Hello Jepsen team,
I have used Jepsen a bit in the past, and even tried to contribute some minor stuff to it, and I ♡ both the idea, the implementation, the philosophy and the ethics behind the work you are doing, but never had a chance to apply it for real in my professional.
But now comes an opportunity where I think Jepsen could be a good fit, but before embarking into flexing my Clojure muscles and implement a test, I would like to have your expert insight on whether or not this makes.
I want to implement a testing framework for nodes implementing a protocol named Mithril that provides so-called Stake-based Threshold Multisignature. The gist of it is the following:
- there is a network comprised of nodes where each node has a share of some "stake"
- periodically the nodes are required to sign messages, which they do using some form of a "lottery" based on VRF and each node's stake: A node as more chance
- the individual signatures of nodes can be aggregated to form a certificate whose validity is predicated on some fraction of the nodes having provided a valid signature,
- each certificate's validity depends on the current stake distribution, which can change from time to time and is part of the data that nodes sign (eg. nodes sign the message and the current stake distribution).
So the idea would be to use Jepsen to drive a cluster of such nodes, inject faults and signing/certificates reading requests, and verify the nodes are behaving correctly.
Does this make sense? Verifying the validity of certificates seems to me to fit within the general framework of checking (strong) consensus in a distributed setting but maybe this is a far stretch?
Thanks for the great work and for any answer you can provide,
Arnaud Bailly