> Security deposits of attackers in ethereum are slashed, up to 100%, in case of an attack.
What defends against the attacker configuring his nodes to just not relay the blocks which slash his deposits, by having a majority in the network connectivity, and thereby convincing victim nodes that he in fact is the victim of false slashing because the victims will only discover the slash-claims much after the attackers "valid" blocks?
Or in other words:
Isn't the slashing mechanism also reliant upon mere hope that the network topology randomly happens to be in favor of non-malicious peers?
Not OP... but one big difference between PoW and PoS is that:
when a PoW block is mined, there's no way to know how much hidden equipment is out there mining a parallel chain, which could suddenly appear and take over with more accumulated work. You hope the malicious actor doesn't have 51%, but there's no way to actually prove that they aren't out there.
with PoS on the other hand, the set of validators who are voting on a block is known many blocks in advance. so say a malicious validator has X% of the voting power on a given block: he can't refuse to relay the other votes, because it will be obvious to all other nodes that he only speaks for X%, and what he's broadcasting lacks quorum, because the other (100-X)% votes are missing.
Whereas the other (100-X)% group will be actively broadcasting that they're slashing his stake; and if (100-X) has quorum, those votes will be accepted as valid by all the nodes on the network, regardless of what the malicious actor decides to broadcast.
TLDR: under PoW, silence is assumed to be absence of dissent, since number of miners out there is unknown. Whereas under PoS, silence still allows proving lack of quorum (since the voters are known well in advance), so censorship doesn't let a malicious validator legitimize their vote.
If the attacker has 2/3 of the entire stake then the only option is to manually coordinate a fork to a chain without his censorship, allowing protocol penalties to run its course. A direct analogue of an asic PoW fork in case of a sustained attack.
>and thereby convincing victim nodes that he in fact is the victim of false slashing because the victims will only discover the slash-claims much after the attackers "valid" blocks?
It's not possible for 'false slashing' to occur, because slashing requires presenting conflicting votes.
>Isn't the slashing mechanism also reliant upon mere hope that the network topology randomly happens to be in favor of non-malicious peers?
topology doesn't matter in this case, 2/3+ consensus is asynchronous. 2/3 of stake is required to finalize blocks, so the attacker would finalize his own chain without slashing.
There are some ideas about 99+% proof consensus which rely on topology and nodes being online (which means they can observe that censorship is happening) but it's not currently implemented. Eventually I expect it to happen, making attacks a practical impossibility, by coupling asynchronous 2/3+ consensus guarantee with synchronous 99+% guarantee, effectively automatically coordinating anti-censorship forks.
If a validator signs two blocks at the same height, they will be slashed, lose their tokens, and not be able to participate in consensus. They get slashed when anyone submits evidence of them doing this. This trivially solves the "nothing at stake" problem from 2014 that you wrote your long original comment about.
If I understand it correctly, you are now saying that someone would DDOS the entire gossip network, completely halting any more production of blocks so that their slashing doesn't go through?
We're not even talking about "nothing at stake", or anything having to do with PoS anymore. We're just talking about a massive DDOS of an entire network. Node operators in PoS networks, as well as Bitcoin, have ways of dealing with DDOS which are the same as how anyone deals with it, and I don't need to get into them here.
If someone was able to overcome these DDOS mitigations and completely prevent a PoS network from receiving any legitimate transactions, they could do this to Bitcoin as well.
> They get slashed when anyone submits evidence of them doing this.
Who will record this "evidence" to the blockchain? Anyway there will be two versions of the blockchain. In one of them attacker's stake was not slashed and there is no any "evidence" of his malicious actions.
The "evidence" is two blocks, with the same block height, both signed by the attacker.
Not sure what these two versions of the blockchain you're talking about are. Signing two blocks at the same height with the same chain id is the slashable offense. It doesn't matter what's in them.
If the attacker wants to have his own blockchain off in the corner where he has all the money, nobody cares.
> Not sure what these two versions of the blockchain you're talking about are.
Really?! One version is "Vitalik's fork" and another one is "non-Vitalik's fork". Which one of them is a valid chain? Any idea?
Assume the attacker is Vitalik and there an "evidence" of his attack. Who will dare to slash him? Vitalik won't include this evidence into "Vitalik's fork". If Vitalik wants to have his own blockchain, nobody cares, isn't it?
What defends against the attacker configuring his nodes to just not relay the blocks which slash his deposits, by having a majority in the network connectivity, and thereby convincing victim nodes that he in fact is the victim of false slashing because the victims will only discover the slash-claims much after the attackers "valid" blocks?
Or in other words:
Isn't the slashing mechanism also reliant upon mere hope that the network topology randomly happens to be in favor of non-malicious peers?