WIP addess some small TODOs

IntersectMBO · Nov 27, 2024 · 66febce · 66febce
1 parent 66cff5a
commit 66febce
Show file tree

Hide file tree

Showing 2 changed files with 14 additions and 6 deletions.
diff --git a/docs/website/contents/for-developers/CardanoPraosBasics.md b/docs/website/contents/for-developers/CardanoPraosBasics.md
@@ -20,14 +20,14 @@ If both of the following hold
 
     - {PraosHonestMinting}.
       At the onset of a slot that elects some honest stake pools, for each such pool, exactly one node in X promptly mints exactly one block that extends the node's current selection.
-      That mechanism is the only way that honest stake pools with more than half (TODO or some amount more than that to overcome possible grinding) of the delegated stake mints blocks.
+      That mechanism is the only way that honest stake pools with more than half of the (effective[^GrindingWiggle]) delegated stake mints blocks.
 
     - {PraosEpochStructure}.
       The on-chain protocol state maintains an evolving nonce that accumulates every block's election proof.
-      The elections during epoch E on a chain are determined by the value of that evolving nonce that was snapshotted on that chain at least 129600 slots (ie 36 hr) (TODO +43200 slots for Genesis?) before E and a stake distribution that was snapshotted on that chain at least 172800 slots (ie 48 hours) before the nonce was snapshotted.
+      The elections during epoch E on a chain are determined by the value of that evolving nonce that was snapshotted on that chain at least 129600 slots (ie 36 hr)[^GenesisBump] before E and a stake distribution that was snapshotted on that chain at least 172800 slots (ie 48 hours) before the nonce was snapshotted.
 
     - {PraosProtocolStability}.
-      Similarly, the protocol itself (eg parameters) cannot vary on a single chain with less than 129600 slots (ie 36 hr) (TODO +43200 slots for Genesis?) of warning.
+      Similarly, the protocol itself (eg parameters) cannot vary on a single chain with less than 129600 slots (ie 36 hr)^[GenesisBump] of warning.
 
 then the Praos paper proves a vanishingly small failure probability for each of the following.
 
@@ -46,6 +46,13 @@ then the Praos paper proves a vanishingly small failure probability for each of
     The PhD dissertation https://eprint.iacr.org/2021/1698 established that an adversary with less than roughly 9.5% stake will not successfully grind, regardless of hashing power.
     Generally, though, more hashing power or more stake would both benefit the adversary.
 
+[^GrindingWiggle]: Elaboration.
+    A grinding adverary is effectively amplifying their portion of the stake.
+    The Praos security argument requires that even their _effective_ relative stake is below half.
+
+[^GenesisBump]: Warning.
+     Ouroboros Genesis increases this by 43200 slots (ie 12 more hours).
+
 ## Grinding Attack
 
 In a {GrindingAttack}, the adversary attempts to choose the nonce for some epoch.
@@ -74,11 +81,12 @@ If C^2160 reaches the intersection of C and some attacking chain or C just becom
 The duration of the grinding interval depends on various factors, but generally becomes longer if the honest chain is growing slower or the adversary is gaining elections faster and/or already had a big lead.
 If the adversary wanted to remain covert, it'd need to continue contributing (most of) its elections to X's selections.
 On Cardano, that typically means the time interval would not last significantly more than 12 hr.
-Moreover, Praos would have to explicitly fail for the interval to last more than 36 hr (TODO what if they could start grinding early?), according to PraosChainGrowth.
+Moreover, Praos would have to explicitly fail for the interval to last more than 36 hr, according to PraosChainGrowth.
+(TODO that previous sentence doesn't consider that the adversary might be able to start grinding early.)
 If the adversary doesn't have much stake, then it's extremely unlikely they'll have many excess elections.
 That both decreases their search space and also reduces the interval since it makes them more dependent on orphaned honest blocks, which prevent the calculations from starting earlier than those orphans arrive.
 
-(TODO mention that 100 blocks already generates enough chains to take years of calculation?)
+(TODO integrate the fact that 100 blocks already generates enough chains to require years of hashes to compute the nonces?)
 
 ## Protocol and Leader Schedule Stability
 

diff --git a/docs/website/contents/for-developers/CivicTime.md b/docs/website/contents/for-developers/CivicTime.md
@@ -2,7 +2,7 @@
 
 ## Introduction
 
-This document discusses how civic time (eg the value read from the wall clock) relates to the Cardano node, both the current design details and the higher-level fundamental needs.
+This document discusses how civic time (eg a value the wall clock could report) relates to the Cardano node, both the current design details and the higher-level fundamental needs.
 
 It also raises the question of what behaviors the node should exhibit when the Praos security argument has failed.