Node going offline without a penalty


#1

After rading details about how nodes will work I have a couple questions.

  1. Under what circumstances can a node go offline without being punished?

  2. Is it possible to have a spare node to replace a failed node in the event the hardware breaks or otherwise replace a failed node without penalty?

Context for my question

“First, for a node to become a worker eligible to run computations, it must first securely generate an Ethereum compliant ECC key-pair to be used as a persistent identity. This key-pair is generated inside an SGX enclave, and should never leave it. To persist across sessions, we will seal the key in the host’s system.”
https://enigma.co/protocol/SubsystemArchitecture.html#registration


#2

This thread discusses the concept of timeouts, and how they can be set in a way that doesn’t add too much latency to the network. The gist of it is that we can set the time-out window long enough, after which a node is penalized, but at the same time we allow nodes to complete computations as fast as they can to collect more rewards. This seems to be a reasonable balance between protecting nodes and ensuring efficiency.

For the second question - we’ve been discussing a mechanism to solve this. The idea is to separate a worker custodian/identity key from the proving key that resides inside of the enclave. This would allow a user to assign a new enclave in the case that the original machine is down. A potential improvement on this is to allow a user to manage multiple worker machines/enclaves for a single custodian key. While interesting, I don’t believe we will prioritize this for the first mainnet.


#3

That would make the lives of node runners much easier / ideal. The last part / possible improvment is something i’ve wondered about. I can see why it’s not an immediate priority though. Thanks!