Consensus & Validator System

Technical specification of the Zentalk consensus mechanism and validator network.

DPoS + pBFT Consensus

Validator 1

Validator 2

Validator 3

Validator 4

Leader

Proposal

Pre-Prepare

Prepare

Commit

Finalize

Voting (2f+1 required)

Vote

Quorum

Leader Selection: VRF + Stake Weight

Overview

Zentalk uses a Delegated Proof-of-Stake (DPoS) consensus mechanism combined with Practical Byzantine Fault Tolerance (pBFT) for fast finality. This hybrid approach ensures identity registration consistency, prevents double-spending of cryptographic resources, and maintains relay node legitimacy across the network.

Why Consensus is Needed

A decentralized messenger requires consensus for critical operations that must be globally consistent.

Core Requirements

Requirement	Problem Without Consensus	Solution
Identity registration	Multiple users could claim same Identity Key	Single source of truth for IK mappings
One-time prekey tracking	Same OPK could be issued to multiple senders	On-chain usage tracking prevents double-spend
Relay node legitimacy	Malicious nodes could pose as valid relays	Staked validators verify node registration
Key rotation	Conflicting key updates could split the network	Ordered transactions ensure consistency
Slashing enforcement	Misbehaving nodes could escape punishment	Consensus-enforced penalty execution

Identity Registration Consistency

When Alice registers her wallet address with an Identity Key, every participant must agree on this binding:


Registration: 0x1a2b...3c4d → IK_Alice (Ed25519 public key)

Without consensus:
- Node A sees: 0x1a2b...3c4d → IK_Alice
- Node B sees: 0x1a2b...3c4d → IK_Mallory (attacker)
- Different users get different "Alice" keys → MITM possible

With consensus:
- All nodes agree: 0x1a2b...3c4d → IK_Alice
- Mallory's conflicting registration is rejected
- Single source of truth prevents identity confusion

Preventing One-Time Prekey Double-Spending

One-time prekeys (OPKs) provide forward secrecy for first messages. Each OPK must be used exactly once:


Alice publishes OPK_1, OPK_2, OPK_3...

Without consensus:
- Bob fetches OPK_1, sends message to Alice
- Carol also fetches OPK_1 (race condition)
- Both messages encrypted with same ephemeral secret
- Forward secrecy violated

With consensus:
- OPK_1 marked as "consumed" in atomic transaction
- Carol's request returns OPK_2 instead
- Each conversation gets unique ephemeral key material

Validator Role

Validators are the backbone of the Zentalk network, maintaining consensus and securing identity operations.

Validator Responsibilities

Function	Description
Block production	Propose and validate new blocks containing identity transactions
Identity verification	Verify registration signatures and prevent conflicts
Network consensus	Participate in pBFT voting rounds
State management	Maintain the identity registry state machine
Relay oversight	Verify relay node stake and performance
Slashing execution	Enforce penalties for misbehaving nodes

Validator Requirements

Parameter	Value	Rationale
Minimum stake	100,000 CHAIN	Economic security threshold
Hardware (CPU)	8 cores	Signature verification throughput
Hardware (RAM)	32 GB	State storage and caching
Hardware (Storage)	500 GB SSD	Block history and identity registry
Network bandwidth	100 Mbps	Consensus message propagation
Uptime requirement	99.5%	Network reliability

Becoming a Validator

Acquire stake: Obtain minimum 100,000 CHAIN tokens
Set up infrastructure: Deploy validator node meeting hardware requirements
Register on-chain: Submit validator registration transaction


ValidatorRegistration {
    operator_address: 0x...,
    consensus_pubkey: Ed25519PublicKey,
    stake_amount: 100000 CHAIN,
    commission_rate: 5%,        // Portion of delegator rewards
    metadata: {
        name: "MyValidator",
        website: "https://...",
        contact: "security@..."
    }
}

Wait for activation: Enter active set when slot available
Begin validation: Start participating in consensus rounds

Validator Rewards

Validators earn rewards for network participation:

Reward Type	Amount	Condition
Block reward	2 CHAIN/block	Proposing a valid block
Transaction fees	Variable	Included transaction fees
Commission	% of delegator rewards	Delegators stake with validator
Uptime bonus	+10% rewards	99.9%+ uptime over epoch

Annual Yield Estimation:


Base yield: ~8% APY on staked amount
With delegations: +commission on delegator rewards
With uptime bonus: +10% on base rewards

Example (100,000 CHAIN stake, 500,000 CHAIN delegated):
- Base rewards: 8,000 CHAIN/year
- Commission (5% of delegator yield): 2,000 CHAIN/year
- Uptime bonus: 800 CHAIN/year
- Total: ~10,800 CHAIN/year (~10.8% effective APY)

Consensus Algorithm

Zentalk implements a two-layer consensus combining DPoS for validator selection with pBFT for block finality.

