The Polkadot Host uses GRANDPA Finality protocol to finalize blocks. Finality is obtained by consecutive rounds of voting by the validator nodes. Validators execute GRANDPA finality process in parallel to Block Production as an independent service. In this section, we describe the different functions that GRANDPA service performs to successfully participate in the block-finalization process.
Definition 72. GRANDPA Voter
A GRANDPA Voter, , represented by a key pair where represents an ed25519 private key, is a node running a GRANDPA protocol and broadcasting votes to finalize blocks in a Polkadot Host-based chain. The set of all GRANDPA voters for a given block B is indicated by . In that regard, we have [To do: change function name, only call at genesis, adjust V_B over the sections]
where is a function entrypoint of the Runtime described in Section C.10.1.. We refer to as when there is no chance of ambiguity.
Analogously we say that a Polkadot node is a non-voter node for block , if it does not own any of the key pairs in .
Definition 73. Authority Set Id
The authority set Id () is an incremental counter which tracks the amount of authority list changes that occurred (Definition 86). Starting with the value of zero at genesis, the Polkadot Host increments this value by one every time a Scheduled Change or a Forced Change occurs. The authority set Id is an unsigned 64-bit integer.
Definition 74. GRANDPA State
The GRANDPA state, , is defined as:
: is the set of voters.
: is the authority set ID (Definition 73).
: is the voting round number.
Definition 75. GRANDPA Vote
A GRANDPA vote or simply a vote for block is an ordered pair defined as
where and are the block hash (Definition 12) and the block number (Definition 10).
Definition 76. Voting Rounds
Voters engage in a maximum of two sub-rounds of voting for each round . The first sub-round is called pre-vote and the second sub-round is called pre-commit.
By and we refer to the vote cast by voter in round (for block ) during the pre-vote and the pre-commit sub-round respectively.
Voting is done by means of broadcasting voting messages (Section 4.8.6.) to the network. Validators inform their peers about the block finalized in round by broadcasting a commit message (Play-Grandpa-Round).
Definition 77. Vote Signature
refers to the signature of a voter for a specific message in a round and is formally defined as:
: is a byte array containing the message to be signed (Definition 75).
: is an unsigned 64-bit integer is the round number.
: is an unsigned 64-bit integer indicating the authority set Id (Definition 73).
Definition 78. Justification
The justification for block in round , , is a vector of pairs of the type:
in which either
or is an equivocatory vote.
In all cases, is the signature (Definition 77) of voter broadcasted during either the pre-vote (stage = pv) or the pre-commit (stage = pc) sub-round of round r. A valid justification must only contain up-to-one valid vote from each voter and must not contain more than two equivocatory votes from each voter.
Definition 79. Finalizing Justification
We say justifies the finalization of for a non-voter node if the number of valid signatures in for is greater than .
Note that can only be used by a non-voter node to finalize a block. In contrast, a voter node can only be assured of the finality (Definition 90) of block by actively participating in the voting process. That is by invoking Play-Grandpa-Round.
The GRANDPA protocol dictates how an honest voter should vote in each sub-round, which is described by Play-Grandpa-Round. After defining what constitutes a vote in GRANDPA, we define how GRANDPA counts votes.
Definition 80. Equivocation
Voter equivocates if they broadcast two or more valid votes to blocks during one voting sub-round. In such a situation, we say that is an equivocator and any vote cast by in that sub-round is an equivocatory vote, and
represents the set of all equivocators voters in sub-round stage of round . When we want to refer to the number of equivocators whose equivocation has been observed by voter we refer to it by:
The Polkadot Host must detect equivocations committed by other validators and submit those to the Runtime as described in Section C.10.3..
A vote is invalid if
does not correspond to a valid block.
is not an (eventual) descendant of a previously finalized block.
does not bear a valid signature.
does no match the current .
is an equivocatory vote.
Definition 81. Set of Observed Direct Votes
For validator , the set of observed direct votes for Block in round , formally denoted by is equal to the union of:
- set of valid votes cast in round and received by such that .
Definition 82. Set of Total Observed Votes
We refer to the set of total votes observed by voter in sub-round stage of round by .
The set of all observed votes by in the sub-round stage of round for block , is equal to all of the observed direct votes cast for block and all of the ’s descendants defined formally as:
The total number of observed votes for Block in round is defined to be the size of that set plus the total number of equivocator voters:
Note that for genesis state we always have .
