Partial Set Security Signaling Prop
This is a signaling proposal for the Partial Set Security update to Interchain Security. PSS will allow a subset of the Cosmos Hub’s validator set to run consumer chains, as well as bringing several other features to make ICS more flexible.
This signaling proposal will not immediately deploy the feature set but it will be included in a software update in the next few months.
This feature set will manifest in two main ways- opt-in consumer chains, and top-n consumer chains. It will completely supersede the current ICS implementation, known as Replicated Security.
Opt-in consumer chains
With opt-in consumer chains, unlike with Replicated Security, every validator can choose whether or not they want to run the chain. This means that no validator is obligated to run a consumer chain, and can make their own choices about how profitable it is likely to be. Additionally, validators will be able to choose a different commission rate per consumer chain, helping them to cover expenses on the consumer chains that they run without changing their main Cosmos Hub commission rate.
Several “validator set shaping” features will be available to consumer chains, such as:
- Whitelists and blacklists: Consumer chains can choose to exclude certain validators, or only include others (if they opt in).
- Power cap: Consumer chains can choose to cap the amount of power a large validator can bring to their chain. For example, they could configure it so that no validator could have more than 25% of the power on their chain, even if one of the validators was much larger than the others.
- Active set: A consumer chain can choose to have an active set smaller than the Hub’s active set, for better performance.
Top-n consumer chains
Some consumer chains need to guarantee a high level of security, and are valuable or strategic enough to warrant it. This is the category of chains that have used Replicated Security to date. To continue to support this use case, we are introducing the “top-n” feature. On a top-n consumer chain, the top “n” percent of Hub validators are automatically opted in.
A top-n setting of 95% percent is functionally equivalent to Replicated Security, and this is what current Replicated Security consumer chains will be migrated to. Other settings are also available. For instance, 66% top-n has comparable security to 100%, yet only requires around the top 25 Hub validators to run the consumer chains (others can still opt in if they want).
However, we expect that the majority of new chains will launch as opt-in chains. Neutron and Stride will be migrated to 95% top-n chain, which is exactly equivalent to their current security with Replicated Security.
Permissionless launch
Opt-in consumer chains will be able to launch permissionlessly, without the governance proposal currently required by Replicated Security. After launch, once validators start opting in, the consumer chain starts running.
However, for the first version, consumer chains will need to be “cleared for launch” by governance. This is purely to avoid frivolous or spam consumer chains being created. In an update after launch, we will be refactor the database code to allow for fully permissionless consumer chains.
Details
Here is an ADR describing the main points of PSS: Partial Set Security | Interchain Security
Progress is tracked here: EPIC: Partial Set Security · Issue #853 · cosmos/interchain-security · GitHub
Code is in progress here: GitHub - cosmos/interchain-security at feat/partial-set-security