Use a committee to attest to the validity of relays. From Eth2 shasper:
Committee - a (pseudo-) randomly sampled subset of the active validator set. When a committee is referred to collectively, as in “this committee attests to X”, this is assumed to mean “some subset of that committee that contains enough validators that the protocol recognizes it as representing the committee”.
I do not see this as anything other than a name change from what the current design proposes. Each Session is composed of 3 committee members. One is chosen based on geolocation and the other two are chosen pseudo randomly based on recent block hash.
Can you elaborate on the difference please?
I would like to add to this that in the current white paper, the geolocated filtered list, is furthered filtered by choosing a sub-set of them pseudo-randomly.
Key differences are that a high stake is not required to be a validator in a subcommittee in Eth2, and that there are more validators in a committee.
The time period during which fed. nodes / validators are assigned is another criterion: too high and there is a too high chance to collude; too low and they may not have enough time to download batches, validate them, do a BLS sig and upload the signed batch.
Using a pseudorandom subset of geolocated nodes should be OK if there are sufficiently many nodes, but if too few, network attacks are possible, e.g. eclipse attacks.
For reference. Agreed, we need to ensure there are enough independent, non-replicated Validator Nodes at launch of the protocol.
Yes, and there are also things to implement to help avoid eclipse attacks: https://www.cs.bu.edu/~goldbe/projects/eclipseEth, which is particularly applicable if we use Kademlia.