Definition 83. Set of Total Potential Votes
Let be the set of voters whose vote in the given stage has not been received. We define the total number of potential votes for Block in round to be:
Definition 84. Current Pre-Voted Block
The current pre-voted block also know as GRANDPA GHOST is the block chosen by GRANDPA-GHOST:
Finally, we define when a voter sees a round as completable, that is when they are confident that is an upper bound for what is going to be finalized in this round.
Definition 85. Completable Round
We say that round is completable if and for all :
Note that in practice we only need to check the inequality for those where .
Definition 86. GRANDPA Consensus Message
, the consensus message for GRANDPA, is of the following format:
|is an unsigned 32-bit integer indicating how deep in the chain the announcing block must be before the change is applied.|
|1||Implies scheduled change: Schedule an authority set change after the given delay of where is the block where the change is applied. The earliest digest of this type in a single block will be respected, unless a force change is present, in which case the force change takes precedence.|
|2||Implies forced change: Schedule a forced authority set change after the given delay of where is the block where the change is applied. The earliest digest of this type in a block will be respected. |
Forced changes are explained further in Section 6.5..
|3||Implies on disabled: An index to the individual authority in the current authority list (Definition 33) that should be immediately disabled until the next authority set changes. When an authority gets disabled, the node should stop performing any authority functionality from that authority, including authoring blocks and casting GRANDPA votes for finalization. Similarly, other nodes should ignore all messages from the indicated authority which pertain to their authority role.|
|4||Implies pause: A signal to pause the current authority set after the given delay of where is a block where the change is applied. Once applied, the authorities should stop voting.|
|5||Implies resume: A signal to resume the current authority set after the given delay of where is the block where the change is applied. Once applied, the authorities should resume voting.|
Definition 87. BEEFY Consensus Message
The BEEFY protocol is still under construction. The following part will be updated in the future and certain information will be clarified.
, the consensus message for BEEFY (Section 6.7.), is of the following format:
|1||implies that the remote authorities have changed. is the array of the new BEEFY authorities’s public keys and is the identifier of the remote validator set.|
|2||implies on disabled: an index to the individual authorty in that should be immediately disabled until the next authority change.|
|3||implies MMR root: a 32-byte array containing the MMR root.|
6.2. Initiating the GRANDPA State
In order to participate coherently in the voting process, a validator must initiate its state and sync it with other active validators. In particular, considering that voting is happening in different distinct rounds where each round of voting is assigned a unique sequential round number , it needs to determine and set its round counter equal to the voting round currently undergoing in the network. The mandated initialization procedure for the GRANDPA protocol for a joining validator is described in detail in Initiate-Grandpa.
The process of joining a new voter set is different from the one of rejoining the current voter set after a network disconnect. The details of this distinction are described further in this section.
6.2.1. Voter Set Changes
A GRANDPA voter node which is initiating GRANDPA protocol as part of joining a new authority set is required to execute Initiate-Grandpa. The algorithm mandates the initialization procedure for GRANDPA protocol.
The GRANDPA round number reset to 0 for every authority set change.
Voter set changes are signaled by Runtime via a consensus engine message (Section 3.3.2.). When Authorities process such messages they must not vote on any block with a higher number than the block at which the change is supposed to happen. The new authority set should reinitiate GRANDPA protocol by executing Initiate-Grandpa.
Algorithm 13. Initiate Grandpa
where is the last block which has been finalized on the chain (Definition 90). is equal to the latest round the voter has observed that other voters are voting on. The voter obtains this information through various gossiped messages including those mentioned in Definition 90. is set to 0 if the GRANDPA node is initiating the GRANDPA voting process as a part of a new authority set. This is because the GRANDPA round number resets to 0 for every authority set change.
6.3. Rejoining the Same Voter Set
When a voter node rejoins the network after a disconnect from the voter set and with the condition that there has been no change to the voter set at the time of the disconnect, the node must continue performing the GRANDPA protocol at the same state as before getting disconnected from the network, ignoring any possible progress in GRANDPA finalization. Following reconnection, the node eventually gets updated to the current GRANDPA round and synchronizes its state with the rest of the voting set through the process called Catchup (Section 6.6.1.).
6.4. Voting Process in Round
For each round , an honest voter must participate in the voting process by following Play-Grandpa-Round.
Algorithm 14. Play Grandpa Round
is sampled from a log-normal distribution whose mean and standard deviation are equal to the average network delay for a message to be sent and received from one validator to another.
is described in Derive-Primary.
