Decentralized snapshot distribution: Statistical trust via threshold consensus

[mh0lt]

Summary

Add statistical trust to the decentralized snapshot distribution flow by requiring threshold agreement from multiple peers before accepting an info-hash.

Background

The POC (step 1) works on an honest-network assumption — any single peer's ENR entry is trusted. This is sufficient for proving the flow but not for production, where a malicious node could advertise bad info-hashes creating a reliability issue.

Statistical trust adds a lightweight defense: collect {FrozenTx, InfoHash} from multiple peers and require majority agreement before downloading.

Design

Receive Logic

When discovering a new preverified.toml version:

1. Collect {FrozenTx, InfoHash} from N discovered peers
2. Group by (FrozenTx, InfoHash) pair
3. Require threshold agreement (e.g., 3-of-5 peers report same info-hash for a given FrozenTx)
4. Only download and apply if threshold is met
5. Optional: weight by peer diversity (different /24 subnets) to resist localized Sybil attacks

Properties

• Defeats isolated bad actors advertising false info-hashes
• Does not defeat coordinated Sybil attacks (that requires identity trust — step 3)
• Production-viable under an honest-majority assumption
• Cheap to implement — accumulate responses and count, no crypto needed

Configuration

• --snap.p2p.trust-threshold — minimum agreeing peers (default: 3)
• --snap.p2p.sample-size — peers to query before deciding (default: 5)

Acceptance Criteria

• Discovery reader collects responses from multiple peers
• Threshold consensus logic implemented
• Info-hash only accepted when threshold is met
• Configurable threshold and sample size
• Graceful fallback to centralized path if threshold cannot be reached

[VBulikov]

yperbasis added Imp2 as Importance