Peer communication

Peer states

  • Continuous Pings - send ping messages every 3s, build peer list, check stakes, ensure bad nodes are blocked. Ping message: peer ok, state, stake tx, proof of TSS share. Correct ping trigger stake check (balance must have been staked for at least 72 hours and never moved) och each peer, each adds peer to its peer list.

  • Continuous Signing - All peers look at incoming address for new tokens, put them in list, build tx. Incoming tokens must be in confirmed transactions and exist in unconfirmed K/V. Tx contains: tx inputs and outputs, reward distribution, refunds (multi-send). Each peer broadcasts a sign proposal (max. one per peer): <sha512_256(tx_sign_doc), sha512_256(peer_id + tx_sign_doc), tss_proof> Each peer: m[0] == own[0], m[1] == sha512_256(peer_id + our_sign_doc), ok(tss_proof) Peers that pass are added to own signing set, which each peer will broadcast. Peers that broadcast signing sets that do not meet the threshold are ignored by other peers. The minimal subset of signing sets shared across at least t peers is selected by each peer (all must be visible by each other). Subsets are selected repeatedly until one that meets the full threshold is found (*). This solves an issue whereby two nodes each broadcasting a signing list that is t in size but contain different peers. Of this list, peers are ordered by seniority and peers with any non-unique tss_proofs are pruned from bottom-up to form the threshold set. Each peer in this list broadcasts a checksum of its threshold set to prepare for signing. If any of these do not match up, outliers are blocked and we must wait until the next round; this one aborts. To prevent double signs, peers will enter Cooldown state if they see >= t+1 peers in the signing state already. Entering the signing state is aligned to 1 minute intervals so that peer lists can be regularly cleared

  • Cooldown - Peers do not participate in signing until the next round epoch once they finish signing and the transaction(s) are broadcasted.

  • Keygen (Replaces “Signing” when in Keygen mode (time < keygen_until) - Each peer has the same “keygen until” time set in config. Keygen runs repeatedly aligned to 5 minute intervals until this time is reached. The in/out addresses will change until a certain block when it becomes “locked in” and permanent.The mainnet network needs to spend some time repeatedly generating the TSS shares for about 1 week to prove that no individuals know the full private key.

  • Regroup - The TSS algorithm can support reassigning shares among peers to prune out peers that have gone offline or are bad. This will happen every night at 00:00 UTC to bring in new peers and maintain the peer pool. Peers are sorted by seniority in descending order. If anyone misbehaves during this process, the keygen attempt is skipped and each node records this event and the culprits that caused it. If this happens repeatedly, a software update must be issued to address the problem. Meanwhile, the protocol can continue using the old shares. Important: We must not allow peers to block each other from this process. This can be dangerous (a cartel can enter the network and attempt a takeover).

(*): Each peer selects a candidate tx which contains the most valid transfers (exact match or closest intersection) with correct reward distribution output in view. Must contain at least one transfer or round is skipped. TX includes participant peer table checksum, also verified.