Babe and GRANDPA

It seems to be clear but i would like to check nevertheless: the n/2 threshold makes it possible to keep producing blocks while the finality gadget stalls. However, to maintain safety, one needs, in the case of GRANDPA, the n/3 threshold. That is, babe + GRANDPA is not a solution for tolerating adversaries stronger than the ones in the classical BFT consensus working under partial synchrony (say Tendermint, Hotstuff…). Can you please (dis)confirm this?

Yes.

GRANDPA needs exactly the same 2/3rd honest security assumptions as Tendermint, Hotstuff, etc. It makes various offenses being slashable though too.

BABE implements Ouroboros Praos. It’s 1/2 threshold sound smaller than 2/3, but BABE/Praos only gives weaker PoW style assurances against forks. Also BABE cannot slash for anything except outright building two blocks for the same VRF output.

In short, if some block B is finalized by GRANDPA then you can trust that reverting it results in slashing some validators 100%. If GRANDPA stalls then yes BABE keeps working, and provides some Praos/PoW-like assurances against forks, but another fork could revert transactions without causing slashing.

As an aside, we reduced BABE’s security to both reduce validator launch time during testing, and to give fixed time block production. We’ll fix the second by replacing BABE with Sassafras, which partially exists now. :slight_smile:

1 Like