The latest message driven (LMD) greedy heaviest observed sub-tree (GHOST) consensus protocol is a critical component of proof-of-stake (PoS) Ethereum. In its current form, the protocol is brittle, as evidenced by recent attacks and patching attempts. We report on Goldfish, a considerably simplified candidate under consideration for a future Ethereum protocol upgrade. We prove that Goldfish satisfies the properties required of a drop-in replacement for LMD GHOST: Goldfish is secure in synchronous networks under dynamic participation, assuming a majority of the nodes (called validators) follows the protocol. Goldfish is reorg resilient (i.e., honestly produced blocks are guaranteed inclusion in the ledger) and supports fast confirmation (i.e., the expected confirmation latency is independent of the desired security level). We show that subsampling validators can improve the communication efficiency of Goldfish, and that Goldfish is composable with finality gadgets and accountability gadgets, which improves state-of-the-art ebb-and-flow protocols. Attacks on LMD GHOST exploit lack of coordination among honest validators, typically provided by a locking mechanism in classical BFT protocols. However, locking requires votes from a quorum of all participants and is not compatible with dynamic availability. Goldfish is powered by a novel coordination mechanism to synchronize the honest validators' actions under dynamic participation. Experiments with our implementation of Goldfish demonstrate the practicality of this mechanism for Ethereum.

翻译：最新消息驱动（LMD）贪婪最重观察子树（GHOST）共识协议是权益证明（PoS）以太坊的关键组成部分。该协议在现有形式下较为脆弱，近期攻击与补丁尝试即可佐证。我们报告了《金鱼》协议——一项正在审议的未来以太坊协议升级候选方案，其设计已被大幅简化。我们证明《金鱼》满足作为LMD GHOST替代方案所需的全部特性：在动态参与条件下，若多数节点（称为验证者）遵循协议，则该协议在同步网络中保持安全。《金鱼》具备重组弹性（即诚实生成的区块保证被纳入账本）并支持快速确认（即预期确认延迟与所需安全级别无关）。我们展示了验证者子采样可提升《金鱼》的通信效率，且该协议可与最终性工具及问责工具组合使用，从而改进当前最先进的潮汐协议。针对LMD GHOST的攻击利用了诚实验证者间缺乏协调的漏洞——而经典拜占庭容错协议通常通过锁定机制提供此类协调。但锁定机制需全体参与者法定人数投票，无法兼容动态可用性。《金鱼》通过新型协调机制实现动态参与下诚实验证者行动的同步。基于《金鱼》实现的实验证明了该机制在以太坊中的实用性。