Towards the end of 2019 we announced that Radix would no longer be launching a public network in Q4 2019, as we had intended to do. This decision was due to technical setbacks which, put simply, meant the ledger was not ready for public deployment.
Since announcing the delay, we have tightened our focus and realigned around the core of what we have always set out to achieve at Radix: building a massively scalable decentralised public network.In January, the Radix Team came together to evaluate and agree on our plans for 2020. Following on from this, we want to update you on what is changing and what you can expect from Radix this year.
The technical challenges
As we underwent final testing we discovered two potential attack vectors which affected two key components of our consensus system, Tempo. The attack vectors raised two potential vulnerabilities which were critical to the security of our consensus mechanism:
Weak Atom problem - Tempo was unable to prevent an attacker having de facto control over transactions they had manufactured to have weak backing. This control could last unbounded amounts of time until the attacker executed their attack, affecting the security of transactions considered final.
Sybil protection - Tempo used a novel Sybil protection mechanism, called Mass, which increased node reputation for good behaviour over time. However, Mass was not inherently valuable to honest actors, meaning that it was possible for a secondary market to emerge, where malicious actors could buy influence (via Mass) for less than its true security value. This would have left the network vulnerable to potential low cost double-spend attacks.
Before we deploy technology we must be satisfied that it is as secure as one can reasonably expect in a public domain. Having discovered two possible attack vectors we have undertaken a great deal of research and testing; running different iterations to identify the problem and assess possible solutions. This process has involved testing internally and with independent third parties (code auditors, academics, industry veterans etc.) and the complexity of solving these issues has become clearer as we have explored the issues. Ultimately, this is why we continually test our technology internally and with third parties.
The Radix team worked round the clock to explore various possibilities for a fix that would allow us to launch, as planned, in Q4 2019. Despite exhaustive work we have concluded that there is no short-term solution that would resolve the potential vulnerabilities in the time frame that we had hoped for.See Radix Technical Journey post for more details on these issues and what we learned from them.
The primary focus for the Radix platform
Over the years, the Radix team has engaged with its partners and developer community about building and deploying on Radix. Our conversations highlight that Radix’s unique, scalable quality is what most excites our partners and the community about Radix.
Tempo’s (pre-sharded) data architecture enables Radix to deliver the kind of scale required to allow for simultaneous use of the ledger by millions of individuals and entities globally. We will be carrying this element of Tempo forward and are focusing on delivering a platform that is building towards a massively scalable decentralised public network. It is a narrow focus and we believe it is what our partners and the community want from a globally deployable Radix network.
Building atop Tempo’s defining sharding concept, and using all we’ve learned over years of distributed system research, we have developed a new consensus approach to deal with the issues that we encountered with Tempo.
This new consensus protocol, called Cerberus, uses a unique BFT-style agreement process that we have designed specifically around our massively sharded data architecture. Cerberus will provide the kind of fast, confident finality of transactions seen in the latest proven BFT consensus protocols (such as HotStuff) while retaining Tempo’s tremendous scalability. This will ensure that Radix, using Cerberus, will meet the future throughput and storage needs required for a global-scale DLT solution.
Cerberus builds on well understood consensus mechanisms and gives strong guarantees around safety, liveness and well defined security bounds, thus addressing the issues we were facing with the weak Atom problem in Tempo.
New and innovative ways to ensure Sybil protection are continuously being explored; we have, explored novel implementations ourselves. Research and development of these mechanisms takes time, and implementing these without fully understanding them could prove to be too risky. We have, therefore, made the decision to use proof-of-stake (PoS) as the Sybil protection mechanism for the first Radix public network, in order to ensure we deliver a usable platform within a reasonable timeframe.
Whilst we understand and accept that PoS has a number of limitations, it is a proven and efficient Sybil protection mechanism. The incentives resulting from a PoS implementation can also create a closer alignment of interests with our stakeholders.
This shift to PoS as the Radix Sybil protection mechanism will likely require the development of an emission model to reward people for securing the network. This will almost certainly require some tweaks to our current Economic Model, which we will be discussing with the community over the next couple of months.
We will be releasing a technical whitepaper detailing the proposed changes to the Radix ledger. There are a number of steps that need to be undertaken to reach the stage where the whitepaper is ready for public release; this includes several rounds of review. It is a process we want to happen quickly, but we also accept that doing things in a rush has not always worked in our favour. We will look at ways to share our theory and progress with the community ahead of the release of the formal paper. Work on the whitepaper is already underway.
In the past, we have not been great at estimating timelines or communicating potential delays. Estimating timelines accurately is no easy feat but we also know we can do this better and our revised approach aims to ensure we use the best information we have available to more accurately estimate and share timelines.
Moving forward: Our modus operandi
To keep you up-to-date with Cerberus developments, the Radix public network and what else we are up to at Radix we are going to open-source our development so that you can follow along with us. We will also:
- Communicate regularly about project and product developments, including our wins and setbacks (see Radix Ways of Communicating for more details)
- Use the best information we have to make and provide informed timelines/deadlines
- Keep you posted on what we are working on, which will provide a clearer picture of when we expect work to be delivered
- Provide you with regular general updates on happenings in the Radix-verse on our community channels
We have also written a blog which summarises our research and development so far, including what did not work and what we have learnt as a result.
Our goal remains to deliver a technology which allows anyone, anywhere friction free access to the digital economy. We are fully committed to delivering this.
Please join us for the next Radix AMA, on Wednesday 12th February, where we will detail more about our 2020 plans and answer any questions you might have.