Algorithm Overview

Component	Mechanism	Purpose
Validator selection	Delegated Proof-of-Stake	Sybil resistance, economic security
Block production	Round-robin with VRF	Fair leader selection
Agreement protocol	pBFT (3-phase commit)	Fast deterministic finality
Finality	Single-slot	Instant confirmation

DPoS Layer

Token holders delegate their stake to validators, who participate in consensus proportional to their total stake:


Validator voting power = Own stake + Delegated stake

Example:
- Validator A: 100,000 (own) + 400,000 (delegated) = 500,000 voting power
- Validator B: 100,000 (own) + 200,000 (delegated) = 300,000 voting power
- Validator A has 62.5% voting power in consensus

Block Production

Each slot (2 seconds), a leader is selected to propose a block:


1. VRF Selection:
   vrf_output = VRF(slot_number, validator_private_key)

2. Leader Determination:
   leader = validator with lowest vrf_output
   (weighted by stake - higher stake = more winning VRF values)

3. Block Proposal:
   Block {
       slot: 12345,
       parent_hash: 0x...,
       state_root: 0x...,
       transactions: [...],
       proposer_signature: Ed25519Signature
   }

pBFT Consensus Rounds

After block proposal, validators execute a 3-phase commit:


Phase 1: PRE-PREPARE (Leader → All)
┌─────────────────────────────────────────────────┐
│ Leader broadcasts proposed block                │
│ Validators verify: valid transactions,          │
│ correct state transitions, proper signature     │
└─────────────────────────────────────────────────┘
                      ↓
Phase 2: PREPARE (All → All)
┌─────────────────────────────────────────────────┐
│ Each validator broadcasts PREPARE vote          │
│ Wait for 2f+1 PREPARE messages                  │
│ (f = max Byzantine validators tolerated)        │
└─────────────────────────────────────────────────┘
                      ↓
Phase 3: COMMIT (All → All)
┌─────────────────────────────────────────────────┐
│ Each validator broadcasts COMMIT vote           │
│ Wait for 2f+1 COMMIT messages                   │
│ Block is finalized - no reversion possible      │
└─────────────────────────────────────────────────┘

Consensus Parameters

Parameter	Value	Description
Slot time	2 seconds	Block production interval
Epoch length	7,200 slots (~4 hours)	Validator set update period
Active validators	100	Maximum validators per epoch
Finality delay	1 slot	Blocks finalize immediately
View change timeout	4 seconds	Leader failure recovery

Finality Guarantees

Property	Guarantee
Probabilistic finality	Not applicable (deterministic)
Deterministic finality	After COMMIT phase (~2-4 seconds)
Reorg possibility	None after finalization
Confirmation requirement	2f+1 validators (67%+ stake)

Identity Registration

The consensus layer maintains a global registry mapping wallet addresses to cryptographic identities.

Registry State


IdentityRegistry {
    // Primary mapping: address → identity
    identities: Map<Address, Identity>,

    // Reverse lookup: identity_key → address
    key_to_address: Map<Ed25519PublicKey, Address>,

    // Prekey tracking
    prekeys: Map<Address, PrekeyBundle>,
    consumed_otpks: Set<X25519PublicKey>
}

Identity {
    owner: Address,
    identity_key: Ed25519PublicKey,
    kyber_public_key: KyberPublicKey,  // Post-quantum
    registration_slot: u64,
    last_rotation: u64
}

Registration Transaction


IdentityRegistrationTx {
    // Transaction metadata
    tx_type: IDENTITY_REGISTER,
    sender: Address,
    nonce: u64,
    fee: u64,

    // Identity data
    identity_key: Ed25519PublicKey,
    kyber_public_key: KyberPublicKey,

    // Proof of ownership
    signature: Ed25519Signature,  // Signs (sender || identity_key || nonce)

    // Optional: initial prekey bundle
    initial_prekeys: Option<PrekeyBundle>
}

Transaction Verification

Validators verify registration transactions:


1. Signature Verification:
   verify(signature, sender || identity_key || nonce, identity_key)

2. Uniqueness Check:
   assert(identities[sender] == null)  // Address not registered
   assert(key_to_address[identity_key] == null)  // Key not in use

3. Fee Verification:
   assert(balance[sender] >= fee)
   assert(fee >= MIN_REGISTRATION_FEE)

4. State Update:
   identities[sender] = Identity { ... }
   key_to_address[identity_key] = sender
   balance[sender] -= fee

