Clique POA in Ethereum
This article describes the Proof Of Authority (POA) consensus protocol in Ethereum.
The Clique is the POA implementation in Ethereum geth. Ethereum geth is the official software release of the Ethereum blockchain. The essence of POA is blocks may only be minted by trusted signers. The list of trusted signers is added in extra-data section in block headers. This addition extends the header field to 65 bytes, with secp256k1 miner signature. It also makes the miner field in headers obsolete. Note that changing the length of the header file is a non invasive operation.
To update a dynamic list of trusted signers, Clique uses the miner field and nonce field (both made obsolete by POA) to create a voting protocol.
- during regular blocks, both fields are set to zero
- if signer want to change the list of trusted signers, it will set miner to the signer it wants to vote out, and use the nonce filed for voting.
Then, the Ethereum nodes can vote during block processing. The epoch concept is used to prevent an infinite window to tally votes in. This epoch is a window of W blocks after which votes are considered stale. This way prevents malicious signer from injecting new vote proposals inside every block they mint.
To authorise a new block , the signer needs to sign the block’s hash containing everything except the signature itself. Each signer is allowed to sign 1 out of SIGNER_LIMIT consecutive blocks. This is to prevent malicious signer from creating trouble in the network.
October 2022 Update:
In Clique, signers list are sorted. The current signer is selected as BLOCK_NUMBER % SIGNER_COUNT. An example of signers list is [0xa5a5….a5a5, 0xb5b5….b5b, 0xc5c5….c5c5]. In POA blockchain with such signers list, signer with index 0 will sign block 0, signer with index 1 will sign block 1, etc.
Furthermore, to prevent racing for new blocks, every signer would add a small random offset to the time it releases a new block.
In Clique POA, signer number, block time and gas limit are the main parameters that we can tweak on. To consider a block as valid, it must be validated by at least 51% of the signers. However, increasing the number of signers, the network latency will increase. Gas limit is set as the maximum amount of gas that can be collected from transactions. Block time is the time required to validate an incoming transaction.
Clique POA is used in Rinkeby and Görli testnet. The reason is that testnet lacks hash power, so attacker can disrupt the testnet cheaply if testnet is using POW. If testnet uses POA, attacker would face difficulty controlling the network.
Comparing POA to PBFT
Clique POA differs from PBFT in one important aspect. In Clique, each block is sealed by only one signature, that is the proposer’s signature. (In PBFT, majority of validators sign every block). It means data immutability guarantee in Clique POA is weaker than PBFT. However, Clique still provides strong guarantee across a chain with many blocks, as every proposer is allowed to sign one every N/2 +1 blocks. A Clique POA network can tolerate up to N/2–1 byzantine signer nodes. Compared to PBFT algorithms, the design of POA sacrifices consistency (forking can happen) for better availability (faster block committal).
Quick code analysis
Clique POA source code is in geth client. Go to the folder consensus/clique, there are api.go, clique,go, and snapshot.go source files.
The clique.go contains the verify header, verify signature, create sealed block functions. The api.go contains get signers, get snapshot functions. The snapshot.go contains the create new snapshot, load snapshot, cast new vote functions. Besides that, the is a function in the file that does creation of new authorisation snapshot by applying given headers to the original snapshot.
In the golang code, the Clique consensus engine is defined as “type Clique struct“.
It contains configuration parameters, database to store snapshot, recent blocks, recent signatures of blocks, ethereum address of signing key, and signer function, etc.