Currently, when a node submits an invalid ZK proof during E3 execution (bad BFV key, bad DKG shares, bad decryption proof), there's no mechanism to:
- Detect the fault cryptographically
- Attribute it to a specific node with non-repudiable evidence
- Slash the faulting node while allowing the E3 to continue with remaining honest nodes
Without fault attribution, a single malicious or buggy node can cause an entire E3 to fail, and all nodes (including the faulting one) get treated equally during refunds. This creates no economic disincentive for misbehavior.
Signed Proof:
Instead of requiring committee voting on accusations (Quorum Model), have every node sign all proofs before broadcasting. When a proof fails verification, the signature provides self-authenticating evidence of fault that can be verified on-chain.
If every node signs its proof, a failing proof is cryptographic evidence. Submit it on-chain, re-verify the ZK proof (it fails), verify the signature (proves authorship), slash the node. No voting needed.
Part of #950
Currently, when a node submits an invalid ZK proof during E3 execution (bad BFV key, bad DKG shares, bad decryption proof), there's no mechanism to:
Without fault attribution, a single malicious or buggy node can cause an entire E3 to fail, and all nodes (including the faulting one) get treated equally during refunds. This creates no economic disincentive for misbehavior.
Signed Proof:
Instead of requiring committee voting on accusations (Quorum Model), have every node sign all proofs before broadcasting. When a proof fails verification, the signature provides self-authenticating evidence of fault that can be verified on-chain.
If every node signs its proof, a failing proof is cryptographic evidence. Submit it on-chain, re-verify the ZK proof (it fails), verify the signature (proves authorship), slash the node. No voting needed.
Part of #950