This file implements the election sortition mechanism for the Canopy blockchain's Byzantine Fault Tolerance (BFT) consensus protocol. It provides a fair, secure, and decentralized way to select block proposers (leaders) based on their stake in the network.
Election sortition in Canopy is designed to:
- Select block proposers (leaders) in a verifiable random manner
- Weight selection probability based on validator stake
- Prevent various attacks on the consensus mechanism
- Ensure fair participation in the consensus process
- Provide fallback mechanisms when needed
The election sortition process uses a multi-step approach to select leaders:
-
Verifiable Random Function (VRF): Each validator generates a provably random value using their private key and common seed data. This creates unpredictability while allowing verification.
-
Stake-Weighted Threshold: Validators with more stake have a higher probability of becoming candidates. The system calculates a threshold based on each validator's voting power relative to the total.
-
Candidate Selection: Validators whose VRF output falls below their threshold become candidates for leadership.
-
Leader Selection: From all valid candidates, the one with the lowest VRF output becomes the leader for the current round.
-
Fallback Mechanism: If no candidates emerge, the system falls back to a stake-weighted pseudorandom selection.
The system uses several parameters to control the sortition process:
- Expected Candidates: The system targets having approximately 10% of validators as candidates, with minimum and maximum bounds.
- Voting Power: A validator's stake or voting power influences their probability of becoming a candidate.
- Seed Data: Includes previous proposer addresses, block heights, and round numbers to prevent manipulation.
The sortition process includes robust verification mechanisms:
- VRF Verification: Anyone can verify that a validator's random value was correctly generated without knowing their private key.
- Candidate Verification: The system can verify if a validator is legitimately a candidate based on their VRF output and stake.
- Leader Selection Verification: The process of selecting the leader from candidates is deterministic and verifiable by all participants.
The election sortition mechanism includes several security features:
-
Protection Against Grinding Attacks: By including previous proposer addresses in the seed data, validators cannot manipulate the process by repeatedly trying different inputs.
-
Protection Against DDoS Attacks: The identity of the leader isn't known until the process begins, making it difficult for attackers to target specific validators in advance.
-
Stake-Weighted Fairness: The probability of becoming a leader is proportional to a validator's stake, ensuring economic alignment with network security.
-
Non-Malleability: The use of BLS signatures provides non-malleability and uniqueness, making them suitable for the VRF implementation.
-
Deterministic Leader Selection: Once candidates are identified, the selection of the leader is deterministic, preventing manipulation of the final selection.