Consider equivocation detection

[JoshOrndorff]

For sovereign chains hoping to use proof of stake, equivocation detection is necessary so validators who work on multiple chains can be slashed. Current nimbus does not have any such detection. Hopefully copying it from Aura will be straightforward, but I haven't looked into it.

In any case, equivocation detection is not necessary for manual seal or relay chain.

[4meta5]

Related paritytech/cumulus#492 :

Equivocation checking for Aura is currently disabled, because it only checks if a block producer has built multiple blocks on the same height. However, this is completely legal for a collator to build multiple blocks on the same height, as long as they are build on different relay chain blocks.

[crystalin]

Equivocation should be done using the relay block hash not the block height.
Basically you are not allowed to build a block using the same relay block hash.

However this needs to be punished on the validator as the collator doing equivocation can simply send its blocks to the validator to get accepted without sending them to other collators

[notlesh]

It would be good to clearly state the goals of equivocation for parachains and how that would fit in with the abstractions in Nimbus (e.g. there is no assumption about stakers).

Here are some assumptions I start with.

• Long-range attacks are prevented by deterministic finalization and don't need consideration in this context
• There is still the ability to abuse short-length forking
  • This allows for degradation of performance
  • It also allows for short term nothing-at-stake abuse
• The rules should be clear and simple enough that the protocol can resolve any equivocation report

In addition, I think punishment needs to be tuned to suit the goals. Consider that it is commonplace right now for collators to run multiple nodes with the same authoring keys. This is probably because it improves their block authoring rate and thereby their rewards. Punishment should be lenient enough that these operators can make appropriate changes without losing a substantial amount of their stake.

On the other hand, we don't want punishment to be so loose that someone who steals an author's keys can abuse it with little repercussion.

It is also important to understand how this impacts participants other than node operators (e.g. delegators in Moonbeam). In a sense, introducing equivocation slashing changes the rules and expectations for them. Whereas they previously might have expected staking to be a low-risk, low-maintenance operation (not that it is -- this isn't financial advice), it may put their funds at risk without sufficient warning.

Given all of this, I propose a rough template for equivocation:

• Equivocation punishment can be enforced for any pair of parachain blocks:
  • from the same author,
  • at the same para block height,
  • and for the same relay block
• Punishment starts with a report from anyone. The report should provide the two conflicting block headers, which should be enough for the protocol to (synchronously?) decide whether or not it is legit.
• Economic incentives for reporting:
  • A report should have a beneficiary who receives some of the slashed funds as a reward
  • A report should have a deposit which is burnt if the report is illegit and returned to beneficiary otherwise
• Authors could face increasing punishment for repeat offenses (there's a lot of room for design here)
• Authors could be temporarily banned from participation on each offense (this would give them time to make corrections without racking up multiple punishments)

Some of this may not fit well into Nimbus, by the way. I think it's appropriate to ask whether or not this belongs here or which parts of it belong here.

[4meta5]

I also like the discussed idea of punishing equivocation by kicking guilty collators out of the selected candidate pool for a certain number of rounds. By preventing them from authoring blocks for these rounds, we are depriving them of any block rewards for this time. It also acts as a sort of time-out/penalty box for collators that are abusing their participation in consensus.

The incentive to report equivocation in this case would be to knock competition out of the pool (more rewards for the other collators).

Some of this may not fit well into Nimbus, by the way. I think it's appropriate to ask whether or not this belongs here or which parts of it belong here.

I think it should live in parachain-staking or whatever staking pallet is used.

For parachain-staking, the internal implementation to temporarily kick a collator out of the pool would be trivial by using do_{go_offline, go_online} vs actually slashing deposits requires iterating over delegations and adjusting all proportionally.