-API
      • Reth Reference
    • EVM Details
  • Community
    • Official Links
Powered by GitBook
On this page
  1. Architecture
  2. Consensus

Committee Formation

The Committee Formation is under active research and development and subject to change in implementation design.

In PlasmaBFT, committee formation is crucial for achieving consensus at scale. State replication tends to scale poorly in worst-case scenarios, often degrading to quadratic complexity (or worse). To maintain performance under such conditions, choosing a smaller subset of all possible validators limits the potential communication explosion in these cases.

This approach naturally aligns with the message validation required by BFT-based systems. Since every validator in this smaller set—and their corresponding public key—is known, we can efficiently authenticate messages and reveal equivocation. However, using a known, fixed set also implies that nodes cannot easily join or leave the committee on a per-round basis without supporting mechanisms.

In Plasma, committee members are chosen using a cryptographically secure random process, weighted by the Proof of Stake (PoS) mechanism underlying our validator set. This method not only ensures fairness but also prevents Sybil attacks by limiting voting power to a verifiable, limited resource, thereby hindering attackers from overwhelming the system with a multitude of nodes.

Slashing

In any Proof of Stake system, the question arises regarding how the system deals with the 'nothing at stake' problem. Since staking requires minimal computational resources, malicious validators can—in theory—explore the space of eligible blocks to find one that satisfies their eligibility above those of their fellow validators. If they do so privately, they can build and maintain a hidden fork that could enable a double-spend.

In doing so, an adversary must either reveal a valid block and then later reveal a second, similarly valid but distinct block (double sign) or skip their valid eligibilities to maintain their private chain. The former is easy to detect because it can only result from malicious behavior. The latter, however, is indistinguishable from normal stochastic failures in a dynamic environment.

To disincentivize malicious nodes from these types of behaviors, we considered two types of slashing. Stake slashing, in which the collateral of the malicious validator is seized or burned, is the most aggressive form of punishment, as even plausibly accidental failure to produce a block can result in a loss of funds. Reward slashing, in comparison, is a more passive approach that revokes rewards for a given period from the adversary but does not affect their initial staked collateral. The intuition behind reward slashing relies on the economically rational behavior of the adversary: if their behavior will be detected with high probability, then the marginal probability of the loss of rewards will, over time, trend to a less financially beneficial outcome than simply following the protocol.

A key advantage of the latter approach is better alignment with traditional financial systems. While an unexpectedly low return from a yield-bearing product is well-understood by existing legacy models, the sudden evaporation of deposited funds without a corresponding transaction is not. Since Plasma aims to integrate and facilitate with such systems, it is therefore important that our behavior is predictable and compatible in that context.

PreviousPlasmaBFTNextReferences

Last updated 1 month ago