ECIP 1100: MESS (Modified Exponential Subjective Scoring)
Author  Isaac 

DiscussionsTo  https://github.com/ethereumclassic/ECIPs/issues/374 
Status  Draft 
Type  Standards Track 
Category  ECBP 
Created  20200909 
Abstract
Define a function arbitrating chain acceptance using relative total difficulty and common ancestor time to raise finality confidence.
Motivation
A low hashrate has caused Ethereum Classic’s consensus algorithms to yield inconvenient and undesirable finality rates.
This proposal offers a way to increase the finality rate without tampering with existing “hard” chain consensus functions or characteristics, and to do so with minimal negative side effects.
Specification
As a successor to established chain reorganization arbitration, the following logic should be added.
The sinusoidal function should be used to derive the “anti/gravity” of a proposed chain segment. The condition function works to derive the necessary total difficulty ratio parameter, comparing it against the antigravity output.
Sinusoidal Function
/*
ecbp1100AGSinusoidalA is a "ceilinged" sinusoidal function which limits the domain
to within the first ascent of the curve. X values exceeding this range
are capped to the ceiling limit. The curve's peak has a differentiable transition to its constant ceiling.
h(x)=15 sin((x+12000 π)/(8000))+15+1
*/
func ecbp1100AGSinusoidalA(x float64) (antiGravity float64) {
ampl := float64(15) // amplitude
pDiv := float64(8000) // period divisor
phaseShift := math.Pi * (pDiv * 1.5)
peakX := math.Pi * pDiv // x value of first sin peak where x > 0
if x > peakX {
// Cause the x value to limit to the x value of the first peak of the sin wave (ceiling).
x = peakX
}
return (ampl * math.Sin((x+phaseShift)/pDiv)) + ampl + 1
}
Condition
// ecpb1100 implements the "MESS" artificial finality mechanism
// "Modified Exponential Subjective Scoring" used to prefer known chain segments
// over latertocome counterparts, especially proposed segments stretching far into the past.
func (bc *BlockChain) ecbp1100(commonAncestor, current, proposed *types.Header) error {
// Get the total difficulty ratio of the proposed chain segment over the existing one.
commonAncestorTD := bc.GetTd(commonAncestor.Hash(), commonAncestor.Number.Uint64())
proposedParentTD := bc.GetTd(proposed.ParentHash, proposed.Number.Uint64()1)
proposedTD := new(big.Int).Add(proposed.Difficulty, proposedParentTD)
localTD := bc.GetTd(current.Hash(), current.Number.Uint64())
tdRatio, _ := new(big.Float).Quo(
new(big.Float).SetInt(new(big.Int).Sub(proposedTD, commonAncestorTD)),
new(big.Float).SetInt(new(big.Int).Sub(localTD, commonAncestorTD)),
).Float64()
x := float64(proposed.Time  commonAncestor.Time)
antiGravity := ecbp1100AGSinusoidalA(x)
if tdRatio < antiGravity {
// Using "b/a" here as "'B' chain vs. 'A' chain", where A is original (current), and B is proposed (new).
underpoweredBy := tdRatio / antiGravity
return fmt.Errorf("%w: ECPB1100MESS: td.B/A%0.6f < antigravity%0.6f (under=%0.6f)",
errReorgFinality, tdRatio, antiGravity, underpoweredBy)
}
return nil
}
This is a modified (M) version of Buterin’s Exponential Subjective Scoring (ESS) by
 using a capped sinusoidal function instead of an unbounded exponential function
 using the difference of proposed head time(stamp) from common ancestor time(stamp), rather than the previously described block lengths or times of block reception used by Buterin.
See References for what I’ve found on the topic.
Rationale
Benefits
 Miniforks and normal reorganizations are not effected, since their difficulty variances fall within the curve in this domain (200 seconds, give or take).
 There is no EdgeofEternity attack vector (no vulnerable focal points for an attacker to target).
 Partitions resolve quickly and consistently.
 Intentional partitions are extremely difficult to maintain.
 The sinusoidal function naturally yields a “ceiling” that would be extravagantly high for an attacker to achieve relative to the main network, but within reasonable operating bounds for the victim of an eclipse attack to eventually recover and rejoin the network. Unbounded exponential growth for the antigravity function serves no purpose beyond some point.
Costs
 Nodes subject to eclipse attacks (mostly considered as nodes coming online after a long time or starting out) are vulnerable to destitution, even once released. This is addressed by the function’s ceiling causing the attacker to need to establish (and maintain) a total difficulty 1/31x of the competing honest chain, and can be addressed further by the operator including a checkpoint value.