Key Rotation

Users can update their Identity Key while maintaining account continuity:


IdentityRotationTx {
    tx_type: IDENTITY_ROTATE,
    sender: Address,
    nonce: u64,
    fee: u64,

    new_identity_key: Ed25519PublicKey,
    new_kyber_key: KyberPublicKey,

    // Must be signed by CURRENT identity key
    old_key_signature: Ed25519Signature,
    // Must be signed by NEW identity key (proves ownership)
    new_key_signature: Ed25519Signature,

    rotation_reason: enum { SCHEDULED, COMPROMISE, DEVICE_CHANGE }
}

Key Rotation Process:


1. Verify old_key_signature with current identity_key
2. Verify new_key_signature with new_identity_key
3. Check new key not already registered
4. Update identity registry
5. Broadcast key change notification to contacts

Fee Structure

Operation	Fee (CHAIN)	Purpose
Identity registration	1.0	Sybil resistance
Key rotation	0.5	Discourage unnecessary rotations
Prekey bundle upload	0.1	Storage cost
Prekey replenishment	0.05	Encourage fresh prekeys

Stake Requirements

Entity	Minimum Stake	Lock Period	Purpose
Standard user	None	N/A	Basic messaging
Heavy user (>1000 contacts)	10 CHAIN	None	Resource consumption
Relay node operator	10,000 CHAIN	7 days	Network participation
Validator	100,000 CHAIN	21 days	Consensus security

Byzantine Fault Tolerance

The pBFT consensus tolerates Byzantine (malicious) validators up to a security threshold.

Fault Tolerance Parameters

Parameter	Value	Meaning
Total validators (n)	100	Active validator set size
Byzantine threshold (f)	33	Maximum malicious validators
Quorum requirement	2f+1 = 67	Votes needed for consensus
Safety threshold	f+1 = 34	Honest validators needed

Byzantine Tolerance Formula


n = 3f + 1

Where:
- n = total validators
- f = maximum Byzantine validators tolerated

With n=100:
- f = 33 Byzantine validators tolerated
- 67 honest validators required for progress
- 34 honest validators required for safety

Attack Prevention

Attack	How Prevented
Double voting	Slashing: validator signs conflicting blocks
Equivocation	Cryptographic proof triggers automatic slashing
Censorship	Proposer rotation prevents single-point censorship
Long-range attack	Finality checkpoints prevent history rewriting
Nothing-at-stake	Stake locked during validation period
Bribery	Large stake requirement increases attack cost

Safety vs. Liveness

Property	Guarantee	Condition
Safety	Never finalize conflicting blocks	Up to f Byzantine validators
Liveness	Network continues producing blocks	2f+1 honest validators online

Safety Priority: If network partitions or >f validators are Byzantine, the network halts rather than risking conflicting finalization.

Slashing Conditions

Violation	Penalty	Detection
Double signing	100% stake slash	Conflicting signatures submitted
Prolonged downtime	0.1% per epoch	Missed block proposals
Invalid block proposal	10% stake slash	Consensus rejection
Censorship (provable)	50% stake slash	Inclusion proof violation

Recovery from Validator Failures


Scenario: 40 validators go offline (network has 60 remaining)

1. Detection:
   - Missed block proposals trigger timeout
   - View change protocol activates

2. Leader Rotation:
   - Skip offline leader
   - Next online validator proposes

3. Continued Operation:
   - 60 validators > 67 required for 2f+1
   - Network continues if 67+ remain online

4. Offline Validator Handling:
   - Accumulate downtime penalties
   - After 24 hours: ejected from active set
   - Must re-register and wait for next epoch

Sybil Resistance

Economic stake requirements prevent attackers from creating unlimited validator or relay identities.

Attack Cost Analysis

Attack	Required Stake	Market Cost (est.)	Difficulty
Control 1 validator	100,000 CHAIN	$500,000	Easy
Control 10% validators	1,000,000 CHAIN	$5,000,000	Moderate
Control 34% (safety attack)	3,400,000 CHAIN	$17,000,000	Hard
Control 67% (liveness attack)	6,700,000 CHAIN	$33,500,000	Very Hard

Validator Sybil Prevention


To run multiple validators, attacker must:

1. Stake 100,000 CHAIN per validator
2. Operate separate infrastructure (detected if shared)
3. Risk all stake on detection

Attack: Create 34 fake validators to break safety
Cost: 3,400,000 CHAIN stake
Risk: If detected, lose all 3,400,000 CHAIN
Detection: Infrastructure correlation, voting pattern analysis