The condition of completablitiy is defined in Definition 85.
function is explained in Best-Final-Candidate.
is described in Attempt-To-Finalize-At-Round.
is defined in Finalizable.
Algorithm 15. Derive Primary
where is the GRANDPA round whose primary is to be determined.
Algorithm 16. Best Final Candidate
where is defined in Definition 83.
Algorithm 17. GRANDPA GHOST
is the last block which has been finalized on the chain (Definition 90).
is defined in Definition 82.
Algorithm 18. Best PreVote Candidate
Algorithm 19. Attempt To Finalize At Round
Algorithm 20. Finalizable
where the condition for completability is defined in Definition 85.
Note that we might not always succeed in finalizing our best final candidate due to the possibility of equivocation. We might even not finalize anything in a round (although Play-Grandpa-Round prevents us from moving to the round before finalizing the best final candidate of round ) The example in Definition 88 serves to demonstrate a situation where the best final candidate of a round cannot be finalized during its own round:
Definition 88. Unfinalized Candidate
Let us assume that we have 100 voters and there are two blocks in the chain (). At round 1, we get 67 pre-votes for and at least one pre-vote for which means that .
Subsequently, potentially honest voters who could claim not seeing all the pre-votes for but receiving the pre-votes for would pre-commit to . In this way, we receive 66 pre-commits for and 1 pre-commit for . Henceforth, we finalize since we have a threshold commit (67 votes) for .
At this point, though, we have as and .
However, at this point, the round is already completable as we know that we have as an upper limit on what we can finalize and nothing greater than can be finalized at . Therefore, the condition of Play-Grandpa-Round is satisfied and we must proceed to round 2.
Nonetheless, we must continue to attempt to finalize round 1 in the background as the condition of Attempt-To-Finalize-At-Round has not been fulfilled.
This prevents us from proceeding to round 3 until either:
We finalize in round 2, or
We receive an extra pre-commit vote for in round 1. This will make it impossible to finalize in round 1, no matter to whom the remaining pre-commits are going to be cast for (even with considering the possibility of 1/3 of voter equivocating) and therefore we have .
Both scenarios unblock Play-Grandpa-Round, albeit in different ways: the former with increasing the and the latter with decreasing .
6.5. Forced Authority Set Changes
In a case of emergency where the Polkadot network is unable to finalize blocks, such as in an event of mass validator outage, the Polkadot governance mechanism must enact a forced change, which the Host must handle in a specific manner. Given that in such a case finality cannot be relied on, the Host must detect the forced change (Definition 86) in a (valid) block and apply it to all forks.
The , which is specified by the governance mechanism, defines the starting block at which is applied. This provides some degree of probabilistic consensus to the network with the assumption that the forced change was received by most participants and that finality can be continued.
Image 6. Applying a scheduled change
Image 7. Applying a forced change
6.6. Block Finalization
Definition 89. Justified Block Header
The Justified Block Header is provided by the consensus engine and presented to the Polkadot Host, for the block to be appended to the blockchain. It contains the following parts:
block_header the complete block header (Definition 10) and denoted by .
justification: as defined by the consensus specification indicated by as defined in Definition 78.
authority Ids: This is the list of the Ids of authorities, which have voted for the block to be stored and is formally referred to as . An authority Id is 256-bit.
Definition 90. Finalized
A Polkadot relay chain node should consider block as finalized if any of the following criteria hold for :
It receives a message in which justifies the finalization (Definition 78).
It receives a block data message for with (Definition 89) which justifies the finalization.
Any round if the node is not a GRANDPA voter.
Only for round for which the node has invoked Play-Grandpa-Round and round if is a GRANDPA voter and has already caught up to its peers according to the process described in Section Section 6.6.1..
Note that all Polkadot relay chain nodes are supposed to process GRANDPA commit messages regardless of their GRANDPA voter status.
6.6.1. Catching up
When a Polkadot node (re)joins the network, it requests the history of state transitions in the form of blocks, which it is missing.
Nonetheless, the process is different for a GRANDPA voter node. When a voter node joins the network, it needs to gather the justification (Definition 78) of the rounds it has missed. Through this process, they can safely join the voting process of the current round, on which the voting is taking place.
188.8.131.52. Sending the catch-up requests
When a Polkadot voter node has the same authority list as a peer voter node who is reporting a higher number for the finalized round field, it should send a catch-up request message (Definition 48) to the reporting peer. This will allow the node to to catch up to the more advanced finalized round, provided that the following criteria hold:
The peer node is a GRANDPA voter, and:
The last known finalized round for the Polkadot node is at least 2 rounds behind the finalized round for the peer.
