[The History of Casper — Part 1. Republished from the Ethereum blog at… | by Vlad Zamfir | Medium](https://medium.com/@Vlad_Zamfir/the-history-of-casper-part-1-59233819c9a9) The idea of slashing solved the nothing-at-stake problem by having validators lose their block reward if they signed blocks at the same height on two forks Never willing to take "half the coins are honest" as a security assumption Needed some kind of incentive compatibility between bonded node incentives and protocol security guarantees Nash Equilibrium - strategy profile with a corresponding payoff where no players individually have an incentive to deviate Nash Equilibruim = no points for inidivudal strategy changes By bribing participants you can modify payoffs, and this changes Nash Equilibriums The bribe attack makes the question become "what is the price of bribing teh currently existing nodes to get the desired outcome?" Idea is that bribing attacks would have to spend a lot of money to compensate for lost deposits Ignoring consensus messsages from nodes that don't currently have security deposits circumvents long-range attack problem Instead of authenticating the current state based on the history starting from the genesis block, authenticate it based on a list of who currently has deposits Bond time needs to be long so clients have time to learn about the new, incoming set of bonded stakers Need a way for blockchain clients to agree on changes to the set of security deposits with finality - the agreement is irreversible Forking changes to set of bonded stakres could mean that clients may permanently lose consensus if there's an unknown fork that takes over Must have finalized consensus for PoS to work One idea was using security deposits to checkpoing the chain, replacing dev checkpoints with PoS checkpoints Hashes could be used to authenticate changes to list of deposits Would happen every X blocks It was clear that there needed to be a system for sampling bonded stakeholders to produce blocks As well as that security could be enforced by sampling another set to get validation signatures **Slashing Conditions** When bonded node creates or signs two blocks at same height A question was how to make signing on two forks at different heights a slashable offense without also penalizing bonded stakeholders for signing the highest scoring chain **Econ and game theory vs CS** Two factions of belief about relevance of economics to blockchain-based consensus Eth/Tendermint thought economic analysis was central Security could be talked about in terms of money spent by an adversary Szabo believed fault tolerance and consensus was a pure CS problem Big games and small games, and in-protocol incentives were small games that don't end up influencing the larger game very much, where there are much greater incentives and payoffs Response is that its important for in-protocol incentives to push as much towards ensuring protocol guarantees are respected Dominic Williams said important to do CS then add incentive compatability [[Tendermint]] is based on a traditional consensus mechanism, and is secure against a bribing attacker who is attempting to fork the chain It is guaranteed that every block is finalized before committed to the chain At least 1/3 of security deposits would be slashed in the event of any forks whatsoever Consistency-favoring consensus ### Chapter 4 Foundation of methodologies that underlie the analysis and architecture in developemnt circa 2016 Theory developed that Tendermint cartel with more than 2/3 of security deposits would form since 1/3 wouldn't matter The 1/3 would be censored and eventually leave, and a new cartel with more than 2/3 of the now smaller set of security deposit would form, and the process would continue until at most 2 validators remain First concrete move from efficient/competitive economic models to oligopolistic models Changed the unit of analysis from individual validators to cartels of validators Design philosophy motivating Casper: **Blockchain architecture is mechanism design for oligopolistic markets** Every project has some problems under cartel analysis ### Chapter 5 Casper called the friendly ghost because of incentives designed to guarantee censorship resistances against cartels **Censorship resistance in the cartel model** Must be that cartel not incentivized to censor validators who are not in the cartel *Cartel cannot censor the absence of censored validators* Meaning that cartel cannot hide the fact that the censored validators are missing Cartel had to be punished whenever validators appear to be missing Penalize validators who go offline **Definition of decentralization** A protocol is decentralized only if it can fully recover from the permanent removal of all but one of its nodes [[Tendermint]] can't recover without a hard fork if network doens't have more than 2/3 of validators weighted by stake available to sign blocks **Birth of the Friendly Ghost** Traditional BFT protocols require a quorum to be available in order for protocol to make decisions Quorum is a set of nodes so large that it must contain a majority of correct nodes Decision was made to look for something favoring availability rather than only ever making safe decisions and favoring consistency Finality would still be possible by having a Byzantine quorum decide on blocks after they're produced