Replacing the Coordinator with a Validator Committee

A Leap Towards Decentralization and Enhanced Uptime on IOTA

TL;DR:

The IOTA Mainnet Coordinator will be upgraded to a decentralized, permissioned Validator Committee, consisting of multiple trusted validators that run on different host providers and locations. Not only does this increase network uptime and stability but also censorship resistance, by having external entities be part of the Validator Committee.

The current Coordinator serves as a kind of referee within the IOTA network, responsible for verifying transaction validity in periodic batches. It achieves this by issuing milestones, which nodes accept as confirmation for the transactions they’ve checked. While this approach offers additional security to network participants, it also means that the Coordinator has the potential to block transactions if it sets milestones in specific ways. Additionally, if the Coordinator becomes unavailable, the commonly accepted confirmation of transactions is absent and the network ceases to process value transactions. The network would become unusable until the Coordinator resumes its operations.

To address these issues, we are upgrading the current Coordinator to a decentralized Validator Committee. This change means that the placement of milestones will no longer rely solely on a single Coordinator managed by the IOTA Foundation. Instead, multiple validators form a committee together using an off-chain Byzantine Fault Tolerant (BFT) consensus mechanism to determine the placement of the next milestone, by having each validator propose the parents to be referenced in the milestone.

The benefits of this upgrade are obvious: it ensures censorship resistance due to no single entity/machine checking the validity of transactions in the network and it improves uptime, due to the fact that the committee can still produce milestones even if a couple of validators go offline for reasons such as network outage or misbehavior.

The deployment process for the Validator Committee followed our standard, comprehensive approach:

• We began by running the Validator Committee on internal test networks, allowing our development teams to conduct an in-depth examination in a controlled environment. This phase was crucial for identifying potential issues and fine-tuning the software’s performance.
• Next, we deployed the software on the Public Testnet, providing a more diverse and realistic testing environment. This step was essential for validating the software’s robustness under a wider range of scenarios.
• Since early spring, the Validator Committee has been operating on Shimmer, our pre-production environment that acts as a staging network for the IOTA Mainnet. This **uninterrupted** operation has reinforced our confidence in the software’s stability and readiness for the final stage: production deployment on the IOTA Mainnet.

As mentioned earlier, the Validator Committee is formed by multiple entities. We have been reaching out to several universities and companies over the past months and are now in the process of forming the first decentralized Validator Committee.
With the Validator Committee in place, the network will continue to process transactions as long as 7 (at a committee size of 10) / over two-thirds of all validators are active. Note that, because there is no leader within the committee, the network can progress even if the IOTA Foundation’s validator node is offline.

We are not currently planning to expand the committee through additional members, as the Validator Committee is only a temporary measure. In the future, it will be replaced by IOTA 2.0, where committee formation will be permissionless and based on token stake. Additionally, the BFT consensus algorithm in the Validator Committee will be replaced by IOTA 2.0’s unique On-Tangle voting mechanism, which also eliminates the need for milestones.

Source