184.108.40.206. Processing the catch-up requests
Only GRANDPA voter nodes are required to respond to the catch-up requests. Additionally, it is only GRANDPA voters who are supposed to send catch-up requests. As such GRANDPA voters could safely ignore the catch-up requests from non-voter nodes. When a GRANDPA voter node receives a catch-up request message, it needs to execute Process-Catchup-Request. Note: a voter node should not respond to catch-up requests for rounds that are actively being voted on, those are the rounds for which Play-Grandpa-Round is not concluded.
Algorithm 21. Process Catchup Request
is the catch-up message received from peer (Definition 48).
(Definition 73) is the voter set id with which the serving node is operating
is the round number for which the catch-up is requested for.
is the set of immediate peers of node .
is initiated in Initiate-Grandpa and gets updated by Play-Grandpa-Round.
is the catch-up response (Definition 49).
220.127.116.11. Processing catch-up responses
A Catch-up response message contains critical information for the requester node to update their view on the active rounds which are being voted on by GRANDPA voters. As such, the requester node should verify the content of the catch-up response message and subsequently updates its view of the state of the finality of the Relay chain according to Process-Catchup-Response.
Algorithm 22. Process Catchup Response
where is the catch-up response received from node (Definition 49).
6.7. Bridge design (BEEFY)
The BEEFY protocol is currently in early development and subject to change. The specification has not been completed yet.
The BEEFY (Bridge Effiency Enabling Finality Yielder) is a secondary protocol to GRANDPA to support efficient bridging between the Polkadot network (relay chain) and remote, segregated blockchains, such as Ethereum, which were not built with the Polkadot interchain operability in mind. The protocol allows participants of the remote network to verify finality proofs created by the Polkadot relay chain validators. In other words: clients in the Ethereum network should able to verify that the Polkadot network is at a specific state.
Storing all the information necessary to verify the state of the remote chain, such as the block headers, is too expensive. BEEFY stores the information in a space-efficient way and clients can request additional information over the protocol.
Definition 91. Merkle Mountain Ranges
Merkle Mountain Ranges, MMR, are used as an efficient way to send block headers and signatures to light clients.
MMRs have not been defined yet.
Definition 92. Statement
The statement is the same piece of information which every relay chain validator is voting on. Namely, the MMR root of all the block header hashes leading up to the latest, finalized block.
Definition 93. Witness Data
Witness data contains the statement (Definition 92), an array indicating which validator of the Polkadot network voted for the statement (but not the signatures themselves) and a MMR root of the signatures. The indicators of which validator voted for the statement are just claims and provide no proofs. The network message is defined in Definition 53 and the relayer saves it on the chain of the remote network.
Definition 94. Light Client
A light client is an abstract entity in a remote network such as Ethereum. It can be a node or a smart contract with the intent of requesting finality proofs from the Polkadot network. A light client reads the witness data (Definition 93 from the chain, then requests the signatures directly from the relayer in order to verify those.
The light client is expected to know who the validators are and has access to their public keys.
Definition 95. Relayer
A relayer (or "prover") is an abstract entity which takes finality proofs from the Polkadot network and makes those available to the light clients. Inherently, the relayer tries to convince the light clients that the finality proofs have been voted for by the Polkadot relay chain validators. The relayer operates offchain and can for example be a node or a collection of nodes.
6.7.2. Voting on Statements
The Polkadot Host signs a statement (Definition 92) and gossips it as part of a vote (Definition 51) to its peers on every new, finalized block. The Polkadot Host uses ECDSA for signing the statement, since Ethereum has better compatibility for it compared to SR25519 or ED25519.
6.7.3. Committing Witnesses
The relayer (Definition 95) participates in the Polkadot network by collecting the gossiped votes (Definition 51). Those votes are converted into the witness data structure (Definition 93). The relayer saves the data on the chain of the remote network. The occurrence of saving witnesses on remote networks is undefined.
6.7.4. Requesting Signed Commitments
A light client (Definition 94) fetches the witness data (Definition 93) from the chain. Once the light client knows which validators apparently voted for the specified statement, it needs to request the signatures from the relayer to verify whether the claims are actually true. This is achieved by requesting signed commitments (Definition 52).
How those signed commitments are requested by the light client and delivered by the relayer varies among networks or implementations. On Ethereum, for example, the light client can request the signed commitments in form of a transaction, which results in a response in form of a transaction.