Popular Science | Auditable security and approximate activity of Casper FFG

Author: Aditya Asgaonkar

Translation & Proofreading: IAN LIU & A Jian

Source: Ethereum enthusiasts

Thanks to Carl Beekhuizen for reviewing.

The blockchain needs to provide users with two guarantees-1) the certainty of the block (finality) and 2). The liveness of the blockchain (blockchain liveness)-the underlying consensus mechanism of the blockchain is responsible for providing these two guarantees . In Ethereum 2.0, the consensus process only takes place on the beacon chain and uses the Casper Friendly Finality Gadget (FFG) mechanism to help reach consensus. This article aims to describe the basic FFG mechanism and prove that it can provide the above two guarantees.

Casper FFG is a "deterministic tool", which means that Casper FFG regulates the deterministic rules of blocks and can check the certainty of blocks after an event occurs. The FFG mechanism is decoupled from the growth of the chain and can be attached as an independent component to any available blockchain protocol to provide block certainty. Because the Casper FFG mechanism does not have a strategy to ensure the activity of the blockchain, from this perspective, it is not a fully mature consensus protocol. (Maybe I will write another article about the activity considerations of the Ethereum 2.0 beacon chain later!) Let ’s start with the structure of Casper FFG, then go deep into the rules of the Casper FFG mechanism, and finally understand the security it provides & Activity guarantee.


The verifier submits a witness message (indicating what he considers to be "valid transitions") to vote on the blocks on the chain. The format of the vote is (S, T) and contains two parts of information: the source block (S) and the target block (T)-the target block must be a derived block of S. Specifically, the information included in the vote includes verification The digital signature of the author, the block hash and block height used to confirm the block.

Justification and Finalization


Justification and finalization are the two stages of the Casper FFG consensus process, which can be compared horizontally with the “prepare” and “commit” stages of traditional Byzantine Fault Tolerance (BFT) consensus.

-Block A & Block B are rationalized due to having more than 2/3 validator votes-

Rationalization : As long as a block B meets the following conditions, the block is rationalized:

  • Block B is the genesis block, or
  • More than 2/3 of the validators voted for (A, B), where B is a descendant block of A, and A has been rationalized before.

Certainty : As long as Block B meets the following conditions, certainty is obtained:

  • Block B is the genesis block, or
  • B has met the rationality, and more than 2/3 of the validators voted for (B, C), where C is a direct sub-block of B (ie, block height (C) = block height (B) + 1 ).

Note : With regard to the definition of certainty, Casper FFG has a more general definition in Ethereum 2.0, see this article for details. The above expression is used to ensure easy to understand.


Casper FFG rules


Casper FFG has only two simple restriction rules. Applying these two rules will prevent the validator from voting for (S1, T1) and (S2, T2) at the same time:

(Casper FFG does not allow 🙂

  • Block height (T1) = Block height (T2), or
  • Block height (S1) <block height (S2) <block height (T2) <block height (T1)

-Casper FFG Rule Violation Case 1: Block Height (T1) = Block Height (T2) (Translator's Note: The so-called "double vote")-

-Casper FFG Rule Violation Case 2: Block Height (S1) <Block Height (S2) <Block Height (T2) <Block Height (T1)

Safety & Activity


Casper FFG is designed to provide consensus security and activity against the block finalization process. To be specific, Casper FFG provides the following guarantees:
  • Accountable security : If two conflicting blocks reach certainty, at least one-third of the validators violate the Casper FFG rules, and Casper FFG can identify these validators.
  • Approximate activity : No matter what state the protocol is running in, the verifier can continue to perform his duties and can finalize new blocks without violating Casper FFG rules.

Although the definitions of security and liveness mentioned here are not so standardized compared to traditional BFT literature, this interpretation is very suitable for deterministic tools for analyzing blockchains!

In fact, people familiar with the BFT literature may find the concept of " approximate activity " whimsical; but because Casper FFG is just a "deterministic tool", the entire mechanism only needs to ensure that honest verifiers can advance without violating FFG rules Agreement, without being stuck in any link.

As for the definition of accountable security, our focus is on accountability (that is, the ability to identify validators who violate the rules), and then this part of the information can be used by the proof of stake mechanism to punish malicious verification on the blockchain By. The ultimate goal is to provide information for the equity certification mechanism, so that the latter's incentive mechanism can take effect, and promote the consensus process to form the equilibrium state envisaged at the beginning of the agreement.

Proof of security


Assuming that two conflicting blocks (neither are sub-blocks of the other) A and B are finalized, then there may be two cases:
  • Block height (A) = Block height (B)
    • Because A and B must be reasonable before getting certainty, they must each receive at least 2/3 of the validator votes, which means that once they both meet the requirements, at least 1/3 of the validators Violation of Casper FFG rules.
  • Block height (A) <block height (B) (with universality)
    • In order for A to achieve certainty, more than 2/3 of the validators need to vote for (A, C), where C is a sub-block of A.
    • In order for B to achieve reasonableness, there must be consecutive blocks in ascending order (Genesis block, B_0, B_1, …, B_n, B) before B, and each block has been its next block Rationalize (ie, at least 2/3 of the validators vote for (G, B_0), (B_0, B_1), …). Assuming that block B_m is the first block in this series of consecutive blocks, block height (A) <block height (B_m).
    • Note that this series of consecutive blocks does not have the same block height as block A or C, otherwise it becomes the previous situation (a conflicting block situation with equal block heights, violating Casper FFG rule one).
    • Now suppose we vote for (B_n, B_m) (where n = m-1) so that B_m is reasonable. Then the block height (B_m) and the block height (B_m) are not equal to the block height (A) / block height (C), so the situation must be block height (B_n) <block height (A) < Block height (C) <block height (B_m).
    • In this way we can say that at least 2/3 of the validators violated Casper FFG rule two.

-Proof of security, situation: block height (A) <block height (B)-
And as long as you confirm the collection of tickets, find conflicting votes, and check the signature of the verifier, you can easily find out the verifier that violates the Casper FFG rules.


Proof of activity


  • Suppose P_0 is the latest reasonable block and Q is the latest block that has been voted by the validator.
  • Next, any block P_1 belonging to the P_0 sub-block (block height (Q) <block height (P_1)) can receive a vote from 2/3 of the validators (P_0, P_1) to obtain reasonableness.
  • P_1 can also receive the votes of 2/3 verifiers (P_1, P_2) without violating the FFG rules, thereby obtaining certainty, where P_2 is a sub-block of P_1.

Therefore, at least one group of validators (over 2/3) can finalize the new block.

Advanced reading materials

  1. Casper FFG first paper-Casper the Friendly Finality Gadget
  2. Analysis of the application of Casper FFG method for Eth2.0-Combining GHOST and Casper

Original link: https://www.adiasg.me/2020/03/31/casper-ffg-explainer.html