CIP Browser/CIP-0049GitHub ↗

CIP-0049: Incentivizing Cold Backups for Super Validators to Enhance Network Resilience

ProposedGovernanceby , Vinh Nguyễn, Yiannis Varela, Eric W Saraniecki, Wayne CollierCreated 28-02-2025Approved TBD
TL;DR

CIP-0049

Abstract

This proposal calls for a network-wide adoption of a formal backup and backup verification method of the network. The goal is to incentivise Super Validator nodes to maintain full, cold backups of the network’s historical state—from the network’s inception to the present. By ensuring these offline backups, the Canton Network will bolster its resilience, uphold decentralization, and guarantee data immutability. In return, nodes that comply will receive enhanced rewards (an extra bonus of approximately 20–30%, or a +1 weight adjustment on their existing reward scheme). Additionally, this proposal highlights the need for a future standardized backup procedure and a formal verification mechanism to ensure that claimed backups are complete and secure.

Specification

  1. Backup Requirement:
    • A minimum of 60% of Super Validator nodes shall keep full cold backups of the network’s ledger and state data, covering all historical data since the network’s launch.
    • Backups must be stored in secure, tamper-resistant cold storage environments to prevent unauthorized access or network-based attacks.
  2. Incentive Structure:
    • Super Validators that maintain and verifiably prove the integrity of their backups will receive an enhanced reward, equivalent to an approximate bonus of 20–30% (in Canton terms, a +1 weight boost on current rewards).
  3. Backup Standardization Process (To Be Discussed):
    • The current backup procedure is not standardized. This proposal includes a commitment to initiate a future proposal aimed at defining a uniform and secure process for creating, storing, and updating cold backups.
    • The discussion will encompass recommended storage formats, encryption standards, and update intervals.
  4. Verification Mechanism (To Be Discussed):
    • A formal method for verifying the existence and integrity of these backups will be developed. This may include periodic audits or cryptographic proofs that a node’s backup is both complete and untampered.
    • The details of this verification protocol will be finalized in subsequent proposals and through community feedback.

Motivation

The Canton Network was founded on the principles of decentralization, immutability, and continuous availability. Recent ad-hoc backup practices by Super Validators are insufficient to guarantee recovery in the event of catastrophic failures or coordinated attacks. By rewarding full cold backups of Super Validators, we directly address potential single points of failure and reinforce our commitment to a robust, transparent, and resilient network. The added incentive further aligns operational security with economic rewards, ensuring that best practices are financially beneficial.

Rationale

A truly decentralized network must not only distribute governance and control but also the critical data that underpins its operation. In safeguarding the complete network history, Super Validators help ensure that no matter what disruptions occur—be they technical failures or malicious attacks—the network’s data remains recoverable and verifiable.

  • Resilience: In the event of network failures or breaches, a distributed set of backups ensures rapid restoration and continuity of operations.
  • Decentralization: Mandating backups among a majority (60+%) of Super Validators reinforces the principle that no single point or centralized repository holds the network’s historical data, protecting against targeted attacks or corruption.
  • Immutability and Trust: By providing verifiable offline backups, the network guarantees participants that data integrity is maintained. This is a core promise of the Canton Network, underpinning the trust of all participants and reinforcing our leadership in the blockchain ecosystem.

Incentivizing backup maintenance via increased rewards creates a virtuous cycle: enhanced security practices lead to stronger network resilience, which in turn underwrites the trust and value of the Canton Network.

Backwards Compatibility

This proposal is primarily an operational and governance enhancement and does not require changes to existing protocol software. However, the introduction of a verification mechanism might necessitate future minor onchain adaptations to support auditability. These changes will be designed to ensure full backwards compatibility.

Reference Implementation

A reference implementation for the backup verification process is to be developed following community consensus. The implementation will include:

  • Documentation on the backup creation and storage procedure.
  • A secure audit protocol, potentially leveraging cryptographic proofs.
  • Test cases to ensure compliance and integrity of reported backups.

This will be detailed in a subsequent proposal once the backup procedure standardization is finalized.

Copyright

This CIP is licensed under CC0-1.0: Creative Commons CC0 1.0 Universal.

Changelog

  • 2025-02-28: Initial draft of the proposal.