Relay Node Sybil Prevention

Control	Mechanism
Stake requirement	10,000 CHAIN per relay node
Registration limit	Max 10 relays per address
Performance monitoring	Reputation score affects routing priority
Bandwidth proof	Must demonstrate actual relay capacity

Identity Registration Sybil Prevention


Creating spam identities requires:
- 1 CHAIN per identity (registration fee)
- Unique wallet address per identity
- Gas fees for transactions

Attack: Create 1 million spam accounts
Cost: 1,000,000 CHAIN + gas fees
Mitigation: Rate limiting per IP, captcha for web registrations

Economic Security Model


Security budget = Total stake × Slashing risk

With 100 validators at 100,000 CHAIN each:
- Total stake: 10,000,000 CHAIN
- Attack cost: Acquire 34% = 3,400,000 CHAIN
- If attack detected: Lose 3,400,000 CHAIN
- Net attacker loss: 3,400,000 CHAIN (+ opportunity cost)

Rational attacker analysis:
- Expected profit from attack: P
- Cost of attack: 3,400,000 CHAIN
- Probability of detection: ~95%+
- Expected value: P - (0.95 × 3,400,000)

Attack only rational if P > 3,230,000 CHAIN

Node Economics

Economic incentives align participant behavior with network health.

Relay Node Rewards

Reward Source	Mechanism	Amount
Bandwidth fees	Per-message micropayments	0.0001 CHAIN/KB
Routing bounty	Successful message delivery	0.001 CHAIN/message
Uptime bonus	Consistent availability	+20% rewards
Storage fees	Offline message queuing	0.0005 CHAIN/KB/hour

Why Run a Relay Node


Monthly Economics (Example):

Revenue:
- Messages relayed: 10,000,000
- Average size: 2 KB
- Routing bounty: 10,000 CHAIN
- Bandwidth fees: 2,000 CHAIN
- Storage fees: 500 CHAIN
- Uptime bonus: 2,500 CHAIN
Total revenue: ~15,000 CHAIN/month

Costs:
- Server (8 core, 32GB): $200/month
- Bandwidth (10TB): $100/month
- Stake opportunity cost: ~$400/month
Total costs: ~$700/month

Net profit: 15,000 CHAIN - $700 ≈ $74,300/month
(Assuming CHAIN = $5, highly dependent on network usage)

Slashing Conditions for Nodes

Violation	Penalty	Detection Method
Message dropping	1% stake per incident	Delivery proof verification
Selective routing	5% stake	Statistical analysis
Traffic analysis	10% stake	Honeypot detection
Extended downtime	0.01% stake/hour	Health check failures
Invalid routing	2% stake	Cryptographic proof

Bandwidth Contribution Model


Relay nodes commit to bandwidth tiers:

Tier 1 (Starter):
- Commitment: 100 Mbps
- Stake: 10,000 CHAIN
- Max reward multiplier: 1x

Tier 2 (Standard):
- Commitment: 500 Mbps
- Stake: 25,000 CHAIN
- Max reward multiplier: 2x

Tier 3 (Premium):
- Commitment: 1 Gbps
- Stake: 50,000 CHAIN
- Max reward multiplier: 3x

Under-delivery penalty:
- Actual < 80% committed: Warning
- Actual < 50% committed: 1% stake slash
- Actual < 25% committed: 5% stake slash + tier downgrade

Stake Lockup and Withdrawal

Action	Lock Period	Reason
Initial stake	Immediate	Node can start operating
Reward claim	1 epoch (4 hours)	Prevent manipulation
Partial unstake	7 days	Detect misbehavior
Full exit	21 days	Complete slashing window
Emergency slash	Immediate	Security violations

Withdrawal Process


1. Initiate Withdrawal:
   UnstakeTx { amount: 50000 CHAIN, type: PARTIAL }

2. Unbonding Period (7 days):
   - Stake still slashable
   - No longer earning rewards
   - Cannot re-stake

3. Completion:
   - After 7 days: funds available
   - If slashed during unbonding: reduced amount

4. Claim:
   ClaimTx { unbond_id: 123 }
   - Transfer to wallet

Security Properties Summary

Property	Mechanism	Guarantee
Consistency	pBFT consensus	All honest nodes agree on state
Availability	67% quorum	Network operates if 67+ validators online
Partition tolerance	Safety over liveness	No conflicting finalization
Sybil resistance	Proof-of-Stake	Attack cost scales with stake
Censorship resistance	Proposer rotation	No single point of censorship
Finality	Single-slot	Instant, irreversible confirmation

Protocol Specification - Cryptographic protocol details
Architecture - System component overview
Node Documentation - Running a relay node
Threat Model - Security assumptions and mitigations