 It may be anticipated that the network uncle and waste rates will rise slightly, as blocks that would otherwise be randomly included will be rejected. ETC currently has a 3.5% uncle rate compared to ETH’s 5.5%.
Discussion of Constant Parameters
The sin function uses constant parameters period = 2pi/8000
and amplitude = 15
, the values of which are reasoned as follows.
The period value of 2pi/8000
causes the peak of the sin wave (and ultimate ceiling) to occur at 25132 seconds (approximately 7 hours). This falls in between the rates of the previously considered exponential functions. The “ramp up” domain (nearest x=0
) sees a flattened curve, yielding a more generous lenience for competing short segments. The sin curve eventually intersects the original exponential function at about 900 seconds (15 minutes) at about y=1.09
.
The amplitude value of 15
causes the peak to occur at (2*15)+1 = 31
. This value means that the maximum “antigravity” an attack will face is a 31, where the proposed chain would need a total difficulty 31 times that of the chain it would replace.
The phase shift of 1.5pi * 8000
is trivially derivable by seeking f(0) = 1
.
These values were chosen for ETC with the following assumptions and reasoning.
 Assume global Ethash hashrate availability is 200TH.
 Assume greatest single Ethash mining entity is 33% of the global, yielding about 66TH. This is considered as the largest possible antagonist for the ETC chain.
 Assume ETC has 3TH total contributed hashrate.
 Following this, we deduce that the largest Ethash mining entity has 22 times of ETC’s current mining power. An “attack” by this entity on ETC would result in a
(66/(66+3))*100 = 95
% attack.  Given a 22x anticipated “reasonable” worstcase scenario, the amplitude of
15
yielding a total31
ceiling, around 50% above the anticipated worstcase scenario, is intended to be sufficiently futureproof and resilient to unforeseen scenarios.
Alternatives Considered
An bounded exponential function would work in much the same way, although it would not have a continuous ceiling transition and would, in a faredge case, present an exploitable focal point of vulnerability at that transition.
Comparative Visualizations of (Anti)Gravity Functions
The graphs below show a 200 block chain accepting, sidechaining, or rejecting reorganizations of varying relative difficulty and length.
Implementation
This feature does not require a hard fork, but the network stands to benefit and avoid risk with majority coordinated acivation.
CoreGeth
 Feature is tentatively proposed to activate in CoreGeth on Ethereum Classic network at and above block 11295300.

Feature is proposed to activate in CoreGeth on Ethereum Classic’s Mordor test network at and above block 2290740.
 CoreGeth feature implementation includes a few additional safety mechanisms:
 MESS is disabled for any sync mode besides full sync.
 MESS is only enabled once a peer has completed initial chain synchronisation, not while they are fast syncing or even full syncing during the download and process phase. This reduces the chances of a node coming online being lured into an eclipse scenario.
 MESS is only enabled if a peer has greater than or equal to the
2 * MinimumSyncPeers
peers. In CoreGeth this value is by default5
, yielding a necessary limit of10
for the MESS feature.  MESS is disabled if, once synced, a node’s head block is not changed within a time limit (ie becomes stale). In CoreGeth this value is by default
10 * 13 seconds
.
The associated CoreGeth implementation is available here.
References
 https://bitcointalk.org/index.php?topic=865169.msg16349234#msg16349234
 https://blog.ethereum.org/2014/11/25/proofstakelearnedloveweaksubjectivity/
Bespoke previously considered exponential functions:
/*
ecbp1100AGExpB is an exponential function with x as a base (and rationalized exponent).
OPTION 2: Slightly slower takeoff, steeper eventual ascent
g(x)=x^(x*0.00002)
*/
func ecbp1100AGExpB(x float64) (antiGravity float64) {
return math.Pow(x, x*0.00002)
}
/*
ecbp1100AGExpA is an exponential function with x as exponent.
This was (one of?) Buterin's "original" specs:
> 1.0001 ** (number of seconds between when S1 was received and when S2 was received)
 https://bitcointalk.org/index.php?topic=865169.msg16349234#msg16349234
> gravity(B') = gravity(B) * 0.99 ^ n
 https://blog.ethereum.org/2014/11/25/proofstakelearnedloveweaksubjectivity/
OPTION 1 (Original ESS)
f(x)=1.0001^(x)
*/
func ecbp1100AGExpA(x float64) (antiGravity float64) {
return math.Pow(1.0001, x)
}
A further alternative is demonstrated with a cosin function as follows, which, being squared, has an even flatter “ramp up” section. However, since difficulty adjustment is discrete and the primary case of consideration in this context is one of equivalent difficulty, efforts toward an ultralow antigravity product seem wellintentioned but practically ineffectual.
s(x)=8 (cos((0.5 π x)/(6000))+1)^(2)+1