
Why we rolled our own consensus algorithm - QCSmello
https://www.quorumcontrol.com/blog/2018/11/13/why-we-rolled-out-our-own-consensus-algorithm
======
sagichmal
Not rolling your own consensus algorithm is approx. rules zero through ten of
distributed systems programming. Nothing on this page provides any positive
signal indicating unique (or even average) competence to the task. To wit,

> We are borrowing all the best parts of existing technology and combining
> them in a unique and innovative way.

To the best of my knowledge, none of the listed existing technologies have
been formally verified.

~~~
eloff
This seems like a really, really bad idea.

However, if everyone had that attitude we'd never improve on the existing art.
So I'm glad some people are willing to risk it.

But just to reiterate, if you're thinking of rolling your own consensus - or
even implementing an existing consensus algorithm yourself (although that's
much worse for Paxos than for Raft) - you're almost certainly making a big
mistake.

~~~
cremp
Just to drive it home.

Those who actually make their own encryption libraries know their stuff, and
have been in the space for years.

You should never, ever, roll your own encryption.

If it's a requirement, then change your damn requirements, because just like
consensus; it is not easy to get right, and the pros make mistakes.

~~~
zzzcpan
Consensus is not crypto, it's ridiculously trivial in comparison and usually
so useless, that nobody even bothers doing it correctly all the way to the end
user.

~~~
sagichmal
Consensus is at least as hard as crypto.

------
hinkley
The best feedback you ever get as a library maintainer is the population count
of questions.

If everyone asks you the same question, you’re the one who’s wrong, not
everyone else.

If everyone is asking you why you did it, you probably shouldn’t have done it.

------
elfakyn
This sounds like a terrible idea. Similarly to implementing your own
encryption, having a custom consensus algorithm can create additional
vulnerabilities -- a custom consensus algorithm isn't as tested and vetted as
an existing, widely-used one.

In security, you generally don't want "unique and innovative", you want
tested, verified, robust algorithms that have been gone over with a fine-
toothed comb.

------
newprint
Any formal verification of you Algo ? Consensus algos are hard to implement
correctly.

~~~
zonotope
We're planning on formally verifying the algorithm once it stabilizes.

~~~
ggggtez
So... what was the purpose of me reading this non-announcement again?

------
polskibus
Is there a TLA+ spec available?

~~~
zonotope
We are still vetting and improving the consensus algorithm, but we're planning
on publishing a full TLA+ spec once the algorithm stabilizes.

~~~
polskibus
Wouldn't it be easier to start with TLA+ / PlusCal? It offers higher level of
abstraction and helps catch specification bugs.

------
pkulak
Thought this would be a link to a white-paper...

~~~
QCSmello
Hey pkulak- you can access the whitepaper through this channel:
[https://www.quorumcontrol.com/documentation/](https://www.quorumcontrol.com/documentation/)

------
maa5444
because your ws is called quorum control ?

------
ggggtez
TL;DR: This is an announcement that they didn't actually do anything yet.
(algorithm not yet fully decided on, just buzzword soup).

~~~
davidgerard
I believe Quorum is the Ethereum variant that JP Morgan developed in-house and
considered "spinning off" to the community, i.e. abandoned but on github. Not
clear if JPM are still paying devs to work on it.

------
romed
A: Because we don't have a lot of experience in distributed systems.

